Packt+ | Advance your knowledge in tech

0

All Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Network Analysis using Wireshark 2 Cookbook

You're reading from Network Analysis using Wireshark 2 Cookbook Practical recipes to analyze and secure your network using Wireshark 2

Product type Paperback

Published in Mar 2018

Publisher

ISBN-13 9781786461674

Length 626 pages

Edition 2nd Edition

Tools

Wireshark

Concepts

Network Security

Authors (3):

Nagendra Kumar Nainar

Yoram Orzach

Yogesh Ramdoss

View More author details

Table of Contents (25) Chapters

Title Page

Dedication

Packt Upsell

Contributors

Preface

1. Introduction to Wireshark Version 2 FREE CHAPTER

2. Mastering Wireshark for Network Troubleshooting

3. Using Capture Filters

4. Using Display Filters

5. Using Basic Statistics Tools

6. Using Advanced Statistics Tools

7. Using the Expert System

8. Ethernet and LAN Switching

9. Wireless LAN

10. Network Layer Protocols and Operations

11. Transport Layer Protocol Analysis

12. FTP, HTTP/1, and HTTP/2

13. DNS Protocol Analysis

14. Analyzing Mail Protocols

15. NetBIOS and SMB Protocol Analysis

16. Analyzing Enterprise Applications' Behavior

17. Troubleshooting SIP, Multimedia, and IP Telephony

18. Troubleshooting Bandwidth and Delay Issues

19. Security and Network Forensics

Index

Malicious and spam email analysis

In this recipe, we will discuss the use of Wireshark to perform some basic analysis of malicious and spam emails, and use this to filter spam emails on the server itself.

Getting ready

In most cases, spam emails will be sent from outside the domain and targeted at clients within the enterprise. So, it is best to perform packet capture on the server side for analysis.

How to do it...

The first step is to identify the data portion of the mail messages. We can use the filter to display the data portion of the mails. The use of email protocol and data will display the packets with data. For example, use pop || data-text-lines to filter the mails with data using the POP3 protocol:

In the preceding screenshot, the data exchange between the specific endpoints is not so big. Based on the size, it appears to be a text message and does not carry any attachments, so we can ignore this:

On the other hand, the previous capture shows that the data exchange is pretty big and...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at £13.99/month. Cancel anytime

Authors (3)

Nagendra Kumar Nainar

Nagendra Kumar Nainar

Nagendra Kumar Nainar (CCIE#20987) is a senior technical leader with RP escalation team in Cisco Systems. He is the co-inventor of more than 80 patent applications and the coauthor of six internet RFCs, various internet drafts and IEEE papers. He is a guest lecturer in North Carolina State University and a speaker in different network forums.

See other products by Nagendra Kumar Nainar

Yoram Orzach

Yoram Orzach

Yoram Orzach is a senior networks and networks security advisor, providing network design and network security consulting services to a range of clients. Having spent thirty years in network and information security, Yoram has worked as a network and security engineer across many verticals in roles ranging from a network engineer, security consultant, and instructor. Yoram has gained his B.Sc. from the Technion in Haifa, Israel. Yoram's experience is both with corporate networks; service providers and Internet service providers' networks. His customers are Motorola solutions, Elbit Systems, 888, Taboola, Bezeq, PHI Networks, Cellcom, Strauss group, and many other hi-tech companies.

See other products by Yoram Orzach

Yogesh Ramdoss

Yogesh Ramdoss

Yogesh Ramdoss (CCIE #16183) is a senior technical leader in the technical services organization of Cisco Systems. He is a distinguished speaker at CiscoLive, sharing knowledge and educating customers on enterprise/datacenter technologies and platforms, troubleshooting and packet capturing tools, and open network programmability. Co-inventor of patent in machine/behavior learning.

See other products by Yogesh Ramdoss

Other recommended products

Related to this chapter

Learn Wireshark - Fundamentals of Wireshark

Learn Wireshark - Fundamentals of Wireshark

Learn Wireshark provides a solid overview of basic protocol analysis. The book shows you how to navigate the Wireshark interface, so you can confidently examine common protocols such as TCP, IP and ICMP. You’ll learn tips on how to use display and capture filters, save, export, and share captures, and tips on how to troubleshoot latency issues

Aug 2019 14h 24m

Wireshark 2 Quick Start Guide

Wireshark 2 Quick Start Guide

Wireshark is a powerful tool for network analysis, a combination of Kali Linux and the Metasploit framework. Wireshark is used to analyze the amount of data that flows through a network - it lets you see what's going on in your network. This book takes you from the basics of the Wireshark environment to detecting and resolving network anomalies.

Jun 2018 5h 28m

Mastering Wireshark 2

Mastering Wireshark 2

Wireshark, a combination of Kali and Metasploit, deals with the second to the seventh layer of network protocols. The book will introduce to various protocol analysis methods and will teach you how to analyze them. You will discover and work with some advanced features which will enhance the capabilities of your application. By the end, you will be able to secure your network using Wireshark 2.

May 2018 10h 52m

MCSA Windows Server 2016 Certification Guide: Exam 70-741

MCSA Windows Server 2016 Certification Guide: Exam 70-741

This practical certification guide covers the most important exam objectives in exam 70-741. Additionally, this certification guide will come in handy when preparing to take exam 70-743.

Implementing Cisco Networking Solutions

Implementing Cisco Networking Solutions

Most enterprises use Cisco networking equipment to design and implement their networks. However, some networks outperform networks in other enterprises in terms of performance and meeting new business demands, because they were designed for the present while keeping the future in mind. This book talks about how to design and implement enterprise networks for small to mid-size organizations efficiently and effectively, so that the network design can accommodate newer demands from the users in a seamless manner, ranging from adding more branches/ users to adding new services, and evaluating and implementing new technologies to optimize costs, or enhance the user experience.

Sep 2017 14h 32m

Python Penetration Testing Essentials

Python Penetration Testing Essentials

This book gives you the skills you need to use Python for penetration testing, with the help of detailed code examples. This book has been updated for Python 3.6.3 and Kali Linux 2018.1.

May 2018 7h 40m

CCENT/CCNA: ICND1 100-105 Certification Guide

CCENT/CCNA: ICND1 100-105 Certification Guide

CCENT is the entry-level certification for those looking to venture into the networking world. This book is designed to help you prepare for the ICND Part 1 (100 – 105) exam, thus obtaining the CCENT certification. Apart from learning computer network essentials, you will be able to enhance your networking skills by learning switching and routing, troubleshooting, security, and more

Apr 2018 12h 4m

Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide

Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide

200-301 CCNA exam tests for skills required by a network engineer to design, implement, and troubleshoot enterprise network infrastructure. Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide offers complete, up-to-date coverage of the 200-301 exam so you can take it with confidence, fully equipped to pass the first time.

Nov 2020 25h 28m

Hands-On Network Forensics

Hands-On Network Forensics

In the era of network attacks and malware threat, it becomes important to have skills to investigate the attack evidence and vulnerabilities prevailing in the network. This book focuses on how to acquire and analyze the evidence, write a report and use the common tools in network forensics.

Mar 2019 11h 56m

CCNA Routing and Switching 200-125 Certification Guide

CCNA Routing and Switching 200-125 Certification Guide

Cisco Certified Network Associate (CCNA) Routing and Switching is one of the most important certificates in order to stay up-to-date with networking skills. This Certification Guide covers everything you need to know in order to pass the CCNA Routing and Switching 200-125.

Oct 2018 16h 48m

Networking Fundamentals

Networking Fundamentals

Networks are a collection of computers, servers, mobile devices or other computing devices connected with a view to sharing data. This book will help you get well-versed with the basic concepts of networking and will help you to pass Microsoft's MTA Networking Fundamentals Exam 98-366

Dec 2019 17h 0m

CompTIA Network+ Certification Guide

CompTIA Network+ Certification Guide

CompTIA Network+ Certification Guide makes the most complex Network+ concepts easy to understand despite having no prior knowledge. It offers exam tips in every chapter along with access to practical exercises and exam checklist that map to the exam objectives and it is the perfect study guide to help you pass CompTIA Network+ exam.

Dec 2018 14h 4m

Personalised recommendations for you

Based on your interests and search pattern

Mastering Palo Alto Networks

Mastering Palo Alto Networks

Mastering Palo Alto Networks is a hands-on guide that helps you progress from a beginner to an expert in configuring Palo Alto firewalls. It covers setup, management, and optimization with real-world examples for both on-prem and cloud environments.

May 2025 21h 32m

Cloud Native Anti-Patterns

Cloud Native Anti-Patterns

Uncover and fix cloud native anti-patterns across strategy, culture, security, and operations. This book guides you through the practical steps to avoid common traps and shift your organization toward cloud-native best practices that drive lasting success.

Mar 2025 14h 44m

AWS for System Administrators

AWS for System Administrators

Master the art of designing, deploying, and managing AWS infrastructure with industry best practices. You'll learn to automate workflows, optimize costs, and implement robust disaster recovery strategies for scalable cloud success.

May 2025 14h 12m

Kubernetes for Generative AI Solutions

Kubernetes for Generative AI Solutions

Learn step by step how to design, optimize, and deploy Generative AI projects on Kubernetes. Covering networking, observability, security, scaling, and cost optimization strategies, this guide takes you from first deployment to production excellence.

Jun 2025 11h 8m

Azure Cloud Projects

Azure Cloud Projects

Azure Cloud Projects offers a hands-on introduction to Microsoft Azure, designed to help you build real-world cloud solutions, develop job-ready skills, and apply best practices that are widely used across the cloud computing industry.

May 2025 8h 28m

Sustainable Cloud Development

Sustainable Cloud Development

This book introduces best practices for developing and deploying high-performing, eco-friendly cloud applications, helping you meet sustainability goals while delivering efficient cloud solutions.

Mar 2025 9h 12m

SLIs and SLOs Demystified

SLIs and SLOs Demystified

This comprehensive guide to reliability engineering dives deep into SLIs, SLOs, observability, and incident management. It shows you how to optimize system reliability and make data-driven decisions to balance performance and business goals.

Apr 2025 10h 0m