Title Page

Dedication

Packt Upsell

Contributors

Preface

1. Introduction to Wireshark Version 2 FREE CHAPTER

• Wireshark Version 2 basics
• Locating Wireshark
• Capturing data on virtual machines
• Starting the capture of data
• Configuring the start window

2. Mastering Wireshark for Network Troubleshooting

• Introduction
• Configuring the user interface, and global and protocol preferences
• Importing and exporting files
• Configuring coloring rules and navigation techniques
• Using time values and summaries
• Building profiles for troubleshooting

3. Using Capture Filters

• Introduction
• Configuring capture filters
• Configuring Ethernet filters
• Configuring hosts and network filters
• Configuring TCP/UDP and port filters
• Configuring compound filters
• Configuring byte offset and payload matching filters

4. Using Display Filters

• Introduction
• Configuring display filters
• Configuring Ethernet, ARP, host, and network filters
• Configuring TCP/UDP filters
• Configuring specific protocol filters
• Configuring substring operator filters
• Configuring macros

5. Using Basic Statistics Tools

• Introduction
• Using the statistics – capture file properties menu
• Using the statistics – resolved addresses
• Using the statistics – protocol hierarchy menu
• Using the statistics – conversations menu
• Using the statistics – endpoints menu
• Using the statistics – HTTP menu
• Configuring a flow graph for viewing TCP flows
• Creating IP-based statistics

6. Using Advanced Statistics Tools

• Introduction
• Configuring I/O graphs with filters for measuring network performance issues
• Throughput measurements with I/O graphs
• Advanced I/O graph configurations with y axis parameters
• Getting information through TCP stream graphs – time/sequence (Steven's) window
• Getting information through TCP stream graphs – time/sequences (TCP-trace) window
• Getting information through TCP stream graphs – throughput window
• Getting information through TCP stream graphs – round-trip-time window
• Getting information through TCP stream graphs – window-scaling window

7. Using the Expert System

• Introduction
• The expert system window and how to use it for network troubleshooting
• Error events and what we can understand from them
• Warning events and what we can understand from them
• Note events and what we can understand from them

8. Ethernet and LAN Switching

• Introduction
• Discovering broadcast and error storms
• Analyzing spanning tree problems
• Analyzing VLANs and VLAN tagging issues

9. Wireless LAN

• Skills learned
• Introduction to wireless networks and standards
• Wireless radio issues, analysis, and troubleshooting
• Capturing wireless LAN traffic

10. Network Layer Protocols and Operations

• Introduction
• IPv4 address resolution protocol operation and troubleshooting
• ICMP – protocol operation, analysis, and troubleshooting
• Analyzing IPv4 unicast routing operations
• Analyzing IP fragmentation failures
• IPv4 multicast routing operations
• IPv6 principle of operations
• IPv6 extension headers
• ICMPv6 – protocol operations, analysis, and troubleshooting
• IPv6 auto configuration
• DHCPv6-based address assignment
• IPv6 neighbor discovery protocol operation and analysis

11. Transport Layer Protocol Analysis

• Introduction
• UDP principle of operation
• UDP protocol analysis and troubleshooting
• TCP principle of operation
• Troubleshooting TCP connectivity problems
• Troubleshooting TCP retransmission issues
• TCP sliding window mechanism
• TCP enhancements – selective ACK and timestamps
• Troubleshooting TCP throughput

12. FTP, HTTP/1, and HTTP/2

• Introduction
• Analyzing FTP problems
• Filtering HTTP traffic
• Configuring HTTP preferences
• Analyzing HTTP problems
• Exporting HTTP objects
• HTTP flow analysis
• Analyzing HTTPS traffic – SSL/TLS basics

13. DNS Protocol Analysis

• Introduction
• Analyzing DNS record types
• Analyzing regular DNS operations
• Analyzing DNSSEC regular operations
• Troubleshooting DNS performance

14. Analyzing Mail Protocols

• Introduction
• Normal operation of mail protocols
• Analyzing POP, IMAP, and SMTP problems
• Filtering and analyzing different error codes
• Malicious and spam email analysis

15. NetBIOS and SMB Protocol Analysis

• Introduction
• Understanding the NetBIOS protocol
• Understanding the SMB protocol
• Analyzing problems in the NetBIOS/SMB protocols
• Analyzing the database traffic and common problems
• Exporting SMB objects

16. Analyzing Enterprise Applications' Behavior

• Introduction
• Finding out what is running over your network
• Analyzing Microsoft Terminal Server and Citrix communications problems
• Analyzing the database traffic and common problems
• Analyzing SNMP

17. Troubleshooting SIP, Multimedia, and IP Telephony

• Introduction
• IP telephony principle and normal operation
• SIP principle of operation, messages, and error codes
• Video over IP and RTSP
• Wireshark features for RTP stream analysis and filtering
• Wireshark feature for VoIP call replay

18. Troubleshooting Bandwidth and Delay Issues

• Introduction
• Measuring network bandwidth and application traffic
• Measurement of jitter and delay using Wireshark
• Analyzing network bottlenecks, issues, and troubleshooting

19. Security and Network Forensics

• Introduction
• Discovering unusual traffic patterns
• Discovering MAC-based and ARP-based attacks
• Discovering ICMP and TCP SYN/port scans
• Discovering DoS and DDoS attacks
• Locating smart TCP attacks
• Discovering brute force and application attacks

Index