Ethical Hacking and Network Analysis with Wireshark : Exploration of network packets for detecting exploits and malware

Cover
Title Page
Copyright Page
Dedication Page
About the Author
About the Reviewer
Acknowledgement
Preface
Table of Contents
1. Ethical Hacking and Networking Concepts
   Introduction
   Structure
   Objectives
   Introduction to ethical hacking
      The history of ethical hacking
      Importance of ethical hacking
      Benefits of ethical hacking
   Introduction to networking concepts
   The OSI model
      Importance of OSI model
      Seven layers of the OSI model
      The application layer
      The presentation layer
      The session layer
      The transport layer
      The network layer
      The data link layer
      The physical layer
      Example of data flow in the OSI model
   The TCP/IP model
      Five layers of the TCP/IP model
      The application layer
      The host-to-host/transport layer
      The network /internet layer
      The network interface layer
      The hardware/physical layer
      Difference between OSI and TCP/IP models
      Understanding network protocols
      Communication protocols
         Transmission control protocol/Internet protocol
         Hypertext Transfer Protocol
         File Transfer Protocol
         Simple Mail Transfer Protocol
         Secure Shell
         Internet Mail Access Protocol
         Post Office Protocol
         Lightweight Directory Access Protocol
         Telnet
         X.25
         Integrated Services Digital Network
         Asynchronous Transfer Mode
         Multiprotocol Label Switching
         Session Initiation Protocol
         Real-time Transport Protocol
      Network management protocols
         Simple Network Management Protocol
         Remote Monitoring
         Network Time Protocol
         Syslog
         NetFlow
         Border Gateway Protocol
         Open Shortest Path First
         Enhanced Interior Gateway Routing Protocol
         Internet Control Message Protocol
         Domain Name System
         Dynamic Host Configuration Protocol
         Address Resolution Protocol
         Link Layer Discovery Protocol
         Cisco Discovery Protocol
         Web-Based Enterprise Management
      Security protocols
         Secure Sockets Layer and Transport Layer Security
         Secure Shell
         Internet Protocol Security
         Wi-Fi Protected Access and WPA2
         Kerberos
         Hypertext Transfer Protocol Secure
         Pretty Good Privacy
   IP networks and subnets
      IP address
         IPv4 and IPv6
      Subnet
      The breakdown and significance of IP addresses
      The benefits of subnetting
      What is a subnet mask
   Switching and routing packets
      Switching packets
      Routing packets
   WAN links
   Wireless networking
   What is network traffic
   Overview of network packet sniffing
      The purpose of network packet sniffing
   Active and passive sniffing
   Wireshark in ethical hacking and traffic analysis
   Conclusion
   Questions
      Answers
2. Getting Acquainted with Wireshark and Setting up the Environment
   Introduction
   Structure
   Objectives
   What is Wireshark
      The origin of Wireshark by Gerald Combs
      The future of Wireshark
      Wireshark\'s functionality
      Wireshark\'s operation
      Wireshark core features
      Wireshark\'s purpose
      Limitations of Wireshark
   Downloading and Installing Wireshark with Libraries
      System requirements
         For Windows
         For Linux/Unix
         For macOS
      Installing Wireshark on Windows
      Installing Wireshark on Linux/Unix
      Installing Wireshark on macOS
   Exploring the Wireshark user interface
      Wireshark’s Start-up screen
      The menu
      The main toolbar
      The filter toolbar
      The packet list pane
      The packet details pane
      The packet bytes pane
      The packet diagram pane
      The statusbar
      Understanding Wireshark command-line tools
      Running Wireshark command-line tools
      Sniffing packets using Dumpcap and Tshark
      Filtering packets using Dumpcap, Tshark, and Editcap
      Merging trace files with Mergecap
      Analyzing Pcaps using Tshark
      Working with Text2pcap
   Conclusion
   Questions
      Answers
3. Getting Started with Packet Sniffing
   Introduction
   Structure
   Objectives
   Define your sniffing targets
   Choosing network interfaces
   Performing a packet sniffing
      Capture options: Input Tab
      Capture options: Output tab
      Capture options: Options tab
   Remote network packet
      Installing SSH on Remote Windows
      Installing SSH on Remote Linux
   Display and capture filters
      Capture filters
      Display filters
   Maximizing packet capture performance
   Stop sniffing, saving, and exporting packets
      Stop sniffing
      Saving the captured data packets
      Exporting packets
   Challenges/limitations of packet capturing
   Conclusion
   Questions
      Answers
4. Sniffing on 802.11 Wireless Networks
   Introduction
   Structure
   Objectives
   802.11 wireless networks
   802.11 wireless network architecture
   802.11 packet structure
   Wireless card modes
   Difference between monitor mode and promiscuous mode
   WLAN capture setup
      Enabling monitor mode in Linux
      Enabling monitor mode in Windows
   Sniffing WLAN Network Traffic
   Wi-Fi sniffer: WPA/WPA2
      802.11 Client Authentication Process
   802.11 Sniffer Capture Analysis: Multicast
   802.11 Sniffer Capture Analysis: Web authentication
   Challenges of sniffing 802.11 wireless networks
   Conclusion
   Questions
      Answers
5. Sniffing Sensitive Information, Credentials and Files
   Introduction
   Structure
   Objectives
   Sniffing the activity over USB interfaces
      Sniffing USB traffic on Windows
      Sniffing USB traffic on Linux
      Finding the target device
   Capturing credentials on HTTP
   Extracting images from PCAP file using Wireshark
   PDF and ZIP files saving from Wireshark
      Extracting a PDF file using Wireshark
      Extracting a ZIP file using Wireshark
   Capturing Telnet password
   Capturing SMTP password
   Identifying hosts and users with Wireshark
   Conclusion
   Exercises
      Answers
6. Analyzing Network Traffic Based on Protocols
   Introduction
   Structure
   Objectives
   IPv4 and IPv6
      IPv4 protocol analysis using Wireshark
      IPv6 protocol analysis using Wireshark
   ARP
      ARP protocol analysis using Wireshark
   ICMP
      ICMP protocol analysis using Wireshark
   TCP
      TCP protocol analysis using Wireshark
   UDP
      UDP protocol analysis using Wireshark
   HTTP
      HTTP protocol analysis using Wireshark
   FTP
      FTP protocol analysis using Wireshark
   SMTP
      SMTP protocol analysis using Wireshark
   DHCPv6
      DHCPv6 protocol analysis using Wireshark
   DNS
      DNS protocol analysis using Wireshark
   Conclusion
   Questions
      Answers
7. Analyzing and Decrypting SSL/TLS Traffic
   Introduction
   Structure
   Objectives
   Introduction to SSL/TLS
      The history of SSL/TLS
      SSL/TLS architecture and components
   The SSL/TLS Handshake
      TLS versus SSL Handshakes
      The TLS Handshake process
      What happens during a TLS Handshake
      What are the steps of a TLS handshake
      What is different about a handshake in TLS 1.3
   Key exchange
      Key exchange: A must for secure File Transfers
      SSL key exchange
      Popular key exchange algorithms
   Decrypting SSL/TLS traffic using Wireshark
   Conclusion
   Questions
      Answers
8. Analyzing Enterprise Applications
   Introduction
   Structure
   Objectives
   Identifying the service running over the network
   Analyzing Microsoft Terminal Server and Citrix communications
   Analyzing the database traffic
   Analyzing SNMP traffic
   Conclusion
   Questions
      Answers
9. Analysing VoIP Calls Using Wireshark
   Introduction
   Structure
   Objectives
   Introduction to VoIP technology
      Benefits of using VoIP
   VoIP architecture
      Session Border Controller
      Media servers
      Application server
      Database services
      SIP services
      IP PBX
      Endpoint devices
      IP network
      Codecs
   Working of VoIP
   VoIP supporting protocols
      Session Initiation Protocol
      Real Time Transport Protocol
      Real-time Transport Control Protocol
      Secure Real-time Transport Protocol
      H.323
      Media Gateway Control Protocol
      H.248 or Media Gateway Control
      Signalling Connection Control Part
      Session Description Protocol
   Sniffing VoIP traffic
   SIP call analysis
   Analysing RTP Streams in VoIP Traffic
   Challenges/limitations in analyzing VoIP calls through Wireshark
   Conclusion
   Questions
      Answers
10. Analyzing Traffic of IoT Devices
   Introduction
   Structure
   Objectives
   Introduction to IoT
      What are IoT devices
      Major components of the IoT ecosystem
      IoT architecture
         Perception layer
         Transport layer
         Edge layer
         Processing layer
         Application layer
         Business layer
         Security layer
      How IoT works
      Benefits of IoT
      Limitations of IoT
   IoT devices: Use cases for network sniffing
   Sniffing traffic of IoT devices
   Analyzing traffic of IoT devices
      MQTT Direct
      Understanding the MQTT communication
         Connect command
         Subscribe request
         Publish message
   Conclusion
   Questions
      Answers
11. Detecting Network Attacks with Wireshark
   Introduction
   Structure
   Objectives
   Detecting suspicious network traffic patterns
      Understanding suspicious network traffic patterns
      Detecting suspicious network traffic patterns using Wireshark
         Analyzing patterns and signatures of Ping sweeps
         Analyzing patterns and signatures of ARP sweeps
         Analyzing patterns and signatures of SYN flood attacks
   Detecting port scanning
      Understanding port scanning
      Detecting port scanning using Wireshark
         Analyzing patterns and signatures of TCP full connect scans
   Detecting Denial of Service and Distributed Denial of Service attacks
      Understanding DoS and DDoS attacks
      Detecting DoS and DDoS attacks using Wireshark
         Analyzing patterns and signatures of DoS attacks
   Detecting Brute-force and application attacks
      Understanding Brute-force and application attacks
      Detecting Brute-force and application attacks using Wireshark
   Detecting ARP poisoning
      Understanding ARP poisoning
      Detecting ARP poisoning using Wireshark
   Detecting session hijacking
      Understanding session hijacking
      Detecting session hijacking using Wireshark
   Detecting honeypot traffic
      Understanding honeypot traffic
      Detecting honeypot traffic with Wireshark
   Detecting Heartbleed bug
      Understanding the Heartbleed bug
      Detecting the Heartbleed bug using Wireshark
   Challenges/limitations of analysis of network attacks using Wireshark
   Conclusion
   Questions
      Answers
12. Troubleshooting and Performance Analysis Using Wireshark
   Introduction
   Structure
   Objectives
   Troubleshooting methodology
      Collecting the right information
      Classify the problem
      Divide-and-Conquer troubleshooting technique
   Troubleshooting connectivity issues
      Getting the workstation IP configuration
      Getting network service IP addresses
      Basic network connectivity
      Connecting to the application services
   Troubleshooting functional issues
   Performance analysis methodology
   Troubleshooting TCP protocol issues
      The case of the challenge ACK
   Troubleshooting slow application response time
      Using Packet captures to analyze web application performance
         Finding slow application performance with HTTP flows
         Adding http.time to your capture view
         Digging deeper
      Addressing challenges in the troubleshooting process using Wireshark
   Conclusion
   Questions
      Answers
Index