Review: Practical Packet Analysis

Full Title: Practical Packet Analysis: Using Wireshark to Solve Real - World Network Problems
Edition: Second
Published: 2011
Author: Chris Sanders
Pages: 255
Publisher: No Starch Press

Synopsis:
Whether you are just starting out, or are more advanced, if you need to understand what is on your network, this book should be on your bookshelf. Chris Sanders has found a way to start from the first principles necessary to perform and understand packet analysis, while at the same time providing a book which is useful to the more advanced. The writing style is very easy to read and very logically organized. Figures are used on nearly every page and real life scenarios are woven throughout the text, reinforcing the material wonderfully.

The book is divided into 11 chapters divided roughly into a beginner, intermediate, and advanced sections.

The first four chapters are aimed at the beginner who is not very familiar with Wireshark.

The first chapter provides the basics of networking and packet analysis.

The second chapter delves into the basics of sniffing and sniffer placement.

Chapter three goes into a brief history of Wireshark, installing Wireshark and how to capture and read Wireshark packet captures.

In chapter four the basics of working with the Wireshark features are covered, including saving, exporting and merging capture files as well as capture options and filtering captures.

Chapters five to eight cover more advanced material.

In chapter five some of the additional Wireshark features are covered, including how to use the protocol dissectors, following TCP streams, and graphing.

Chapter six looks into some of the common lower layer protocols and how they look in Wireshark.

Chapter seven repeats the same exercise with some higher level protocols like HTTP, DNS, and DHCP.

Chapter eight is my favorite section, walking through some real world packet analysis scenarios.

Chapters nine through eleven present even more advanced material, including troubleshooting network issues, using Wireshark for security analysis and analyzing wireless packets.

Summary:
This is a very good book for the beginning or novice network analyst and an excellent reference for the more advanced analyst. If you use or are hoping to use Wireshark this book will be a useful addition to your bookshelf.

Review: Practical Packet Analysis

Full Title: Practical Packet Analysis: Using Wireshark to Solve Real - World Network Problems
Edition: Second
Published: 2011
Author: Chris Sanders
Pages: 255
Publisher: No Starch Press

Synopsis:
Whether you are just starting out, or are more advanced, if you need to understand what is on your network, this book should be on your bookshelf. Chris Sanders has found a way to start from the first principles necessary to perform and understand packet analysis, while at the same time providing a book which is useful to the more advanced. The writing style is very easy to read and very logically organized. Figures are used on nearly every page and real life scenarios are woven throughout the text, reinforcing the material wonderfully.

The book is divided into 11 chapters divided roughly into a beginner, intermediate, and advanced sections.

The first four chapters are aimed at the beginner who is not very familiar with Wireshark.

The first chapter provides the basics of networking and packet analysis.

The second chapter delves into the basics of sniffing and sniffer placement.

Chapter three goes into a brief history of Wireshark, installing Wireshark and how to capture and read Wireshark packet captures.

In chapter four the basics of working with the Wireshark features are covered, including saving, exporting and merging capture files as well as capture options and filtering captures.

Chapters five to eight cover more advanced material.

In chapter five some of the additional Wireshark features are covered, including how to use the protocol dissectors, following TCP streams, and graphing.

Chapter six looks into some of the common lower layer protocols and how they look in Wireshark.

Chapter seven repeats the same exercise with some higher level protocols like HTTP, DNS, and DHCP.

Chapter eight is my favorite section, walking through some real world packet analysis scenarios.

Chapters nine through eleven present even more advanced material, including troubleshooting network issues, using Wireshark for security analysis and analyzing wireless packets.

Summary:
This is a very good book for the beginning or novice network analyst and an excellent reference for the more advanced analyst. If you use or are hoping to use Wireshark this book will be a useful addition to your bookshelf.

OS X Lion Security Features

I, like many others, installed OS X Lion today. It took about half an hour to download, and another half hour to install. The only issue I noticed was a permissions problem with BOINC. A BOINC reinstall fixed that.

From a security point of view there are a number of features worth noting:

• Application sandboxing for apps purchased through the App Store. Sandboxing limits apps interaction with the system. Of course there are a lot of other places besides the App Store to get OS X apps, but it is a start.
• Lion joins Windows and Linux by completing the implementation of Address Space Layout Randomization (ASLR). ASLR makes it harder for exploit writers by making it difficult to predict where application components will load in memory.
• Filevault now supports full disk encryption, an instant disk wipe capability and encryption of external devices. Filevault can also be used to encrypt backups.

Those are the big ones, but there are a bunch more security and privacy features in the file sharing, screen sharing, and Safari that are also worth a look.

Wanna spread your knowledge?

I think it is time to revive this concept! Originally Regina Whitehats was my vehicle to promote security in Regina and surrounding area. That idea met with limited success, but did get small amount of momentum. Since then security in Saskatchewan has grown and we are blessed with some very smart security practitioners. Maybe now is is the time to turn this knowledge outward?

I am willing to open this blog up to other writers. If you are a Saskatchewan based security practitioner and you would like to spread your security knowledge to the world, please contact me. Ideally I would like a dozen bloggers who would like to promote themselves and Saskatchewan's security knowledge to the world.

B-Sides SK anyone?

We haven't had a good security conference in the SK in a while...so let's make one! Anybody interested in helping (organizing, speaking, sponsoring, etc.) with a Security B-Sides event in Regina please contact me. I would like to try and roll one up for spring.

For those of you not familiar with the Security B-Sides concept here is their website with an explanation.

Next event, Friday, September 14th, 2007

Sorry all! The June event just didn't happen.

Communication has been a big problem, we have no easy way of communicating with each other to plan events. So, I have been working on a better way. Eventually I hope to end up at securitylinkup.com, but in the meantime I have created a discussion forum on Citysec at http://citysec.org/forums/1/topics/44. If you go to this link and sign-up, you can click on "Monitor Topic" and you will be informed of any discussions in the group.

As for the next get together...I am proposing Friday September 14th. This is just ahead of the local CSI Services conference ForenSec Canada 2007 so their may be a guest available.

Please send me an email if you have any ideas on venue.

Rick

Next Event June 22nd

A date has been set for the next get together, most likely the last one until fall. The date is Friday June 22nd at 7PM. Please pencil it into your calendar. The location is still TBD, but I am leaning towards a BBQ at my house. More details to follow.

We have a logo!!

Everybody knows that all successful groups need a great logo. So until someone comes up with something better, here is my logo.

I think it sums up all the criteria. A white hat with a definite prairie character...but not too white...everybody knows that to be an effective whitehat you have to be a little grey...and of course an I heart Regina button.

Hope you like it!

Reminder: Inaugural event Friday

Just a reminder...the inaugural regina.whitehats.ca chapter get together is this Friday, April 13th at 7:00 PM at O'Hanlon's pub. I am hoping for a good turnout.

As an aside, I noticed that this event got some press in the Canadian Information Security Newsletter put out by Robert Beggs at Digital Defence. Thanks Robert!

See you all Friday!

Rick

Clarification

I have been asked by a couple of people to clarify the criteria. The post said:

" But I warn you, even though we will all check our certifications at the door, I am hoping to have presentations at these meetings aimed at people who perform hands-on operational security work. If you are a security novice or spend your days writing policy, this group may not be for you."

Some of my favorite people are policy writers with a good technical background, so let's modify the criteria a little.

If someone starts talking geek and you immediately zone out and go to sleep, then this is the wrong crowd for you. If on the other hand you immediately lean closer, and ask for more information, then you're in the right place.

Hope this helps!

Rick

Inaugural Event

The date and location has been set:

The first event will be on Friday April 13th, (What better day than Friday the 13th?), at O'Hanlon's Pub, 1947 Scarth St. at 7 PM.

See y'all there.

Welcome to Regina Whitehats!

This is the inaugural post for an exciting new security group in Regina, Saskatchewan, Canada. Over the next few weeks I hope to lay the groundwork for a regular get together of security practitioners in this fine city. This group will be ala Richard Betjlich's NovaSec, and Matasano's Chisec

The principle is simple..."We find a place to meet, we pick a time, and we talk security tech." The major goal is to provide an informal vehicle for security networking in the Regina area. Meetings are open to all in Regina and vicinity with an interest in information security. But I warn you, even though we will all check our certifications at the door, I am hoping to have presentations at these meetings aimed at people who perform hands-on operational security work. If you are a security novice or spend your days writing policy, this group may not be for you.

The group will be a chapter of whitehats.ca hopefully someday having its own mailing list and website. But for now let's start with baby steps. I would like to hold the first meeting in April. For this first meeting probably just a nice quiet place to sit and talk, maybe have few brews. If you have any suggestions please contact me by leaving comments below or emailing me.

Rick