چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

Practical Packet Analysis : Using Wireshark to Solve Real-world Network Problems

Chris Sanders, Chris Sanders

قیمت نهایی

۴۹٬۰۰۰ تومان

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

سال انتشار
۲۰۱۱
فرمت
PDF
زبان
انگلیسی
حجم فایل
۱۷٫۳ مگابایت
شابک
9781593271497، 9781593272661، 9781593273989، 9782111234567، 1593271492، 1593272669، 1593273983، 2111234567

دربارهٔ کتاب

Wireshark is the world's most popular'packet sniffer,'allowing its users to uncover valuable information about computer networks by analyzing the TCP packets that travel through them. This significantly revised and expanded second edition of Practical Packet Analysis shows you how to use Wireshark to capture raw network traffic, filter and analyze packets, and diagnose common network problems. Author Chris Sanders begins by discussing how networks work and gives you a solid understanding of how packets travel along the wire. He then explains how Wireshark can be used to monitor and troubleshoot networks. Numerous case studies help you apply your newfound knowledge to your networks. This revision offers more detailed explanations of key networking protocols; expanded discussions of wireless protocol analysis and an examination of network security at the packet level; expanded discussion of the meaning of packets and how they can offer insight into network structure; and new scenarios and examples. Whether fighting a virus infestation or a confounding connectivity problem, Practical Packet Analysis, 2nd Edition will help you find the problem and fix it. Copyright 6 Acknowledgments 17 Introduction 19 Why This Book? 19 Concepts and Approach 20 How to Use This Book 21 About the Sample Capture Files 22 The Rural Technology Fund 22 Contacting Me 22 1: Packet Analysis and Network Basics 23 Packet Analysis and Packet Sniffers 24 Evaluating a Packet Sniffer 24 How Packet Sniffers Work 25 How Computers Communicate 26 Protocols 26 The Seven-Layer OSI Model 27 Data Encapsulation 30 Network Hardware 32 Traffic Classifications 36 Broadcast Traffic 36 Multicast Traffic 37 Unicast Traffic 37 Final Thoughts 38 2: Tapping into the Wire 39 Living Promiscuously 40 Sniffing Around Hubs 41 Sniffing in a Switched Environment 42 Port Mirroring 43 Hubbing Out 44 Using a Tap 46 ARP Cache Poisoning 48 Sniffing in a Routed Environment 52 Sniffer Placement in Practice 53 3: Introduction to Wireshark 57 A Brief History of Wireshark 57 The Benefits of Wireshark 58 Installing Wireshark 59 Installing on Microsoft Windows Systems 59 Installing on Linux Systems 61 Installing on Mac OS X Systems 62 Wireshark Fundamentals 63 Your First Packet Capture 63 Wireshark’s Main Window 64 Wireshark Preferences 65 Packet Color Coding 67 4: Working with Captured Packets 69 Working with Capture Files 69 Saving and Exporting Capture Files 70 Merging Capture Files 71 Working with Packets 71 Finding Packets 72 Marking Packets 73 Printing Packets 73 Setting Time Display Formats and References 74 Time Display Formats 74 Packet Time Referencing 74 Setting Capture Options 75 Capture Settings 75 Capture File(s) Settings 76 Stop Capture Settings 77 Display Options 78 Name Resolution Settings 78 Using Filters 78 Capture Filters 78 Display Filters 84 Saving Filters 87 5: Advanced Wireshark Features 89 Network Endpoints and Conversations 89 Viewing Endpoints 90 Viewing Network Conversations 91 Troubleshooting with the Endpoints and Conversations Windows 92 Protocol Hierarchy Statistics 93 Name Resolution 94 Enabling Name Resolution 95 Potential Drawbacks to Name Resolution 95 Protocol Dissection 96 Changing the Dissector 96 Viewing Dissector Source Code 98 Following TCP Streams 98 Packet Lengths 100 Graphing 101 Viewing IO Graphs 101 Round-Trip Time Graphing 103 Flow Graphing 104 Expert Information 104 6: Common Lower-Layer Protocols 107 Address Resolution Protocol 108 The ARP Header 109 Packet 1: ARP Request 110 Packet 2: ARP Response 111 Gratuitous ARP 111 Internet Protocol 113 IP Addresses 113 The IPv4 Header 114 Time to Live 115 IP Fragmentation 117 Transmission Control Protocol 120 The TCP Header 120 TCP Ports 121 The TCP Three-Way Handshake 123 TCP Teardown 125 TCP Resets 127 User Datagram Protocol 127 The UDP Header 128 Internet Control Message Protocol 129 The ICMP Header 129 ICMP Types and Messages 129 Echo Requests and Responses 130 Traceroute 132 7: Common Upper-Layer Protocols 135 Dynamic Host Configuration Protocol 135 The DHCP Packet Structure 136 The DHCP Renewal Process 137 DHCP In-Lease Renewal 141 DHCP Options and Message Types 142 Domain Name System 142 The DNS Packet Structure 143 A Simple DNS Query 144 DNS Question Types 146 DNS Recursion 146 DNS Zone Transfers 149 Hypertext Transfer Protocol 151 Browsing with HTTP 151 Posting Data with HTTP 153 Final Thoughts 154 8: Basic Real-World Scenarios 155 Social Networking at the Packet Level 156 Capturing Twitter Traffic 156 Capturing Facebook Traffic 159 Comparing Twitter vs. Facebook Methods 162 Capturing ESPN.com Traffic 162 Using the Conversations Window 162 Using the Protocol Hierarchy Statistics Window 163 Viewing DNS Traffic 164 Viewing HTTP Requests 165 Real-World Problems 166 No Internet Access: Configuration Problems 166 No Internet Access: Unwanted Redirection 169 No Internet Access: Upstream Problems 172 Inconsistent Printer 175 Stranded in a Branch Office 177 Ticked-Off Developer 181 Final Thoughts 185 9: Fighting a Slow Network 187 TCP Error-Recovery Features 188 TCP Retransmissions 188 TCP Duplicate Acknowledgments and Fast Retransmissions 191 TCP Flow Control 195 Adjusting the Window Size 196 Halting Data Flow with a Zero Window Notification 197 The TCP Sliding Window in Practice 197 Learning from TCP Error-Control and Flow-Control Packets 200 Locating the Source of High Latency 201 Normal Communications 202 Slow Communications—Wire Latency 202 Slow Communications—Client Latency 203 Slow Communications—Server Latency 204 Latency Locating Framework 204 Network Baselining 205 Site Baseline 206 Host Baseline 207 Application Baseline 208 Additional Notes on Baselines 208 Final Thoughts 209 10: Packet Analysis for Security 211 Reconnaissance 212 SYN Scan 212 Operating System Fingerprinting 216 Exploitation 219 Operation Aurora 219 ARP Cache Poisoning 224 Remote-Access Trojan 228 Final Thoughts 235 11: Wireless Packet Analysis 237 Physical Considerations 238 Sniffing One Channel at a Time 238 Wireless Signal Interference 239 Detecting and Analyzing Signal Interference 239 Wireless Card Modes 240 Sniffing Wirelessly in Windows 241 Configuring AirPcap 241 Capturing Traffic with AirPcap 243 Sniffing Wirelessly in Linux 244 802.11 Packet Structure 245 Adding Wireless-Specific Columns to the Packet List Pane 247 Wireless-Specific Filters 248 Filtering Traffic for a Specific BSS ID 248 Filtering Specific Wireless Packet Types 249 Filtering a Specific Frequency 249 Wireless Security 250 Successful WEP Authentication 251 Failed WEP Authentication 252 Successful WPA Authentication 253 Failed WPA Authentication 254 Final Thoughts 255 Further Reading 257 Packet Analysis Tools 257 tcpdump and Windump 257 Cain & Abel 258 Scapy 258 Netdude 258 Colasoft Packet Builder 259 CloudShark 259 pcapr 259 NetworkMiner 260 Tcpreplay 260 ngrep 260 libpcap 261 hping 261 Domain Dossier 261 Perl and Python 261 Packet Analysis Resources 261 Wireshark Home Page 261 SANS Security Intrusion Detection In-Depth Course 261 Chris Sanders Blog 262 Packetstan Blog 262 Wireshark University 262 IANA 262 TCP/IP Illustrated (Addison-Wesley) 262 The TCP/IP Guide (No Starch Press) 262 Copyright......Page 6 Acknowledgments......Page 17 Why This Book?......Page 19 Concepts and Approach......Page 20 How to Use This Book......Page 21 Contacting Me......Page 22 1: Packet Analysis and Network Basics ......Page 23 Evaluating a Packet Sniffer......Page 24 How Packet Sniffers Work......Page 25 Protocols......Page 26 The Seven-Layer OSI Model......Page 27 Data Encapsulation......Page 30 Network Hardware......Page 32 Broadcast Traffic......Page 36 Unicast Traffic......Page 37 Final Thoughts......Page 38 2: Tapping into the Wire ......Page 39 Living Promiscuously......Page 40 Sniffing Around Hubs......Page 41 Sniffing in a Switched Environment......Page 42 Port Mirroring......Page 43 Hubbing Out......Page 44 Using a Tap......Page 46 ARP Cache Poisoning......Page 48 Sniffing in a Routed Environment......Page 52 Sniffer Placement in Practice......Page 53 A Brief History of Wireshark......Page 57 The Benefits of Wireshark......Page 58 Installing on Microsoft Windows Systems......Page 59 Installing on Linux Systems......Page 61 Installing on Mac OS X Systems......Page 62 Your First Packet Capture......Page 63 Wireshark’s Main Window......Page 64 Wireshark Preferences......Page 65 Packet Color Coding......Page 67 Working with Capture Files......Page 69 Saving and Exporting Capture Files......Page 70 Working with Packets......Page 71 Finding Packets......Page 72 Printing Packets......Page 73 Packet Time Referencing......Page 74 Capture Settings......Page 75 Capture File(s) Settings......Page 76 Stop Capture Settings......Page 77 Capture Filters......Page 78 Display Filters......Page 84 Saving Filters......Page 87 Network Endpoints and Conversations......Page 89 Viewing Endpoints......Page 90 Viewing Network Conversations......Page 91 Troubleshooting with the Endpoints and Conversations Windows......Page 92 Protocol Hierarchy Statistics......Page 93 Name Resolution......Page 94 Potential Drawbacks to Name Resolution......Page 95 Changing the Dissector......Page 96 Following TCP Streams......Page 98 Packet Lengths......Page 100 Viewing IO Graphs......Page 101 Round-Trip Time Graphing......Page 103 Expert Information......Page 104 6: Common Lower-Layer Protocols ......Page 107 Address Resolution Protocol......Page 108 The ARP Header......Page 109 Packet 1: ARP Request......Page 110 Gratuitous ARP......Page 111 IP Addresses......Page 113 The IPv4 Header......Page 114 Time to Live......Page 115 IP Fragmentation......Page 117 The TCP Header......Page 120 TCP Ports......Page 121 The TCP Three-Way Handshake......Page 123 TCP Teardown......Page 125 User Datagram Protocol......Page 127 The UDP Header......Page 128 ICMP Types and Messages......Page 129 Echo Requests and Responses......Page 130 Traceroute......Page 132 Dynamic Host Configuration Protocol......Page 135 The DHCP Packet Structure......Page 136 The DHCP Renewal Process......Page 137 DHCP In-Lease Renewal......Page 141 Domain Name System......Page 142 The DNS Packet Structure......Page 143 A Simple DNS Query......Page 144 DNS Recursion......Page 146 DNS Zone Transfers......Page 149 Browsing with HTTP......Page 151 Posting Data with HTTP......Page 153 Final Thoughts......Page 154 8: Basic Real-World Scenarios ......Page 155 Capturing Twitter Traffic......Page 156 Capturing Facebook Traffic......Page 159 Using the Conversations Window......Page 162 Using the Protocol Hierarchy Statistics Window......Page 163 Viewing DNS Traffic......Page 164 Viewing HTTP Requests......Page 165 No Internet Access: Configuration Problems......Page 166 No Internet Access: Unwanted Redirection......Page 169 No Internet Access: Upstream Problems......Page 172 Inconsistent Printer......Page 175 Stranded in a Branch Office......Page 177 Ticked-Off Developer......Page 181 Final Thoughts......Page 185 9: Fighting a Slow Network ......Page 187 TCP Retransmissions......Page 188 TCP Duplicate Acknowledgments and Fast Retransmissions......Page 191 TCP Flow Control......Page 195 Adjusting the Window Size......Page 196 The TCP Sliding Window in Practice......Page 197 Learning from TCP Error-Control and Flow-Control Packets......Page 200 Locating the Source of High Latency......Page 201 Slow Communications—Wire Latency......Page 202 Slow Communications—Client Latency......Page 203 Latency Locating Framework......Page 204 Network Baselining......Page 205 Site Baseline......Page 206 Host Baseline......Page 207 Additional Notes on Baselines......Page 208 Final Thoughts......Page 209 10: Packet Analysis for Security ......Page 211 SYN Scan......Page 212 Operating System Fingerprinting......Page 216 Operation Aurora......Page 219 ARP Cache Poisoning......Page 224 Remote-Access Trojan......Page 228 Final Thoughts......Page 235 11: Wireless Packet Analysis ......Page 237 Sniffing One Channel at a Time......Page 238 Detecting and Analyzing Signal Interference......Page 239 Wireless Card Modes......Page 240 Configuring AirPcap......Page 241 Capturing Traffic with AirPcap......Page 243 Sniffing Wirelessly in Linux......Page 244 802.11 Packet Structure......Page 245 Adding Wireless-Specific Columns to the Packet List Pane......Page 247 Filtering Traffic for a Specific BSS ID......Page 248 Filtering a Specific Frequency......Page 249 Wireless Security......Page 250 Successful WEP Authentication......Page 251 Failed WEP Authentication......Page 252 Successful WPA Authentication......Page 253 Failed WPA Authentication......Page 254 Final Thoughts......Page 255 tcpdump and Windump......Page 257 Netdude......Page 258 pcapr......Page 259 ngrep......Page 260 SANS Security Intrusion Detection In-Depth Course......Page 261 The TCP/IP Guide (No Starch Press)......Page 262 It's easy enough to install Wireshark and begin capturing packets off the wire--or from the air. But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. The way the pros do it.

Wireshark (derived from the Ethereal project), has become the world's most popular network sniffing application. But while Wireshark comes with documentation, there's not a whole lot of information to show you how to use it in real-world scenarios. Practical Packet Analysis shows you how to:

* Use packet analysis to tackle common network problems, such as loss of connectivity, slow networks, malware infections, and more
* Build customized capture and display filters
* Tap into live network communication
* Graph traffic patterns to visualize the data flowing across your network
* Use advanced Wireshark features to understand confusing packets
* Build statistics and reports to help you better explain technical network information to non-technical users

Because net-centric computing requires a deep understanding of network communication at the packet level, Practical Packet Analysis is a must have for any network technician, administrator, or engineer troubleshooting network problems of any kind.

Technical review by Gerald Combs, creator of Wireshark It's easy to capture packets with Wireshark, the world's most popular network sniffer, whether off the wire or from the air. But how do you use those packets to understand what's happening on your network? With an expanded discussion of network protocols and 45 completely new scenarios, this extensively revised second edition of the best-selling __Practical Packet Analysis__ will teach you how to make sense of your PCAP data. You'll find new sections on troubleshooting slow networks and packet analysis for security to help you better understand how modern exploits and malware behave at the packet level. Add to this a thorough introduction to the TCP/IP network stack and you're on your way to packet analysis proficiency. Learn how to: * Use packet analysis to identify and resolve common network problems like loss of connectivity, DNS issues, sluggish speeds, and malware infections * Build customized capture and display filters * Monitor your network in real-time and tap live network communications * Graph traffic patterns to visualize the data flowing across your network * Use advanced Wireshark features to understand confusing captures * Build statistics and reports to help you better explain technical network information to non-techies __Practical Packet Analysis__ is a must for any network technician, administrator, or engineer. Stop guessing and start troubleshooting the problems on your network. Provides information on ways to use Wireshark to capture and analyze packets, covering such topics as building customized capture and display filters, graphing traffic patterns, and building statistics and reports. This significantly revised and expanded edition discusses how to use Wireshark to capture raw network traffic, filter and analyze packets, and diagnose common network problems.

قیمت نهایی

۴۹٬۰۰۰ تومان