Wireshark for Network Forensics
Wireshark for Network Forensics, Apress
An Essential Guide for IT and Cloud Professionals
Von Nagendra Kumar Nainar, Ashish Panda, im heise Shop in digitaler Fassung erhältlich
An Essential Guide for IT and Cloud Professionals
Von Nagendra Kumar Nainar, Ashish Panda, im heise Shop in digitaler Fassung erhältlich
Produktinformationen "Wireshark for Network Forensics"
With the advent of emerging and complex technologies, traffic capture and analysis play an integral part in the overall IT operation. This book outlines the rich set of advanced features and capabilities of the Wireshark tool, considered by many to be the de-facto Swiss army knife for IT operational activities involving traffic analysis. This open-source tool is available as CLI or GUI. It is designed to capture using different modes, and to leverage the community developed and integrated features, such as filter-based analysis or traffic flow graph view.
You'll start by reviewing the basics of Wireshark, and then examine the details of capturing and analyzing secured application traffic such as SecureDNS, HTTPS, and IPSec. You'll then look closely at the control plane and data plane capture, and study the analysis of wireless technology traffic such as 802.11, which is the common access technology currently used, along with Bluetooth. You'll also learn ways to identify network attacks, malware, covert communications, perform security incident post mortems, and ways to prevent the same.
The book further explains the capture and analysis of secure multimedia traffic, which constitutes around 70% of all overall internet traffic. Wireshark for Network Forensics provides a unique look at cloud and cloud-native architecture-based traffic capture in Kubernetes, Docker-based, AWS, and GCP environments.
WHAT YOU'LL LEARN
* Review Wireshark analysis and network forensics
* Study traffic capture and its analytics from mobile devices
* Analyze various access technology and cloud traffic
* Write your own dissector for any new or proprietary packet formats
* Capture secured application traffic for analysis
WHO THIS BOOK IS FOR
IT Professionals, Cloud Architects, Infrastructure Administrators, and Network/Cloud Operators
Nagendra Kumar Nainar (CCIE#20987) is a Principal Engineer with Cisco Customer Experience(CX) Organization (Formerly TAC), focusing on Enterprise customers. He is the co-inventor of more than 130 patent applications in different technologies including Virtualization/Container technologies. He is the co-author of multiple Internet RFCs, various Internet drafts and IEEE papers. Nagendra also co-authored multiple technical books with leading publishers such as Cisco Press and Packt Publication. He is a guest lecturer in North Carolina State University and a speaker in different network forums.
ASHISH PANDA (CCIE#33270) is a Senior Technical Leader with Cisco Systems Customer Experience CX Organization primarily focused on handling complex service provider network design and troubleshooting escalations. He has 19+ years of rich experience in network design, operation, and troubleshooting with various large enterprises and service provider networks (ISP, satellite, MPLS, 5G, and cloud) worldwide. He is a speaker at various Cisco internal and external events and is very active in the network industry standard bodies.
CHAPTER 1: WIRESHARK PRIMER
· Introduction to Wireshark Architecture
· Wireshark Package installation and Usage
· Wireshark Cloud Services
· Version and feature parity
· Basic Analysis and filtering
· Data stream and Graphs
· Summary
CHAPTER 2: PACKET CAPTURE AND ANALYSIS
§ Native Tool based Traffic Capture
§ Wireshark tool based Traffic Capture
§ Wireless Capture Modes and Configurations
· High volume packet analysis (size based, capture filters)
· Wireshark command line tool
· Mobile devices Traffic Capture
CHAPTER 3: CAPTURING SECURED APPLICATION FOR ANALYSIS
· Introduction to Secured Applications
· Secure DNS
· HTTPS
· mTLS
· IPsec, ISAKMP, Kerberos
· SNMPv3
· WEP, and WPA/WPA2/WPA3
CHAPTER4: WIRELESS PACKET CAPTURE AND ANALYSIS
· Basics of Wireless Technology
· Wireless packet types (data, control, auth)
· Wireless operational aspects and effect on wireshark capture
· Effect of Wireshark modes (monitor, promiscuous) on wireless capture
· Setting up Wireshark 802.11 captures for various OS types
· Decoding beacons/WEP/WPA/WPA2
· Wireless packet analysis
CHAPTER 5: MULTIMEDIA CAPTURE AND ANALYSIS
· Introduction to Multimedia Applications
· Export Objects (file, images applications) from data stream
· video content extraction and replay (RTP / RTSP)
· mpeg live streams capture and replay
· VoIP call analysis and replay
CHAPTER 6: CLOUD AND CLOUD-NATIVE TRAFFIC CAPTURE
· Introduction and Cloud and Cloud Native Applications
· Native and Wireshark Captures in AWS
· Native and Wireshark Captures in GCP
· Native and Wireshark Captures in Azure
· LXC and Namespace based capture
· Kubernetes POD capture
CHAPTER 7: BLUETOOTH PROTOCOL CAPTURE AND ANALYSIS
· Introduction to Bluetooth and Usecase
· HCIDump captures
· Bluetooth protocol analysis
CHAPTER 8: WIRESHARK ANALYSIS AND NETWORK FORENSIC
· Networking protocol operation analysis
· Analyzing network throughput issues, performance degradations
· Network security attack identification , post mortems, prevention
· Discovering malwares, covert communications
· Packet replays
CHAPTER 9: WRITING YOUR OWN DISSECTOR
· Wireshark Dissectors
· Use Case Example
· Dissector Example
You'll start by reviewing the basics of Wireshark, and then examine the details of capturing and analyzing secured application traffic such as SecureDNS, HTTPS, and IPSec. You'll then look closely at the control plane and data plane capture, and study the analysis of wireless technology traffic such as 802.11, which is the common access technology currently used, along with Bluetooth. You'll also learn ways to identify network attacks, malware, covert communications, perform security incident post mortems, and ways to prevent the same.
The book further explains the capture and analysis of secure multimedia traffic, which constitutes around 70% of all overall internet traffic. Wireshark for Network Forensics provides a unique look at cloud and cloud-native architecture-based traffic capture in Kubernetes, Docker-based, AWS, and GCP environments.
WHAT YOU'LL LEARN
* Review Wireshark analysis and network forensics
* Study traffic capture and its analytics from mobile devices
* Analyze various access technology and cloud traffic
* Write your own dissector for any new or proprietary packet formats
* Capture secured application traffic for analysis
WHO THIS BOOK IS FOR
IT Professionals, Cloud Architects, Infrastructure Administrators, and Network/Cloud Operators
Nagendra Kumar Nainar (CCIE#20987) is a Principal Engineer with Cisco Customer Experience(CX) Organization (Formerly TAC), focusing on Enterprise customers. He is the co-inventor of more than 130 patent applications in different technologies including Virtualization/Container technologies. He is the co-author of multiple Internet RFCs, various Internet drafts and IEEE papers. Nagendra also co-authored multiple technical books with leading publishers such as Cisco Press and Packt Publication. He is a guest lecturer in North Carolina State University and a speaker in different network forums.
ASHISH PANDA (CCIE#33270) is a Senior Technical Leader with Cisco Systems Customer Experience CX Organization primarily focused on handling complex service provider network design and troubleshooting escalations. He has 19+ years of rich experience in network design, operation, and troubleshooting with various large enterprises and service provider networks (ISP, satellite, MPLS, 5G, and cloud) worldwide. He is a speaker at various Cisco internal and external events and is very active in the network industry standard bodies.
CHAPTER 1: WIRESHARK PRIMER
· Introduction to Wireshark Architecture
· Wireshark Package installation and Usage
· Wireshark Cloud Services
· Version and feature parity
· Basic Analysis and filtering
· Data stream and Graphs
· Summary
CHAPTER 2: PACKET CAPTURE AND ANALYSIS
§ Native Tool based Traffic Capture
§ Wireshark tool based Traffic Capture
§ Wireless Capture Modes and Configurations
· High volume packet analysis (size based, capture filters)
· Wireshark command line tool
· Mobile devices Traffic Capture
CHAPTER 3: CAPTURING SECURED APPLICATION FOR ANALYSIS
· Introduction to Secured Applications
· Secure DNS
· HTTPS
· mTLS
· IPsec, ISAKMP, Kerberos
· SNMPv3
· WEP, and WPA/WPA2/WPA3
CHAPTER4: WIRELESS PACKET CAPTURE AND ANALYSIS
· Basics of Wireless Technology
· Wireless packet types (data, control, auth)
· Wireless operational aspects and effect on wireshark capture
· Effect of Wireshark modes (monitor, promiscuous) on wireless capture
· Setting up Wireshark 802.11 captures for various OS types
· Decoding beacons/WEP/WPA/WPA2
· Wireless packet analysis
CHAPTER 5: MULTIMEDIA CAPTURE AND ANALYSIS
· Introduction to Multimedia Applications
· Export Objects (file, images applications) from data stream
· video content extraction and replay (RTP / RTSP)
· mpeg live streams capture and replay
· VoIP call analysis and replay
CHAPTER 6: CLOUD AND CLOUD-NATIVE TRAFFIC CAPTURE
· Introduction and Cloud and Cloud Native Applications
· Native and Wireshark Captures in AWS
· Native and Wireshark Captures in GCP
· Native and Wireshark Captures in Azure
· LXC and Namespace based capture
· Kubernetes POD capture
CHAPTER 7: BLUETOOTH PROTOCOL CAPTURE AND ANALYSIS
· Introduction to Bluetooth and Usecase
· HCIDump captures
· Bluetooth protocol analysis
CHAPTER 8: WIRESHARK ANALYSIS AND NETWORK FORENSIC
· Networking protocol operation analysis
· Analyzing network throughput issues, performance degradations
· Network security attack identification , post mortems, prevention
· Discovering malwares, covert communications
· Packet replays
CHAPTER 9: WRITING YOUR OWN DISSECTOR
· Wireshark Dissectors
· Use Case Example
· Dissector Example
Artikel-Details
- Anbieter:
- Apress
- Autor:
- Ashish Panda, Nagendra Kumar Nainar
- Artikelnummer:
- 9781484290019
- Veröffentlicht:
- 30.12.22