So… it’s time to elevate your copy of Wireshark from "network wallflower" to network powerhouse. It’s time to
roll up your sleeves, get rid of the training wheels, put on your helmet and reflective gear, tell everyone to get
the hell out of your way, get on that bike—and ride!
By the way—you have no idea how difficult it was to refrain from adding humor (or at least what I call humor)
to this book. It crept in at various points—some I left in, most I simply moved aside for a later book that might
focus on the humorous side of packet analysis. We will have to wait and see…
Laura Chappell
Founder, Chappell University
Founder, Wireshark University
About This Book
Wireshark Network Analysis: the Official Wireshark Certified Network Analyst™ Study Guide—Second Edition
offers you a solid foundation in the key skills of network analysis, troubleshooting, optimization and security.
By purchasing this book, you have indicated your desire to learn packet-level communications and develop
skills necessary to analyze, troubleshoot and secure networks more efficiently and achieve the Wireshark
Certified Network Analyst certification.
Download the Supplements from
www.wiresharkbook.com
.
Each chapter concludes with a "Practice What You’ve Learned" section that references traffic files (trace files),
configuration files and other files related to the current chapter. These files are available for download at
www.wiresharkbook.com
. Before delving into this book, it is recommended that you install the latest version of
Wireshark www.wireshark.org
[1] and download the trace files from www.wiresharkbook.com. Create a \traces
directory on your local system and copy these trace files into that directory.
Who is This Book For?
This book offers an ideal reference for information technologists responsible for key network tasks including:
identify poor network performance due to high path latency
locate internetwork devices that drop packets
validate optimal configuration of network hosts
analyze application functionality and dependencies
optimize application behavior for best performance
learn how TCP/IP networks function
analyze network capacity before application launch
verify application security during launch, log in and data transfer
identify unusual network traffic indicating potentially compromised hosts
studying for the Wireshark Certified Network Analyst Exam
How is This Book Organized?
Chapter 1: The World of Network Analysis
explains the key uses of network analysis and provides lists of tasks
used for troubleshooting, securing and optimizing network traffic. This chapter also provides insight into the
"needle in the haystack issue" that overwhelms many new network analysts.
Chapter 2: Introduction to Wireshark
details Wireshark internals, the elements of the Wireshark graphical
interface and functions of the Main Menu, Main Toolbar, Filter Toolbar, Wireless Toolbar, and Status Bar. In
addition, this chapter offers a list of resources recommended for network analysts.
The next eleven chapters (Chapter 3 through Chapter 13) focus on Wireshark functionality with numerous
examples of use and references to trace files available at
www.wiresharkbook.com
. If you are new to
Wireshark, focus on these sections to obtain foundational skills used in later chapters.
Chapter 14 through Chapter 25 concentrate on the key protocols and applications of the TCP/IP suite including
ARP, DNS, IPv4/IPv6, TCP, UDP, and ICMPv4/ICMPv6. Identifying or absolving TCP/IP as part of the
troubleshooting process helps isolate the cause of performance issues and locate security holes. In addition,
these are the chapters you should focus on if you are troubleshooting DHCP-based configurations or
HTTP/HTTPS sessions.
Chapter 26: Introduction to 802.11 (WLAN) Analysis
explains how to capture wireless traffic, identify basic
WLAN problems caused by RF (radio frequency) interference, WLAN retries and access point availability. This