Instant Traffic Analysis with Tshark How-to

By Borja Merino

Filled with practical, step-by-step instructions and clear explanations for the most important and useful tasks. This How-to guide will explore TShark. As this is the terminal version, it will show the user all commands and syntax as well as all options for Tshark and its common uses through small recipes. This book is intended for network administrators and security officers who have to deal daily with a variety of network problems and security incidents. It will also be a good learning aid for Cisco students wishing to implement and understand the many theoretical concepts related to traffic data and communications in greater depth.

• Language: English
• Publisher: Packt Publishing
• Release date: Apr 24, 2013
• ISBN: 9781782165392

Book preview

Table of Contents

Instant Traffic Analysis with Tshark How-to

Credits

About the Author

About the Reviewer

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Instant Traffic Analysis with Tshark How-to

Capturing data with Tshark (Must know)

Getting ready

How to do it...

How it works...

Capturing traffic (Must know)

How to do it...

Bridge mode

Packet capturing

Port mirroring

Remote capture with rpcapd

ARP spoofing

How it works...

Delimiting network problems (Should know)

How to do it...

How it works...

Implementing useful filters (Should know)

How to do it...

Malicious domains

Passive DNS

Matches operator

How it works...

There's more...

Decoding protocols (Become an expert)

How to do it...

How it works...

Auditing network attacks (Become an expert)

How to do it...

ARP spoofing

DHCP spoofing

DoS attacks

How it works...

There's more...

Analyzing network forensic data (Become an expert)

Getting ready

How to do it...

There's more...

Auditing network applications (Must know)

How to do it...

There's more...

Analyzing malware traffic (Must know)

Getting ready

How to do it...

How it works...

There's more...

Automating tasks (Must know)

Getting ready

How to do it...

How it works...

There's more...

Instant Traffic Analysis with Tshark How-to

---

Instant Traffic Analysis with Tshark How-to

Copyright © 2013 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: April 2013

Production Reference: 1170413

Livery Place

35 Livery Street

Birmingham B3 2PB, UK

ISBN 978-1-78216-538-5

www.packtpub.com

Credits

Author

Borja Merino

Reviewer

Nelo Belda Atoche

IT Content Commissioning Editor

James Jones

Commissioning Editor

Ameya Sawant

Technical Editor

Varun Pius Rodrigues

Project Coordinator

Sneha Modi

Proofreader

Stephen Copestake

Graphics

Ronak Dhruv

Production Coordinator

Shantanu Zagade

Cover Work

Shantanu Zagade

Cover Image

Conidon Miranda

About the Author

Borja Merino is a security researcher from León, Spain. He studied Computer Science at the Pontificia University of Salamanca and he is certified in OSCP, OSWP, OSCE, CCNA Security, CCSP, Cisco Firewall, SMFE, CISSP, and NSTISSI 4011. He has published several papers about pentesting and exploiting. He is also a Metasploit community contributor and one of the authors of the blog www.securityartwork.com, where he regularly writes security articles. You can follow him on Twitter at @BorjaMerino.

I would like to dedicate this book (my first mini book) to my family, especially my parents and my brother, the most important people to me. Of course, I also dedicate it to my girlfriend and my best colleagues although some of them do not even know what a protocol analyzer is.

Finally, I would like to give special thanks to the Technical Reviewer Nelo and my friend Alfon who, without hesitation, offered to help me with the review of the book. Thank you guys!

About the Reviewer

Nelo Belda Atoche is a Security Analyst in S2 Grupo. He received a Technical Engineering degree in Telecommunication from the Universitat Politècnica de València and a Master’s degree in Information Systems and Technology Management and Administration from the Universitat Oberta de Catalunya. Since his early student years, he has been focused on Computer Security.

He currently works as an Incident Handler (GIAC Certified on Incident Handler, GCIH) in a Computer Security Incident Response Team, at the Spanish company S2 Grupo. He performs tasks of network and computer analysis and forensics, incident response, and IDS/IPS management, among others. He also has collaborated on various technical reports, about critical infrastructure protection, as well as in the blog SecurityArtWork.

www.PacktPub.com

Support files, eBooks, discount offers and more

You might want to visit www.PacktPub.com for support files and downloads related to your book.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com