DOCSLIB.ORG

A Survey of Tools for Monitoring and Visualization of Network Traffic

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

MASARYK UNIVERSITY FACULTY}w¡¢£¤¥¦§¨ OF I !"#$%&'()+,-./012345<yA|NFORMATICS A Survey of Tools for Monitoring and Visualization of Network Traffic BACHELOR’S THESIS Jakub Šk ˚urek Brno, Fall 2015 Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Jakub Šk ˚urek Advisor: doc. Ing. JiˇríSochor, CSc. ii Abstract The main goal of this thesis is to survey and categorize existing tools and applications for network traffic monitoring and visualization. This is accomplished by first dividing these into three main cate- gories, followed by additional subdivision into subcategories while presenting example tools and applications relevant to each category. iii Keywords network monitoring, network visualization, survey, traffic, monitor- ing iv Acknowledgement I would like to thank my advisor doc. Sochor for his advice and help- ful tips. A big thank you also goes to my family for the continued support and kind words given, and mainly for being understanding of my reclusive behaviour during the writing process. v Contents 1 Introduction ............................3 2 Computer Network Monitoring and Visualization .....5 2.1 Simple Network Management Protocol .........5 2.2 NetFlow/IPFIX Protocol ..................6 2.3 Internet Control Message Protocol ............6 2.4 Windows Management Instrumentation .........7 2.5 Packet Capture .......................7 3 Tools for Local Network Visualization ............9 3.1 Local Traffic and Performance Visualization .......9 3.1.1 NetGrok . .9 3.1.2 EtherApe . 11 3.2 Packet Capture and Visualization ............. 13 3.2.1 Wireshark . 13 3.3 Network Log Data Visualization ............. 16 3.3.1 Time-based Network Visualizer . 16 3.3.2 AfterGlow . 18 3.4 Summary of presented tools and their features ..... 20 4 Tools for Global Network Visualization ........... 21 4.1 Global Traffic and Performance Visualization ...... 21 4.1.1 Cacti . 21 4.1.2 PRTG Network Monitor . 24 4.1.3 PhpWeatherMap . 26 4.2 Network Topology Mapping ............... 27 4.2.1 The Dude . 28 4.2.2 SolarWinds Network Topology Mapper . 29 4.3 Summary of presented tools and their features ..... 30 5 Tools for Anomaly Analysis and Intrusion Detection .... 32 5.1 Snort ............................. 33 5.2 Suricata ............................ 36 5.3 Open Source HIDS SECurity ................ 37 1 6 Conclusion ............................. 39 A Images ............................... 45 A.1 Netgrok ............................ 45 A.2 EtherApe ........................... 46 A.3 Wireshark .......................... 47 A.4 Time-based Network Visualizer .............. 48 A.5 PRTG Network Monitor .................. 49 A.6 PhpWeatherMap ...................... 50 A.7 Solarwinds Network Topology Mapper ......... 51 A.8 Suricata ............................ 52 A.9 Open Source HIDS SECurity ................ 53 B Supplementary Data Files .................... 54 B.1 IRCFlood.pcap ........................ 54 2 Chapter 1 Introduction The Internet became, in the last couple of years, an indispensable part of many people’s lives. It is entangled in almost every corner of our society and life without it is hard to fathom. Ease of access to information, simplifying socialization or facilitation of commerce. Indispensable in everyday life, it represents an absolute must for many firms, companies and institutions. For these it is a key tool for communication, operation and advertisement. However, Internet’s biggest strength is at the same time its biggest weakness—access to it is available to anyone, even people with less than pure inten- tions. It then follows that being connected to the Internet means ex- posing oneself to risk of a wide range of potential malicious attacks aimed at retrieving one’s private and potentially valuable informa- tion. Chance of catching the culprit hiding behind the vast amounts of data produced by computer networks is without the proper in- struments almost a herculean task. This is where tools for monitoring and visualization of computer network traffic, whose categorization and brief overview is this thesis dedicated to, prove invaluable. Pur- pose of these tools is to provide the user holistic and easily navigable data about historical and actual happenings on a computer network, and assist him with comparing these events with those compatible to a network attack or other malfunctions. As briefly stated above, the aim of this thesis is to provide an overview of popular currently in-use visualization tools and soft- ware for network monitoring and visualization and their different approaches towards depiction of network data. Dozens of such ap- 3 1. INTRODUCTION plications exist, but no comprehensive overview has to date been cre- ated [2]. The tools are, for the purpose of this thesis, divided into three main categories—local network monitoring, global network moni- toring, anomaly analysis and network intrusion detection—with a chapter dedicated to each one. Tools selected to represent each cate- gory are based on their performance in said area and the uniqueness of their visualization technique. Focus is, for each tool, only on its applications in the category under which it is presented. Conclusions to chapter three and four contain a summary table of all the features tools covered in that given chapter possess. The thesis, minus the introduction and conclusion, is divided into four chapters. The first one gives a brief introduction into the area of interest and provides a list of most common protocols and ap- proaches to gathering network data used for visualization. The next three chapters then deal with tools pertinent to them. A summary of the findings is given in the concluding sixth chapter. The area of network visualization is still very young and chaotic. Big data and the problems connected with their visualization are a very recent phenomenon and adequate solutions are yet to be found [3]. This thesis is trying to act as a building block for a follow up research in this are by giving an overview of popular currently in- use visualization techniques. The final goal of this research would then be systems capable of recognizing not only catalogued mali- cious software, but to also be able to prevent zero-day 1 attacks in real-time. 1. A zero-day (also known as zero-hour or 0-day) vulnerability is an undisclosed computer application vulnerability that could be exploited to adversely affect the computer programs, data, additional computers or a network. It is known as a "zero-day" because once the flaw becomes known, the application author has zero days in which to plan and advise any mitigation against its exploitation (by, for example, advising workarounds or issuing patches) [4]. 4 Chapter 2 Computer Network Monitoring and Visualiza- tion Computer network monitoring and visualisation are areas closely tied together. Where network monitoring tools produce vast amounts of data, visualization tools give the data form that is concise, unclut- tered and easier for the user to digest. This chapter aims to, before venturing forth towards categoriz- ing the various monitoring tools and applications, provide a brief overview of the most common methods these tools use to gather data from the monitored network. Efficient data collection is an important part of the monitoring process. For this purpose many protocols and approaches exist, are being developed, or refined. 2.1 Simple Network Management Protocol Simple Network Managment Protocol (SMNP) is a protocol used for data collection from, and configuration and management of, network devices such as routers, switches, servers and hubs on an Internet Protocol network. It uses variables known as object identifiers (OID) to allow remote data collection and device configuration. OIDs are stored in a hierarchy in Management information bases (MIB). A protocol query to a device produces a set of OIDs with accompa- nying data, showing, for example, interfaces available on a router or a switch and traffic currently passing though them, which is then cross-referenced with an MIB and presented to the user. To date, three versions of the protocol have been introduced. Ver- sion 1, also known as SNMPv1, is the initial and most widely sup- ported version of the protocol despite the criticism of its very poor 5 2. COMPUTER NETWORK MONITORING AND VISUALIZATION security[5]. Version 2 (SNMPv2c) only expands upon the previous version with the support of larger data types and additions to pro- tocol operation, leaving the security concerns unaddressed. Version 3 (SNMPv3) is the most recent version implementing strong security authentication and data encryption, keeping its primary functional- ity unchanged. 2.2 NetFlow/IPFIX Protocol NetFlow is a feature that was introduced on Cisco routers that pro- vides the ability to collect IP network traffic as it enters or exits an interface. By analyzing the data provided by NetFlow, a user can de- termine things such as the source and destination of traffic, class of service, and the causes of congestion. A flow is a stream of data that shares the network interface, source and destination IP addresses, ports and the same type of service header (for IPv4 transmissions) [6]. Once a flow is detected, a related flow record, aggregating infor- mation about all packets belonging to the same flow, is created. A typical Netflow monitoring setup consists of a flow exporter, usually a Cisco router, that aggregates packets into flows and ex- ports flow records towards a flow collector that is responsible for record collection and storage and an analysis application that ana- lyzes received flow data in the context of intrusion detection or traffic profiling. Versions most commonly found today are Netflow 5, only re- stricted to IPv4, and Internet Protocol Flow Information eXport(IP- FIX), which is heavily based on Netflow 9 and standardised by the IETF[6]. 2.3 Internet Control Message Protocol The Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite.
Recommended publications
  • Getting Started with Ethereal

    Getting Started with Ethereal

    Ethereal: Getting Started Computer Networking: A Top- down Approach Featuring the Internet, 3rd edition. Version: July 2005 © 2005 J.F. Kurose, K.W. Ross. All Rights Reserved ªTell me and I forget. Show me and I remember. Involve me and I understand.º Chinese proverb One's understanding of network protocols can often be greatly deepened by ªseeing protocols in actionº and by ªplaying around with protocolsº ± observing the sequence of messages exchanged between two protocol entities, delving down into the details of protocol operation, and causing protocols to perform certain actions and then observing these actions and their consequences. The basic tool for observing the messages exchanged between executing protocol entities is called a packet sniffer. As the name suggests, a packet sniffer captures (ªsniffsº) messages being sent/received from/by your computer; it will also typically store and/or display the contents of the various protocol fields in these captured messages. A packet sniffer itself is passive. It observes messages being sent and received by applications and protocols running on your computer, but never sends packets itself. Similarly, received packets are never explicitly addressed to the packet sniffer. Instead, a packet sniffer receives a copy of packets that are sent/received from/by application and protocols executing on your machine. Figure 1 shows the structure of a packet sniffer. At the right of Figure 1 are the protocols (in this case, Internet protocols) and applications (such as a web browser or ftp client) that normally run on your computer. The packet sniffer, shown within the dashed rectangle in Figure 1 is an addition to the usual software in your computer, and consists of two parts.
  • Network Forensic Tools Sidebar

    Network Forensic Tools Sidebar

    Summary of tools commonly used to support network forensic investigations Key: C=Collection & filtering R=correlation and analysis of multiple raw data sources L=Logfile analysis A= Application layer viewer S= Stream reassembly W=Workflow or case management Name Provider Platform Features TCPDump, Open Source Unix, C Windump www.tcpdump.org Windows Ngrep Open source Unix C http://ngrep.sourceforge.net/ Network Open source Windows C Stumbler http://www.netstumbler.com/ Kismet Open source Unix C http://www.kismetwireless.net Windows Argus Open Source Unix CL http://www.qosient.com/argus/index.htm Flow-tools Open Source Unix CL http://www.splintered.net/sw/flow-tools/ Flow-extract, Open Source Unix L Flow Scripts http://security.uchicago.edu/tools/net-forensics/ Etherape Open Source Unix C http://etherape.sourceforge.net/ Snort Open Source Unix C www.snort.org Observer Network Instruments Appliance C http://www.networkinstruments.com/ Honeyd Honey source Unix C http://www.citi.umich.edu/u/provos/honeyd/ Ethereal Open Source Windows CLS www.Ethereal.com Unix Etherpeek Wild Packets, Inc. Windows CLS www.wildpackets.com SecureNet Intrusion Inc. Windows with CS http://www.intrusion.com collector appliance FLAG Open Source Unix L Forensic and http://www.dsd.gov.au/library/software/flag/ Log Analysis GUI ACID Analysis Console for Intrusion Databases Unix L http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html Shadow http://www.nswc.navy.mil/ISSEC/CID/index.html Unix LS DeepNines and http://www.deepnines.com/sleuth9.html Unix CSR Sleuth9 Infinistream
  • Guide to Computer Forensics and Investigations Fourth Edition

    Guide to Computer Forensics and Investigations Fourth Edition

    Guide to Computer Forensics and Investigations Fourth Edition Chapter 11 Virtual Machines, Network Forensics, and Live Acquisitions Objectives • Describe primary concerns in conducting forensic examinations of virtual machines • Describe the importance of network forensics • Explain standard procedures for performing a live acquisition • Explain standard procedures for network forensics • Describe the use of network tools Guide to Computer Forensics and Investigations 2 Virtual Machines Overview • Virtual machines are important in today’s networks. • Investigators must know how to detect a virtual machine installed on a host, acquire an image of a virtual machine, and use virtual machines to examine malware. Virtual Machines Overview (cont.) • Check whether virtual machines are loaded on a host computer. • Check Registry for clues that virtual machines have been installed or uninstalled. Network Forensics Overview • Network forensics – Systematic tracking of incoming and outgoing traffic • To ascertain how an attack was carried out or how an event occurred on a network • Intruders leave trail behind • Determine the cause of the abnormal traffic – Internal bug – Attackers Guide to Computer Forensics and Investigations 5 Securing a Network • Layered network defense strategy – Sets up layers of protection to hide the most valuable data at the innermost part of the network • Defense in depth (DiD) – Similar approach developed by the NSA – Modes of protection • People • Technology • Operations Guide to Computer Forensics and Investigations
  • Wireshark & Ethereal Network Protocol Analyzer

    Wireshark & Ethereal Network Protocol Analyzer

    377_Eth2e_FM.qxd 11/14/06 1:23 PM Page i Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our cus- tomers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you may find an assortment of value-added features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of exper- tise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in download- able Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our e-books onto servers in corporations, educational institutions, and large organizations.
  • Packet Capture and Analysis in Hybrid Environments

    Packet Capture and Analysis in Hybrid Environments

    Packet Capture and Analysis in Hybrid Environments Lawrence Miller Inside the Guide • Discover why packet capture and analysis of on- premises and cloud applications in modern hybrid environments is so challenging • Learn how to analyze packets at the Transport and Application Layers to uncover the root cause of issues • Explore how putting the right tools in the hands of the right people can help make your entire IT team more effective THE GORILLA GUIDE TO... Packet Capture and Analysis in Hybrid Environments Express Edition By Lawrence Miller Copyright © 2020 by ActualTech Media All rights reserved. This book or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of the publisher except for the use of brief quotations in a book review. Printed in the United States of America. ACTUALTECH MEDIA 6650 Rivers Ave Ste 105 #22489 North Charleston, SC 29406-4829 www.actualtechmedia.com PUBLISHER’S ACKNOWLEDGEMENTS EDITOR Keith Ward, ActualTech Media PROJECT MANAGER Wendy Hernandez, ActualTech Media EXECUTIVE EDITOR James Green, ActualTech Media LAYOUT AND DESIGN Olivia Thomson, ActualTech Media WITH SPECIAL CONTRIBUTIONS FROM Paul R. Dietz, Riverbed Stephen Creel, Riverbed Heidi Gabrielson, Riverbed Kowshik Bhat, Riverbed TABLE OF CONTENTS Introduction 7 Chapter 1: A Primer on Packets 8 Looking at Packets and Packet-Switched Networks 8 Understanding the Open Systems Interconnection (OSI) Model and Packet Encapsulation 11 Addressing Modern Packet Capture and Analysis Challenges 13
  • Wireless Networking in the Developing World

    Wireless Networking in the Developing World

    Wireless Networking in the Developing World Second Edition A practical guide to planning and building low-cost telecommunications infrastructure Wireless Networking in the Developing World For more information about this project, visit us online at http://wndw.net/ First edition, January 2006 Second edition, December 2007 Many designations used by manufacturers and vendors to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the authors were aware of a trademark claim, the designations have been printed in all caps or initial caps. All other trademarks are property of their respective owners. The authors and publisher have taken due care in preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information contained herein. © 2007 Hacker Friendly LLC, http://hackerfriendly.com/ This work is released under the Creative Commons Attribution-ShareAlike 3.0 license. For more details regarding your rights to use and redistribute this work, see http://creativecommons.org/licenses/by-sa/3.0/ Contents Where to Begin 1 Purpose of this book........................................................................................................................... 2 Fitting wireless into your existing network.......................................................................................... 3 Wireless
  • Use Style: Paper Title

    Use Style: Paper Title

    COMPARATIVE ANALYSIS OF PACKET SNIFFERS : A STUDY Jyoti Senior Engineer, Bharat Electronics Limited (India) ABSTRACT Today everything is being centralized through a common dedicated network to ease its use, make it more user friendly and increase its efficiency. The size of these centric networks is also increasing rapidly. So the management, maintenance and monitoring of these networks is important to keep network smooth and improve economic efficiency. Packet sniffing or packet analysis is the process of capturing data passed over the local network and looking for any information that may be useful. There is a wide variety of packet sniffers available in the market that can be exploited for this purpose. This paper focuses on the basics of packet sniffer, its working principle and a comparative study of various packet sniffers. Keywords: Packet Capture; Packet Sniffer; network monitoring; wireshark; NIC I INTRODUCTION A packet sniffer is a program that can see all of the information passing over the network it is connected to. As data steams back and forth on the network the program looks at it or „sniffs‟ each packet. A packet is a part of a message that has been broken up. Packet analysis can help us understand network characteristics, learn who is on network, determine who or what is utilizing available bandwidth, identify peak network usage times, identify possible attacks or malicious activity, and find unsecured and bloated applications[1]. II WORKING There are two modes in which a network interface of a machine work i.e Promiscuous and Non-promiscuous. Promiscuous mode in one in which the NIC of the machine can take over all packets and a frame it receives on network, namely this machine (involving its software) is sniffer.
  • Steelcentral Packet Analyzer Reference Manual, Personal Edition

    Steelcentral Packet Analyzer Reference Manual, Personal Edition

    SteelCentral Packet Analyzer Reference Manual Personal Edition Version 10.9 October 2015 © 2015 Riverbed Technology. All rights reserved. Riverbed®, SteelApp™, SteelCentral™, SteelFusion™, SteelHead™, SteelScript™, SteelStore™, Steelhead®, Cloud Steelhead®, Virtual Steelhead®, Granite™, Interceptor®, Stingray™, Whitewater®, WWOS™, RiOS®, Think Fast®, AirPcap®, BlockStream™, FlyScript™, SkipWare®, TrafficScript®, TurboCap®, WinPcap®, Mazu®, OPNET®, and Cascade® are all trademarks or registered trademarks of Riverbed Technology, Inc. (Riverbed) in the United States and other countries. Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed. All other trademarks used herein belong to their respective owners. The trademarks and logos displayed herein cannot be used without the prior written consent of Riverbed or their respective owners. F5, the F5 logo, iControl, iRules, and BIG-IP are registered trademarks or trademarks of F5 Networks, Inc. in the U.S. and certain other countries. Linux is a trademark of Linus Torvalds in the United States and in other countries. VMware, ESX, ESXi are trademarks or registered trademarks of VMware, Incorporated in the United States and in other countries. Portions of SteelCentral™ products contain copyrighted information of third parties. Title thereto is retained, and all rights therein are reserved, by the respective copyright owner. PostgreSQL is (1) Copyright © 1996-2009 The PostgreSQL Development Group, and (2) Copyright © 1994-1996 the Regents of the University
  • Wireshark Lab1, Part A: Getting Started

    Wireshark Lab1, Part A: Getting Started

    Wireshark Lab1, part a: Getting Started Version: 2.0 © 2007 J.F. Kurose, K.W. Ross. All Rights Reserved “Tell me and I forget. Show me and I remember. Involve me and I understand.” Chinese proverb One’s understanding of network protocols can often be greatly deepened by “seeing protocols in action” and by “playing around with protocols” – observing the sequence of messages exchanged between two protocol entities, delving down into the details of protocol operation, and causing protocols to perform certain actions and then observing these actions and their consequences. In these Wireshark labs we will observe the operation of real network protocols. You will be running various network applications in different scenarios using a computer in the lab or your own computer, if you prefer. You will observe the network protocols in your computer “in action,” interacting and exchanging messages with protocol entities executing elsewhere in the Internet. The basic tool for observing the messages exchanged between executing protocol entities is called a packet sniffer. As the name suggests, a packet sniffer captures (“sniffs”) messages being sent/received from/by your computer. It will also typically store and/or display the contents of the various protocol fields in these captured messages. A packet sniffer itself is passive. It observes messages being sent and received by applications and protocols running on your computer, but never sends packets itself. Similarly, received packets are never explicitly addressed to the packet sniffer. Instead, a packet sniffer receives a copy of packets that are sent/received from/by application and protocols executing on your machine.
  • Qualitative Assessment of Digital Forensic Tools

    Qualitative Assessment of Digital Forensic Tools

    Asian Journal of Electrical Sciences ISSN: 2249- 6297, Vol. 9, No. 1, 2020, pp. 25-32 © The Research Publication, www.trp.org.in Qualitative Assessment of Digital Forensic Tools Sakshi Singh and Suresh Kumar Department of Computer Science and Engineering, Ambedkar Institute Of Advanced Communication Technologies & Research New Delhi, Delhi, India. E-mail: [email protected], [email protected] Abstract - Forensic science is a study of science to criminals and A. Network Forensics: Network forensics is a branch of civil laws. Digital forensics is the part of forensic science relating advanced digital forensic identifying with the observing and to proof found in computers and advanced storage media. investigation of computer system traffic to collect network Forensic examiners gather, protect and break down logical traffic data, legitimate proof or interruption recognition. The confirmations over the span of examination. Digital information significant objective of the forensics of the network is to contains data as content, pictures, sound, video and so on. These days numerous cybercrime cases, for example, hacking, banking gather proof from the network traffic. It attempts to investigate cheats, phishing, email spamming, etc., have developed which are traffic information collected from various websites and connected with a computerized information. Since the digital network equipment, for example, IDS and firewalls. It screens investigation is turning into an expanding concern, numerous on the system to distinguish assaults and examine the idea of digital forensic tools have been created to manage the difficulties attacks. It is also the way of distinguishing interruption of exploring computerized wrongdoings. The motivation behind examples concentrating on attackers' exercises.
  • Using the Ethereal and Tcpdump Protocol Analyzers

    Using the Ethereal and Tcpdump Protocol Analyzers

    Using the Ethereal and tcpdump Protocol Analyzers Doug Toppin Nov 2003 toppin.com Ethereal - 1 What is Ethereal? “ Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.” Ethereal - 2 Similar Tools ● tethereal - textual version of ethereal ● tcpdump - textual protocol analyzer These tools use the pcap (libpcap) packet capture library (which can be used to generate custom capture apps) Ethereal - 3 What does ethereal look like? ● gui composed of 4-fields: – Menu bar – List of captured packets – Top-level info on selected packet – Detail of selected packet – See following slide for example Ethereal - 4 captured packet list Illus-1 overhead gui of selected packet detail of selected packet Ethereal - 5 Illus-2 Capture initiator Ethereal - 6 uses for these tools ● find messages that have errors in them without modifying code (adding debug prints) ● monitor/analyze lan traffic for activity/load/latency measurement ● save captured packets for later analysis (“ evidence” attached to an bug report) ● frequently used for passive intrusion detection and monitoring ● just to see what your network is up to Ethereal - 7 Illus-3 capture with payload selected (http) Ethereal - 8 Illus-4 note http text Ethereal -
  • Wireshark Network Security

    Wireshark Network Security

    Wireshark Network Security A succinct guide to securely administer your network using Wireshark Piyush Verma BIRMINGHAM - MUMBAI Wireshark Network Security Copyright © 2015 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: July 2015 Production reference: 1240715 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78439-333-5 www.packtpub.com Credits Author Project Coordinator Piyush Verma Nidhi Joshi Reviewers Proofreader David Guillen Fandos Safis Editing Mikael Kanstrup Jaap Keuter Indexer Priya Sane Tigran Mkrtchyan Production Coordinator Commissioning Editor Shantanu N. Zagade Amarabha Banerjee Cover Work Acquisition Editor Shantanu N. Zagade Larissa Pinto Content Development Editor Siddhesh Salvi Technical Editor Madhunikita Sunil Chindarkar Copy Editor Dipti Mankame About the Author Piyush Verma currently serves as a senior security analyst at NII Consulting, India, and enjoys hacking his way into organizations (legally) and fixing the vulnerabilities encountered.