Wireshark for Network Forensics: An Essential Guide for It and Cloud Professionals
暫譯: Wireshark 網路取證：IT 與雲端專業人士的必備指南

With the advent of emerging and complex technologies, traffic capture and analysis play an integral part in the overall IT operation. This book outlines the rich set of advanced features and capabilities of the Wireshark tool, considered by many to be the de-facto Swiss army knife for IT operational activities involving traffic analysis. This open-source tool is available as CLI or GUI. It is designed to capture using different modes, and to leverage the community developed and integrated features, such as filter-based analysis or traffic flow graph view.

You'll start by reviewing the basics of Wireshark, and then examine the details of capturing and analyzing secured application traffic such as SecureDNS, HTTPS, and IPSec. You'll then look closely at the control plane and data plane capture, and study the analysis of wireless technology traffic such as 802.11, which is the common access technology currently used, along with Bluetooth. You'll also learn ways to identify network attacks, malware, covert communications, perform security incident post mortems, and ways to prevent the same.

The book further explains the capture and analysis of secure multimedia traffic, which constitutes around 70% of all overall internet traffic. Wireshark for Network Forensics provides a unique look at cloud and cloud-native architecture-based traffic capture in Kubernetes, Docker-based, AWS, and GCP environments.

What You'll Learn

• Review Wireshark analysis and network forensics
• Study traffic capture and its analytics from mobile devices
• Analyze various access technology and cloud traffic
• Write your own dissector for any new or proprietary packet formats
• Capture secured application traffic for analysis

Who This Book Is For

IT Professionals, Cloud Architects, Infrastructure Administrators, and Network/Cloud Operators