A Practical Guide Wireshark Forensics
5/5
()
About this ebook
A practical guide to capturing and analyzing network traffic using Wireshark.
This book shows real world network traffic analysis and shows the techniques that DevOp teams need to use to detect malicious behavior. Additionally it shows how DevOps can translate packet captures into valuable information by decoding IP packets and detect malicious activity
Read more from Alasdair Gilchrist
Google Cloud Platform an Architect's Guide Rating: 5 out of 5 stars5/5REST API Design Control and Management Rating: 4 out of 5 stars4/5Google Cloud Platform for Data Engineering: From Beginner to Data Engineer using Google Cloud Platform Rating: 5 out of 5 stars5/5Supply Chain 4.0: From Stocking Shelves to Running the World Fuelled by Industry 4.0 Rating: 3 out of 5 stars3/5The Certified Ethical Hacker Exam - version 8 (The concise study guide) Rating: 3 out of 5 stars3/5Spreadsheets To Cubes (Advanced Data Analytics for Small Medium Business): Data Science Rating: 0 out of 5 stars0 ratingsConcise Guide to DWDM Rating: 5 out of 5 stars5/5An Executive Guide to Identity Access Management - 2nd Edition Rating: 4 out of 5 stars4/5Concise Guide to OTN optical transport networks Rating: 4 out of 5 stars4/5Six Sigma Yellow Belt Certification Study Guide Rating: 0 out of 5 stars0 ratingsA Concise Guide to Object Orientated Programming Rating: 0 out of 5 stars0 ratingsGoogle Cloud Platform - Networking Rating: 0 out of 5 stars0 ratingsTackling Fraud Rating: 4 out of 5 stars4/5Concise and Simple Guide to IP Subnets Rating: 5 out of 5 stars5/5The Layman's Guide GDPR Compliance for Small Medium Business Rating: 5 out of 5 stars5/5ChatGPT Will Won't Save The World Rating: 0 out of 5 stars0 ratingsDigital Success: A Holistic Approach to Digital Transformation for Enterprises and Manufacturers Rating: 0 out of 5 stars0 ratingsA Concise Guide to Microservices for Executive (Now for DevOps too!) Rating: 1 out of 5 stars1/5Why Industry 4.0 Sucks! Rating: 0 out of 5 stars0 ratingsA Last Minute Hands-on Guide to GDPR Readiness Rating: 0 out of 5 stars0 ratingsGDPR for DevOp(Sec) - The laws, Controls and solutions Rating: 5 out of 5 stars5/5PSD2 - Open Banking for DevOps(Sec) Rating: 5 out of 5 stars5/5An Introduction to SDN Intent Based Networking Rating: 5 out of 5 stars5/5Concise Guide to CompTIA Security + Rating: 3 out of 5 stars3/5FinTech Rising: Navigating the maze of US & EU regulations Rating: 5 out of 5 stars5/5The Concise Guide to the Internet of Things for Executives Rating: 4 out of 5 stars4/5The Concise Guide to SSL/TLS for DevOps Rating: 5 out of 5 stars5/5SRS - How to build a Pen Test and Hacking Platform Rating: 2 out of 5 stars2/5A concise guide to PHP MySQL and Apache Rating: 4 out of 5 stars4/5
Related to A Practical Guide Wireshark Forensics
Related ebooks
Wireshark Essentials Rating: 0 out of 5 stars0 ratingsThe Wireshark Field Guide: Analyzing and Troubleshooting Network Traffic Rating: 4 out of 5 stars4/5Packet Analysis with Wireshark Rating: 0 out of 5 stars0 ratingsWireshark for Security Professionals: Using Wireshark and the Metasploit Framework Rating: 4 out of 5 stars4/5Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming Rating: 3 out of 5 stars3/5Mastering Wireshark Rating: 2 out of 5 stars2/5Instant Traffic Analysis with Tshark How-to Rating: 0 out of 5 stars0 ratingsCisco Packet Tracer for Beginners Rating: 5 out of 5 stars5/5Hacking Connected Cars: Tactics, Techniques, and Procedures Rating: 0 out of 5 stars0 ratingsCompTIA Security+: Network Attacks Rating: 5 out of 5 stars5/5Kali Linux Penetration Testing Bible Rating: 0 out of 5 stars0 ratingsTCP/IP Networking Interview Questions, Answers, and Explanations: TCP/IP Network Certification Review Rating: 5 out of 5 stars5/5Security+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5Netcat Power Tools Rating: 3 out of 5 stars3/520 Windows Tools Every SysAdmin Should Know Rating: 5 out of 5 stars5/5CEH v11 Certified Ethical Hacker Study Guide Rating: 0 out of 5 stars0 ratingsNmap Essentials Rating: 4 out of 5 stars4/5Wireshark Network Security Rating: 3 out of 5 stars3/5Network Analysis Using Wireshark Cookbook Rating: 0 out of 5 stars0 ratingsTCP/IP Clearly Explained Rating: 4 out of 5 stars4/5Understanding TCP/IP Rating: 4 out of 5 stars4/5Stealing The Network: How to Own the Box Rating: 4 out of 5 stars4/5Learning Network Forensics Rating: 5 out of 5 stars5/5Hands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools Rating: 0 out of 5 stars0 ratingsTCP/IP for Everyone Rating: 4 out of 5 stars4/5Learn Kali Linux 2019: Perform powerful penetration testing using Kali Linux, Metasploit, Nessus, Nmap, and Wireshark Rating: 0 out of 5 stars0 ratings
Information Technology For You
Summary of Super-Intelligence From Nick Bostrom Rating: 5 out of 5 stars5/5Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5The Programmer's Brain: What every programmer needs to know about cognition Rating: 5 out of 5 stars5/5CompTIA Network+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHow to Write Effective Emails at Work Rating: 4 out of 5 stars4/5How To Use Chatgpt: Using Chatgpt To Make Money Online Has Never Been This Simple Rating: 0 out of 5 stars0 ratingsChatGPT: The Future of Intelligent Conversation Rating: 4 out of 5 stars4/5CompTIA A+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Core 1 Exam 220-1101 Rating: 0 out of 5 stars0 ratingsData Analytics for Beginners: Introduction to Data Analytics Rating: 4 out of 5 stars4/5Computer Organization and Design: The Hardware / Software Interface Rating: 4 out of 5 stars4/5An Ultimate Guide to Kali Linux for Beginners Rating: 3 out of 5 stars3/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsSharePoint Designer Tutorial: Working with SharePoint Websites Rating: 1 out of 5 stars1/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Computer Science: A Concise Introduction Rating: 4 out of 5 stars4/5CompTIA ITF+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam FC0-U61 Rating: 0 out of 5 stars0 ratingsInkscape Beginner’s Guide Rating: 5 out of 5 stars5/5Practical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Rating: 4 out of 5 stars4/5AWS Certified Cloud Practitioner: Study Guide with Practice Questions and Labs Rating: 5 out of 5 stars5/5Supercommunicator: Explaining the Complicated So Anyone Can Understand Rating: 3 out of 5 stars3/5Data Governance For Dummies Rating: 0 out of 5 stars0 ratingsLinux Command Line and Shell Scripting Bible Rating: 3 out of 5 stars3/5Hacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5CODING INTERVIEW: Advanced Methods to Learn and Excel in Coding Interview Rating: 0 out of 5 stars0 ratingsPanda3d 1.7 Game Developer's Cookbook Rating: 0 out of 5 stars0 ratings
Reviews for A Practical Guide Wireshark Forensics
4 ratings0 reviews
Book preview
A Practical Guide Wireshark Forensics - alasdair gilchrist
A Practical Guide to Wireshark Network Analysis
Wireshark – Practical Analysis and Forensics
What is Wireshark?
How does it work?
Port Mirroring
Downloading Wireshark
Getting Started
Capturing Packets
Color Coding
Filtering Output
Using Wireshark Sample Source Files
Questions
Part A - Ping.pcap
B - Scan.pcap
C – Malicious.pcap
D- portscan.cap
E-deep.cap
Answers with Workings
Wireshark – Practical Analysis and Forensics
––––––––
What is Wireshark?
Wireshark is an open source, network protocol analyzer for Linux and Windows. It has many features as standard such as deep inspection of hundreds of protocols, live capture and offline analysis. Wireshark has an intuitive GUI frontend plus many inbuilt sorting and filtering options making it very simple to use even for beginners. Tshark is the terminal version of Wireshark which is very similar to Tcpdump.
How does it work?
Wireshark works simply by placing the network card on the machine on which it is running into what is called promiscuous mode. In this more of operation the network card will accept any network information not just information specifically addressed to itself, which is the normal mode of operation.
In a hub network, which is rare these days, this will be sufficient as all network traffic will be send out every port on the hub thereby ensuring that the Wireshark network card would receive all traffic traversing the network. Today's modern networks are not hubs though, they are switches, which means only traffic destined for a host station known to be connected on a port is send out that port. This greatly reduces unnecessary traffic on the network. Unfortunately, this means that Wireshark will not receive all the traffic on the network as it will only see traffic exiting the switch, which is destined for its own directly connected network card.
Port Mirroring
The solution to the switched