Practical packet analysis : using Wireshark to solve real-world network problems

 1. Computer network protocols. 2. Packet switching (Data transmission)

by Chris Sanders

B R I E F C O N T E N T S

Chapter 1: Packet Analysis and Network Basics
Chapter 2: Tapping into the Wire
Chapter 3: Introduction to Wireshark
Chapter 4: Working with Captured Packets
Chapter 5: Advanced Wireshark Features
Chapter 6: Common Protocols
Chapter 7: Basic Case Scenarios
Chapter 8: Fighting a Slow Network
Chapter 9: Security-based Analysis
Chapter 10: Sniffing into Thin Air
Chapter 11: Further Reading

e-books shop
e-books shop
Purchase Now !
Just with Paypal



Book Details
 Price
  2.50
 Pages
 194 p
 File Size 
  11,768 KB
 File Type
  PDF format
 ISBN-10
 ISBN-13
 1-59327-149-2
 978-1-59327-149-7
 Copyright©   
 2007 by Chris Sanders 

Introduction
I got my first computer when I was nine years old.
As things go with technology, it broke within about a
year. It was enough of a stretch for my family to afford
a computer in the first place, and paying for it to be
fixed was just financially impossible. However, after
a little reading and experimentation, I fixed the computer
myself, and that’s where my interest in technology began.

That interest evolved into a passion through high school and college, and
as that passion grew, so did my abilities, naturally leading me to situations in
which I really needed to dig further into network and computer problems.
This is when I stumbled upon the Wireshark project (it was called Ethereal at
the time). This software allowed me to enter a completely new world. Being
able to analyze problems in new ways and having the ability to see raw
protocols on the wire gave me limitless power 
in computer and network troubleshooting.

The great thing about packet analysis is that it has become an increasingly
popular method of solving problems and learning more about networks.
Thanks to the advent of user groups, wikis, and blogs, the techniques
covered in this book are becoming prerequisite knowledge for some jobs.
Packet analysis is a requirement for managing today’s networks, and this
book will give you the jump start you need in learning how it all works.

Why This Book?
You may find yourself wondering why you should buy this book as opposed
to any other book about packet analysis. The answer lies right in the title:
Practical Packet Analysis. Let’s face it—nothing beats real-world experience,
and the closest you can come to that experience in a book is through practical
examples of packet analysis with real-world case scenarios. The first half of
this book gives you the prerequisite knowledge you will need to understand
packet analysis and Wireshark. The second half of the book is devoted
entirely to practical case scenarios that you could easily encounter in dayto-
day network management.
Whether you are a network technician, a network administrator, a chief
information officer, a desktop technician, or simply a help desk worker, you
have a lot to gain from understanding and using packet analysis techniques.

Table of Contents
ACKNOWLEDGMENTS xv
INTRODUCTION xvii
Why This Book? ....................................................................................................xviii
Concepts and Approach ........................................................................................xviii
How to Use This Book .............................................................................................. xx
About the Example Capture Files ............................................................................... xx
PACKET ANALYSIS AND NETWORK BASICS 1
What Is Packet Analysis? .......................................................................................... 2
Evaluating a Packet Sniffer ........................................................................................ 2
Supported Protocols ..................................................................................... 2
User Friendliness ......................................................................................... 2
Cost .......................................................................................................... 3
Program Support ......................................................................................... 3
Operating System Support ........................................................................... 3
How Packet Sniffers Work ......................................................................................... 3
Collection ................................................................................................... 3
Conversion ................................................................................................. 3
Analysis ..................................................................................................... 3
How Computers Communicate ................................................................................... 4
Networking Protocols ................................................................................... 4
The Seven-Layer OSI Model .......................................................................... 4
Protocol Interaction ...................................................................................... 6
Data Encapsulation ..................................................................................... 7
The Protocol Data Unit ................................................................................. 8
Network Hardware ..................................................................................... 8
Traffic Classifications ................................................................................. 12
TAPPING INTO THE WIRE 15
Living Promiscuously .............................................................................................. 16
Sniffing Around Hubs ............................................................................................. 16
Sniffing in a Switched Environment ........................................................................... 18
Port Mirroring ........................................................................................... 18
Hubbing Out ............................................................................................ 19
ARP Cache Poisoning ................................................................................ 20
Using Cain & Abel .................................................................................... 21
Sniffing in a Routed Environment .............................................................................. 24
Network Maps ....................................................................................................... 25
A Brief History of Wireshark .................................................................................... 27
The Benefits of Wireshark ........................................................................................ 28
Supported Protocols ................................................................................... 28
User Friendliness ....................................................................................... 28
Cost ........................................................................................................ 28
Program Support ....................................................................................... 28
Operating System Support ......................................................................... 29
Installing Wireshark ................................................................................................ 29
System Requirements ................................................................................. 29
Installing on Windows Systems ................................................................... 29
Installing on Linux Systems .......................................................................... 31
Wireshark Fundamentals ......................................................................................... 31
Your First Packet Capture ........................................................................... 31
The Main Window .................................................................................... 33
The Preferences Dialog .............................................................................. 34
Packet Color Coding ................................................................................. 35
WORKING WITH CAPTURED PACKETS 39
Finding and Marking Packets ................................................................................... 39
Finding Packets ......................................................................................... 40
Marking Packets ....................................................................................... 40
Saving and Exporting Capture Files .......................................................................... 41
Saving Capture Files .................................................................................. 41
Exporting Capture Data ............................................................................. 42
Merging Capture Files ............................................................................................ 42
Printing Packets ...................................................................................................... 43
Time Display Formats and References ....................................................................... 43
Time Display Formats ................................................................................. 43
Packet Time Referencing ............................................................................. 44
Capture and Display Filters ..................................................................................... 45
Capture Filters .......................................................................................... 45
Display Filters ........................................................................................... 46
The Filter Expression Dialog (the Easy Way) ................................................. 47
The Filter Expression Syntax Structure (the Hard Way) ................................... 47
Saving Filters ............................................................................................ 49
ADVANCED WIRESHARK FEATURES 51
Name Resolution .................................................................................................... 51
Types of Name Resolution Tools in Wireshark ............................................... 52
Enabling Name Resolution ......................................................................... 52
Potential Drawbacks to Name Resolution ...................................................... 52
Protocol Dissection ................................................................................................. 53
Following TCP Streams ............................................................................................ 55
The Protocol Hierarchy Statistics Window .................................................................. 56
Viewing Endpoints ................................................................................................. 57
Conversations ........................................................................................................ 58
The IO Graphs Window ......................................................................................... 59
COMMON PROTOCOLS 61
Address Resolution Protocol ..................................................................................... 62
Dynamic Host Configuration Protocol ........................................................................ 62
TCP/IP and HTTP ................................................................................................... 64
TCP/IP ..................................................................................................... 64
Establishing the Session ............................................................................. 64
Beginning the Flow of Data ........................................................................ 66
HTTP Request and Transmission ................................................................... 66
Terminating the Session .............................................................................. 67
Domain Name System ............................................................................................ 68
File Transfer Protocol .............................................................................................. 69
CWD Command ....................................................................................... 70
SIZE Command ......................................................................................... 70
RETR Command ........................................................................................ 71
Telnet Protocol ....................................................................................................... 71
MSN Messenger Service ......................................................................................... 72
Internet Control Message Protocol ............................................................................ 75
Final Thoughts ........................................................................................................ 75
BASIC CASE SCENARIOS 77
A Lost TCP Connection ............................................................................................ 77
Unreachable Destinations and ICMP Codes ............................................................... 79
Unreachable Destination ............................................................................ 79
Unreachable Port ...................................................................................... 80
Fragmented Packets ................................................................................................ 81
Determining Whether a Packet Is Fragmented ............................................... 81
Keeping Things in Order ............................................................................ 82
No Connectivity ..................................................................................................... 83
What We Know ....................................................................................... 84
Tapping into the Wire ................................................................................ 84
Analysis ................................................................................................... 84
Summary .................................................................................................. 86
The Ghost in Internet Explorer .................................................................................. 86
What We Know ....................................................................................... 86
Tapping into the Wire ................................................................................ 86
Analysis ................................................................................................... 87
Summary .................................................................................................. 88
Inbound FTP .......................................................................................................... 88
What We Know ....................................................................................... 88
Tapping into the Wire ................................................................................ 88
Analysis ................................................................................................... 88
Summary .................................................................................................. 90
It’s Not My Fault! ................................................................................................... 90
What We Know ....................................................................................... 90
Tapping into the Wire ................................................................................ 90
Analysis ................................................................................................... 90
Summary .................................................................................................. 92
An Evil Program ..................................................................................................... 92
What We Know ....................................................................................... 92
Tapping into the Wire ................................................................................ 92
Analysis ................................................................................................... 93
Summary .................................................................................................. 97
Final Thoughts ........................................................................................................ 98
FIGHTING A SLOW NETWORK 99
Anatomy of a Slow Download ............................................................................... 100
A Slow Route ....................................................................................................... 104
What We Know ..................................................................................... 104
Tapping into the Wire .............................................................................. 104
Analysis ................................................................................................. 105
Summary ................................................................................................ 106
Double Vision ...................................................................................................... 107
What We Know ..................................................................................... 107
Tapping into the Wire .............................................................................. 107
Analysis ................................................................................................. 107
Summary ................................................................................................ 109
Did That Server Flash Me? ..................................................................................... 109
What We Know ..................................................................................... 109
Tapping into the Wire .............................................................................. 109
Analysis ................................................................................................. 110
Summary ................................................................................................ 111
A Torrential Downfall ............................................................................................ 111
What We Know ..................................................................................... 111
Tapping into the Wire .............................................................................. 111
Analysis ................................................................................................. 112
Summary ................................................................................................ 113
POP Goes the Email Server ................................................................................... 114
What We Know ..................................................................................... 114
Tapping into the Wire .............................................................................. 114
Analysis ................................................................................................. 114
Summary ................................................................................................ 115
Here’s Something Gnu .......................................................................................... 115
What We Know ..................................................................................... 116
Tapping into the Wire .............................................................................. 116
Analysis ................................................................................................. 116
Summary ................................................................................................ 119
Final Thoughts ...................................................................................................... 119
SECURITY-BASED ANALYSIS 121
OS Fingerprinting ................................................................................................ 121
A Simple Port Scan ............................................................................................... 122
The Flooded Printer .............................................................................................. 123
What We Know ..................................................................................... 123
Tapping into the Wire .............................................................................. 123
Analysis ................................................................................................. 123
Summary ................................................................................................ 124
An FTP Break-In .................................................................................................... 124
What We Know ..................................................................................... 125
Tapping into the Wire .............................................................................. 125
Analysis ................................................................................................. 125
Summary ................................................................................................ 127
Blaster Worm ...................................................................................................... 127
What We Know ..................................................................................... 127
Tapping into the Wire .............................................................................. 127
Analysis ................................................................................................. 127
Summary ................................................................................................ 128
Covert Information ................................................................................................ 129
What We Know ..................................................................................... 129
Tapping into the Wire .............................................................................. 129
Analysis ................................................................................................. 129
Summary ................................................................................................ 130
A Hacker’s Point of View ....................................................................................... 130
What We Know ..................................................................................... 130
Tapping into the Wire .............................................................................. 131
Analysis ................................................................................................. 131
Summary ................................................................................................ 133
SNIFFING INTO THIN AIR 135
Sniffing One Channel at a Time ............................................................................. 135
Wireless Signal Interference .................................................................................. 136
Wireless Card Modes ........................................................................................... 136
Sniffing Wirelessly in Windows ............................................................................. 138
Configuring AirPcap ................................................................................ 138
Capturing Traffic with AirPcap .................................................................. 140
Sniffing Wirelessly in Linux .................................................................................... 141
802.11 Packet Extras ........................................................................................... 142
802.11 Flags ......................................................................................... 143
The Beacon Frame ................................................................................... 143
Wireless-Specific Columns ..................................................................................... 144
Wireless-Specific Filters ......................................................................................... 145
Filtering Traffic for a Specific BSS Id .......................................................... 146
Filtering Specific Wireless Packet Types ..................................................... 146
Filtering Specific Data Types ..................................................................... 146
A Bad Connection Attempt .................................................................................... 148
What We Know ..................................................................................... 148
Tapping into the Wire Air ........................................................................ 148
Analysis ................................................................................................. 148
Summary ................................................................................................ 150
Final Thoughts ...................................................................................................... 150
FURTHER READING 151
AFTERWORD 154
INDEX 155


Bookscreen
e-books shop

How to Use This Book
I have intended this book to be used in two ways. The first is, of course, as
an educational text that you will read through, chapter by chapter, in order
to gain an understanding of packet analysis. This means paying particular
attention to the real-world scenarios in the last several chapters. The other use
of this book is as a reference resource. There are some features of Wireshark
that you will not use very often, so you may forget how they work. Because of
this, Practical Packet Analysis is a great book to have on your bookshelf should
you need a quick refresher about how to use a specific feature.
Tags:
Previous Post Next Post