PacktLib: Network Analysis using Wireshark Cookbook

Network Analysis Using Wireshark Cookbook

Credits

About the Author

Acknowledgments

About the Reviewers

www.PacktPub.com

Preface

Introducing Wireshark

Introduction

Locating Wireshark

Starting the capture of data

Configuring the start window

Using time values and summaries

Configuring coloring rules and navigation techniques

Saving, printing, and exporting data

Configuring the user interface in the Preferences menu

Configuring protocol preferences

Using Capture Filters

Introduction

Configuring capture filters

Configuring Ethernet filters

Configuring host and network filters

Configuring TCP/UDP and port filters

Configuring compound filters

Configuring byte offset and payload matching filters

Using Display Filters

Introduction

Configuring display filters

Configuring Ethernet, ARP, host, and network filters

Configuring TCP/UDP filters

Configuring specific protocol filters

Configuring substring operator filters

Configuring macros

Using Basic Statistics Tools

Introduction

Using the Summary tool from the Statistics menu

Using the Protocol Hierarchy tool from the Statistics menu

Using the Conversations tool from the Statistics menu

Using the Endpoints tool from the Statistics menu

Using the HTTP tool from the Statistics menu

Configuring Flow Graph for viewing TCP flows

Creating IP-based statistics

Using Advanced Statistics Tools

Introduction

Configuring IO Graphs with filters for measuring network performance issues

Throughput measurements with IO Graph

Advanced IO Graph configurations with advanced Y-Axis parameters

Getting information through TCP stream graphs – the Time-Sequence (Stevens) window

Getting information through TCP stream graphs – the Time-Sequence (tcp-trace) window

Getting information through TCP stream graphs – the Throughput Graph window

Getting information through TCP stream graphs – the Round Trip Time window

Getting information through TCP stream graphs – the Window Scaling Graph window

Using the Expert Infos Window

Introduction

The Expert Infos window and how to use it for network troubleshooting

Error events and understanding them

Warning events and understanding them

Notes events and understanding them

Ethernet, LAN Switching, and Wireless LAN

Introduction

Discovering broadcast and error storms

Analyzing Spanning Tree Protocols

Analyzing VLANs and VLAN tagging issues

Analyzing wireless (Wi-Fi) problems

ARP and IP Analysis

Introduction

Analyzing connectivity problems with ARP

Using IP traffic analysis tools

Using GeoIP to look up physical locations of the IP address

Finding fragmentation problems

Analyzing routing problems

Finding duplicate IPs

Analyzing DHCP problems

UDP/TCP Analysis

Introduction

Configuring TCP and UDP preferences for troubleshooting

TCP connection problems

TCP retransmission – where do they come from and why

Duplicate ACKs and fast retransmissions

TCP out-of-order packet events

TCP Zero Window, Window Full, Window Change, and other Window indicators

TCP resets and why they happen

HTTP and DNS

Introduction

Filtering DNS traffic

Analyzing regular DNS operations

Analysing DNS problems

Filtering HTTP traffic

Configuring HTTP preferences

Analyzing HTTP problems

Exporting HTTP objects

HTTP flow analysis and the Follow TCP Stream window

Analyzing HTTPS traffic – SSL/TLS basics

Analyzing Enterprise Applications' Behavior

Introduction

Finding out what is running over your network

Analyzing FTP problems

Analyzing e-mail traffic and troubleshooting e-mail problems – POP, IMAP, and SMTP

Analyzing MS-TS and Citrix communications problems

Analyzing problems in the NetBIOS protocols

Analyzing database traffic and common problems

SIP, Multimedia, and IP Telephony

Introduction

Using Wireshark's features for telephony and multimedia analysis

Analyzing SIP connectivity

Analyzing RTP/RTCP connectivity

Troubleshooting scenarios for video and surveillance applications

Troubleshooting scenarios for IPTV applications

Troubleshooting scenarios for video conferencing applications

Troubleshooting RTSP

Troubleshooting Bandwidth and Delay Problems

Introduction

Measuring total bandwidth on a communication link

Measuring bandwidth and throughput per user and per application over a network connection

Monitoring jitter and delay using Wireshark

Discovering delay/jitter-related application problems

Understanding Network Security

Introduction

Discovering unusual traffic patterns

Discovering MAC- and ARP-based attacks

Discovering ICMP and TCP SYN/Port scans

Discovering DoS and DDoS attacks

Locating smart TCP attacks

Discovering brute-force and application attacks

Links, Tools, and Reading

Links, Tools, and Reading

Links, Tools, and Reading

Links, Tools, and Reading

Links, Tools, and Reading

Links, Tools, and Reading

Links, Tools, and Reading

Index