Wireshark安全实战：结合Metasploit的专业应用

Wireshark

5星 · 超过95%的资源需积分: 9 158 浏览量更新于2024-07-20 1 收藏 14.16MB PDF 举报

身份认证购VIP最低享 7 折!

30元优惠券

"Wireshark for Security.pdf 是一本专门针对安全专业人员的Wireshark使用指南，通过本书，读者将学习如何利用Wireshark解决实际安全问题。书中的虚拟实验室环境（w4sp-lab）提供了实践操作的机会，结合Kali Linux和Metasploit框架，帮助读者深入理解网络攻击的技术细节，并进行攻防活动的分析。此外，还介绍了使用Lua扩展Wireshark功能的方法。" 本书旨在帮助信息安全专业人士掌握Wireshark的基础和高级应用，包括但不限于以下知识点： 1. **Wireshark基础**：学习Wireshark的基本操作，如捕获、过滤、解析网络流量，理解网络协议的底层工作原理。 2. **设置虚拟实验室**：介绍w4sp-lab环境的搭建和使用，该环境模拟真实网络环境，为实践提供平台。读者可以在此环境中分析和解决网络问题。 3. **Kali Linux与Metasploit**：结合安全操作系统Kali和Metasploit框架，展示如何在Wireshark中捕获和分析安全相关的网络流量，用于渗透测试和漏洞探测。 4. **诊断攻击**：学习通过Wireshark识别和诊断网络攻击，例如通过分析TCP/IP堆栈、HTTP会话等，了解攻击的迹象和模式。 5. **进攻性Wireshark**：探讨如何使用Wireshark进行主动的安全评估，包括执行攻击和防御策略，理解网络攻防的动态过程。 6. **加密协议解密**：讲解如何使用Wireshark捕获和解析TLS、USB通信，以及检测键盘记录器，同时涉及网络流量可视化技术。 7. **Lua编程**：介绍如何利用轻量级编程语言Lua扩展Wireshark的功能，编写自定义脚本，以满足特定的安全需求。 8. **TShark命令行工具**：学习使用Wireshark的命令行版本TShark，进行更高效、自动化的数据包捕获和处理。通过本书，读者不仅能提升Wireshark技能，还能深化对网络安全的理解，增强实战能力。每章末尾的练习题和提供的源代码将进一步巩固所学知识，使读者能够充分利用Wireshark进行信息安全管理。在线资源，如GitHub上的Lua代码和实验室源代码，为读者提供了持续学习和探索的平台。这是一本全面、实用的信息安全专业人员的Wireshark使用手册。

资源详情

资源推荐

xvi Introduction

“fundamentals” go, Chapter 3 acts as a refresher for what’s necessary around

networking, information security, and packet and protocol analysis.

Further in the book, Wireshark is used in the context of various roles, but

there’s no experience requirement for grasping the content or making use of the

labs. For example, the tools used in Chapter 6, “Offensive Wireshark” might be

already familiar to the penetration tester, but the chapter assumes zero experi-

ence when instructing setup.

To sum up, we understand there is a wide spectrum of possible roles and

experience levels. You might be employed in one of these roles and want to use

Wireshark more. Or you might be getting ready to take on one of these roles, and

recognize Wireshark as essential tool to use. In either case, this book is for you.

Tools You Will Need

The one tool required for this book is a system. Your system does not need to

be especially powerful; at the most a few years old would be best. Your system

will be rst used in Chapter 2, “Setting Up the Lab.” You rst install and set up

a virtualized machine. Then upon that virtual machine you will set up the labs.

Of course, this book can benet those without a system, but a system is needed

to perform the labs referenced throughout the book.

What’s on the Website

The primary website needed for this book is the GitHub repository for the W4SP

Lab code. The GitHub repo and its contents are explained further in Chapter 2,

“Setting Up the Lab,” where you rst download and build the virtual lab envi-

ronment. Then the Lab les are installed onto your virtual machine.

Other websites are cited throughout the book, mostly as pointers for additional

resources. For example, some sites hold hundreds of network capture les that

are available for analysis.

Summary

This is where the authors are at the edge of our seats, hoping you will leap into

and enjoy the book, its materials, and the labs. A lot of thought and effort went

into this book. Our only desire was to create a resource that inspired more

people to have a deeper appreciation of Wireshark. Being information security

professionals ourselves, we crafted this book for our peers.

2 Chapter 1  Introducing Wireshark

What Is Wireshark?

Wireshark, in its most basic sense, is a tool to understand data you capture from

a network. The captured data is interpreted and presented in individual packet

form for analysis, all within Wireshark. As you probably already know,

packets are the chunks of data streaming on a network. (Technically, depend-

ing on the context level of where in the system the data is interpreted, chunks

are called frames, datagrams, packets, or segments, but we’ll just use “packets” for

now.) Wireshark is a network and protocol analyzer tool, free for download and

use on a variety of platforms, spanning many avors of Unix and Windows.

Wireshark rst captures the data from a network interface and then breaks

the capture into the frames, segments, and packets, understanding where they

begin and end. Wireshark then interprets and presents this data in the context

of addressing, protocols and data. You can analyze the captures immediately

or save them to load later and share with others. In order for Wireshark to

view and capture all packets, not just those involving the capturing system,

the network interface is placed in promiscuous mode (also called monitor mode)

in the context of capturing on a wireless network. Finally, what grants you the

ability to analyze packets in Wireshark are the dissectors. All these basic ele-

ments are discussed in more detail in Chapter 4, in the context of “snifng” or

capturing data, and how that captured data is interpreted.

A Best Time to Use Wireshark?

Wireshark is an immensely powerful tool with quite a bit of deep and complex

functionality. It is capable of handling a wide range of known (and unknown)

protocols. But although the functionality range is broad, most of it aligns to

one end: to capture packets and analyze them. Being able to take the bits and

bytes and present them in an organized, familiar, and human-readable format

is what brings people to think of using Wireshark.

Before launching Wireshark, it’s important to understand when to use it and

when not to use it. Sure, it’s a great tool, but like any tool, it’s best used when

it’s the right tool for the job.

Here are scenarios when it’s ideal to use Wireshark:



To look for the root cause of a known problem



To search for a certain protocol or stream between devices



To analyze specic timing, protocol ags, or bits on the wire

And while not ideal, Wireshark can also be used:



To discover which devices or protocols are the top talkers



To see a rough picture of network trafc



To follow a conversation between two devices

Chapter 1  Introducing Wireshark 3

You get the idea. Wireshark is ideal for determining a root cause of an

understood problem. While not ideal for browsing network trafc or making

high-level judgments about the network, Wireshark does have some features to

show those statistics. But Wireshark can’t and shouldn’t be the rst tool thought

of early on in discovering a problem. Someone who opens Wireshark to skim

through the list of packets to assess network health would soon be overwhelmed.

Instead, Wireshark is for problem solvers, for the detectives who already know

their suspects well.

Avoiding Being Overwhelmed

The majority of people who walk away from Wireshark do so because they

nd it overwhelming after only a few early experiences. To label Wireshark

as overwhelming is misleading, however. What really paralyzes new users is

the trafc, the list of packets ying by, not the application’s functionality. And,

fair enough, once you start a capture and the packets scroll by in real time, it’s

denitely intimidating. (But that’s what lters are for!)

To avoid being overwhelmed, consider two aspects of Wireshark before

diving into it:



The interface—how it’s laid out and why



Filters—how they work to reveal what you want

Once you get a quick appreciation of the tool’s interface and how to write a

lter, Wireshark suddenly appears intuitive and shows its power, without the

scare factor. And that’s what we focus on for the rest of this chapter.

The following sections are on the most important aspects that you need

immediately to be comfortable using Wireshark. If you are already familiar with

Wireshark, as well as lters, feel free to skim this chapter as a refresher so that

you can be sure you are on the same page for the rest of the book.

The Wireshark User Interface

We start with the busy Wireshark GUI, which is packed with features. We

provide a high-level overview of where you need to look to start seeing some

packet data. With packet capturing covered, we then discuss the more power-

ful features of Wireshark, starting with dissectors. In Wireshark, dissectors are

what parse a protocol and decode it for presenting on the interface. They enable

Wireshark to give the raw bits and bytes streaming across the wire some context

by displaying them into something more meaningful to the human analyst. We

then round off the chapter by covering the various lters available to help limit

and zero in on just the network data you are interested in.

The home screen appears when you open Wireshark. On this screen are

shortcuts you can use to start a new capture or open a previous capture le.

剩余285页未读，继续阅读

ramissue

粉丝: 354
资源: 1487

Wireshark安全实战：结合Metasploit的专业应用

Wireshark for Security Professionals

Wireshark for Security Professionals Using Wireshark and the Metasploit 无水印pdf

Wireshark Network Security

Full path incl. file to the Wireshark - sharkd binary. e.g. for OSX: /Applications/Wireshark.app/Contents/MacOS/sharkd

/bin/sh: /Applications/Wireshark.app/Contents/MacOS/tshark: No such file or directory

"D:\Program Files\Wireshark\Wireshark.exe" -k -S -i -

wireshark1.12.10

ensp配置Wireshark.exe

https://www.wireshark.org/download.html

wireshark.rar

wireshark .pcapng文件格式

http://www.wireshark.org

https://www.wireshark.org/docs/dfref/d/dubbo.html 无法访问

下载安装Wireshark软件下载安装Wireshark软件； 2. 启动浏览器； 3. 启动Wireshark； ； 2. 启动浏览器； 3. 启动Wireshark；

wireshark.

wireshark2.2.0安装教程

wireshark java_Wireshark使用

centos安装最新版wireshark

wireshark下载与安装 linux

启动wireshark如法自动弹出wireshark页面

最新资源

下载安装Wireshark软件下载安装Wireshark软件； 2. 启动浏览器； 3. 启动Wireshark；； 2. 启动浏览器； 3. 启动Wireshark；