Description

Book Synopsis

Take a systematic approach at identifying intrusions that range from the most basic to the most sophisticated, using Wireshark, an open source protocol analyzer. This book will show you how to effectively manipulate and monitor different conversations and perform statistical analysis of these conversations to identify the IP and TCP information of interest.

Next, you''ll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial click through intrusion, the characteristics of Command and Control (C2), and the different types of lateral movement will be detailed at the packet level.

In the final part of the book, you''ll explore the network capture file and identification of data for a potential forensics extraction, including inherent capabilities for the extraction of objects such as file data and other corresponding components in support of a foren

Table of Contents
Chapter 1: Customization of the Wireshark Interface

Chapter Goal: - Learn how to edit the columns of the Wireshark user interface. Explore important items to include in the interface for performing intrusion and malware analysis

No of pages - 18

Sub -Topics

1. Identifying columns to delete from the default displays

2. Adding the source and destination ports for easy traffic analysis

3. Specialty column customization for malware analysis

Intrusions Chapter 2: Capturing Network Traffic

Chapter Goal: Setup a network capture in Wireshark

No of pages: - 24

Sub - Topics

1. Prerequisites for capturing live network data

2. Working with Network Interfaces

3. Exploring the network capture options

4. Filtering While Capturing

Chapter 3: Interpreting Network Protocols

Chapter Goal: A deep understanding of the network protocols at the packet level

No of pages : 30

Sub - Topics:

1. Investigating IP, the workhorse of the network

2. Analyzing ICMP and UDP

3. Dissection of TCP traffic

4. Reassembly of packets

5. Interpreting Name Resolution

Chapter 4: Analysis of Network Attacks

Chapter Goal: Understand the hacking mindset and leverage that to identify attacks

No of pages: 30

Sub - Topics:

1. Introducing a Hacking Methodology

2. Examination of reconnaissance network traffic artifacts

3. Leveraging the statistical properties of the capture file

4. Identifying SMB based attacks

5. Uncovering HTTP/HTTPS based attack traffic

Chapter 5: Effective Network Traffic Filtering

Chapter Goal: Use of the complex filtering capability of Wireshark to extract attack data

No of pages: 35

Sub - Topics:

1. Identifying filter components

2. Investigating the conversations

3. Extracting the packet data

4. Building Filter Expressions

5. Decrypting HTTPS Traffic

Chapter 6: Advanced Features of Wireshark

Chapter Goal: A fundamental review and understanding of the advanced features of Wireshark

No of pages: 35

Sub – Topics:

1. Working with cryptographic information in a packet

2. Exploring the protocol dissectors of Wireshark

3. Viewing logged anomalies in Wireshark

4. Capturing traffic from remote computers

5. Command line tool tshark

6. Creating Firewall ACL rules

Chapter 7: Scripting and interacting with Wireshark

Chapter Goal: Using scripts to extract and isolate data of interest from network capture files

No of pages: 30

Sub – Topics:

1. Lua scripting

2. Interaction with Pandas

3. Leveraging PyShark

Malware Chapter 8: Basic Malware Traffic Analysis

Chapter Goal: Develop an understanding of the different stages of a malware infection

No of pages: 36

Sub – Topics:

1. Customization of the interface for malware analysis

2. Extracting the files

3. Recognizing URL/Domains of an infected site

4. Determining the connections as part of the infected machine

5. Scavenging the infected machine meta data

6. Exporting the data objects

Chapter 9: Analyzing Encoding, Obfuscated and ICS Malware Traffic

Chapter Goal: Identify the encoding or obfuscated method in network traffic

No of pages: 40

Sub – Topics:

1. Investigation of njRAT

2. Analysis of Wanna Cry

3. Exploring Cryptolocker

4. Dissecting TRITON

5. Examining Trickbot

6. Understanding exploit kits

Chapter 10: Dynamic Malware Network Activities

Chapter Goal: Review and understand malware network activity as it happens

No of pages: 40

Sub – Topics:

1. Setting up network and service simulation

2. Monitoring malware communications and connections at run time and beyond

3. Detecting network evasion attempts

4. Investigating Cobalt Strike Beacons

5. Exploring C2 backdoor methods

6. Identifying Domain Generation Algorithms

Forensics Chapter 10: Extractions of Forensics Data with Wireshark

Chapter Goal: Learn different methods of extracting different types of case related and potential forensics evidence

No of pages: 30

Sub – Topics:

1. Interception of telephony data

2. Discovering DOS/DDoS

3. Analysis of HTTP/HTTPS Tunneling over DNS

4. Carving files from network data

Chapter 11: Network Traffic Forensics

Chapter Goal: An understanding of extraction of potential forensics data

No of pages: 30

Sub – Topics:

1. Isolation of conversations

2. Detection of Spoofing, port scanning and SSH attacks

3. Reconstruction of timeline network attack data

4. Extracting compromise data

Chapter 12: Conclusion

Chapter Goal: Review and summary of covered content

No of pages: 10


Tactical Wireshark

    Product form

    £46.74

    Includes FREE delivery

    RRP £54.99 – you save £8.25 (15%)

    Order before 4pm tomorrow for delivery by Sat 18 Jul 2026.

    A Paperback / softback by Kevin Cardwell

    3 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Tactical Wireshark by Kevin Cardwell

      Publisher: APress
      Publication Date: 13/04/2023
      ISBN13: 9781484292907, 978-1484292907
      ISBN10: 1484292901

      Description

      Book Synopsis

      Take a systematic approach at identifying intrusions that range from the most basic to the most sophisticated, using Wireshark, an open source protocol analyzer. This book will show you how to effectively manipulate and monitor different conversations and perform statistical analysis of these conversations to identify the IP and TCP information of interest.

      Next, you''ll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial click through intrusion, the characteristics of Command and Control (C2), and the different types of lateral movement will be detailed at the packet level.

      In the final part of the book, you''ll explore the network capture file and identification of data for a potential forensics extraction, including inherent capabilities for the extraction of objects such as file data and other corresponding components in support of a foren

      Table of Contents
      Chapter 1: Customization of the Wireshark Interface

      Chapter Goal: - Learn how to edit the columns of the Wireshark user interface. Explore important items to include in the interface for performing intrusion and malware analysis

      No of pages - 18

      Sub -Topics

      1. Identifying columns to delete from the default displays

      2. Adding the source and destination ports for easy traffic analysis

      3. Specialty column customization for malware analysis

      Intrusions Chapter 2: Capturing Network Traffic

      Chapter Goal: Setup a network capture in Wireshark

      No of pages: - 24

      Sub - Topics

      1. Prerequisites for capturing live network data

      2. Working with Network Interfaces

      3. Exploring the network capture options

      4. Filtering While Capturing

      Chapter 3: Interpreting Network Protocols

      Chapter Goal: A deep understanding of the network protocols at the packet level

      No of pages : 30

      Sub - Topics:

      1. Investigating IP, the workhorse of the network

      2. Analyzing ICMP and UDP

      3. Dissection of TCP traffic

      4. Reassembly of packets

      5. Interpreting Name Resolution

      Chapter 4: Analysis of Network Attacks

      Chapter Goal: Understand the hacking mindset and leverage that to identify attacks

      No of pages: 30

      Sub - Topics:

      1. Introducing a Hacking Methodology

      2. Examination of reconnaissance network traffic artifacts

      3. Leveraging the statistical properties of the capture file

      4. Identifying SMB based attacks

      5. Uncovering HTTP/HTTPS based attack traffic

      Chapter 5: Effective Network Traffic Filtering

      Chapter Goal: Use of the complex filtering capability of Wireshark to extract attack data

      No of pages: 35

      Sub - Topics:

      1. Identifying filter components

      2. Investigating the conversations

      3. Extracting the packet data

      4. Building Filter Expressions

      5. Decrypting HTTPS Traffic

      Chapter 6: Advanced Features of Wireshark

      Chapter Goal: A fundamental review and understanding of the advanced features of Wireshark

      No of pages: 35

      Sub – Topics:

      1. Working with cryptographic information in a packet

      2. Exploring the protocol dissectors of Wireshark

      3. Viewing logged anomalies in Wireshark

      4. Capturing traffic from remote computers

      5. Command line tool tshark

      6. Creating Firewall ACL rules

      Chapter 7: Scripting and interacting with Wireshark

      Chapter Goal: Using scripts to extract and isolate data of interest from network capture files

      No of pages: 30

      Sub – Topics:

      1. Lua scripting

      2. Interaction with Pandas

      3. Leveraging PyShark

      Malware Chapter 8: Basic Malware Traffic Analysis

      Chapter Goal: Develop an understanding of the different stages of a malware infection

      No of pages: 36

      Sub – Topics:

      1. Customization of the interface for malware analysis

      2. Extracting the files

      3. Recognizing URL/Domains of an infected site

      4. Determining the connections as part of the infected machine

      5. Scavenging the infected machine meta data

      6. Exporting the data objects

      Chapter 9: Analyzing Encoding, Obfuscated and ICS Malware Traffic

      Chapter Goal: Identify the encoding or obfuscated method in network traffic

      No of pages: 40

      Sub – Topics:

      1. Investigation of njRAT

      2. Analysis of Wanna Cry

      3. Exploring Cryptolocker

      4. Dissecting TRITON

      5. Examining Trickbot

      6. Understanding exploit kits

      Chapter 10: Dynamic Malware Network Activities

      Chapter Goal: Review and understand malware network activity as it happens

      No of pages: 40

      Sub – Topics:

      1. Setting up network and service simulation

      2. Monitoring malware communications and connections at run time and beyond

      3. Detecting network evasion attempts

      4. Investigating Cobalt Strike Beacons

      5. Exploring C2 backdoor methods

      6. Identifying Domain Generation Algorithms

      Forensics Chapter 10: Extractions of Forensics Data with Wireshark

      Chapter Goal: Learn different methods of extracting different types of case related and potential forensics evidence

      No of pages: 30

      Sub – Topics:

      1. Interception of telephony data

      2. Discovering DOS/DDoS

      3. Analysis of HTTP/HTTPS Tunneling over DNS

      4. Carving files from network data

      Chapter 11: Network Traffic Forensics

      Chapter Goal: An understanding of extraction of potential forensics data

      No of pages: 30

      Sub – Topics:

      1. Isolation of conversations

      2. Detection of Spoofing, port scanning and SSH attacks

      3. Reconstruction of timeline network attack data

      4. Extracting compromise data

      Chapter 12: Conclusion

      Chapter Goal: Review and summary of covered content

      No of pages: 10


      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account