A Practical Guide Wireshark Forensics
5/5
()
About this ebook
A practical guide to capturing and analyzing network traffic using Wireshark.
This book shows real world network traffic analysis and shows the techniques that DevOp teams need to use to detect malicious behavior. Additionally it shows how DevOps can translate packet captures into valuable information by decoding IP packets and detect malicious activity
Read more from Alasdair Gilchrist
REST API Design Control and Management Rating: 4 out of 5 stars4/5Google Cloud Platform for Data Engineering: From Beginner to Data Engineer using Google Cloud Platform Rating: 5 out of 5 stars5/5Six Sigma Yellow Belt Certification Study Guide Rating: 0 out of 5 stars0 ratingsConcise Guide to DWDM Rating: 5 out of 5 stars5/5Spreadsheets To Cubes (Advanced Data Analytics for Small Medium Business): Data Science Rating: 0 out of 5 stars0 ratingsGoogle Cloud Platform an Architect's Guide Rating: 5 out of 5 stars5/5Concise Guide to OTN optical transport networks Rating: 4 out of 5 stars4/5An Executive Guide to Identity Access Management - 2nd Edition Rating: 4 out of 5 stars4/5Google Cloud Platform - Networking Rating: 0 out of 5 stars0 ratingsThe Layman's Guide GDPR Compliance for Small Medium Business Rating: 5 out of 5 stars5/5Supply Chain 4.0: From Stocking Shelves to Running the World Fuelled by Industry 4.0 Rating: 3 out of 5 stars3/5The Certified Ethical Hacker Exam - version 8 (The concise study guide) Rating: 3 out of 5 stars3/5A Concise Guide to Object Orientated Programming Rating: 0 out of 5 stars0 ratingsA Concise Guide to Microservices for Executive (Now for DevOps too!) Rating: 1 out of 5 stars1/5An Introduction to SDN Intent Based Networking Rating: 5 out of 5 stars5/5Digital Success: A Holistic Approach to Digital Transformation for Enterprises and Manufacturers Rating: 0 out of 5 stars0 ratingsA Last Minute Hands-on Guide to GDPR Readiness Rating: 0 out of 5 stars0 ratingsPSD2 - Open Banking for DevOps(Sec) Rating: 5 out of 5 stars5/5Why Industry 4.0 Sucks! Rating: 0 out of 5 stars0 ratingsConcise and Simple Guide to IP Subnets Rating: 5 out of 5 stars5/5Tackling Fraud Rating: 4 out of 5 stars4/5FinTech Rising: Navigating the maze of US & EU regulations Rating: 5 out of 5 stars5/5GDPR for DevOp(Sec) - The laws, Controls and solutions Rating: 5 out of 5 stars5/5The Concise Guide to SSL/TLS for DevOps Rating: 5 out of 5 stars5/5ChatGPT Will Won't Save The World Rating: 0 out of 5 stars0 ratingsManagement Accounting for New Managers Rating: 1 out of 5 stars1/5SRS - How to build a Pen Test and Hacking Platform Rating: 2 out of 5 stars2/5Concise Guide to CompTIA Security + Rating: 3 out of 5 stars3/5The Concise Guide to the Internet of Things for Executives Rating: 4 out of 5 stars4/5
Related to A Practical Guide Wireshark Forensics
Related ebooks
Wireshark Essentials Rating: 0 out of 5 stars0 ratingsThe Wireshark Field Guide: Analyzing and Troubleshooting Network Traffic Rating: 4 out of 5 stars4/5Mastering Wireshark Rating: 2 out of 5 stars2/5Packet Analysis with Wireshark Rating: 0 out of 5 stars0 ratingsInstant Traffic Analysis with Tshark How-to Rating: 0 out of 5 stars0 ratingsHands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming Rating: 3 out of 5 stars3/5Wireshark for Security Professionals: Using Wireshark and the Metasploit Framework Rating: 4 out of 5 stars4/5Netcat Power Tools Rating: 3 out of 5 stars3/5Kali Linux Penetration Testing Bible Rating: 0 out of 5 stars0 ratingsSecurity+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5Comptia Security+ Primer Rating: 5 out of 5 stars5/5Cisco Packet Tracer for Beginners Rating: 5 out of 5 stars5/5Computer Networking: An introductory guide for complete beginners: Computer Networking, #1 Rating: 5 out of 5 stars5/5Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security Rating: 0 out of 5 stars0 ratingsTCP/IP Networking Interview Questions, Answers, and Explanations: TCP/IP Network Certification Review Rating: 5 out of 5 stars5/5The Compete Ccna 200-301 Study Guide: Network Engineering Edition Rating: 5 out of 5 stars5/5Wireshark Network Security Rating: 3 out of 5 stars3/5Nmap Essentials Rating: 4 out of 5 stars4/5Kali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5Mastering Kali Linux for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsAn Ultimate Guide to Kali Linux for Beginners Rating: 3 out of 5 stars3/5Network Analysis Using Wireshark Cookbook Rating: 0 out of 5 stars0 ratingsTCP/IP for Everyone Rating: 4 out of 5 stars4/5Stealing The Network: How to Own the Box Rating: 4 out of 5 stars4/5Hands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools Rating: 0 out of 5 stars0 ratings
Information Technology For You
How to Write Effective Emails at Work Rating: 4 out of 5 stars4/5AWS Certified Cloud Practitioner: Study Guide with Practice Questions and Labs Rating: 5 out of 5 stars5/5Investigating Child Exploitation and Pornography: The Internet, Law and Forensic Science Rating: 5 out of 5 stars5/5Inkscape Beginner’s Guide Rating: 5 out of 5 stars5/5Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5Health Informatics: Practical Guide Rating: 0 out of 5 stars0 ratingsComputer Science: A Concise Introduction Rating: 4 out of 5 stars4/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5CODING INTERVIEW: Advanced Methods to Learn and Excel in Coding Interview Rating: 0 out of 5 stars0 ratingsChatGPT: The Future of Intelligent Conversation Rating: 4 out of 5 stars4/5CompTIA Network+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5Data Governance For Dummies Rating: 0 out of 5 stars0 ratingsData Analytics for Beginners: Introduction to Data Analytics Rating: 4 out of 5 stars4/5How To Stay Private Online Protecting Your Online Privacy and Shielding Your Online Presence from Snoopers Rating: 0 out of 5 stars0 ratingsMicro Niches Rating: 0 out of 5 stars0 ratingsHow To Use Chatgpt: Using Chatgpt To Make Money Online Has Never Been This Simple Rating: 0 out of 5 stars0 ratingsAn Ultimate Guide to Kali Linux for Beginners Rating: 3 out of 5 stars3/5CompTIA ITF+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam FC0-U61 Rating: 0 out of 5 stars0 ratingsSharePoint Designer Tutorial: Working with SharePoint Websites Rating: 1 out of 5 stars1/5The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Rating: 4 out of 5 stars4/5How to Find a Wolf in Siberia (or, How to Troubleshoot Almost Anything) Rating: 0 out of 5 stars0 ratingsThe Programmer's Brain: What every programmer needs to know about cognition Rating: 5 out of 5 stars5/5Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5Panda3d 1.7 Game Developer's Cookbook Rating: 0 out of 5 stars0 ratingsSupercommunicator: Explaining the Complicated So Anyone Can Understand Rating: 3 out of 5 stars3/5Linux Command Line and Shell Scripting Bible Rating: 3 out of 5 stars3/5Summary of Super-Intelligence From Nick Bostrom Rating: 5 out of 5 stars5/5
Reviews for A Practical Guide Wireshark Forensics
4 ratings0 reviews
Book preview
A Practical Guide Wireshark Forensics - alasdair gilchrist
A Practical Guide to Wireshark Network Analysis
Wireshark – Practical Analysis and Forensics
What is Wireshark?
How does it work?
Port Mirroring
Downloading Wireshark
Getting Started
Capturing Packets
Color Coding
Filtering Output
Using Wireshark Sample Source Files
Questions
Part A - Ping.pcap
B - Scan.pcap
C – Malicious.pcap
D- portscan.cap
E-deep.cap
Answers with Workings
Wireshark – Practical Analysis and Forensics
––––––––
What is Wireshark?
Wireshark is an open source, network protocol analyzer for Linux and Windows. It has many features as standard such as deep inspection of hundreds of protocols, live capture and offline analysis. Wireshark has an intuitive GUI frontend plus many inbuilt sorting and filtering options making it very simple to use even for beginners. Tshark is the terminal version of Wireshark which is very similar to Tcpdump.
How does it work?
Wireshark works simply by placing the network card on the machine on which it is running into what is called promiscuous mode. In this more of operation the network card will accept any network information not just information specifically addressed to itself, which is the normal mode of operation.
In a hub network, which is rare these days, this will be sufficient as all network traffic will be send out every port on the hub thereby ensuring that the Wireshark network card would receive all traffic traversing the network. Today's modern networks are not hubs though, they are switches, which means only traffic destined for a host station known to be connected on a port is send out that port. This greatly reduces unnecessary traffic on the network. Unfortunately, this means that Wireshark will not receive all the traffic on the network as it will only see traffic exiting the switch, which is destined for its own directly connected network card.
Port Mirroring
The solution to the switched