Wireshark For Security Professionals - Bullock Jessey; Parker Jeff T. | Libro John Wiley & Sons 05/2017 - HOEPLI.it

home libri books ebook dvd e film top ten sconti 0 Carrello

Torna Indietro

bullock jessey; parker jeff t. - wireshark for security professionals

Wireshark for Security Professionals

Using Wireshark and the Metasploit Framework


Disponibilità: solo 2 copie disponibili, compra subito!

Se ordini entro 3 ore e 24 minuti, consegna garantita in 48 ore lavorative
scegliendo le spedizioni Express

€ 50,00
€ 42,50

Questo prodotto usufruisce delle SPEDIZIONI GRATIS
selezionando l'opzione Corriere Veloce in fase di ordine.

Facebook Twitter Aggiungi commento

Spese Gratis


Lingua: Inglese
Pubblicazione: 05/2017

Note Editore

An essential guide to network security and the feature–packed Wireshark toolset

Open source protocol analyzer Wireshark is the de facto analysis tool across many fields, including the security field. Wireshark provides a powerful feature set that allows you to inspect your network at a microscopic level. The diverse features and support for numerous protocols make Wireshark an invaluable security tool, but also difficult or intimidating for newcomers to learn. Wireshark for Security Professionals is the answer, helping you to leverage Wireshark and related tools such as the command line TShark application quickly and effectively. Coverage includes a complete primer on Metasploit, the powerful offensive tool, as well as Lua, the popular scripting language.

This highly practical guide gives you the insight you need to successfully apply what you've learned in the real world. Examples show you how Wireshark is used in an actual network with the provided Docker virtual environment, and basic networking and security principles are explained in detail to help you understand the why along with the how. Using the Kali Linux penetration testing distribution in combination with the virtual lab and provided network captures, you can follow along with the numerous examples or even start practicing right away in a safe network environment. The hands–on experience is made even more valuable by the emphasis on cohesive application, helping you exploit and expand Wireshark's full functionality by extending Wireshark or integrating it with other security tools.

With coverage of both offensive and defensive security tools and techniques, Wireshark for Security Professionals shows you how to secure any network as you learn to:

  • Understand the basics of Wireshark and the related toolset as well as the Metasploit Framework
  • Explore the Lua scripting language and how it can be used to extend Wireshark
  • Perform common offensive and defensive security research tasks with Wireshark
  • Gain hands–on experience in a Docker virtual lab environment that replicates real–world enterprise networks
  • Capture packets using advanced MitM techniques
  • Customize the provided source code to expand your toolset


Introduction xiii

Chapter 1 Introducing Wireshark 1

What Is Wireshark? 2

A Best Time to Use Wireshark? 2

Avoiding Being Overwhelmed 3

The Wireshark User Interface 3

Packet List Pane 5

Packet Details Pane 6

Packet Bytes Pane 8

Filters 9

Capture Filters 9

Display Filters 13

Summary 17

Exercises 18

Chapter 2 Setting Up the Lab 19

Kali Linux 20

Virtualization 22

Basic Terminology and Concepts 23

Benefi ts of Virtualization 23

VirtualBox 24

Installing VirtualBox 24

Installing the VirtualBox Extension Pack 31

Creating a Kali Linux Virtual Machine 33

Installing Kali Linux 40

The W4SP Lab 46

Requirements 46

A Few Words about Docker 47

What Is GitHub? 48

Creating the Lab User 49

Installing the W4SP Lab on the Kali Virtual Machine 50

Setting Up the W4SP Lab 53

The Lab Network 54

Summary 55

Exercises 56

Chapter 3 The Fundamentals 57

Networking 58

OSI Layers 58

Networking between Virtual Machines 61

Security 63

The Security Triad 63

Intrusion Detection and Prevention Systems 63

False Positives and False Negatives 64

Malware 64

Spoofi ng and Poisoning 66

Packet and Protocol Analysis 66

A Protocol Analysis Story 67

Ports and Protocols 71

Summary 73

Exercises 74

Chapter 4 Capturing Packets 75

Sniffi ng 76

Promiscuous Mode 76

Starting the First Capture 78

TShark 82

Dealing with the Network 86

Local Machine 87

Sniffi ng Localhost 88

Sniffi ng on Virtual Machine Interfaces 92

Sniffi ng with Hubs 96

SPAN Ports 98

Network Taps 101

Transparent Linux Bridges 103

Wireless Networks 105

Loading and Saving Capture Files 108

File Formats 108

Ring Buffers and Multiple Files 111

Recent Capture Files 116

Dissectors 118

W4SP Lab: Managing Nonstandard HTTP Traffi c 118

Filtering SMB Filenames 120

Packet Colorization 123

Viewing Someone Else s Captures 126

Summary 127

Exercises 128

Chapter 5 Diagnosing Attacks 129

Attack Type: Man–in–the–Middle 130

Why MitM Attacks Are Effective 130

How MitM Attacks Get Done: ARP 131

W4SP Lab: Performing an ARP MitM Attack 133

W4SP Lab: Performing a DNS MitM Attack 141

How to Prevent MitM Attacks 147

Attack Type: Denial of Service 148

Why DoS Attacks Are Effective 149

How DoS Attacks Get Done 150

How to Prevent DoS Attacks 155

Attack Type: Advanced Persistent Threat 156

Why APT Attacks Are Effective 156

How APT Attacks Get Done 157

Example APT Traffi c in Wireshark 157

How to Prevent APT Attacks 161

Summary 162

Exercises 162

Chapter 6 Off ensive Wireshark 163

Attack Methodology 163

Reconnaissance Using Wireshark 165

Evading IPS/IDS 168

Session Splicing and Fragmentation 168

Playing to the Host, Not the IDS 169

Covering Tracks and Placing Backdoors 169

Exploitation 170

Setting Up the W4SP Lab with Metasploitable 171

Launching Metasploit Console 171

VSFTP Exploit 172

Debugging with Wireshark 173

Shell in Wireshark 175

TCP Stream Showing a Bind Shell 176

TCP Stream Showing a Reverse Shell 183

Starting ELK 188

Remote Capture over SSH 190

Summary 191

Exercises 192

Chapter 7 Decrypting TLS, Capturing USB, Keyloggers, and Network Graphing 193

Decrypting SSL/TLS 193

Decrypting SSL/TLS Using Private Keys 195

Decrypting SSL/TLS Using Session Keys 199

USB and Wireshark 202

Capturing USB Traffi c on Linux 203

Capturing USB Traffi c on Windows 206

TShark Keylogger 208

Graphing the Network 212

Lua with Graphviz Library 213

Summary 218

Exercises 219

Chapter 8 Scripting with Lua 221

Why Lua? 222

Scripting Basics 223

Variables 225

Functions and Blocks 226

Loops 228

Conditionals 230

Setup 230

Checking for Lua Support 231

Lua Initialization 232

Windows Setup 233

Linux Setup 233

Tools 234

Hello World with TShark 236

Counting Packets Script 237

ARP Cache Script 241

Creating Dissectors for Wireshark 244

Dissector Types 245

Why a Dissector Is Needed 245

Experiment 253

Extending Wireshark 255

Packet Direction Script 255

Marking Suspicious Script 257

Snooping SMB File Transfers 260

Summary 262

Index 265


JESSEY BULLOCK is a Senior Application Security Engineer with a game company. Having previously worked at both NGS and iSEC Partners as a consultant, he has a deep understanding of application security and development, operating systems internals, and networking protocols. Jessey has experience working across multiple industry sectors, including health care, education, and security. Jessey holds multiple security certifications, including CISSP, CCNA, CWNA, GCFE, CompTIA Security+, CompTIA A+, OSCP, GPEN, CEH, and GXPN. JEFF T. PARKER is a seasoned IT security consultant with a career spanning 3 countries and as many Fortune 1OO companies. Now in Halifax, Canada, Jeff enjoys life most with his two young children, hacking professionally while they're in school.

Altre Informazioni

ISBN: 9781118918210
Condizione: Nuovo
Dimensioni: 232 x 14.6 x 187 mm Ø 484 gr
Formato: Brossura
Pagine Arabe: 288

Utilizziamo i cookie di profilazione, anche di terze parti, per migliorare la navigazione, per fornire servizi e proporti pubblicità in linea con le tue preferenze. Se vuoi saperne di più o negare il consenso a tutti o ad alcuni cookie clicca qui. Chiudendo questo banner o proseguendo nella navigazione acconsenti all’uso dei cookie.