Wireshark Workbook 1: Practice, Challenges, and Solutions (Wireshark 工作手冊 1:練習、挑戰與解答)

Chappell, Laura, Aragon, James

  • 出版商: Laura Chappell University
  • 出版日期: 2019-11-11
  • 售價: $2,350
  • 貴賓價: 9.5$2,233
  • 語言: 英文
  • 頁數: 364
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1893939642
  • ISBN-13: 9781893939646
  • 相關分類: Wireshark
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

相關主題

商品描述

Wireshark is the world's most popular network analyzer solution. Used for network troubleshooting, forensics, optimization and more, Wireshark is considered one of the most successful open source projects of all time.

Laura Chappell has been involved in the Wireshark project since its infancy (when it was called Ethereal) and is considered the foremost authority on network protocol analysis and forensics using Wireshark.

This book consists of 16 labs and is based on the format Laura introduced to trade show audiences over ten years ago through her highly acclaimed "Packet Challenges." This book gives you a chance to test your knowledge of Wireshark and TCP/IP communications analysis by posing a series of questions related to a trace file and then providing Laura's highly detailed step-by-step instructions showing how Laura arrived at the answers to the labs.

Book trace files and blank Answer Sheets can be downloaded from this book's supplement page (see https: //www.chappell-university.com/books).

Lab 1: Wireshark Warm-Up
Objective: Get Comfortable with the Lab Process. Completion of this lab requires many of the skills you will use throughout this lab book. If you are a bit shaky on any answer, take time when reviewing the answers to this lab to ensure you have mastered the necessary skill(s).

Lab 2: Proxy Problem
Objective: Examine issues that relate to a web proxy connection problem.

Lab 3: HTTP vs. HTTPS
Objective: Analyze and compare HTTP and HTTPS communications and errors using inclusion and field existence filters.

Lab 4: TCP SYN Analysis
Objective: Filter on and analyze TCP SYN and SYN/ACK packets to determine the capabilities of TCP peers and their connections.

Lab 5: TCP SEQ/ACK Analysis
Objective: Examine and analyze TCP sequence and acknowledgment numbering and Wireshark's interpretation of non-sequential numbering patterns.

Lab 6: You're Out of Order
Objective: Examine Wireshark's process of distinguishing between out-of-order packets and retransmissions and identify mis-identifications.

Lab 7: Sky High
Objective: Examine and analyze traffic captured as a host was redirected to a malicious site.

Lab 8: DNS Warm-Up
Objective: Examine and analyze DNS name resolution traffic that contains canonical name and multiple IP address responses.

Lab 9: Hacker Watch
Objective: Analyze TCP connections and FTP command and data channels between hosts.

Lab 10: Timing is Everything
Objective: Analyze and compare path latency, name resolution, and server response times.

Lab 11: The News
Objective: Analyze capture location, path latency, response times, and keepalive intervals between an HTTP client and server.

Lab 12: Selective ACKs
Objective: Analyze the process of establishing Selective acknowledgment (SACK) and using SACK during packet loss recovery.

Lab 13: Just DNS
Objective: Analyze, compare, and contrast various DNS queries and responses to identify errors, cache times, and CNAME (alias) information.

Lab 14: Movie Time
Objective: Use various display filter types, including regular expressions (regex), to analyze HTTP redirections, end-of-field values, object download times, errors, response times and more.

Lab 15: Crafty
Objective: Practice your display filter skills using "contains" operators, ASCII filters, and inclusion/exclusion filters, while analyzing TCP and HTTP performance parameters.

Lab 16: Pattern Recognition
Objective: Focus on TCP conversations and endpoints while analyzing TCP sequence numbers, Window Scaling, keep-alive, and Selective Acknowledgment capabilities.

商品描述(中文翻譯)

Wireshark是全球最受歡迎的網路分析解決方案。Wireshark用於網路故障排除、取證、優化等,被認為是有史以來最成功的開源項目之一。

Laura Chappell從Wireshark項目的初期(當時稱為Ethereal)就參與其中,被認為是使用Wireshark進行網路協議分析和取證的最高權威。

本書包含16個實驗室,基於Laura在十多年前通過她備受好評的“封包挑戰”向展會觀眾介紹的格式。本書讓您有機會通過一系列與追蹤文件相關的問題來測試您對Wireshark和TCP/IP通信分析的知識,然後提供Laura的高度詳細的逐步指示,展示Laura如何得出實驗室答案。

本書的追蹤文件和空白答案表可以從本書的補充頁面下載(請參閱https://www.chappell-university.com/books)。

實驗室1:Wireshark熱身
目標:熟悉實驗室流程。完成此實驗室需要您在整本實驗室書中使用的許多技能。如果對任何答案有些不確定,請在審查此實驗室的答案時花些時間確保您已掌握必要的技能。

實驗室2:代理問題
目標:檢查與網絡代理連接問題相關的問題。

實驗室3:HTTP vs. HTTPS
目標:使用包含和字段存在過濾器,分析和比較HTTP和HTTPS通信和錯誤。

實驗室4:TCP SYN分析
目標:過濾並分析TCP SYN和SYN/ACK封包,以確定TCP對等體及其連接的能力。

實驗室5:TCP SEQ/ACK分析
目標:檢查和分析TCP序列和確認編號以及Wireshark對非連續編號模式的解釋。

實驗室6:你的順序錯了
目標:檢查Wireshark區分順序錯誤封包和重傳封包的過程,並識別錯誤識別。

實驗室7:高空
目標:檢查和分析在將主機重定向到惡意網站時捕獲的流量。

實驗室8:DNS熱身
目標:檢查和分析包含規範名稱和多個IP地址回應的DNS名稱解析流量。

實驗室9:駭客監視
目標:分析主機之間的TCP連接和FTP命令和數據通道。

實驗室10:時間就是一切
目標:分析和比較路徑延遲、名稱解析和服務器響應時間。

實驗室11:新聞
目標:分析捕獲位置、路徑延遲、響應時間和保持活動間隔之間的HTTP客戶端和服務器。

實驗室12:選擇性確認
目標:分析建立選擇性確認(SACK)的過程,並在封包丟失恢復期間使用SACK。

實驗室13:僅DNS
目標:分析、比較和對比各種DNS查詢和回應,以識別錯誤、緩存時間和CNAME(別名)信息。

實驗室14:電影時間
目標:使用各種顯示過濾器類型,包括正則表達式(regex),分析HTTP重定向、字段結束值、對象下載時間、錯誤、響應時間等。

實驗室15:狡猾
目標:使用“包含”運算符、ASCII過濾器和包含/排除過濾器來練習您的顯示過濾器技能,同時分析TCP和HTTP性能參數。

實驗室16:模式識別
目標:專注於TCP對話和端點,同時分析TCP序列號、窗口縮放、保持活動和選擇性確認能力。