{"product_id":"wireshark-for-security-professionals-isbn-9781118918210","title":"Wireshark for Security Professionals","description":"\u003cp\u003e\u003cb\u003eMaster Wireshark to solve real-world security problems\u003c\/b\u003e \u003c\/p\u003e \u003cp\u003eIf you don’t already use Wireshark for a wide range of information security tasks, you will after this book. Mature and powerful, Wireshark is commonly used to find root cause of challenging network issues. This book extends that power to information security professionals, complete with a downloadable, virtual lab environment.\u003c\/p\u003e \u003cp\u003e\u003ci\u003eWireshark for Security Professionals\u003c\/i\u003e covers both offensive and defensive concepts that can be applied to essentially any InfoSec role. Whether into network security, malware analysis, intrusion detection, or penetration testing, this book demonstrates Wireshark through relevant and useful examples.\u003c\/p\u003e \u003cp\u003eMaster Wireshark through both lab scenarios and exercises. Early in the book, a virtual lab environment is provided for the purpose of getting hands-on experience with Wireshark. Wireshark is combined with two popular platforms: Kali, the security-focused Linux distribution, and the Metasploit Framework, the open-source framework for security testing. Lab-based virtual systems generate network traffic for analysis, investigation and demonstration. In addition to following along with the labs you will be challenged with end-of-chapter exercises to expand on covered material.\u003c\/p\u003e \u003cp\u003eLastly, this book explores Wireshark with Lua, the light-weight programming language. Lua allows you to extend and customize Wireshark’s features for your needs as a security professional. Lua source code is available both in the book and online. Lua code and lab source code are available online through GitHub, which the book also introduces. The book’s final two chapters greatly draw on Lua and TShark, the command-line interface of Wireshark.\u003c\/p\u003e \u003cp\u003eBy the end of the book you will gain the following:\u003c\/p\u003e \u003cul\u003e \u003cli\u003eMaster the basics of Wireshark\u003c\/li\u003e \u003cli\u003eExplore the virtual w4sp-lab environment that mimics a real-world network\u003c\/li\u003e \u003cli\u003eGain experience using the Debian-based Kali OS among other systems\u003c\/li\u003e \u003cli\u003eUnderstand the technical details behind network attacks\u003c\/li\u003e \u003cli\u003eExecute exploitation and grasp offensive and defensive activities, exploring them through Wireshark\u003c\/li\u003e \u003cli\u003eEmploy Lua to extend Wireshark features and create useful scripts\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eTo sum up, the book content, labs and online material, coupled with many referenced sources of PCAP traces, together present a dynamic and robust manual for information security professionals seeking to leverage Wireshark.\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003eIntroduction xiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Introducing Wireshark 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Is Wireshark? 2\u003c\/p\u003e \u003cp\u003eA Best Time to Use Wireshark? 2\u003c\/p\u003e \u003cp\u003eAvoiding Being Overwhelmed 3\u003c\/p\u003e \u003cp\u003eThe Wireshark User Interface 3\u003c\/p\u003e \u003cp\u003ePacket List Pane 5\u003c\/p\u003e \u003cp\u003ePacket Details Pane 6\u003c\/p\u003e \u003cp\u003ePacket Bytes Pane 8\u003c\/p\u003e \u003cp\u003eFilters 9\u003c\/p\u003e \u003cp\u003eCapture Filters 9\u003c\/p\u003e \u003cp\u003eDisplay Filters 13\u003c\/p\u003e \u003cp\u003eSummary 17\u003c\/p\u003e \u003cp\u003eExercises 18\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Setting Up the Lab 19\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eKali Linux 20\u003c\/p\u003e \u003cp\u003eVirtualization 22\u003c\/p\u003e \u003cp\u003eBasic Terminology and Concepts 23\u003c\/p\u003e \u003cp\u003eBenefits of Virtualization 23\u003c\/p\u003e \u003cp\u003eVirtual Box 24\u003c\/p\u003e \u003cp\u003eInstalling VirtualBox 24\u003c\/p\u003e \u003cp\u003eInstalling the VirtualBox Extension Pack 31\u003c\/p\u003e \u003cp\u003eCreating a Kali Linux Virtual Machine 33\u003c\/p\u003e \u003cp\u003eInstalling Kali Linux 40\u003c\/p\u003e \u003cp\u003eThe W4SP Lab 46\u003c\/p\u003e \u003cp\u003eRequirements 46\u003c\/p\u003e \u003cp\u003eA Few Words about Docker 47\u003c\/p\u003e \u003cp\u003eWhat Is GitHub? 48\u003c\/p\u003e \u003cp\u003eCreating the Lab User 49\u003c\/p\u003e \u003cp\u003eInstalling the W4SP Lab on the Kali Virtual Machine 50\u003c\/p\u003e \u003cp\u003eSetting Up the W4SP Lab 53\u003c\/p\u003e \u003cp\u003eThe Lab Network 54\u003c\/p\u003e \u003cp\u003eSummary 55\u003c\/p\u003e \u003cp\u003eExercises 56\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 The Fundamentals 57\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eNetworking 58\u003c\/p\u003e \u003cp\u003eOSI Layers 58\u003c\/p\u003e \u003cp\u003eNetworking between Virtual Machines 61\u003c\/p\u003e \u003cp\u003eSecurity 63\u003c\/p\u003e \u003cp\u003eThe Security Triad 63\u003c\/p\u003e \u003cp\u003eIntrusion Detection and Prevention Systems 63\u003c\/p\u003e \u003cp\u003eFalse Positives and False Negatives 64\u003c\/p\u003e \u003cp\u003eMalware 64\u003c\/p\u003e \u003cp\u003eSpoofing and Poisoning 66\u003c\/p\u003e \u003cp\u003ePacket and Protocol Analysis 66\u003c\/p\u003e \u003cp\u003eA Protocol Analysis Story 67\u003c\/p\u003e \u003cp\u003ePorts and Protocols 71\u003c\/p\u003e \u003cp\u003eSummary 73\u003c\/p\u003e \u003cp\u003eExercises 74\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Capturing Packets 75\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSniffing 76\u003c\/p\u003e \u003cp\u003ePromiscuous Mode 76\u003c\/p\u003e \u003cp\u003eStarting the First Capture 78\u003c\/p\u003e \u003cp\u003eTShark 82\u003c\/p\u003e \u003cp\u003eDealing with the Network 86\u003c\/p\u003e \u003cp\u003eLocal Machine 87\u003c\/p\u003e \u003cp\u003eSniffing Localhost 88\u003c\/p\u003e \u003cp\u003eSniffing on Virtual Machine Interfaces 92\u003c\/p\u003e \u003cp\u003eSniffing with Hubs 96\u003c\/p\u003e \u003cp\u003eSPAN Ports 98\u003c\/p\u003e \u003cp\u003eNetwork Taps 101\u003c\/p\u003e \u003cp\u003eTransparent Linux Bridges 103\u003c\/p\u003e \u003cp\u003eWireless Networks 105\u003c\/p\u003e \u003cp\u003eLoading and Saving Capture Files 108\u003c\/p\u003e \u003cp\u003eFile Formats 108\u003c\/p\u003e \u003cp\u003eRing Buffers and Multiple Files 111\u003c\/p\u003e \u003cp\u003eRecent Capture Files 116\u003c\/p\u003e \u003cp\u003eDissectors 118\u003c\/p\u003e \u003cp\u003eW4SP Lab: Managing Nonstandard HTTP Traffic 118\u003c\/p\u003e \u003cp\u003eFiltering SMB Filenames 120\u003c\/p\u003e \u003cp\u003ePacket Colorization 123\u003c\/p\u003e \u003cp\u003eViewing Someone Else’s Captures 126\u003c\/p\u003e \u003cp\u003eSummary 127\u003c\/p\u003e \u003cp\u003eExercises 128\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Diagnosing Attacks 129\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAttack Type: Man-in-the-Middle 130\u003c\/p\u003e \u003cp\u003eWhy MitM Attacks Are Effective 130\u003c\/p\u003e \u003cp\u003eHow MitM Attacks Get Done: ARP 131\u003c\/p\u003e \u003cp\u003eW4SP Lab: Performing an ARP MitM Attack 133\u003c\/p\u003e \u003cp\u003eW4SP Lab: Performing a DNS MitM Attack 141\u003c\/p\u003e \u003cp\u003eHow to Prevent MitM Attacks 147\u003c\/p\u003e \u003cp\u003eAttack Type: Denial of Service 148\u003c\/p\u003e \u003cp\u003eWhy DoS Attacks Are Effective 149\u003c\/p\u003e \u003cp\u003eHow DoS Attacks Get Done 150\u003c\/p\u003e \u003cp\u003eHow to Prevent DoS Attacks 155\u003c\/p\u003e \u003cp\u003eAttack Type: Advanced Persistent Threat 156\u003c\/p\u003e \u003cp\u003eWhy APT Attacks Are Effective 156\u003c\/p\u003e \u003cp\u003eHow APT Attacks Get Done 157\u003c\/p\u003e \u003cp\u003eExample APT Traffic in Wireshark 157\u003c\/p\u003e \u003cp\u003eHow to Prevent APT Attacks 161\u003c\/p\u003e \u003cp\u003eSummary 162\u003c\/p\u003e \u003cp\u003eExercises 162\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Offensive Wireshark 163\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAttack Methodology 163\u003c\/p\u003e \u003cp\u003eReconnaissance Using Wireshark 165\u003c\/p\u003e \u003cp\u003eEvading IPS\/IDS 168\u003c\/p\u003e \u003cp\u003eSession Splicing and Fragmentation 168\u003c\/p\u003e \u003cp\u003ePlaying to the Host, Not the IDS 169\u003c\/p\u003e \u003cp\u003eCovering Tracks and Placing Backdoors 169\u003c\/p\u003e \u003cp\u003eExploitation 170\u003c\/p\u003e \u003cp\u003eSetting Up the W4SP Lab with Metasploitable 171\u003c\/p\u003e \u003cp\u003eLaunching Metasploit Console 171\u003c\/p\u003e \u003cp\u003eVSFTP Exploit 172\u003c\/p\u003e \u003cp\u003eDebugging with Wireshark 173\u003c\/p\u003e \u003cp\u003eShell in Wireshark 175\u003c\/p\u003e \u003cp\u003eTCP Stream Showing a Bind Shell 176\u003c\/p\u003e \u003cp\u003eTCP Stream Showing a Reverse Shell 183\u003c\/p\u003e \u003cp\u003eStarting ELK 188\u003c\/p\u003e \u003cp\u003eRemote Capture over SSH 190\u003c\/p\u003e \u003cp\u003eSummary 191\u003c\/p\u003e \u003cp\u003eExercises 192\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Decrypting TLS, Capturing USB, Keyloggers, and Network Graphing 193\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDecrypting SSL\/TLS 193\u003c\/p\u003e \u003cp\u003eDecrypting SSL\/TLS Using Private Keys 195\u003c\/p\u003e \u003cp\u003eDecrypting SSL\/TLS Using Session Keys 199\u003c\/p\u003e \u003cp\u003eUSB and Wireshark 202\u003c\/p\u003e \u003cp\u003eCapturing USB Traffic on Linux 203\u003c\/p\u003e \u003cp\u003eCapturing USB Traffic on Windows 206\u003c\/p\u003e \u003cp\u003eTShark Keylogger 208\u003c\/p\u003e \u003cp\u003eGraphing the Network 212\u003c\/p\u003e \u003cp\u003eLua with Graphviz Library 213\u003c\/p\u003e \u003cp\u003eSummary 218\u003c\/p\u003e \u003cp\u003eExercises 219\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Scripting with Lua 221\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhy Lua? 222\u003c\/p\u003e \u003cp\u003eScripting Basics 223\u003c\/p\u003e \u003cp\u003eVariables 225\u003c\/p\u003e \u003cp\u003eFunctions and Blocks 226\u003c\/p\u003e \u003cp\u003eLoops 228\u003c\/p\u003e \u003cp\u003eConditionals 230\u003c\/p\u003e \u003cp\u003eSetup 230\u003c\/p\u003e \u003cp\u003eChecking for Lua Support 231\u003c\/p\u003e \u003cp\u003eLua Initialization 232\u003c\/p\u003e \u003cp\u003eWindows Setup 233\u003c\/p\u003e \u003cp\u003eLinux Setup 233\u003c\/p\u003e \u003cp\u003eTools 234\u003c\/p\u003e \u003cp\u003eHello World with TShark 236\u003c\/p\u003e \u003cp\u003eCounting Packets Script 237\u003c\/p\u003e \u003cp\u003eARP Cache Script 241\u003c\/p\u003e \u003cp\u003eCreating Dissectors for Wireshark 244\u003c\/p\u003e \u003cp\u003eDissector Types 245\u003c\/p\u003e \u003cp\u003eWhy a Dissector Is Needed 245\u003c\/p\u003e \u003cp\u003eExperiment 253\u003c\/p\u003e \u003cp\u003eExtending Wireshark 255\u003c\/p\u003e \u003cp\u003ePacket Direction Script 255\u003c\/p\u003e \u003cp\u003eMarking Suspicious Script 257\u003c\/p\u003e \u003cp\u003eSnooping SMB File Transfers 260\u003c\/p\u003e \u003cp\u003eSummary 262\u003c\/p\u003e \u003cp\u003eIndex 265\u003c\/p\u003e   \u003cp\u003e\u003cb\u003eJESSEY BULLOCK\u003c\/b\u003e is a Senior Application Security Engineer with a game company. Having previously worked at both NGS and iSEC Partners as a consultant, he has a deep understanding of application security and development, operating systems internals, and networking protocols. Jessey has experience working across multiple industry sectors, including health care, education, and security. Jessey holds multiple security certifications, including CISSP, CCNA, CWNA, GCFE, CompTIA Security+, CompTIA A+, OSCP, GPEN, CEH, and GXPN. \u003cb\u003eJEFF T. PARKER\u003c\/b\u003e is a seasoned IT security consultant with a career spanning 3 countries and as many Fortune 1OO companies. Now in Halifax, Canada, Jeff enjoys life most with his two young children, hacking professionally while they're in school.    \u003c\/p\u003e\u003cp\u003e\u003cb\u003eAn essential guide to network security and the feature-packed Wireshark toolset\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eOpen source protocol analyzer Wireshark is the de facto analysis tool across many fields, including the security field. Wireshark provides a powerful feature set that allows you to inspect your network at a microscopic level. The diverse features and support for numerous protocols make Wireshark an invaluable security tool, but also difficult or intimidating for newcomers to learn. \u003ci\u003eWireshark for Security Professionals\u003c\/i\u003e is the answer, helping you to leverage Wireshark and related tools such as the command line TShark application quickly and effectively. Coverage includes a complete primer on Metasploit, the powerful offensive tool, as well as Lua, the popular scripting language. \u003c\/p\u003e\u003cp\u003eThis highly practical guide gives you the insight you need to successfully apply what you've learned in the real world. Examples show you how Wireshark is used in an actual network with the provided Docker virtual environment, and basic networking and security principles are explained in detail to help you understand the \u003ci\u003ewhy\u003c\/i\u003e along with the \u003ci\u003ehow\u003c\/i\u003e. Using the Kali Linux penetration testing distribution in combination with the virtual lab and provided network captures, you can follow along with the numerous examples or even start practicing right away in a safe network environment. The hands-on experience is made even more valuable by the emphasis on cohesive application, helping you exploit and expand Wireshark's full functionality by extending Wireshark or integrating it with other security tools. \u003c\/p\u003e\u003cp\u003e\u003cb\u003e\u003ci\u003eWith coverage of both offensive and defensive security tools and techniques,\u003c\/i\u003e Wireshark for Security Professionals \u003ci\u003eshows you how to secure any network as you learn to:\u003c\/i\u003e\u003c\/b\u003e \u003c\/p\u003e\u003cul\u003e\t \u003cli\u003eUnderstand the basics of Wireshark and the related toolset as well as the Metasploit Framework\u003c\/li\u003e \u003cli\u003eExplore the Lua scripting language and how it can be used to extend Wireshark\u003c\/li\u003e \u003cli\u003ePerform common offensive and defensive security research tasks with Wireshark\u003c\/li\u003e \u003cli\u003eGain hands-on experience in a Docker virtual lab environment that replicates real-world enterprise networks\u003c\/li\u003e \u003cli\u003eCapture packets using advanced MitM techniques\u003c\/li\u003e \u003cli\u003eCustomize the provided source code to expand your toolset\u003c\/li\u003e \u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47990498984165,"sku":"NP9781118918210","price":55.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781118918210.jpg?v=1761788072","url":"https:\/\/k12savings.com\/products\/wireshark-for-security-professionals-isbn-9781118918210","provider":"K12savings","version":"1.0","type":"link"}