Instant Traffic Analysis with Tshark How-to

Instant Traffic Analysis with Tshark How-to - Opis

Malware, DoS attacks, SQLi, and data exfiltration are some of the problems that many security officers have to face every day. Having advanced knowledge in communications and protocol analysis is therefore essential to investigate and detect any of these attacks. Tshark is the ideal tool for professionals who wish to meet these needs, or students who want to delve into the world of networking.Instant Traffic Analysis with Tshark How-to is a practical, hands-on guide for network administrators and security officers who want to take advantage of the filtering features provided by Tshark, the command-line version of Wireshark. With this guide you will learn how to get the most out of Tshark from environments lacking GUI, ideal for example in Unix/Linux servers, offering you much flexibility to identify and display network traffic.The book begins by explaining the basic theoretical concepts of Tshark and the process of data collection. Subsequently, you will see several alternatives to capture traffic based on network infrastructure and the goals of the network administrator. The rest of the book will focus on explaining the most interesting parameters of the tool from a totally practical standpoint.You will also learn how to decode protocols and how to get evidence of suspicious network traffic. You will become familiar with the many practical filters of Tshark that identify malware-infected computers and lots of network attacks such as DoS attacks, DHCP/ARP spoof, and DNS flooding. Finally, you will see some tricks to automate certain tasks with Tshark and python (...) więcej scripts.You will learn everything you need to get the most out of Tshark and overcome a wide range of network problems. In addition you will learn a variety of concepts related to networking and network attacks currently exploited. Spis treści:
Instant Traffic Analysis with Tshark How-to
Instant Traffic Analysis with Tshark How-to
Credits
About the Author
About the Reviewer
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. Instant Traffic Analysis with Tshark How-to
Capturing data with Tshark (Must know)
Getting ready
How to do it...
How it works...
Capturing traffic (Must know)
How to do it...
Bridge mode
Packet capturing
Port mirroring
Remote capture with rpcapd
ARP spoofing
How it works...
Delimiting network problems (Should know)
How to do it...
How it works...
Implementing useful filters (Should know)
How to do it...
Malicious domains
Passive DNS
Matches operator
How it works...
Theres more...
Decoding protocols (Become an expert)
How to do it...
How it works...
Auditing network attacks (Become an expert)
How to do it...
ARP spoofing
DHCP spoofing
DoS attacks
How it works...
There's more...
Analyzing network forensic data (Become an expert)
Getting ready
How to do it...
There's more...
Auditing network applications (Must know)
How to do it...
There's more...
Analyzing malware traffic (Must know)
Getting ready
How to do it...
How it works...
There's more...
Automating tasks (Must know)
Getting ready
How to do it...
How it works...
There's more... O autorze: Borja Merino is a security researcher from Leon (Spain). He studied computer science at the Pontificia University of Salamanca and he is certified in OSCP, OSWP, OSCE, CCNA Security, CCSP, Cisco Firewall, SMFE, CISSP and NSTISSI 4011. He has published several papers about pentesting and exploiting, is a Metasploit community contributor and one of the authors of the blog https://www.securityartwork.com where he regularly writes security articles. You can follow him on Twitter: @BorjaMerino mniej