更新时间:2021-07-02 21:23:29
封面
版权信息
Credits
Preface
Part 1. Module 1
Chapter 1. Getting Acquainted with Wireshark
Installing Wireshark
Performing your first packet capture
Summary
Chapter 2. Networking for Packet Analysts
The OSI model – why it matters
IP networks and subnets
Switching and routing packets
WAN links
Wireless networking
Chapter 3. Capturing All the Right Packets
Picking the best capture point
Test Access Ports and switch port mirroring
Capturing interfaces filters and options
Verifying a good capture
Saving the bulk capture file
Isolating conversations of interest
Using the Conversations window
Wireshark display filters
Filter Expression Buttons
Following TCP/UDP/SSL streams
Marking and ignoring packets
Saving the filtered traffic
Chapter 4. Configuring Wireshark
Working with packet timestamps
Colorization and coloring rules
Wireshark preferences
Wireshark profiles
Chapter 5. Network Protocols
The OSI and DARPA reference models
Transport layer protocols
Application layer protocols
Chapter 6. Troubleshooting and Performance Analysis
Troubleshooting methodology
Troubleshooting connectivity issues
Troubleshooting functional issues
Performance analysis methodology
Chapter 7. Packet Analysis for Security Tasks
Security analysis methodology
Security assessment tools
Identifying unacceptable or suspicious traffic
Scans and sweeps
OS fingerprinting
Malformed packets
Phone home traffic
Password-cracking traffic
Unusual traffic
Chapter 8. Command-line and Other Utilities
Wireshark command-line utilities
Capturing traffic with Dumpcap
Capturing traffic with Tshark
Editing trace files with Editcap
Merging trace files with Mergecap
Other helpful tools
Part 2. Module 2
Chapter 1. Introducing Wireshark
Introduction
Locating Wireshark
Starting the capture of data
Configuring the start window
Using time values and summaries
Configuring coloring rules and navigation techniques
Saving printing and exporting data
Configuring the user interface in the Preferences menu
Configuring protocol preferences
Chapter 2. Using Capture Filters
Configuring capture filters
Configuring Ethernet filters
Configuring host and network filters
Configuring TCP/UDP and port filters
Configuring compound filters
Configuring byte offset and payload matching filters
Chapter 3. Using Display Filters
Configuring display filters
Configuring Ethernet ARP host and network filters
Configuring TCP/UDP filters
Configuring specific protocol filters
Configuring substring operator filters
Configuring macros
Chapter 4. Using Basic Statistics Tools
Using the Summary tool from the Statistics menu
Using the Protocol Hierarchy tool from the Statistics menu
Using the Conversations tool from the Statistics menu
Using the Endpoints tool from the Statistics menu
Using the HTTP tool from the Statistics menu
