Wireshark for Network Forensics: An Essential Guide for It and Cloud Professionals

With the advent of emerging and complex technologies, traffic capture and analysis play an integral part in the overall IT operation. This book outlines the rich set of advanced features and capabilities of the Wireshark tool, considered by many to be the de-facto Swiss army knife for IT operational activities involving traffic analysis. This open-source tool is available as CLI or GUI. It is designed to capture using different modes, and to leverage the community developed and integrated features, such as filter-based analysis or traffic flow graph view.

You'll start by reviewing the basics of Wireshark, and then examine the details of capturing and analyzing secured application traffic such as SecureDNS, HTTPS, and IPSec. You'll then look closely at the control plane and data plane capture, and study the analysis of wireless technology traffic such as 802.11, which is the common access technology currently used, along with Bluetooth. You'll also learn ways to identify network attacks, malware, covert communications, perform security incident post mortems, and ways to prevent the same.

The book further explains the capture and analysis of secure multimedia traffic, which constitutes around 70% of all overall internet traffic. Wireshark for Network Forensics provides a unique look at cloud and cloud-native architecture-based traffic capture in Kubernetes, Docker-based, AWS, and GCP environments.

What You'll Learn

• Review Wireshark analysis and network forensics
• Study traffic capture and its analytics from mobile devices
• Analyze various access technology and cloud traffic
• Write your own dissector for any new or proprietary packet formats
• Capture secured application traffic for analysis

Who This Book Is For

IT Professionals, Cloud Architects, Infrastructure Administrators, and Network/Cloud Operators

隨著新興和複雜技術的出現，流量捕獲和分析在整體IT操作中扮演著重要角色。本書概述了Wireshark工具的豐富高級功能和能力，被許多人認為是IT操作活動中流量分析的事實標準工具。這個開源工具可用作CLI或GUI。它設計用於使用不同模式進行捕獲，並利用社區開發和集成的功能，例如基於過濾器的分析或流量流圖形視圖。

您將從回顧Wireshark的基礎知識開始，然後研究捕獲和分析安全應用程序流量的詳細信息，例如SecureDNS、HTTPS和IPSec。然後，您將仔細研究控制平面和數據平面的捕獲，並研究無線技術流量的分析，例如802.11，這是目前常用的接入技術，以及藍牙。您還將學習識別網絡攻擊、惡意軟件、隱蔽通信、進行安全事件事後分析以及預防相同攻擊的方法。

本書進一步解釋了捕獲和分析安全多媒體流量，該流量占所有網絡流量的約70%。《Wireshark網絡取證》提供了對基於雲和雲原生架構的流量捕獲在Kubernetes、基於Docker的環境、AWS和GCP環境中的獨特觀察。

您將學到什麼：
- 回顧Wireshark分析和網絡取證
- 研究從移動設備捕獲的流量及其分析
- 分析各種接入技術和雲流量
- 為任何新的或專有的封包格式編寫自己的解析器
- 捕獲安全應用程序流量進行分析

本書適合對象：
- IT專業人士、雲架構師、基礎設施管理員和網絡/雲操作員

Nagendra Kumar Nainar (CCIE#20987) is a Principal Engineer with Cisco Customer Experience(CX) Organization (Formerly TAC), focusing on Enterprise customers. He is the co-inventor of more than 130 patent applications in different technologies including Virtualization/Container technologies. He is the co-author of multiple Internet RFCs, various Internet drafts and IEEE papers. Nagendra also co-authored multiple technical books with leading publishers such as Cisco Press and Packt Publication. He is a guest lecturer in North Carolina State University and a speaker in different network forums.
Ashish Panda is a technical leader with Cisco Systems. He has 18+ years of rich experience on network design, operation and troubleshooting with various large enterprises and service provider networks throughout the world. He is a speaker at various Cisco internal and external events

Nagendra Kumar Nainar（CCIE＃20987）是思科客戶體驗（CX）組織（前身為TAC）的首席工程師，專注於企業客戶。他是超過130個不同技術領域的專利申請的共同發明人，包括虛擬化/容器技術。他是多個互聯網RFC、各種互聯網草案和IEEE論文的共同作者。Nagendra還與思科出版社和Packt出版社等領先出版商合著了多本技術書籍。他是北卡羅來納州立大學的客座講師，也是不同網絡論壇的演講嘉賓。
Ashish Panda是思科系統的技術領導者。他在全球各大企業和服務提供商網絡上擁有18年以上豐富的網絡設計、運營和故障排除經驗。他是各種思科內部和外部活動的演講嘉賓。