Wireshark data packet analysis (2nd)

Basic information of Wireshark data packet analysis practice (2nd) Author: (US) Chris Sanders Translator: Zhuge Jianwei Chen Lin Xu Weilin Press: People's post and telecommunications Press ISBN: 9787115302366 Release Date: 263-3-7 published on: December 7,: 16 webpage: Version: 1-1 category: Computer> database storage and management
More about Wireshark data packet analysis practice (2nd) computer books Wireshark data packet analysis practice (2nd) starting from the basic knowledge of network sniffing and packet analysis, we will introduce Wireshark's basic usage methods and packet analysis features, it also introduces the practical technologies and experience and skills for different protocol layers and wireless networks. In this process, the author combines some simple and easy-to-understand actual network cases to illustrate the technical methods of using Wireshark for data packet analysis, this allows readers to gradually master Network Packet sniffing and analysis skills following the ideas of this book. Finally, Wireshark data packet analysis practice (2nd) using network administrators, IT technical support, and actual network problems that application developers often encounter (including failures to access the Internet, database connection errors, and high network speeds, scanning penetration, ARP spoofing attacks, etc.) to explain how to use Wireshark packet analysis techniques and techniques to quickly locate the fault point and identify the cause to solve the actual problem. Wireshark packet analysis practice (version 2nd) covers the sniffing and packet analysis technologies in Wireless WiFi networks, it also provides a list of reference technical documents, websites, open-source tools, libraries, and other resources in the field of sniffing and data packet analysis. Wireshark packet analysis practice (version 2nd) is suitable for network administrators, security engineers, software development engineers and testers, as well as network engineering, information security, and other professional students and network technology enthusiasts. Wireshark data packet analysis (2nd) chapter 1 packet analysis technology and network basics 1 1st packet analysis and packet sniffing 2 1.1.1 evaluation Packet sniffing 2 1.1.2 Packet sniffing 3 1.1 Network Communication Principles 4 1.2.1 Protocol 4 1.2.2 Layer 7 OSI Reference model 5 1.2.3 Data encapsulation 8 1.2.4 network hardware 10 1.3 traffic classification 15 1.3.1 broadcast traffic 15 1.3.2 multicast traffic 16 1.3.3 unicast traffic 16 1.4 Summary 17 Chapter 17 listening network line 19 2nd hybrid mode 20 2.2 perform sniffing in the network connected to the Hub 21 2.3 perform sniffing in the switched network 23 2.3.1 port image 23. 2.3.2 hub output 25 2.3.3 Network Shunt 26 2.3.4 ARP spoofing 29 2.4 sniffing in a routing network environment 34 2.5 Practice Guide for deploying a sniffer 36 Chapter 36 Wireshark entry 39 3rd Wireshark Brief History 39 3.1 Wireshark 3.3 install Wireshark 41 3.3.1 install 41 3.3.2 on Microsoft Windows 43 3.3.3 install 45 3.4 Wireshark on Mac OS X preliminary entry 45 3.4.1 first packet capture 45 3.4.2 Wireshark Main Window 46 3.4.3 Wireshark preferences 48 3.4.4 data packet color highlight 49 Chapter 4 playback capture data packets 53 4th use capture file 53 4.1.1 save and export capture file 54 4.1.2 merge capture file 55 4.1 analyze data packets 55 4.2.1 search for data packets 56 4.2.2 mark data packets 57 4.2.3 print data packets 57 4.3 set time display format and relative reference 58 4.3.1 time display format 58 4.3.2 The relative time of data packets refer to 59 4.4 set capture option 60 4.4.1 capture settings 61 4.4.2 capture File Settings 61 4.4.3 stop capture option 62 4.4.4 display option 62 4.4.5 name resolution option 63 4.5 Use filter 63 4.5.1 capture filter 63 4.5.2 display filter 69 4.5.3 save filter 72 chapter 5th wireshark advanced features 75 5.1 network endpoint and session 75 5.1.1 view endpoint 76 5.1.2 view network session 77 5.1.3 use endpoint and session window for problem locating 78 5.2 protocol-based stratified structure statistics 79 5.3 name resolution 81 5.3.1 enable name resolution 81 5.3.2 potential drawbacks of name resolution 82 5.4 Protocol Resolution 82 5.4.1 replace parser 82 5.4.2 view parser Source Code 85 5.5 trace TCP stream 85 5.6 packet length 86 5.7 Graphic Display 88 5.7.1 view Io diagram 88 5.7.2 bidirectional time diagram 90 5.7.3 data flow diagram 91 5.8 expert information 92 chapter 6th general underlying Network Protocol 95 6.1 Address Resolution Protocol 96 6.1.1 ARP header 97 6.1.2 packet 1: ARP request 98 6.1.3 packet 2: ARP response 99 6.1.4 free ARP 100 6.2 Internet Protocol 101 6.2.1 IP address 102 6.2.2 IPv4 header 103 6.2.3 survival time 104 6.2.4 IP Fragment 107 6.3 Transmission Control Protocol 109 6.3.1 TCP Header 109 6.3.2 TCP port 110 6.3.3 TCP three-way handshake 113 6.3.4 TCP termination 116 6.3.5 TCP Reset 117 6.4 User Datagram Protocol 118 6.5 Internet Control Message Protocol 119 6.5.1 ICMP header 119 6.5.2 ICMP type and message 120 6.5.3 echo request and response 120 6.5.4 route tracking 122 chapter 7th common high-level network protocol 127 7.1 Dynamic Host Configuration Protocol DHCP 127 7.1.1 DHCP header structure 128 7.1.2 DHCP lease renewal process 129 7.1.3 DHCP lease renewal 134 7.1.4 DHCP options and messages type 134 7.2 Domain Name System 135 7.2.1 DNS data packet structure 135 7.2.2 a simple DNS query process 136 7.2.3 DNS problem Type 138 7.2.4 DNS recursion 139 7.2.5 DNS region transfer 142 7.3 Hypertext Transfer Protocol 145 7.3.1 use HTTP browser 145 7.3.2 Use http to send data 147 7.4 summary 149 chapter 8th basic real-world scenarios 151 8.1 data packet layer social network 152 8.1.1 capture Twitter traffic 152 8.1.2 capture Facebook traffic 156 8.1.3 comparison Twitter and Facebook method 158 8.2 capture ESPN.com traffic 159 8.2.1 use session window 159 8.2.2 use protocol layer statistics window 160 8.2.3 view DNS traffic 161 8.2.4 view HTTP request 162 8.3 real-world problems 163 8.3.1 inaccessible internet: configuration Error 163 8.3.2 unable to access the Internet: Unexpected redirection 166 8.3.3 unable to access the Internet: upstream issue 169 8.3.4 Printer fault 172 8.3.5 branch troubles 175 8.3.6 angry developer 179 8.4 summary 184 chapter 9th removing network cards 185 9.1 TCP Error Recovery feature 186 9.1.1 TCP retransmission 186 9.1.2 TCP repeat validation and fast retransmission 189 9.2 TCP Flow Control 194 9.2.1 adjust the window size 195 9.2.2 use a zero-window notification to stop the data stream 196 9.2.3 TCP Sliding Window practice 197 9.3 learned from TCP Error Control and Traffic Control 200 9.4 identify high latency cause 201 9.4.1 normal communication 202 9.4.2 slow communication -- line delay 202 9.4.3 slow communication -- client delay 203 9.4.4 slow communication -- server delay 204 9.4.5 delay locating framework 204 9.5 Network baseline 205 9.5.1 site baseline 206 9.5.2 host baseline 207 9.5.3 application baseline 208 9.5.4 baseline other considerations 209 9.6 summary 209 Chapter 10th security data packet analysis 211 10.1 network reconnaissance 212 10.1.1 SYN Scan 212 10.1.2 operating system fingerprint 216 10.2 vulnerability using 219 10.2.1 Aurora action 219 10.2.2 ARP cache poisoning attack 225 10.2.3 Remote Access Trojan Horse 229 10.3 236 summary 11th Chapter 237 wireless network packet analysis 11.1 physical factors 237 11.1.1 one-time sniffing a channel 238 11.1.2 wireless signal interference 239 11.1.3 detection and analysis signal interference 239 11.2 wireless Nic mode 240 11.3 on Windows sniffing wireless network 242 11.3.1 configuration airpcap 242 11.3.2 use airpcap to capture traffic 243 11.4 sniffing on Linux 244 11.5 802.11 246 data packet structure 11.6 247 Add a wireless dedicated column in the packet list panel 11.7 248 249 wireless dedicated filter 11.7.1 filter traffic of a specific bss id 11.7.2 filter specific wireless packet type 249 11.7.3 filtering specific frequency 250 11.8 wireless network security 251 11.8.1 successful WEP authentication 251 11.8.2 failed WEP authentication 253 11.8.3 successful WPA authentication 253 11.8.4 failed WPA authentication 255 11.9 summary 256 Appendix A extended reading 257 information sources of this book: china Interactive publishing network