Wireshark Workbook 1

Wireshark is the world’s most popular network analyzer, used for troubleshooting, forensics, optimization, and more. It’s considered one of the most successful open source projects of all time.Laura Chappell has been involved in the Wireshark project since its infancy (then called Ethereal) and is regarded as the leading authority on network protocol analysis and forensics using Wireshark. Laura Chappell, Protocol Analysis Institute, and Chappell University are not affiliated with the Wireshark Foundation.The WCNA Certification is the top global program for network analysis, with certified analysts in over 90 countries and DoD 8570 certification since 2009.This book features 16 labs based on Laura’s popular 'Packet Challenges,' introduced at trade shows over a decade ago. You’ll test your Wireshark and TCP/IP skills by answering questions based on trace files, followed by Laura’s detailed, step-by-step solutions.Lab 1: Wireshark Warm-UpObjective: Get Comfortable with the Lab Process. Completion of this lab requires many of the skills you will use throughout this lab book. If you are a bit shaky on any answer, take time when reviewing the answers to this lab to ensure you have mastered the necessary skill(s).Lab 2: Proxy ProblemObjective: Examine issues that relate to a web proxy connection problem.Lab 3: HTTP vs. HTTPSObjective: Analyze and compare HTTP and HTTPS communications and errors using inclusion and field existence filters.Lab 4: TCP SYN AnalysisObjective: Filter on and analyze TCP SYN and SYN/ACK packets to determine the capabilities of TCP peers and their connections.Lab 5: TCP SEQ/ACK AnalysisObjective: Examine and analyze TCP sequence and acknowledgment numbering and Wireshark’s interpretation of non-sequential numbering patterns.Lab 6: You’re Out of Order!Objective: Examine Wireshark’s process of distinguishing between out-of-order packets and retransmissions and identify mis-identifications.Lab 7: Sky HighObjective: Examine and analyze traffic captured as a host was redirected to a malicious site.Lab 8: DNS Warm-UpObjective: Examine and analyze DNS name resolution traffic that contains canonical name and multiple IP address responses.Lab 9: Hacker WatchObjective: Analyze TCP connections and FTP command and data channels between hosts.Lab 10: Timing is EverythingObjective: Analyze and compare path latency, name resolution, and server response times.Lab 11: The NewsObjective: Analyze capture location, path latency, response times, and keepalive intervals between an HTTP client and server.Lab 12: Selective ACKsObjective: Analyze the process of establishing Selective acknowledgment (SACK) and using SACK during packet loss recovery.Lab 13: Just DNSObjective: Analyze, compare, and contrast various DNS queries and responses to identify errors, cache times, and CNAME (alias) information.Lab 14: Movie TimeObjective: Use various display filter types, including regular expressions (regex), to analyze HTTP redirections, end-of-field values, object download times, errors, response times and more.Lab 15: CraftyObjective: Practice your display filter skills using 'contains' operators, ASCII filters, and inclusion/exclusion filters, while analyzing TCP and HTTP performance parameters.Lab 16: Pattern RecognitionObjective: Focus on TCP conversations and endpoints while analyzing TCP sequence numbers, Window Scaling, keep-alive, and Selective Acknowledgment capabilities.