Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
5Activity

Table Of Contents

ACKNOWLEDGMENTS
About the Sample Capture Files
The Rural Technology Fund
PACKET ANALYSIS AND NETWORK BASICS
Packet Analysis and Packet Sniffers
Evaluating a Packet Sniffer
How Packet Sniffers Work
How Computers Communicate
Protocols
The Seven-Layer OSI Model
Data Encapsulation
Network Hardware
Traffic Classifications
Broadcast Traffic
Multicast Traffic
Unicast Traffic
Final Thoughts
TAPPING INTO THE WIRE
Living Promiscuously
Sniffing Around Hubs
Sniffing in a Switched Environment
Port Mirroring
Hubbing Out
Using a Tap
ARP Cache Poisoning
Sniffing in a Routed Environment
Sniffer Placement in Practice
INTRODUCTION TO WIRESHARK
A Brief History of Wireshark
The Benefits of Wireshark
Installing Wireshark
Installing on Microsoft Windows Systems
Installing on Linux Systems
Installing on Mac OS X Systems
Wireshark Fundamentals
Your First Packet Capture
Wireshark’s Main Window
Wireshark Preferences
Packet Color Coding
WORKING WITH CAPTURED PACKETS
Working with Capture Files
Saving and Exporting Capture Files
Merging Capture Files
Working with Packets
Finding Packets
Marking Packets
Printing Packets
Setting Time Display Formats and References
Time Display Formats
Packet Time Referencing
Setting Capture Options
Capture Settings
Capture File(s) Settings
Capture Filters
Display Filters
Saving Filters
ADVANCED WIRESHARK FEATURES
Network Endpoints and Conversations
Viewing Endpoints
Viewing Network Conversations
Troubleshooting with the Endpoints and Conversations Windows
Protocol Hierarchy Statistics
Name Resolution
Enabling Name Resolution
Potential Drawbacks to Name Resolution
Protocol Dissection
Changing the Dissector
Viewing Dissector Source Code
Following TCP Streams
Packet Lengths
Graphing
Viewing IO Graphs
Round-Trip Time Graphing
Flow Graphing
Expert Information
COMMON LOWER-LAYER PROTOCOLS
Address Resolution Protocol
The ARP Header
Packet 1: ARP Request
Packet 2: ARP Response
Gratuitous ARP
Internet Protocol
IP Addresses
The IPv4 Header
Time to Live
IP Fragmentation
Transmission Control Protocol
The TCP Header
TCP Ports
The TCP Three-Way Handshake
TCP Teardown
TCP Resets
User Datagram Protocol
The UDP Header
Internet Control Message Protocol
The ICMP Header
ICMP Types and Messages
Echo Requests and Responses
Traceroute
COMMON UPPER-LAYER PROTOCOLS
Dynamic Host Configuration Protocol
The DHCP Packet Structure
The DHCP Renewal Process
DHCP In-Lease Renewal
DHCP Options and Message Types
Domain Name System
The DNS Packet Structure
A Simple DNS Query
DNS Question Types
DNS Recursion
DNS Zone Transfers
Hypertext Transfer Protocol
Browsing with HTTP
Posting Data with HTTP
BASIC REAL-WORLD SCENARIOS
Social Networking at the Packet Level
Capturing Twitter Traffic
Capturing Facebook Traffic
Comparing Twitter vs. Facebook Methods
Capturing ESPN.com Traffic
Using the Conversations Window
Using the Protocol Hierarchy Statistics Window
Viewing DNS Traffic
Viewing HTTP Requests
Real-World Problems
No Internet Access: Configuration Problems
No Internet Access: Unwanted Redirection
No Internet Access: Upstream Problems
Stranded in a Branch Office
Ticked-Off Developer
FIGHTING A SLOW NETWORK
TCP Error-Recovery Features
TCP Retransmissions
TCP Duplicate Acknowledgments and Fast Retransmissions
TCP Flow Control
Adjusting the Window Size
Halting Data Flow with a Zero Window Notification
The TCP Sliding Window in Practice
Learning from TCP Error-Control and Flow-Control Packets
Locating the Source of High Latency
Normal Communications
Slow Communications—Wire Latency
Slow Communications—Client Latency
Slow Communications—Server Latency
Latency Locating Framework
Network Baselining
Site Baseline
Host Baseline
Application Baseline
Additional Notes on Baselines
PACKET ANALYSIS FOR SECURITY
Reconnaissance
SYN Scan
Operating System Fingerprinting
Exploitation
Operation Aurora
Remote-Access Trojan
WIRELESS PACKET ANALYSIS
Physical Considerations
Sniffing One Channel at a Time
Wireless Signal Interference
Detecting and Analyzing Signal Interference
Sniffing Wirelessly in Linux
802.11 Packet Structure
Adding Wireless-Specific Columns to the Packet List Pane
Wireless-Specific Filters
Filtering Traffic for a Specific BSS ID
Filtering Specific Wireless Packet Types
Filtering a Specific Frequency
Wireless Security
Successful WEP Authentication
Failed WEP Authentication
Successful WPA Authentication
Failed WPA Authentication
FURTHER READING
Packet Analysis Tools
tcpdump and Windump
Cain & Abel
Scapy
Netdude
Colasoft Packet Builder
CloudShark
pcapr
NetworkMiner
Tcpreplay
ngrep
libpcap
hping
Domain Dossier
Perl and Python
Packet Analysis Resources
SANS Security Intrusion Detection In-Depth Course
IANA
TCP/IP Illustrated (Addison-Wesley)
The TCP/IP Guide (No Starch Press)
INDEX
0 of .
Results for:
No results containing your search query
P. 1
Practical Packet Analysis - Chris Sanders

Practical Packet Analysis - Chris Sanders

Ratings: (0)|Views: 9,149|Likes:
Published by Hải Hoàng

More info:

Published by: Hải Hoàng on Jul 27, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/28/2014

pdf

text

original

You're Reading a Free Preview
Pages 6 to 76 are not shown in this preview.
You're Reading a Free Preview
Pages 84 to 173 are not shown in this preview.
You're Reading a Free Preview
Pages 179 to 239 are not shown in this preview.
You're Reading a Free Preview
Pages 245 to 284 are not shown in this preview.

Activity (5)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Ain Idris liked this
myreza123 liked this
freckertc liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->