دانلود کتاب Wireshark for Network Forensics. An Essential Guide for IT and Cloud Professionals

فهرست مطالب :

Table of Contents About the Authors About the Contributor About the Technical Reviewer Acknowledgments Introduction Chapter 1: Wireshark Primer Introduction Get Me Started! macOS Linux Red Hat and Alike Ubuntu and Debian Derivatives Allowing Non-root User to Capture Packets Windows Install The First Capture Understanding a Packet Capture Filters Display Filters Pcap vs. Pcapng Data Representation Big Picture: I/O Graphs Big Picture: TCP Stream Graphs Time Sequence (Stevens) Time Sequence (tcptrace) Throughput Round Trip Time Window Scaling Bigger Picture: Following a Packet Stream Biggest Picture: Flow Graphs CloudShark: The Floating Shark Get Me Started! Feature Parity with Wireshark CloudShark API CloudShark API Interaction with Curl Auto Upload to CloudShark (Raspberry Pi, Linux, MacOSx) Summary Chapter 2: Packet Capture and Analysis Sourcing Traffic for Capture Setting Up Port Mirroring Remote Port Mirroring Other Mirroring Options TAP Hub Capture Point Placement OS-Native Traffic Capture Tools UNIX, Linux, BSD, and macOS Windows Wireshark-Based Traffic Capture CLI-Based Capture with Dumpcap or Tshark GUI-Based Capture with Wireshark Capturing Traffic from Multiple Interfaces Stopping Capture Capture Modes and Configurations Promiscuous Mode Vlan Tag Is Not Seen in Captured Frames Monitor Mode Remote Packet Capture with Extcap Remote Capture with Sshdump Requirements Mobile Device Traffic Capture Android Devices Using Native Androiddump Utility Using Third-Party Android App and Sshdump Capture Filtering Capture Filter Deep Dive Understanding BPF: What Goes Behind the Capture Filters High Volume Packet Analysis When the Packet Characteristics Are Known When the Packet Encapsulations Is Unknown Advanced Filters and Deep Packet Filter Summary References for This Chapter Chapter 3: Capturing Secured Application Traffic for Analysis Evolution of Application Security Capturing and Analyzing HTTPS Basics of HTTPS Capturing and Filtering HTTPS Traffic HTTPS Traffic – Capture Filter Analyzing HTTPS Traffic Client Hello Message Server Hello Message Decrypting TLS Traffic Using Wireshark Collecting the SSL Key Decrypting the HTTPS Traffic HTTPS Filters for Analysis HTTP2 Statistics Using Wireshark Capturing and Analyzing QUIC Traffic Basics of QUIC Capturing and Filtering QUIC Traffic QUIC Traffic – Capture Filter Analyzing QUIC Traffic QUIC Header QUIC Initial Message – TLS Client Hello QUIC Initial Message – TLS Server Hello QUIC Handshake Message – TLS Server Hello QUIC Protected Payload Decrypting QUIC/TLS Traffic QUIC Filters for Analysis Capturing and Analyzing Secure DNS Basics of DNS Secure DNS Summary References for This Chapter Chapter 4: Capturing Wireless Traffic for Analysis Basics of Radio Waves and Spectrum Basics of Wireless LAN Technology Wireless LAN Channels Wireless LAN Topologies Basic Service Set Extended Service Set Mesh Basic Service Set Wireless LAN Encryption Protocols Setting Up 802.11 Radio Tap Wireless Capture Using Native Wireshark Tool Wireless Capture Using AirPort Utility Wireless Capture Using Diagnostic Tool Wireless Operational Aspects – Packet Capture and Analysis 802.11 Frame Types and Format Wireless Network Discovery Wireless LAN Endpoint Onboarding Probing Phase Authentication Phase Association Phase 802.1X Exchange Phase Wireless LAN Data Exchange Decrypting 802.11 Data Frame Payload Generating the WPA-PSK Key Wireless LAN Statistics Using Wireshark Summary References for This Chapter Chapter 5: Multimedia Packet Capture and Analysis Multimedia Applications and Protocols Multimedia on the Web Multimedia Streaming Streaming Transport Stream Encoding Format Real-Time Multimedia Signaling SIP SDP SIP over TLS (SIPS) H.323 Media Transport RTP RTCP SRTP and SRTCP WebRTC How Can Wireshark Help Multimedia File Extraction from HTTP Capture Streaming RTP Video Captures Real-Time Media Captures and Analysis Decrypting Signaling (SIP over TLS) Decrypting Secure RTP Extract the SRTP Encryption Key from SDP Filter SRTP-only Packets Feed the Key and SRTP Packets to Libsrtp Convert Text Format to pcap and Add the Missing UDP Header Explanation of Options Used Previously For SRTP Decode For text2pcap Telephony and Video Analysis Wireshark Optimization for VoIP QoS and Network Issues Analyzing VoIP Streams and Graph Call Flow and I/O Graph RTP Stream Analysis RTP Statistics, Packet Loss, Delay, and Jitter Analysis Replaying RTP Payload Summary References for This Chapter Chapter 6: Cloud and Cloud-Native Traffic Capture Evolution of Virtualization and Cloud Basics of Virtualization Hypervisor – Definition and Types Virtualization – Virtual Machines and Containers Virtual Machines Containers Traffic Capture in AWS Environment VPC Traffic Mirroring Traffic Capture in GCP Environment Traffic Capture in Docker Environment Traffic Capture in Kubernetes Environment Summary References for This Chapter Chapter 7: Bluetooth Packet Capture and Analysis Introduction to Bluetooth Communication Models Radio and Data Transfer Bluetooth Protocol Stack Controller Operations Radio and Baseband Processing Link Management Protocol (LMP) HCI Host Layer Operation L2CAP Application Profile–Specific Protocols SDP Telephony Control Audio/Video Control and Transport RFCOMM Other Adopted Protocols Tools for Bluetooth Capture Linux Windows macOS Bluetooth Packet Filtering and Troubleshooting Controller-to-Host Communication Pairing and Bonding Paired Device Discovery and Data Transfer Summary References for This Chapter Chapter 8: Network Analysis and Forensics Network Attack Classification Packet Poisoning and Spoofing Attacks DHCP Spoofing DNS Spoofing and Poisoning Prevention of Spoofing Attacks Network Scan and Discovery Attacks ARP and ICMP Ping Sweeps UDP Port Scan TCP Port Scan OS Fingerprinting Preventing Port Scan Attacks Brute-Force Attacks Preventing Brute-Force Attacks DoS (Denial-of-Service) Attacks Preventing DDoS Attacks Malware Attacks Prevention of Malware Attacks Wireshark Tweaks for Forensics Autoresolving Geolocation Changing the Column Display Frequently Used Wireshark Tricks in Forensics Find Exact Packets One at a Time Contains Operator Following a TCP Stream Wireshark Forensic Analysis Approach Wireshark DDoS Analysis Wireshark Malware Analysis Summary References for This Chapter Chapter 9: Understanding and Implementing Wireshark Dissectors Protocol Dissectors Post and Chain Dissectors Creating Your Own Wireshark Dissectors Wireshark Generic Dissector (WSGD) Lua Dissectors C Dissectors Creating Your Own Packet Summary References for This Chapter Index