Ethical Hacking and Network Analysis with Wireshark Exploration of network packets for detecting exploits and malware (Sharma, Manish) (z-library.sk, 1lib.sk, z-lib.sk)

📄 File Format: PDF

💾 File Size: 23.3 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

(This page has no text content)

📄 Page 2

(This page has no text content)

📄 Page 3

Ethical Hacking and Network Analysis with Wireshark Exploration of network packets for detecting exploits and malware Manish Sharma

📄 Page 4

www.bpbonline.com

📄 Page 5

Copyright © 2024 BPB Online All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor BPB Online or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. BPB Online has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, BPB Online cannot guarantee the accuracy of this information. First published: 2024 Published by BPB Online WeWork 119 Marylebone Road London NW1 5PU UK | UAE | INDIA | SINGAPORE ISBN 978-93-55517-722 www.bpbonline.com

📄 Page 6

Dedicated to This book is dedicated to every cybersecurity enthusiast and the lovely readers

📄 Page 7

About the Author Manish Sharma, the founder and CEO of Ducara, is a cyber security expert, researcher, and trainer. As an IEEE Member and public speaker, he holds esteemed certifications like C|EH, C|HFI, E|CSA, L|PT. Under his guidance, a visionary team emerged. Recognizing the market's appreciation, Manish ventured into product solutions, forming strategic alliances with industry leaders like Microsoft, DigiCert, IBM, and more. Beyond his business acumen, Manish is a spiritual explorer, intertwining every aspect of his life. His ethos revolves around interconnectedness, placing humanity at the forefront, and embracing the fullest moments of life.

📄 Page 8

About the Reviewer Kumarshankar Raychaudhuri is a Cyber Security and Digital Forensics professional, with around 6 years of experience in this domain. He has completed his graduation in Computer Science and post-graduation in Information Security. He has an interest in conducting experiments and research, based on which he has published multiple articles in various international and national journals. He has also completed different certifications and has trained officials from various government and law enforcement agencies, in the domain of digital forensics and cyber security. He loves to travel, watch thriller and comedy films, and read books in his free time.

📄 Page 9

Acknowledgement I want to express my deepest gratitude to my family, friends, and my team for their unwavering support and encouragement throughout this book's writing. I am also grateful to my publisher for their guidance and expertise in bringing this book to fruition. It was a long journey of writing this book, with valuable participation and collaboration of reviewers, technical experts, and editors. I would also like to acknowledge the valuable contributions of my colleagues and co-workers during many years working in the tech industry, who have taught me so much and provided valuable feedback on my work. Finally, I would like to thank all the readers who have taken an interest in my book and for their support in making it a reality. Your encouragement has been invaluable.

📄 Page 10

Preface The cyber world is no less dangerous than the real world. We are all aware of the infamous COVID-19 pandemic that majorly changes the world order, especially in the context of the cyber world. Just as the Coronavirus affects the entire globe, a cyber virus can affect your virtual presence. As we saw, most of the world was operating on the internet. Majority of them were not fully equipped and had less knowledge about security measures. It provided an opportunity for malicious actors to exploit every possible vulnerability they find. It was extremely challenging during the pandemic years to maintain business continuity with utmost security, especially in regard to network security. Understanding the tough time that security professionals faced and all the challenges that I and my team encountered during the pandemic to protect our network from everyday cyber challenges, inspired me to write a comprehensive yet simple-to-understand guide. This book is suitable for both beginners and professionals to learn some simple yet magical tricks for strengthening network security. It specifically provides tip-o-tricks on the effective use of the network security tool – Wireshark. The best part of this book is that to make learning interesting, and to make concepts and techniques understandable, a lot of examples are used. Key concepts that you find in this book are: Chapter 1: Ethical Hacking and Networking Concepts – Provide basics of ethical hacking and networking with a detailed description of the OSI model, TCP/IP model,

📄 Page 11

networking protocols, IP networks and subnets, wireless networking, network traffic, and how Wireshark contributes to the field of ethical hacking and network analysis. Chapter 2: Getting Acquainted with Wireshark and Setting Up the Environment – This chapter helps readers get acquainted with Wireshark. This chapter provides details on how to set up the environment and install Wireshark on the computer systems. Also, it will cover Wireshark's core feature, its working, Wireshark user interface, and Wireshark command line tools. Chapter 3: Getting Started with Packet Sniffing – Covers the concept of packet sniffing, how to perform packet sniffing, how to use Wireshark to capture network traffic and decode it, and learn to use Wireshark's built-in filtering capabilities in order to narrow down your focus even further during your analysis process. Additionally, learn to sniff packets from remote locations, maximizing packet capture performance, and stop sniffing, saving, and exporting packets. Chapter 4: Sniffing on 802.11 Wireless Networks – This chapter allows the readers to learn the fundamentals of the 802.11 wireless networks and how to perform sniffing on 802.11 wireless networks. Readers will also find in-depth details on WLAN capture setup, the difference between monitor mode and promiscuous mode, 802.11 Sniffer Capture Analysis - WPA/WPA2 with PSK or EAP, 802.11 Sniffer Capture Analysis – Multicast, and 802.11 Sniffer Capture Analysis – Web Authentication. Chapter 5: Sniffing Sensitive Information, Credentials and Files – Helps the reader to learn the process of sniffing sensitive information using Wireshark, the different types of packets that can be captured using Wireshark, and extracting sensitive information and credentials from it, the process of sniffing the activity over USB Interfaces, steal

📄 Page 12

Credentials on HTTP, extract images from PCAP file using Wireshark, PDF and ZIP file saving from Wireshark, process of capturing Telnet password and SMTP Password, and identifying hosts and users with Wireshark. Chapter 6: Analyzing Network Traffic Based on Protocols – This chapter helps readers learn how to use Wireshark to analyze network traffic based on protocols, what kind of information can be extracted from each protocol, and how exactly we can analyze it. Additionally, it provides thorough information on different networking protocols like IPv4 and IPv6, ARP, ICMP, TCP, UDP, HTTP, FTP, SMTP, DHCPv6, and DNS Chapter 7: Analyzing and Decrypting SSL/TLS Traffic – This chapter gives special attention to the concepts of SSL/TLS, along with the use of Wireshark to examine SSL/TLS traffic in detail, including the handshake process that occurs between the client and server before an actual connection is established. More specifically, in this chapter reader will find details on SSL/TLS handshake, the process of key exchange, and decrypting SSL/TLS traffic. Chapter 8: Analyzing Enterprise Applications – Allow the reader to learn about the functioning of the various types of enterprise applications along with how to use Wireshark in order to analyze common applications that are used in an enterprise network, such as Microsoft Terminal Server and Citrix, databases, and Simple Network Management Protocol (SNMP). Chapter 9: Analysing VoIP Calls Using Wireshark – This chapter will help readers get started with VoIP Traffic Architecture and its supporting protocols. Also, provide details on how to use Wireshark to capture and view VoIP calls, analyze RTP streams in VoIP traffic, and learn to decode the packets in order to understand what's happening during a conversation.

📄 Page 13

Chapter 10: Analyzing Traffic of IoT Devices – It covers the fundamentals of IoT devices with details on how to use Wireshark for sniffing traffic of IoT devices, analyzing traffic of IoT devices, and detecting sensitive information in IoT device traffic Chapter 11: Detecting Network Attacks with Wireshark – It helps readers to develop essential Wireshark skills for quickly detecting suspicious network traffic patterns, DoS and DDoS attacks, port scanning (reconnaissance), brute-force and application attacks, ARP poisoning, session hijacking, honeypot traffic, and heartbleed bug. Chapter 12: Troubleshooting and Performance Analysis Using Wireshark – Covers in detail methodology for using Wireshark to diagnose problems with the network, and how to use it in order to find and fix problems. Additionally, it covers the concept of performance analysis methodology and troubleshooting related to connectivity issues, functional issues, TCP protocol issues, and slow application response time. I hope this book helps you to gain an understanding and skills to become a proficient network security expert and I hope you find this book reliable for your network security journey. – Manish Sharma Author

📄 Page 14

Coloured Images Please follow the link to download the Coloured Images of the book: https://rebrand.ly/b41126 We have code bundles from our rich catalogue of books and videos available at https://github.com/bpbpublications. Check them out! Errata We take immense pride in our work at BPB Publications and follow best practices to ensure the accuracy of our content to provide with an indulging reading experience to our subscribers. Our readers are our mirrors, and we use their inputs to reflect and improve upon human errors, if any, that may have occurred during the publishing processes involved. To let us maintain the quality and help us reach out to any readers who might be having difficulties due to any unforeseen errors, please write to us at : errata@bpbonline.com Your support, suggestions and feedbacks are highly appreciated by the BPB Publications’ Family. Did you know that BPB offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.bpbonline.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at :

📄 Page 15

business@bpbonline.com for more details. At www.bpbonline.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on BPB books and eBooks. Piracy If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at business@bpbonline.com with a link to the material. If you are interested in becoming an author If there is a topic that you have expertise in, and you are interested in either writing or contributing to a book, please visit www.bpbonline.com. We have worked with thousands of developers and tech professionals, just like you, to help them share their insights with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea. Reviews Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions. We at BPB can understand what you think about our products, and our authors can see your feedback on their book. Thank you! For more information about BPB, please visit www.bpbonline.com. Join our book’s Discord space Join the book’s Discord Workspace for Latest updates, Offers, Tech happenings around the world, New Release and Sessions with the Authors: https://discord.bpbonline.com

📄 Page 16

Table of Contents 1. Ethical Hacking and Networking Concepts Introduction Structure Objectives Introduction to ethical hacking The history of ethical hacking Importance of ethical hacking Benefits of ethical hacking Introduction to networking concepts The OSI model Importance of OSI model Seven layers of the OSI model The application layer The presentation layer The session layer The transport layer The network layer The data link layer The physical layer Example of data flow in the OSI model The TCP/IP model Five layers of the TCP/IP model The application layer

📄 Page 17

The host-to-host/transport layer The network /internet layer The network interface layer The hardware/physical layer Difference between OSI and TCP/IP models Understanding network protocols Communication protocols Transmission control protocol/Internet protocol Hypertext Transfer Protocol File Transfer Protocol Simple Mail Transfer Protocol Secure Shell Internet Mail Access Protocol Post Office Protocol Lightweight Directory Access Protocol Telnet X.25 Integrated Services Digital Network Asynchronous Transfer Mode Multiprotocol Label Switching Session Initiation Protocol Real-time Transport Protocol Network management protocols Simple Network Management Protocol Remote Monitoring Network Time Protocol Syslog NetFlow Border Gateway Protocol Open Shortest Path First Enhanced Interior Gateway Routing Protocol

📄 Page 18

Internet Control Message Protocol Domain Name System Dynamic Host Configuration Protocol Address Resolution Protocol Link Layer Discovery Protocol Cisco Discovery Protocol Web-Based Enterprise Management Security protocols Secure Sockets Layer and Transport Layer Security Secure Shell Internet Protocol Security Wi-Fi Protected Access and WPA2 Kerberos Hypertext Transfer Protocol Secure Pretty Good Privacy IP networks and subnets IP address IPv4 and IPv6 Subnet The breakdown and significance of IP addresses The benefits of subnetting What is a subnet mask Switching and routing packets Switching packets Routing packets WAN links Wireless networking What is network traffic Overview of network packet sniffing The purpose of network packet sniffing

📄 Page 19

Active and passive sniffing Wireshark in ethical hacking and traffic analysis Conclusion Questions Answers 2. Getting Acquainted with Wireshark and Setting up the Environment Introduction Structure Objectives What is Wireshark The origin of Wireshark by Gerald Combs The future of Wireshark Wireshark's functionality Wireshark's operation Wireshark core features Wireshark's purpose Limitations of Wireshark Downloading and Installing Wireshark with Libraries System requirements For Windows For Linux/Unix For macOS Installing Wireshark on Windows Installing Wireshark on Linux/Unix Installing Wireshark on macOS Exploring the Wireshark user interface Wireshark’s Start-up screen The menu

📄 Page 20

The main toolbar The filter toolbar The packet list pane The packet details pane The packet bytes pane The packet diagram pane The statusbar Understanding Wireshark command-line tools Running Wireshark command-line tools Sniffing packets using Dumpcap and Tshark Filtering packets using Dumpcap, Tshark, and Editcap Merging trace files with Mergecap Analyzing Pcaps using Tshark Working with Text2pcap Conclusion Questions Answers 3. Getting Started with Packet Sniffing Introduction Structure Objectives Define your sniffing targets Choosing network interfaces Performing a packet sniffing Capture options: Input Tab Capture options: Output tab Capture options: Options tab Remote network packet Installing SSH on Remote Windows