{"id":341,"date":"2020-10-31T21:02:31","date_gmt":"2020-10-31T20:02:31","guid":{"rendered":"http:\/\/www.labtinker.net\/?p=341"},"modified":"2020-10-31T21:02:31","modified_gmt":"2020-10-31T20:02:31","slug":"wireshark-workbook","status":"publish","type":"post","link":"https:\/\/labtinker.net\/?p=341","title":{"rendered":"Wireshark Workbook"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">With Winter evenings drawing in (in the Northern hemisphere), another lockdown on the cards (everywhere but New Zeland and China), Netflix running out and the liver needing a rest why not augment your familiarity with every networker&#8217;s tool of choice: Wireshark? This is a tool I&#8217;m sure everyone who&#8217;s  worked in IT has used at some time in their career to a greater or lesser extent. I myself have dabbled and always had the feeling that I was scratching the surface. It was with this in mind that I bought this book:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"220\" height=\"284\" src=\"http:\/\/18.135.13.153\/wp-content\/uploads\/2020\/10\/wireshark-workbook.jpg\" alt=\"\" class=\"wp-image-342\"\/><figcaption>Figure 1 &#8211; Labtastic packeteering.<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">The book is divided into sixteen labs and you can download the associated capture files and then attempt to answer the questions the author asks you. Some are easy, some are head-scratchers, and some you think you\u2019ve answered correctly but you won\u2019t have. Detailed explanations are given for each answer with extra information and tips often thrown in. You can probably do a lab in 30-40 minutes though it\u2019ll take longer if you want to do justice to the answers. The point is it can be dipped into and out of quite easily\u2026(I bought it about three or four months ago and am still working through it)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Two things I learnt amongst many: <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">First thing: you can download objects like jpg files from a capture. I did not know this. Never been to that menu\u2026know it now. &nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Second thing: The TCP wireshark preference \u2018Allow subdissector to reassemble TCP streams\u2019&nbsp; is something you want to be familiar with as it alters how your trace is presented and the order in which certain packets appear in it. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For example, if your trace contains a file downloaded over HTTP; the HTTP 200 response to the download request will come when the file download has completed (with this option ticked) allowing you to get a timing of how long the download took. With this option unticked, you will see the http response come at its \u2018true\u2019 time in the trace. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Imagine casually asking someone poring over a trace, \u201cAre allowing the subdissector to reassemble TCP streams?\u201d If they answer and give their reasons then just nod sagely; they\u2019ve probably read the book. If not, take off your glasses (I\u2019m playing to stereotypes here) and polish them while casually explaining the importance of this option. Then put your glasses back on to watch that gleam of admiration and wonder grow in their eyes.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The book&#8217;s physical format is a little unwieldly&nbsp; (close to A4 &#8211; a UK reference but think big) and it is a bit pricey. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>With Winter evenings drawing in (in the Northern hemisphere), another lockdown on the cards (everywhere but New Zeland and China), Netflix running out and the liver needing a rest why not augment your familiarity with every networker&#8217;s tool of choice: Wireshark? This is a tool I&#8217;m sure everyone who&#8217;s worked in IT has used at [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-341","post","type-post","status-publish","format-standard","hentry","category-books"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/posts\/341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/labtinker.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=341"}],"version-history":[{"count":0,"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/posts\/341\/revisions"}],"wp:attachment":[{"href":"https:\/\/labtinker.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/labtinker.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/labtinker.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}