Găsiți următorul dvs. carte preferat

Deveniți un membru astăzi și citiți gratuit pentru 30 zile
A Practical Guide Wireshark Forensics

A Practical Guide Wireshark Forensics

Citiți previzualizarea

A Practical Guide Wireshark Forensics

evaluări:
5/5 (4 evaluări)
Lungime:
46 pages
24 minutes
Lansat:
Jun 20, 2015
ISBN:
9781513010519
Format:
Carte

Descriere

A practical guide to capturing and analyzing network traffic using Wireshark. 
This book shows real world network traffic analysis and shows the techniques that DevOp teams need to use to detect malicious behavior. Additionally it shows how DevOps can translate packet captures into valuable information by decoding IP packets and detect malicious activity

Lansat:
Jun 20, 2015
ISBN:
9781513010519
Format:
Carte

Despre autor


Legat de A Practical Guide Wireshark Forensics

Citiți mai multe de la Alasdair Gilchrist
Cărți conex
Articole conexe

Previzualizare carte

A Practical Guide Wireshark Forensics - alasdair gilchrist

Workings

A Practical Guide to Wireshark Network Analysis

Wireshark – Practical Analysis and Forensics

What is Wireshark?

How does it work?

Port Mirroring

Downloading Wireshark

Getting Started

Capturing Packets

Color Coding

Filtering Output

Using Wireshark Sample Source Files

Questions

Part A - Ping.pcap

B - Scan.pcap

C – Malicious.pcap

D- portscan.cap

E-deep.cap

Answers with Workings

Wireshark – Practical Analysis and Forensics

––––––––

What is Wireshark?

Wireshark is an open source, network protocol analyzer for Linux and Windows. It has many features as standard such as deep inspection of hundreds of protocols, live capture and offline analysis. Wireshark has an intuitive GUI frontend plus many inbuilt sorting and filtering options making it very simple to use even for beginners. Tshark is the terminal version of Wireshark which is very similar to Tcpdump.

How does it work?

Wireshark works simply by placing the network card on the machine on which it is running into what is called promiscuous mode. In this more of operation the network card will accept any network information not just information specifically addressed to itself, which is the normal mode of operation.

In a hub network, which is rare these days, this will be sufficient as all network traffic will be send out every port on the hub thereby ensuring that the Wireshark network card would receive all traffic traversing the network. Today's modern networks are not hubs though, they are switches, which means only traffic destined for a host station known to be connected on a port is send out that port. This greatly reduces unnecessary traffic on the network. Unfortunately, this means that Wireshark will not receive all the traffic on the network as it will only see traffic exiting the switch, which is destined for its own directly connected network card.

Port Mirroring

The solution to the

Ați ajuns la sfârșitul acestei previzualizări. Înscrieți-vă pentru a citi mai multe!
Pagina 1 din 1

Recenzii

Ce părere au oamenii despre A Practical Guide Wireshark Forensics

4.8
4 evaluări / 0 Recenzii
Ce părere aveți?
Evaluare: 0 din 5 stele

Recenziile cititorilor