A Practical Guide Wireshark Forensics
5/5
()
About this ebook
A practical guide to capturing and analyzing network traffic using Wireshark.
This book shows real world network traffic analysis and shows the techniques that DevOp teams need to use to detect malicious behavior. Additionally it shows how DevOps can translate packet captures into valuable information by decoding IP packets and detect malicious activity
Read more from Alasdair Gilchrist
Spreadsheets To Cubes (Advanced Data Analytics for Small Medium Business): Data Science Rating: 0 out of 5 stars0 ratingsDigital Success: A Holistic Approach to Digital Transformation for Enterprises and Manufacturers Rating: 0 out of 5 stars0 ratingsGoogle Cloud Platform an Architect's Guide Rating: 5 out of 5 stars5/5REST API Design Control and Management Rating: 4 out of 5 stars4/5A Concise Guide to Microservices for Executive (Now for DevOps too!) Rating: 1 out of 5 stars1/5Google Cloud Platform - Networking Rating: 0 out of 5 stars0 ratingsConcise Guide to OTN optical transport networks Rating: 4 out of 5 stars4/5Google Cloud Platform for Data Engineering: From Beginner to Data Engineer using Google Cloud Platform Rating: 5 out of 5 stars5/5Concise Guide to DWDM Rating: 5 out of 5 stars5/5A Concise Guide to Object Orientated Programming Rating: 0 out of 5 stars0 ratingsAn Executive Guide to Identity Access Management - 2nd Edition Rating: 4 out of 5 stars4/5Tackling Fraud Rating: 4 out of 5 stars4/5Six Sigma Yellow Belt Certification Study Guide Rating: 0 out of 5 stars0 ratingsSupply Chain 4.0: From Stocking Shelves to Running the World Fuelled by Industry 4.0 Rating: 3 out of 5 stars3/5The Certified Ethical Hacker Exam - version 8 (The concise study guide) Rating: 3 out of 5 stars3/5The Layman's Guide GDPR Compliance for Small Medium Business Rating: 5 out of 5 stars5/5An Introduction to SDN Intent Based Networking Rating: 5 out of 5 stars5/5A Last Minute Hands-on Guide to GDPR Readiness Rating: 0 out of 5 stars0 ratingsGDPR for DevOp(Sec) - The laws, Controls and solutions Rating: 5 out of 5 stars5/5FinTech Rising: Navigating the maze of US & EU regulations Rating: 5 out of 5 stars5/5Concise and Simple Guide to IP Subnets Rating: 5 out of 5 stars5/5PSD2 - Open Banking for DevOps(Sec) Rating: 5 out of 5 stars5/5The Concise Guide to SSL/TLS for DevOps Rating: 5 out of 5 stars5/5Why Industry 4.0 Sucks! Rating: 0 out of 5 stars0 ratingsConcise Guide to CompTIA Security + Rating: 3 out of 5 stars3/5The Concise Guide to the Internet of Things for Executives Rating: 4 out of 5 stars4/5ChatGPT Will Won't Save The World Rating: 0 out of 5 stars0 ratingsA concise guide to PHP MySQL and Apache Rating: 4 out of 5 stars4/5SRS - How to build a Pen Test and Hacking Platform Rating: 2 out of 5 stars2/5
Related to A Practical Guide Wireshark Forensics
Related ebooks
The Wireshark Field Guide: Analyzing and Troubleshooting Network Traffic Rating: 4 out of 5 stars4/5Wireshark Essentials Rating: 0 out of 5 stars0 ratingsPacket Analysis with Wireshark Rating: 0 out of 5 stars0 ratingsInstant Traffic Analysis with Tshark How-to Rating: 0 out of 5 stars0 ratingsMastering Wireshark Rating: 2 out of 5 stars2/5Wireshark for Security Professionals: Using Wireshark and the Metasploit Framework Rating: 4 out of 5 stars4/5Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming Rating: 3 out of 5 stars3/5Netcat Power Tools Rating: 3 out of 5 stars3/5The Compete Ccna 200-301 Study Guide: Network Engineering Edition Rating: 5 out of 5 stars5/5Kali Linux Penetration Testing Bible Rating: 0 out of 5 stars0 ratingsCCST Cisco Certified Support Technician Study Guide: Networking Exam Rating: 0 out of 5 stars0 ratingsCEH v11 Certified Ethical Hacker Study Guide Rating: 0 out of 5 stars0 ratingsCisco Packet Tracer for Beginners Rating: 5 out of 5 stars5/5Cisco Network Administration Interview Questions: CISCO CCNA Certification Review Rating: 5 out of 5 stars5/5Computer Networking: An introductory guide for complete beginners: Computer Networking, #1 Rating: 5 out of 5 stars5/5CompTIA Security+: Network Attacks Rating: 5 out of 5 stars5/5Wireless and Mobile Hacking and Sniffing Techniques Rating: 0 out of 5 stars0 ratings20 Windows Tools Every SysAdmin Should Know Rating: 5 out of 5 stars5/5Hack into your Friends Computer Rating: 0 out of 5 stars0 ratingsTCP/IP Networking Interview Questions, Answers, and Explanations: TCP/IP Network Certification Review Rating: 5 out of 5 stars5/5Security+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5Nmap Essentials Rating: 4 out of 5 stars4/5Wireshark Network Security Rating: 3 out of 5 stars3/5Learning Network Forensics Rating: 5 out of 5 stars5/5Network Analysis Using Wireshark Cookbook Rating: 0 out of 5 stars0 ratingsKali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5Mastering Kali Linux for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratings
Information Technology For You
Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5Summary of Super-Intelligence From Nick Bostrom Rating: 5 out of 5 stars5/5How to Write Effective Emails at Work Rating: 4 out of 5 stars4/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Data Analytics for Beginners: Introduction to Data Analytics Rating: 4 out of 5 stars4/5Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5How To Use Chatgpt: Using Chatgpt To Make Money Online Has Never Been This Simple Rating: 0 out of 5 stars0 ratingsPractical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5Cyber Security Consultants Playbook Rating: 0 out of 5 stars0 ratingsChatGPT: The Future of Intelligent Conversation Rating: 4 out of 5 stars4/5CompTIA A+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Core 1 Exam 220-1101 Rating: 0 out of 5 stars0 ratingsComputer Science: A Concise Introduction Rating: 4 out of 5 stars4/5Linux Command Line and Shell Scripting Bible Rating: 3 out of 5 stars3/5Supercommunicator: Explaining the Complicated So Anyone Can Understand Rating: 3 out of 5 stars3/5The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Rating: 4 out of 5 stars4/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam N10-008 Rating: 0 out of 5 stars0 ratingsAn Ultimate Guide to Kali Linux for Beginners Rating: 3 out of 5 stars3/5Computer Organization and Design: The Hardware / Software Interface Rating: 4 out of 5 stars4/5AWS Certified Cloud Practitioner: Study Guide with Practice Questions and Labs Rating: 5 out of 5 stars5/5Hacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5Inkscape Beginner’s Guide Rating: 5 out of 5 stars5/5Health Informatics: Practical Guide Rating: 0 out of 5 stars0 ratingsCOMPUTER SCIENCE FOR ROOKIES Rating: 0 out of 5 stars0 ratingsData Governance For Dummies Rating: 0 out of 5 stars0 ratingsA Civic Technologist's Practice Guide Rating: 0 out of 5 stars0 ratings
Reviews for A Practical Guide Wireshark Forensics
4 ratings0 reviews
Book preview
A Practical Guide Wireshark Forensics - alasdair gilchrist
A Practical Guide to Wireshark Network Analysis
Wireshark – Practical Analysis and Forensics
What is Wireshark?
How does it work?
Port Mirroring
Downloading Wireshark
Getting Started
Capturing Packets
Color Coding
Filtering Output
Using Wireshark Sample Source Files
Questions
Part A - Ping.pcap
B - Scan.pcap
C – Malicious.pcap
D- portscan.cap
E-deep.cap
Answers with Workings
Wireshark – Practical Analysis and Forensics
––––––––
What is Wireshark?
Wireshark is an open source, network protocol analyzer for Linux and Windows. It has many features as standard such as deep inspection of hundreds of protocols, live capture and offline analysis. Wireshark has an intuitive GUI frontend plus many inbuilt sorting and filtering options making it very simple to use even for beginners. Tshark is the terminal version of Wireshark which is very similar to Tcpdump.
How does it work?
Wireshark works simply by placing the network card on the machine on which it is running into what is called promiscuous mode. In this more of operation the network card will accept any network information not just information specifically addressed to itself, which is the normal mode of operation.
In a hub network, which is rare these days, this will be sufficient as all network traffic will be send out every port on the hub thereby ensuring that the Wireshark network card would receive all traffic traversing the network. Today's modern networks are not hubs though, they are switches, which means only traffic destined for a host station known to be connected on a port is send out that port. This greatly reduces unnecessary traffic on the network. Unfortunately, this means that Wireshark will not receive all the traffic on the network as it will only see traffic exiting the switch, which is destined for its own directly connected network card.
Port Mirroring
The solution to the switched