Description

Book Synopsis

Master Wireshark to solve real-world security problems

If you don't already use Wireshark for a wide range of information security tasks, you will after this book. Mature and powerful, Wireshark is commonly used to find root cause of challenging network issues. This book extends that power to information security professionals, complete with a downloadable, virtual lab environment.

Wireshark for Security Professionals covers both offensive and defensive concepts that can be applied to essentially any InfoSec role. Whether into network security, malware analysis, intrusion detection, or penetration testing, this book demonstrates Wireshark through relevant and useful examples.

Master Wireshark through both lab scenarios and exercises. Early in the book, a virtual lab environment is provided for the purpose of getting hands-on experience with Wireshark. Wireshark is combined with two popular platforms: Kali, the security-focused Linux distribution, a

Table of Contents

Introduction xiii

Chapter 1 Introducing Wireshark 1

What Is Wireshark? 2

A Best Time to Use Wireshark? 2

Avoiding Being Overwhelmed 3

The Wireshark User Interface 3

Packet List Pane 5

Packet Details Pane 6

Packet Bytes Pane 8

Filters 9

Capture Filters 9

Display Filters 13

Summary 17

Exercises 18

Chapter 2 Setting Up the Lab 19

Kali Linux 20

Virtualization 22

Basic Terminology and Concepts 23

Benefits of Virtualization 23

Virtual Box 24

Installing VirtualBox 24

Installing the VirtualBox Extension Pack 31

Creating a Kali Linux Virtual Machine 33

Installing Kali Linux 40

The W4SP Lab 46

Requirements 46

A Few Words about Docker 47

What Is GitHub? 48

Creating the Lab User 49

Installing the W4SP Lab on the Kali Virtual Machine 50

Setting Up the W4SP Lab 53

The Lab Network 54

Summary 55

Exercises 56

Chapter 3 The Fundamentals 57

Networking 58

OSI Layers 58

Networking between Virtual Machines 61

Security 63

The Security Triad 63

Intrusion Detection and Prevention Systems 63

False Positives and False Negatives 64

Malware 64

Spoofing and Poisoning 66

Packet and Protocol Analysis 66

A Protocol Analysis Story 67

Ports and Protocols 71

Summary 73

Exercises 74

Chapter 4 Capturing Packets 75

Sniffing 76

Promiscuous Mode 76

Starting the First Capture 78

TShark 82

Dealing with the Network 86

Local Machine 87

Sniffing Localhost 88

Sniffing on Virtual Machine Interfaces 92

Sniffing with Hubs 96

SPAN Ports 98

Network Taps 101

Transparent Linux Bridges 103

Wireless Networks 105

Loading and Saving Capture Files 108

File Formats 108

Ring Buffers and Multiple Files 111

Recent Capture Files 116

Dissectors 118

W4SP Lab: Managing Nonstandard HTTP Traffic 118

Filtering SMB Filenames 120

Packet Colorization 123

Viewing Someone Else’s Captures 126

Summary 127

Exercises 128

Chapter 5 Diagnosing Attacks 129

Attack Type: Man-in-the-Middle 130

Why MitM Attacks Are Effective 130

How MitM Attacks Get Done: ARP 131

W4SP Lab: Performing an ARP MitM Attack 133

W4SP Lab: Performing a DNS MitM Attack 141

How to Prevent MitM Attacks 147

Attack Type: Denial of Service 148

Why DoS Attacks Are Effective 149

How DoS Attacks Get Done 150

How to Prevent DoS Attacks 155

Attack Type: Advanced Persistent Threat 156

Why APT Attacks Are Effective 156

How APT Attacks Get Done 157

Example APT Traffic in Wireshark 157

How to Prevent APT Attacks 161

Summary 162

Exercises 162

Chapter 6 Offensive Wireshark 163

Attack Methodology 163

Reconnaissance Using Wireshark 165

Evading IPS/IDS 168

Session Splicing and Fragmentation 168

Playing to the Host, Not the IDS 169

Covering Tracks and Placing Backdoors 169

Exploitation 170

Setting Up the W4SP Lab with Metasploitable 171

Launching Metasploit Console 171

VSFTP Exploit 172

Debugging with Wireshark 173

Shell in Wireshark 175

TCP Stream Showing a Bind Shell 176

TCP Stream Showing a Reverse Shell 183

Starting ELK 188

Remote Capture over SSH 190

Summary 191

Exercises 192

Chapter 7 Decrypting TLS, Capturing USB, Keyloggers, and Network Graphing 193

Decrypting SSL/TLS 193

Decrypting SSL/TLS Using Private Keys 195

Decrypting SSL/TLS Using Session Keys 199

USB and Wireshark 202

Capturing USB Traffic on Linux 203

Capturing USB Traffic on Windows 206

TShark Keylogger 208

Graphing the Network 212

Lua with Graphviz Library 213

Summary 218

Exercises 219

Chapter 8 Scripting with Lua 221

Why Lua? 222

Scripting Basics 223

Variables 225

Functions and Blocks 226

Loops 228

Conditionals 230

Setup 230

Checking for Lua Support 231

Lua Initialization 232

Windows Setup 233

Linux Setup 233

Tools 234

Hello World with TShark 236

Counting Packets Script 237

ARP Cache Script 241

Creating Dissectors for Wireshark 244

Dissector Types 245

Why a Dissector Is Needed 245

Experiment 253

Extending Wireshark 255

Packet Direction Script 255

Marking Suspicious Script 257

Snooping SMB File Transfers 260

Summary 262

Index 265

Wireshark for Security Professionals

    Product form

    £34.00

    Includes FREE delivery

    RRP £42.50 – you save £8.50 (20%)

    Order before 4pm tomorrow for delivery by Mon 22 Jun 2026.

    A Paperback / softback by Jessey Bullock, Jeff T. Parker


      View other formats and editions of Wireshark for Security Professionals by Jessey Bullock

      Publisher: John Wiley & Sons Inc
      Publication Date: 12/05/2017
      ISBN13: 9781118918210, 978-1118918210
      ISBN10: 1118918215
      Also in:
      Computer networking and communications Computer security

      Description

      Book Synopsis

      Master Wireshark to solve real-world security problems

      If you don't already use Wireshark for a wide range of information security tasks, you will after this book. Mature and powerful, Wireshark is commonly used to find root cause of challenging network issues. This book extends that power to information security professionals, complete with a downloadable, virtual lab environment.

      Wireshark for Security Professionals covers both offensive and defensive concepts that can be applied to essentially any InfoSec role. Whether into network security, malware analysis, intrusion detection, or penetration testing, this book demonstrates Wireshark through relevant and useful examples.

      Master Wireshark through both lab scenarios and exercises. Early in the book, a virtual lab environment is provided for the purpose of getting hands-on experience with Wireshark. Wireshark is combined with two popular platforms: Kali, the security-focused Linux distribution, a

      Table of Contents

      Introduction xiii

      Chapter 1 Introducing Wireshark 1

      What Is Wireshark? 2

      A Best Time to Use Wireshark? 2

      Avoiding Being Overwhelmed 3

      The Wireshark User Interface 3

      Packet List Pane 5

      Packet Details Pane 6

      Packet Bytes Pane 8

      Filters 9

      Capture Filters 9

      Display Filters 13

      Summary 17

      Exercises 18

      Chapter 2 Setting Up the Lab 19

      Kali Linux 20

      Virtualization 22

      Basic Terminology and Concepts 23

      Benefits of Virtualization 23

      Virtual Box 24

      Installing VirtualBox 24

      Installing the VirtualBox Extension Pack 31

      Creating a Kali Linux Virtual Machine 33

      Installing Kali Linux 40

      The W4SP Lab 46

      Requirements 46

      A Few Words about Docker 47

      What Is GitHub? 48

      Creating the Lab User 49

      Installing the W4SP Lab on the Kali Virtual Machine 50

      Setting Up the W4SP Lab 53

      The Lab Network 54

      Summary 55

      Exercises 56

      Chapter 3 The Fundamentals 57

      Networking 58

      OSI Layers 58

      Networking between Virtual Machines 61

      Security 63

      The Security Triad 63

      Intrusion Detection and Prevention Systems 63

      False Positives and False Negatives 64

      Malware 64

      Spoofing and Poisoning 66

      Packet and Protocol Analysis 66

      A Protocol Analysis Story 67

      Ports and Protocols 71

      Summary 73

      Exercises 74

      Chapter 4 Capturing Packets 75

      Sniffing 76

      Promiscuous Mode 76

      Starting the First Capture 78

      TShark 82

      Dealing with the Network 86

      Local Machine 87

      Sniffing Localhost 88

      Sniffing on Virtual Machine Interfaces 92

      Sniffing with Hubs 96

      SPAN Ports 98

      Network Taps 101

      Transparent Linux Bridges 103

      Wireless Networks 105

      Loading and Saving Capture Files 108

      File Formats 108

      Ring Buffers and Multiple Files 111

      Recent Capture Files 116

      Dissectors 118

      W4SP Lab: Managing Nonstandard HTTP Traffic 118

      Filtering SMB Filenames 120

      Packet Colorization 123

      Viewing Someone Else’s Captures 126

      Summary 127

      Exercises 128

      Chapter 5 Diagnosing Attacks 129

      Attack Type: Man-in-the-Middle 130

      Why MitM Attacks Are Effective 130

      How MitM Attacks Get Done: ARP 131

      W4SP Lab: Performing an ARP MitM Attack 133

      W4SP Lab: Performing a DNS MitM Attack 141

      How to Prevent MitM Attacks 147

      Attack Type: Denial of Service 148

      Why DoS Attacks Are Effective 149

      How DoS Attacks Get Done 150

      How to Prevent DoS Attacks 155

      Attack Type: Advanced Persistent Threat 156

      Why APT Attacks Are Effective 156

      How APT Attacks Get Done 157

      Example APT Traffic in Wireshark 157

      How to Prevent APT Attacks 161

      Summary 162

      Exercises 162

      Chapter 6 Offensive Wireshark 163

      Attack Methodology 163

      Reconnaissance Using Wireshark 165

      Evading IPS/IDS 168

      Session Splicing and Fragmentation 168

      Playing to the Host, Not the IDS 169

      Covering Tracks and Placing Backdoors 169

      Exploitation 170

      Setting Up the W4SP Lab with Metasploitable 171

      Launching Metasploit Console 171

      VSFTP Exploit 172

      Debugging with Wireshark 173

      Shell in Wireshark 175

      TCP Stream Showing a Bind Shell 176

      TCP Stream Showing a Reverse Shell 183

      Starting ELK 188

      Remote Capture over SSH 190

      Summary 191

      Exercises 192

      Chapter 7 Decrypting TLS, Capturing USB, Keyloggers, and Network Graphing 193

      Decrypting SSL/TLS 193

      Decrypting SSL/TLS Using Private Keys 195

      Decrypting SSL/TLS Using Session Keys 199

      USB and Wireshark 202

      Capturing USB Traffic on Linux 203

      Capturing USB Traffic on Windows 206

      TShark Keylogger 208

      Graphing the Network 212

      Lua with Graphviz Library 213

      Summary 218

      Exercises 219

      Chapter 8 Scripting with Lua 221

      Why Lua? 222

      Scripting Basics 223

      Variables 225

      Functions and Blocks 226

      Loops 228

      Conditionals 230

      Setup 230

      Checking for Lua Support 231

      Lua Initialization 232

      Windows Setup 233

      Linux Setup 233

      Tools 234

      Hello World with TShark 236

      Counting Packets Script 237

      ARP Cache Script 241

      Creating Dissectors for Wireshark 244

      Dissector Types 245

      Why a Dissector Is Needed 245

      Experiment 253

      Extending Wireshark 255

      Packet Direction Script 255

      Marking Suspicious Script 257

      Snooping SMB File Transfers 260

      Summary 262

      Index 265

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account