资源说明：epub格式，英文版 目录如下 Chapter 0 Skills: Explore Key Wireshark Elements and Traffic Flows Quick Reference: Key Wireshark Graphical Interface Elements 0.1 Understand Wireshark's Capabilities General Analysis Tasks Troubleshooting Tasks Security Analysis (Network Forensics) Tasks Application Analysis Tasks 0.2 Get the Right Wireshark Version 0.3 Learn how Wireshark Captures Traffic The Capture Process Relies on Special Link-Layer Drivers The Dumpcap Capture Engine Defines Stop Conditions The Core Engine is the Goldmine The Graphical Toolkit Provides the User Interface The Wiretap Library is Used to Open Saved Trace Files 0.4 Understand a Typical Wireshark Analysis Session 0.5 Differentiate a Packet from a Frame Recognize a Frame Recognize a Packet Recognize a Segment 0.6 Follow an HTTP Packet through a Network Point 1: What Would You See at the Client? Point 2: What Would You See on the Other Side of the First Switch? Point 3: What Would You See on the Other Side of the Router? Point 4: What Would You See on the Other Side of the Router/NAT Device? Point 5: What Would You See at the Server? Where You Capture Traffic Matters Beware of Default Switch Forwarding 0.7 Access Wireshark Resources Use the Wireshark Wiki Protocol Pages Get Your Questions Answered at ask.wireshark.org 0.8 Analyze Traffic Using the Main Wireshark View Open a Trace File (Using the Main Toolbar, Please) Know When You Must Use the Main Menu Learn to Use the Main Toolbar Whenever Possible Master the Filter Toolbar Summarize the Traffic Using the Packet List Pane Dig Deeper in the Packet Details Pane Get Geeky in the Packet Bytes Pane Pay Attention to the Status Bar  Lab 1: Use Packets to Build a Picture of a Network 0.9 Analyze Typical Network Traffic Analyze Web Browsing Traffic Analyze Sample Background Traffic  Lab 2: Capture and Classify Your Own Background Traffic 0.10 Open Trace Files Captured with Other Tools  Lab 3: Open a Network Monitor .cap File Chapter 0 Challeng Chapter 1 Skills: Customize Wireshark Views and Settings Quick Reference: Overview of wireshark.org 1.1 Add Columns to the Packet List Pane Right-Click | Apply as Column (the "easy way") Edit | Preferences | Columns (the "hard way") Hide, Remove, Rearrange, Realign, and Edit Columns Sort Column Contents Export Column Data  Lab 4: Add the HTTP Host Field as a Column 1.2 Dissect the Wireshark Dissectors The Frame Dissector The Ethernet Dissector Takes Over The IPv4 Dissector Takes Over The TCP Dissector Takes Over The HTTP Dissector Takes Over 1.3 Analyze Traffic that Uses Non-Standard Port Numbers When the Port Number is Assigned to Another Application Manually Force a Dissector on the Traffic When the Port Number is not Recognized How Heuristic Dissectors Work Adjust Dissections with the Application Preference Settings (if possible)  Lab 5: Configure Wireshark to Dissect Port 81 Traffic as HTTP 1.4 Change how Wireshark Displays Certain Traffic Types Set User Interface Settings Set Name Resolution Settings Define Filter Expression Buttons Set Protocol and Application Settings  Lab 6: Set Key Wireshark Preferences (IMPORTANT LAB) 1.5 Customize Wireshark for Different Tasks (Profiles) The Basics of Profiles Create a New Profile  Lab 7: Create a New Profile Based on the Default Profile 1.6 Locate Key Wireshark Configuration Files Your Global Configuration Directory Your Personal Configuration (and profiles) Directory  Lab 8: Import a DNS/HTTP Errors Profile 1.7 Configure Time Columns to Spot Latency Problems The Indications and Causes of Path Latency The Indications and Causes of Client Latency The Indications and Causes of Server Latency Detect Latency Problems by Changing the Time Column Setting Detect Latency Problems with a New TCP Delta Column Don't Get Fooled—Some Delays are Normal  Lab 9: Spot Path and Server Latency Problems Chapter 1 Challenge Chapter 2 Skills: Determine the Best Capture Method and Apply Capture Filters Quick Reference: Capture Options 2.1 Identify the Best Capture Location to Troubleshoot Slow Browsing or File Downloads The Ideal Starting Point Move if Necessary 2.2 Capture Traffic on Your Ethernet Network 2.3 Capture Traffic on Your Wireless Network What can Your Native WLAN Adapter See? Use an AirPcap Adapter for Full WLAN Visibility 2.4 Identify Active Interfaces Determine Which Adapter Sees Traffic Consider Using Multi-Adapter Capture 2.5 Deal with TONS of Traffic Why are You Seeing So Much Traffic? This is the Best Reason to Use Capture Filters Capture to a File Set Open and Move around in File Sets Consider a Different Solution—Cascade Pilot®  Lab 10: Capture to File Sets 2.6 Use Special Capture Techniques to Spot Sporadic Problems Use File Sets and the Ring Buffer Stop When Complaints Arise  Lab 11: Use a Ring Buffer to Conserve Drive Space 2.7 Reduce the Amount of Traffic You have to Work With Detect When Wireshark Can't Keep Up Detect when a Spanned Switch Can't Keep Up Apply a Capture Filter in the Capture Options Window 2.8 Capture Traffic based on Addresses (MAC/IP) Capture Traffic to or from a Specific IP Address Capture Traffic to or from a Range of IP Addresses Capture Traffic to Broadcast or Multicast Addresses Capture Traffic based on a MAC Address  Lab 12: Capture Only Traffic to or from Your IP Address  Lab 13: Capture Only Traffic to or from Everyone Else's MAC Address 2.9 Capture Traffic for a Specific Application It's all About the Port Numbers Combine Port-based Capture Filters 2.10 Capture Specific ICMP Traffic  Lab 14: Create, Save a Chapter 3 Skills: Apply Display Filters to Focus on Specific Traffic Quick Reference: Display Filter Area 3.1 Use Proper Display Filter Syntax The Syntax of the Simplest Display Filters Use the Display Filter Error Detection Mechanism Learn the Field Names Use Auto-Complete to Build Display Filters Display Filter Comparison Operators Use Expressions to Build Display Filters  Lab 15: Use Auto-Complete to Find Traffic to a Specific HTTP Server 3.2 Edit and Use the Default Display Filters  Lab 16: Use a Default Filter as a "Seed" for a New Filter 3.3 Filter Properly on HTTP Traffic Test an Application Filter Based on a TCP Port Number Be Cautious Using a TCP-based Application Name Filter  Lab 17: Filter on HTTP Traffic the Right Way 3.4 Determine Why Your dhcp Display Filter Doesn't Work 3.5 Apply Display Filters based on an IP Address, Range of Addresses, or Subnet Filter on Traffic to or from a Single IP Address or Host Filter on Traffic to or from a Range of Addresses Filter on Traffic to or from an IP Subnet  Lab 18: Filter on Traffic to or from Online Backup Subnets 3.6 Quickly Filter on a Field in a Packet Work Quickly—Use Right-Click | Apply as Filter Be Creative with Right-Click | Prepare a Filter Right-Click Again to use the "..." Filter Enhancements  Lab 19: Filter on DNS Name Errors or HTTP 404 Responses 3.7 Filter on a Single TCP or UDP Conversation Use Right-Click to Filter on a Conversation Use Right-Click to Follow a Stream Filter on a Conversation from Wireshark Statistics Filter on a TCP Conversation Based on the Stream Index Field  Lab 20: Detect Background File Transfers on Startup 3.8 Expand Display Filters with Multiple Include and Exclude Conditions Use Logical Operators Why didn't my ip.addr != filter work? Why didn't my !tcp.flags.syn==1 filter work? 3.9 Use Parentheses to Change Filter Meaning  Lab 21: Locate TCP Connection Attempts to a Client 3.10 Determine Why Your Display Filter Area is Yellow Red Background: Syntax Check Failed Green Background: Syntax Check Passed Yellow Background: Syntax Check Passed with a Warning (!=) 3.11 Filter on a Keyword in a Trace File Use contains in a Simple Keyword Filter through an Entire Frame Use contains in a Simple Keyword Filter based on a Field Use matches and (?i) in a Keyword Filter for Upper Case or Lower Case Strings Use matches for a Multiple-Word Search  Lab 22: Filter to Locate a Set of Key Words in a Trace File 3.12 Use Wildcards in Your Display Filters Use Regex with "." Setting a Variable Length Repeating Wildcard Character Search  Lab 23: Filter with Wildcards between Words 3.13 Use Filters to Spot Communication Delays Filter on Large Delta Times (frame.time_delta) Filter on Large TCP Delta Times (tcp.time_delta)  Lab 24: Import Display Filters into a Profile 3.14 Turn Your Key Display Filters into Buttons Create a Filter Expression Button Edit, Reorder, Delete, and Disable Filter Expression Buttons Edit the Filter Expression Area in Your preferences File  Lab 25: Create and Import HTTP Filter Expression Buttons Chapter 3 Challenge Chapter 4 Skills: Color and Export Interesting Packets Quick Reference: Coloring Rules Interface 4.1 Identify Applied Coloring Rules  Lab 26: Add a Column to Display Coloring Rules in Use 4.2 Turn Off the Checksum Error Coloring Rule Disable Individual Coloring Rules Disable All Packet Coloring 4.3 Build a Coloring Rule to Highlight Delays Create a Coloring Rule from Scratch Use the Right-Click Method to Create a Coloring Rule  Lab 27: Build a Coloring Rule to Highlight FTP User Names, Passwords, and More 4.4 Quickly Colorize a Single Conversation Right-Click to Temporarily Colorize a Conversation Remove Temporary Coloring  Lab 28: Create Temporary Conversation Coloring Rules 4.5 Export Packets that Interest You  Lab 29: Export a Single TCP Conversation 4.6 Export Packet Details Export Packet Dissections Define What should be Exported Sample Text Output Sample CSV Output  Lab 30: Export a List of HTTP Host Field Values from a Trace Fil Chapter 5 Skills: Build and Interpret Tables and Graphs Quick Reference: IO Graph Interface 5.1 Find Out Who's Talking to Whom on the Network Check Out Network Conversations Quickly Filter on Conversations 5.2 Locate the Top Talkers Sort to Find the Most Active Conversation Sort to Find the Most Active Host  Lab 31: Filter on the Most Active TCP Conversation  Lab 32: Set up GeoIP to Map Targets Globally 5.3 List Applications Seen on the Network View the Protocol Hierarchy Right-Click Filter or Colorize any Listed Protocol or Application Look for Suspicious Protocols, Applications or "Data" Decipher the Protocol Hierarchy Percentages  Lab 33: Detect Suspicious Protocols or Applications 5.4 Graph Application and Host Bandwidth Usage Export the Application or Host Traffic before Graphing Apply ip.addr Display Filters to the IO Graph Apply ip.src Display Filters to the IO Graph Apply tcp.port or udp.port Display Filters to the IO Graph  Lab 34: Compare Traffic to/from a Subnet to Other Traffic 5.5 Identify TCP Errors on the Network Use the Expert Infos Button on the Status Bar Deal with "Unreassembled" Indications in the Expert Filter on TCP Analysis Flag Packets232 5.6 Understand what those Expert Infos Errors Mean Packet Loss, Recovery, and Faulty Trace Files Asynchronous or Multiple Path Indications Keep-Alive Indication Receive Buffer Congestion Indications TCP Connection Port Reuse Indication Possible Router Problem Indication Misconfiguration or ARP Poisoning Indication  Lab 35: Identify an Overloaded Client 5.7 Graph Various Network Errors Graph all TCP Analysis Flag Packets (Except Window Updates) Graph Separate Types of TCP Analysis Flag Packets  Lab 36: Detect and Graph File Transfer Problem Chapter 6 Skills: Reassemble Traffic for Faster Analysis Quick Reference: File and Object Reassembly Options 6.1 Reassemble Web Browsing Sessions Use Follow TCP Stream Use Find, Save, and Filter on a Stream  Lab 37: Use Reassembly to Find a Web Site's Hidden HTTP Message Chapter 7 Skills: Add Comments to Your Trace Files and Packets Quick Reference: File and Packet Annotation Options 7.1 Add Your Comments to Trace Files 7.2 Add Your Comments to Individual Packets Use the .pcapng Format for Annotations Add a Comment Column for Faster Viewing  Lab 40: Read Analysis Notes in a Malicious Redirection Trace File 7.3 Export Packet Comments for a Report First, Filter on Packets that Contain Comments Next, Export Packet Dissections as Plain Text  Lab 41: Export Malicious Redirection Packet Comment 6.2 Reassemble a File Transferred via FTP  Lab 38: Extract a File from an FTP File Transfer 6.3 Export HTTP Objects Transferred in a Web Browsing Session Check Your TCP Preference Settings First! View all HTTP Objects in the Trace File  Lab 39: Carve Out an HTTP Object from a Web Browsing Session Chapter 8 Skills: Use Command-Line Tools to Capture, Split, and Merge Traffic Quick Reference: Command-Line Tools Key Options 8.1 Split a Large Trace File into a File Set Add the Wireshark Program Directory to Your Path Use Capinfos to Get the File Size and Packet Count Split a File Based on Packets per Trace File Split a File Based on Seconds per Trace File Open and Work with File Sets in Wireshark  Lab 42: Split a File and Work with Filtered File Sets 8.2 Merge Multiple Trace Files Ensure the Wireshark Program Directory is in Your Path Run Mergecap with the –w Parameter  Lab 43: Merge a Set of Files using a Wildcard 8.3 Capture Traffic at Command Line Dumpcap or Tshark? Capture at the Command Line with Dumpcap Capture at the Command Line with Tshark Save Host Information and Work with Existing Trace Files  Lab 44: Use Tshark to Capture to File Sets with an Autostop Condition 8.4 Use Capture Filters during Command-Line Capture 8.5 Use Display Filters during Command-Line Capture  Lab 45: Use Tshark to Extract HTTP GET Requests 8.6 Use Tshark to Export Specific Field Values and Statistics from a Trace File Export Field Values Export Traffic Statistics Export HTTP Host Field Values  Lab 46: Use Tshark to Extract HTTP Host Names and IP Addresses 8.7 Continue Learning about Wireshark and Network Analysis

联系我们：verysource_com

CopyRight © 2008-2022 verySource.Com All Rights reserved.　京ICP备17048824号-1　京公网安备：11010502034788