Home Page Icon
Home Page
Table of Contents for
Chapter 12: Discovering ICMP
Close
Chapter 12: Discovering ICMP
by Lisa Bock
Learn Wireshark
Title Page
Copyright and Credits
Learn Wireshark
Dedication
About Packt
Why subscribe?
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Section 1: Traffic Capture Overview
Appreciating Traffic Analysis
Reviewing packet analysis
Exploring early packet sniffers 
Evaluating devices that use packet analysis
Capturing network traffic
Recognizing who benefits from using packet analysis
Assisting developers
Helping network administrators monitor the network
Expert system and intelligent scrollbar
Subsetting traffic, comment, save, and export
Educating students on protocols
Alerting security analysts of threats
Arming hackers with information
Outlining passive attacks
Understanding active attacks
Poisoning the cache
Identifying where to use packet analysis
Analyzing traffic on a LAN
Sniffing traffic on a host
Using packet analysis in the real world
Outlining when to use packet analysis
Troubleshooting latency issues
Testing IoT devices
Monitoring for threats
Baselining the network
Getting to know Wireshark
Summary 
Questions
Using Wireshark NG
Discovering the beginnings of today's Wireshark
Developing Ethereal
Examining the Wireshark interface
Introducing Wireshark next generation
Enhancements
Authors
Understanding the phases of packet analysis
Gathering network traffic
Capturing in promiscuous mode
Using a capture engine
Decoding the raw bits
Enhanced Packet Analyzer (EPAN)
Displaying the captured data
Analyzing the packet capture
Using command-line tools
Exploring tshark
Summary
Questions
Installing Wireshark on a PC or macOS
Discovering support for different OS
Using Wireshark on Windows
Running Wireshark on Unix 
Installing Wireshark on macOS
Deploying Wireshark on Linux
Downloading premade virtual images
Working with Wireshark on other systems
Comparing different capture engines
Understanding libpcap
Examining WinPcap
Reviewing AirPCap
Grasping Npcap
Understanding Npcap features
Performing a standard Windows installation
Beginning the installation
Choosing components
Creating shortcuts and selecting an install location
Capturing packets and completing the installation
Reviewing the resources available at Wireshark.org
Evaluating different download options
Summary
Questions
Exploring the Wireshark Interface
Understanding the Wireshark welcome screen
Opening files
Capturing traffic
Learning about Wireshark
Exploring the File menu
Opening a file, close, and save
Exporting packets, bytes, and objects
Printing packets and closing Wireshark
Discovering the Edit menu
Copying items and finding packets
Marking or ignoring packets
Setting a time reference
Personalizing your work area
Exploring the View menu
Enhancing the interface
Adjusting time formats and name resolution
Modifying the display
Refreshing the view
Summary
Questions
Section 2: Getting Started with Wireshark
Tapping into the Data Stream
Reviewing the network architecture
Comparing different types of networks
Discovering the PAN
Checking out LANs
Exploring CANs
Navigating WANs
Exploring various types of media
Exploring copper
Using fiber optic
Discovering wireless
Learning various capture methods
Providing input
Directing output
Selecting options
Tapping into the stream
Comparing conversations and endpoints
Realizing the importance of baselining
Planning the baseline
Capturing traffic
Analyzing the captured traffic
Saving the baselines
Summary
Questions
Personalizing the Interface
Personalizing the layout and general appearance
Changing the layout
Altering the appearance
Creating a tailored configuration profile
Adjusting columns, font, and colors
Adding, editing, and deleting columns
Demonstrating how to use field occurrence
Refining the font and colors
Adding comments
Attaching comments to files
Entering packet comments
Viewing and saving comments
Modifying complex expressions
Creating expressions
Crafting buttons
Summary
Questions
Using Display and Capture Filters
Filtering network traffic
Comparing display and capture filters
Comprehending display filters
Using bookmarks
Editing display filters
Creating capture filters
Saving to bookmarks
Modifying capture filters
Understanding the expression builder
Building an expression
Discovering shortcuts and handy filters
Embracing filter shortcuts
Applying useful filters
Summary
Questions
Outlining the OSI Model
Comprehending the OSI model
Discovering the purpose, protocols, and PDUs
Evaluating the application layer
Exploring protocols and the PDU
Understanding the presentation layer
Describing the protocols and the PDU
Learning about the session layer
Recognizing protocols and the PDU
Appreciating the transport layer
Differentiating protocols and the PDU
TCP
UDP
Providing port addressing
Explaining the network layer
Distinguishing the protocols and the PDU
IP
ARP
ICMP
Supplying an IP address for the packet
Examining the data link layer
Investigating protocols and the PDU
Describing the data link layer address
Traveling over the physical layer
Exemplifying protocols and the PDU
Exploring the encapsulation process
Viewing the data
Identifying the segment
Identifying the packet
Forming the frame
Demonstrating frame formation in Wireshark
Examining the network bindings
Summary
Questions
Section 3: The Internet Suite TCP/IP
Decoding TCP and UDP
Reviewing the purpose of the transport layer
Describing TCP
Exploring a single TCP frame
Examining the eleven-field TCP header
Navigating the TCP header fields
Exploring TCP ports
Sequencing and acknowledging data
Following the flags
Dissecting the window size
Additional header values
Understanding UDP
A single UDP frame
Discovering the four-field UDP header
Analyzing the UDP header fields
Summary
Questions
Managing TCP Connections
Dissecting the three-way handshake
Isolating a single stream
Marking the TCP handshake
Identifying the handshake packets
Sending the SYN packet
Returning the SYN-ACK packet
Finalizing with an ACK packet
Learning TCP options
Grasping the EOL
Using NOP
Defining the MSS
Scaling the window size
Permitting SACK
Using timestamps
Understanding TCP protocol preferences
Modifying TCP preferences
Tearing down a connection
Summary
Questions
Analyzing IPv4 and IPv6
Understanding the purpose of the IP
Outlining IPv4
Dissecting the IPv4 header
Discovering the version and the length
Breaking down the type of service
Ensuring QoS
Sending an ECN
Fragmenting the data
Viewing TTL, protocol, and checksum
Learning IPv4 addressing
Comparing IPv4 classes and addresses
Reviewing special and private IP addressing
Modifying options for IPv4
Exploring IPv6
Navigating the IPv6 header fields
Identifying the version, traffic class, and flow label
Evaluating the length, next header, and hop limit
Examining IPv6 addresses and address types
Comparing IPv6 address types
Editing protocol preferences
Reviewing IPv4 preferences
Adjusting preferences for IPv6
Discovering tunneling protocols
Summary
Questions
Discovering ICMP
Understanding the purpose of ICMP
Understanding the ICMP header
Investigating the data payload
Dissecting ICMPv4 and ICMPv6
Reviewing ICMPv4
Outlining ICMPv6
Sending ICMP messages
Reporting errors
Issuing queries
Providing information using ICMPv6
Evaluating type and code values
Reviewing ICMP type and code values
Defining ICMPv6 type and code values
Configuring firewall rules
Sending malicious ping sweeps
Allowing only necessary types
Summary
Questions
Understanding ARP
Understanding the role and purpose of ARP
Resolving MAC addresses
Investigating an ARP cache
Replacing ARP with NDP in IPv6
Exploring ARP headers and fields
Identifying a standard ARP request/reply 
Breaking down the ARP header fields
Examining different types of ARP
Reversing ARP
Evaluating InARP
Issuing a gratuitous ARP
Working on behalf of ARP
Analyzing ARP attacks
Comparing ARP attacks and tools
Discovering ARP spoofing
Reviewing the ARP storm
Understanding ARP attack tools
Defending against ARP attacks
Summary
Questions
Section 4: Working with Packet Captures
Troubleshooting Latency Issues
Analyzing latency issues
Grasping latency, throughput, and packet loss
Computing latency
Measuring throughput
Experiencing packet loss
Learning the importance of time values
Understanding the coloring rules
Exploring the Intelligent Scrollbar
Common transmission errors
Seeing duplicate acknowledgments
Observing keep-alive segments
Issuing retransmissions
Discovering the expert system
Viewing the column headers
Assessing the severity
Organizing the information
Sorting the data
Searching for values
Summary
Questions
Subsetting, Saving, and Exporting Captures
Discovering ways to subset traffic
Dissecting the capture by IP address
Narrowing down by conversations
Minimizing by port number
Breaking down by protocol
Subsetting by stream
Understanding options to save a file
Using Save as
Recognizing ways to export components
Selecting specified packets
Exporting various objects
Identifying why and how to add comments
Providing file and packet comments
Saving and viewing comments
Summary
Questions
Using CloudShark for Packet Analysis
Diving into an overview of CS
Finding CS
Sharing captures in CS 
Modifying the preferences
Uploading captures
Outlining the various filters and graphs
Displaying data using filters
Viewing data using graphs
Evaluating the different analysis tools
Following the stream and view conversations
Viewing packet lengths and VoIP activity
Exploring wireless, protocols, and possible threats
Discovering where to find sample captures
Downloading captures
Summary
Questions
Assessment
Chapter 1: Appreciating Traffic Analysis
Chapter 2: Using Wireshark NG
Chapter 3: Installing on a PC or macOS
Chapter 4: Exploring the Wireshark Interface
Chapter 5: Tapping into the Data Stream
Chapter 6: Personalizing the Interface
Chapter 7: Using Display and Capture Filters
Chapter 8: Outlining the OSI Model
Chapter 9: Decoding TCP and UDP
Chapter 10: Managing TCP Connections
Chapter 11: Analyzing IPv4 and IPv6
Chapter 12: Discovering ICMP
Chapter 13: Understanding ARP
Chapter 14: Troubleshooting Latency Issues
Chapter 15: Subsetting, Saving, and Exporting Captures
Chapter 16:Using CloudShark for Packet Analysis
Other Books You May Enjoy
Leave a review - let other readers know what you think
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Chapter 11: Analyzing IPv4 and IPv6
Next
Next Chapter
Chapter 13: Understanding ARP
Chapter 12: Discovering ICMP
Unreachable
Deprecated
Parameter problems
3
Ping
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset