Muutke küpsiste eelistusi

E-raamat: Wireshark for Network Forensics: An Essential Guide for IT and Cloud Professionals

,
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 30-Dec-2022
  • Kirjastus: APress
  • Keel: eng
  • ISBN-13: 9781484290019
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 67,91 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Wireshark for Network Forensics: An Essential Guide for IT and Cloud ProfessionalsSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 30-Dec-2022
  • Kirjastus: APress
  • Keel: eng
  • ISBN-13: 9781484290019
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

With the advent of emerging and complex technologies, traffic capture and analysis play an integral part in the overall IT operation. This book outlines the rich set of advanced features and capabilities of the Wireshark tool, considered by many to be the de-facto Swiss army knife for IT operational activities involving traffic analysis. This open-source tool is available as CLI or GUI. It is designed to capture using different modes, and to leverage the community developed and integrated features, such as filter-based analysis or traffic flow graph view.   

You'll start by reviewing the basics of Wireshark, and then examine the details of capturing and analyzing secured application traffic such as SecureDNS, HTTPS, and IPSec. You'll then look closely at the control plane and data plane capture, and study the analysis of wireless technology traffic such as 802.11, which is the common access technology currently used, along with Bluetooth. You'll also learn ways to identify network attacks, malware, covert communications, perform security incident post mortems, and ways to prevent the same. 

The book further explains the capture and analysis of secure multimedia traffic, which constitutes around 70% of all overall internet traffic. Wireshark for Network Forensics provides a unique look at cloud and cloud-native architecture-based traffic capture in Kubernetes, Docker-based, AWS, and GCP environments. 

What You'll Learn

  • Review Wireshark analysis and network forensics
  • Study traffic capture and its analytics from mobile devices
  • Analyze various access technology and cloud traffic
  • Write your own dissector for any new or proprietary packet formats
  • Capture secured application traffic for analysis

Who This Book Is For

IT Professionals, Cloud Architects, Infrastructure Administrators, and Network/Cloud Operators

About the Authors xi
About the Contributor xiii
About the Technical Reviewer xv
Acknowledgments xvii
Introduction xix
Chapter 1 Wireshark Primer
1(28)
Introduction
1(2)
Get Me Started!
3(1)
macOS
3(1)
Linux
4(1)
Windows Install
5(1)
The First Capture
6(1)
Understanding a Packet
7(6)
Data Representation
13(1)
Big Picture: I/O Graphs
14(1)
Big Picture: TCP Stream Graphs
15(1)
Time Sequence (Stevens)
15(1)
Time Sequence (tcptrace)
15(1)
Throughput
16(1)
Round Trip Time
17(1)
Window Scaling
18(1)
Bigger Picture: Following a Packet Stream
19(1)
Biggest Picture: Flow Graphs
20(1)
CloudShark: The Floating Shark
21(6)
Summary
27(2)
Chapter 2 Packet Capture and Analysis
29(36)
Sourcing Traffic for Capture
30(1)
Setting Up Port Mirroring
30(1)
Remote Port Mirroring
31(3)
Other Mirroring Options
34(1)
Capture Point Placement
35(1)
OS-Native Traffic Capture Tools
36(1)
UNIX, Linux, BSD, and macOS
36(3)
Windows
39(2)
Wireshark-Based Traffic Capture
41(1)
CLI-Based Capture with Dumpcap orTshark
41(2)
GUI-Based Capture with Wireshark
43(2)
Capture Modes and Configurations
45(1)
Promiscuous Mode
45(2)
Remote Packet Capture with Extcap
47(1)
Remote Capture with Sshdump
47(2)
Mobile Device Traffic Capture
49(1)
Android Devices
49(3)
Using Third-Party Android App and Sshdump
52(2)
Capture Filtering
54(2)
Capture Filter Deep Dive
56(4)
High Volume Packet Analysis
60(1)
Advanced Filters and Deep Packet Filter
61(2)
Summary
63(1)
References for This
Chapter
64(1)
Chapter 3 Capturing Secured Application Traffic for Analysis
65(42)
Evolution of Application Security
66(3)
Capturing and Analyzing HTTPS
69(1)
Basics of HTTPS
69(3)
Capturing and Filtering HTTPS Traffic
72(1)
Analyzing HTTPS Traffic
73(9)
HTTPS Filters for Analysis
82(3)
Capturing and Analyzing QUIC Traffic
85(1)
Basics of QUIC
85(4)
Capturing and Filtering QUIC Traffic 4
89(1)
Analyzing QUIC Traffic
90(8)
Decrypting QUIC/TLS Traffic
98(1)
QUIC Filters for Analysis
98(1)
Capturing and Analyzing Secure DNS
99(1)
Basics of DNS
99(3)
Secure DNS
102(3)
Summary
105(1)
References for This
Chapter
105(2)
Chapter 4 Capturing Wireless Traffic for Analysis
107(36)
Basics of Radio Waves and Spectrum
107(3)
Basics of Wireless LAN Technology
110(7)
Setting Up 802.11 Radio Tap
117(1)
Wireless Capture Using Native Wireshark Tool
118(1)
Wireless Capture Using AirPort Utility
119(1)
Wireless Capture Using Diagnostic Tool
120(1)
Wireless Operational Aspects - Packet Capture and Analysis
121(1)
802.11 Frame Types and Format
122(3)
Wireless Network Discovery
125(2)
Wireless LAN Endpoint Onboarding
127(9)
Wireless LAN Data Exchange
136(4)
Wireless LAN Statistics Using Wireshark
140(1)
Summary
141(1)
References for This
Chapter
142(1)
Chapter 5 Multimedia Packet Capture and Analysis
143(30)
Multimedia Applications and Protocols
143(1)
Multimedia on the Web
144(1)
Multimedia Streaming
144(2)
Real-Time Multimedia
146(4)
How Can Wireshark Help
150(1)
Multimedia File Extraction from HTTP Capture
151(1)
Streaming RTP Video Captures
152(1)
Real-Time Media Captures and Analysis
153(1)
Decrypting Signaling (SIP overTLS)
153(5)
Decrypting Secure RTP
158(5)
Telephony and Video Analysis
163(8)
Summary
171(1)
References for This
Chapter
172(1)
Chapter 6 Cloud and Cloud-Native Traffic Capture
173(30)
Evolution of Virilization and Cloud
173(1)
Basics of Virilization
174(3)
Hypervisor - Definition and Types
177(1)
Virilization - Virtual Machines and Containers
178(3)
Traffic Capture in AWS Environment
181(1)
VPC Traffic Mirroring
182(5)
Traffic Capture in GCP Environment
187(6)
Traffic Capture in Docker Environment
193(2)
Traffic Capture in Kubernetes Environment
195(6)
Summary
201(1)
References for This
Chapter
201(2)
Chapter 7 Bluetooth Packet Capture and Analysis
203(18)
Introduction to Bluetooth
204(1)
Communication Models
204(1)
Radio and Data Transfer
205(2)
Bluetooth Protocol Stack
207(1)
Controller Operations
208(1)
HCI
209(1)
Host Layer Operation
209(1)
Application Profile-Specific Protocols ~
210(2)
Tools for Bluetooth Capture
212(1)
Linux
212(1)
Windows
213(1)
macOS
214(1)
Bluetooth Packet Filtering and Troubleshooting
215(1)
Controller-to-Host Communication
215(1)
Pairing and Bonding
216(2)
Paired Device Discovery and Data Transfer
218(2)
Summary
220(1)
References for This
Chapter
220(1)
Chapter 8 Network Analysis and Forensics
221(24)
Network Attack Classification
221(1)
Packet Poisoning and Spoofing Attacks
222(3)
Network Scan and Discovery Attacks
225(4)
Brute-Force Attacks
229(1)
DoS (Denial-of-Service) Attacks
230(2)
Malware Attacks
232(2)
Wireshark Tweaks for Forensics
234(1)
Autoresolving Geolocation
234(1)
Changing the Column Display
235(1)
Frequently Used Wireshark Tricks in Forensics
235(1)
Wireshark Forensic Analysis Approach
236(1)
Wireshark DDoS Analysis
236(5)
Wireshark Malware Analysis
241(3)
Summary
244(1)
References for This
Chapter
244(1)
Chapter 9 Understanding and Implementing Wireshark Dissectors
245(17)
Protocol Dissectors
250(3)
Post and Chain Dissectors
253(1)
Creating Your Own Wireshark Dissectors
253(1)
Wireshark Generic Dissector (WSGD)
253(1)
Lua Dissectors
254(3)
C Dissectors
257(1)
Creating Your Own Packet
258(3)
Summary
261(1)
References for This
Chapter		 262(1)
Index 263
Nagendra Kumar Nainar (CCIE#20987) is a Principal Engineer with Cisco Customer Experience(CX) Organization (Formerly TAC), focusing on Enterprise customers. He is the co-inventor of more than 130 patent applications in different technologies including Virtualization/Container technologies. He is the co-author of multiple Internet RFCs, various Internet drafts and IEEE papers. Nagendra also co-authored multiple technical books with leading publishers such as Cisco Press and Packt Publication. He is a guest lecturer in North Carolina State University and a speaker in different network forums. Ashish Panda (CCIE#33270) is a Senior Technical Leader with Cisco Systems Customer Experience CX Organization primarily focused on handling complex service provider network design and troubleshooting escalations. He has 19+ years of rich experience in network design, operation, and troubleshooting with various large enterprises and service provider networks (ISP, satellite,MPLS, 5G, and cloud) worldwide. He is a speaker at various Cisco internal and external events and is very active in the network industry standard bodies.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97814842900196e.html
Märksõnad: