What this book covers

Chapter 1, Getting Acquainted with Wireshark, starts with the first step. This introductory chapter will help you quickly start developing proficiency with Wireshark by getting it installed and doing something fun and useful, such as performing a packet capture, isolating and filtering some traffic of interest, and saving a trace file before diving into more details and the supporting concepts in the later chapters.

Chapter 2, Networking for Packet Analysts, provides an overview of network technologies, foundational network protocols including IP, UDP, and TCP, and how the most common protocols fit together within the OSI and DARPA model levels. The goal of this chapter is to develop a good mental model of how networks and protocols function together to allow you to confidently and effectively approach packet-level analysis.

Chapter 3, Capturing All the Right Packets, covers the details of how to correctly position Wireshark in the network and configure it to capture the desired packets, how to identify network conversations of interest and apply display filters to isolate just those packets, and finally save a filtered file for further or later analysis. These are the essential skills that support practical packet analysis.

Chapter 4, Configuring Wireshark, provides a number of features that can be configured and employed to enhance the accuracy and ease of analysis activities. The various ways to display and interpret packet timestamps are especially important and we'll cover these topics thoroughly, along with other essential configuration options, packet list coloring to help identify important events, and how to save different configurations in customized profiles that can be tailored and selected for various analysis tasks.

Chapter 5, Network Protocols, covers a number of other essential and useful network protocols that you should be familiar with, including ICMP, DNS, DHCP, an introductory review of Internet Protocol Version 6 (IPv6), and an example application layer protocol (HTTP). We will also discuss basic Wireshark capture and display filters.

Chapter 6, Troubleshooting and Performance Analysis, provides methodologies to apply your new skills and protocol knowledge to the primary purpose for which Wireshark was developed: troubleshooting and analyzing network and application issues and performance. We'll cover the top reasons for poor performance and how to use Wireshark to detect and measure them.

Chapter 7, Packet Analysis for Security Tasks, introduces the use of Wireshark to detect and analyze suspect traffic such as scans and sweeps, operating system fingerprinting, malformed packets, phone home traffic, and other unusual packets and patterns that could indicate malicious origin.

Chapter 8, Command-line and Other Utilities, covers some of the most useful command-line utilities provided with Wireshark to perform packet captures with minimal resources and to manipulate packet trace files. We will also discuss a few other tools that can help you round out your packet analysis toolset.