Wireshark for Security Professionals
Описание книги
The bestselling MCSA study guide, with expert instruction and hands-on practice MCSA Windows Server 2012 R2 Configuring Advanced Services Study Guide provides focused preparation for exam 70-412 and is fully updated to align with the latest Windows Server 2012 R2 objectives. This comprehensive guide covers 100 percent of all exam objective domains, and includes hundreds of practice questions and answers. You get access to video demonstrations, electronic flashcards, and practice exams, and hands-on exercises based on real-world scenarios allow you to apply your skills to everyday tasks. Organized by objective, each chapter includes review questions and a list of Exam Essentials that help you judge your level of preparedness every step of the way. Exam 70-412: Configuring Advanced Windows Server 2012 Services is the third and final exam in the MCSA certification series, and was recently updated to cover Server R2. Additions include enhancements to Hyper-V, Storage Spaces, and Active Directory, so it's crucial that your study guide be up to date as well. This book covers the entire exam, including the new information, with expert instruction and easy-to-follow explanation that helps you to: Configure network services, high availability, information protection, and more Implement business continuity and disaster recovery solutions Get hands-on practice in real-world scenarios Pass this one last exam and you become a Microsoft Certified Solutions Associate – someone with trusted, demonstrated expertise in the server software with over 83 percent market share. Businesses rely on Windows Server, and the people who understand them are in demand. Thorough preparation is the key to exam success, and MCSA Windows Server 2012 R2 Configuring Advanced Services Study Guide provides all the information you need to know.
Оглавление
Parker Jeff T.. Wireshark for Security Professionals
Introduction
Overview of the Book and Technology
How This Book Is Organized
Who Should Read This Book
Tools You Will Need
What's on the Website
Summary
Chapter 1. Introducing Wireshark
What Is Wireshark?
The Wireshark User Interface
Filters
Summary
Exercises
Chapter 2. Setting Up the Lab
Kali Linux
Virtualization
VirtualBox
The W4SP Lab
Summary
Exercises
Chapter 3. The Fundamentals
Networking
Security
Packet and Protocol Analysis
Summary
Exercises
Chapter 4. Capturing Packets
Sniffing
Dealing with the Network
Loading and Saving Capture Files
Dissectors
Viewing Someone Else's Captures
Summary
Exercises
Chapter 5. Diagnosing Attacks
Attack Type: Man-in-the-Middle
Attack Type: Denial of Service
Attack Type: Advanced Persistent Threat
Summary
Exercises
Chapter 6. Offensive Wireshark
Attack Methodology
Reconnaissance Using Wireshark
Evading IPS/IDS
Exploitation
Remote Capture over SSH
Summary
Exercises
Chapter 7. Decrypting TLS, Capturing USB, Keyloggers, and Network Graphing
Decrypting SSL/TLS
USB and Wireshark
Graphing the Network
Summary
Exercises
Chapter 8. Scripting with Lua
Why Lua?
Scripting Basics
Setup
Tools
Creating Dissectors for Wireshark
Extending Wireshark
Summary
Credits
About the Authors
About the Technical Editor
Acknowledgments
WILEY END USER LICENSE AGREEMENT
Отрывок из книги
Welcome to Wireshark for Security Professionals. This was an exciting book for us to write. A combined effort of a few people with varied backgrounds – spanning information security, software development, and online virtual lab development and teaching – this book should appeal and relate to many people.
Wireshark is the tool for capturing and analyzing network traffic. Originally named Ethereal but changed in 2006, Wireshark is well established and respected among your peers. But you already knew that, or why would you invest your time and money in this book? What you're really here for is to delve into how Wireshark makes your job easier and your skills more effective.
.....
• Line 1 compares the packet at the offset to 2030405 and jumps to line 2 if it matches, or line 4 if it doesn't match.
• Lines 2 and 3 load the offset for the first part of the source address and compare it to 0001. If this also matches, it can return 65535 to capture this packet.
.....