Wireshark is the world's most popular network analyzer solution. Used for network troubleshooting, forensics, optimization and more, Wireshark is considered one of the most successful open source projects of all time.
Laura Chappell has been involved in the Wireshark project since its infancy (when it was called Ethereal) and is considered the foremost authority on network protocol analysis and forensics using Wireshark.
This book consists of 16 labs and is based on the format Laura introduced to trade show audiences over ten years ago through her highly acclaimed "Packet Challenges." This book gives you a chance to test your knowledge of Wireshark and TCP/IP communications analysis by posing a series of questions related to a trace file and then providing Laura's highly detailed step-by-step instructions showing how Laura arrived at the answers to the labs.
Book trace files and blank Answer Sheets can be downloaded from this book's supplement page (see https: //www.chappell-university.com/books).
Lab 1: Wireshark Warm-Up
Objective: Get Comfortable with the Lab Process. Completion of this lab requires many of the skills you will use throughout this lab book. If you are a bit shaky on any answer, take time when reviewing the answers to this lab to ensure you have mastered the necessary skill(s).
Lab 2: Proxy Problem
Objective: Examine issues that relate to a web proxy connection problem.
Lab 3: HTTP vs. HTTPS
Objective: Analyze and compare HTTP and HTTPS communications and errors using inclusion and field existence filters.
Lab 4: TCP SYN Analysis
Objective: Filter on and analyze TCP SYN and SYN/ACK packets to determine the capabilities of TCP peers and their connections.
Lab 5: TCP SEQ/ACK Analysis
Objective: Examine and analyze TCP sequence and acknowledgment numbering and Wireshark's interpretation of non-sequential numbering patterns.
Lab 6: You're Out of Order!
Objective: Examine Wireshark's process of distinguishing between out-of-order packets and retransmissions and identify mis-identifications.
Lab 7: Sky High
Objective: Examine and analyze traffic captured as a host was redirected to a malicious site.
Lab 8: DNS Warm-Up
Objective: Examine and analyze DNS name resolution traffic that contains canonical name and multiple IP address responses.
Lab 9: Hacker Watch
Objective: Analyze TCP connections and FTP command and data channels between hosts.
Lab 10: Timing is Everything
Objective: Analyze and compare path latency, name resolution, and server response times.
Lab 11: The News
Objective: Analyze capture location, path latency, response times, and keepalive intervals between an HTTP client and server.
Lab 12: Selective ACKs
Objective: Analyze the process of establishing Selective acknowledgment (SACK) and using SACK during packet loss recovery.
Lab 13: Just DNS
Objective: Analyze, compare, and contrast various DNS queries and responses to identify errors, cache times, and CNAME (alias) information.
Lab 14: Movie Time
Objective: Use various display filter types, including regular expressions (regex), to analyze HTTP redirections, end-of-field values, object download times, errors, response times and more.
Lab 15: Crafty
Objective: Practice your display filter skills using "contains" operators, ASCII filters, and inclusion/exclusion filters, while analyzing TCP and HTTP performance parameters.
Lab 16: Pattern Recognition
Objective: Focus on TCP conversations and endpoints while analyzing TCP sequence numbers, Window Scaling, keep-alive, and Selective Acknowledgment capabilities.
