I cannot recommend Kurose's textbook high enough since I've been using it from the 1st edition and it's by far the best textbook on the computer networking subject.
In the latest 8th edition the authors have removed the multimedia networking chapter for good and add more contents on Software Defined Network (SDN). Also finally in the latest edition the authors have also added the diagrams and discussions on IP as the narrow waist of the Internet. This very fact is so significant and important that it has been discussed here in HN recently [1].
> Solutions to these Wireshark labs are available for course instructors only from the publisher (not from the authors) - see our instructors' page for information about how to get a solution, either standalone or for an LMS.
I've always hated hiding information behind some sort of purported "moral high ground" of gatekeeping uncredentialed individuals from knowing the answers to material. Information wants to be free. Everyone who encounters public questions with private answers can and should publish solutions on an uncensorable service (multiple mirrors across archive.org or archive.is or Gists).
Meh. That sounds nice in theory, but there are many good practical reasons to keep answers private. The number one reason for me is it's very hard to build high quality exercises and assignments, and much easier for students to plagarize off answers on the internet. Reducing the temptation to cheat is pretty important for me.
Just realized I’ve been using Wireshark over two decades (well, Ethereal until 2006).
One thing some may overlook is that it uses WinPcap (now Npcap) to actually do packet capturing. It is trivial to make .NET and probably other framework applications to make your own special-purpose sniffer using that library.
I once wanted a feature that mimicked the Wireshark Conversations feature but didn’t require storing total details of every packet. Rather it just stored the bytes in/bytes out of every host seen on the wire. Had first version up in about an hour! Took a day and some iteration for it to be fast enough to handle the real-time flow of data coming from WinPcap though.
The amazing part behind the pcapng format is that it's a streamlined format for multiple network interface streams.
And, tcpdump and most snort using tools have support for it too. You can literally build a local IDS/IPS by using command line tools these days.
As a former network security engineer, wireshark helped me really _understand_ problems in network protocols, in addition to reading other implementations and the RFCs. It taught me about wrong assumptions in the protocols, naive implementations and their exploitable bugs, and so on. It's amazing as a tool to make unit tests with exported buffers for your parsers, too :)
Wireshark and tcpdump are really underappreciated tools in the network space, and I can highly recommend getting familiar with them. Having the possibility to have a remote pcap stream from a buggy server inside your local wireshark GUI is just way much more efficient for debugging. Debugging time is reduced from days to minutes, quite literally.
I use tcpdump in my CI/CD build environments, too, which makes debugging a failed network test a blaze. I can just open the pcap file with wireshark or do a local replay of the same packages to test the code, which is amazing.
You can use netsh trace to perform packet captures, and convert them to pcapng format. Real common for server workloads (where I don't recommend installing Wireshark.. analysis should not be done on the server, in case any type of vuln in Wireshark could be abused)
Excited to read the title of this post. I've been searching for general pcap labs recently to sharpen my packet analysis skills. A little disappointed to see it's from CNTDA (since i've already done the labs from 7th ed). It's been a while though perhaps I will revisit these labs for the 8th ed.
I've done a Wireshark lesson internally for coworkers with some similar examples, but this is so much more complete than what I'd put together. In the future I'll be using this instead, as it's exactly what I hoped / tried to do, but so much better.
(My lessons were the UI, capturing, writing filters, then as troubleshooting examples: unanswered SYN / properly setup TCP session, ICMP ECHO example, and SMB protocol version.)
The tendency to ascribe profound or wise sounding words to cultures perceived as exotic is interesting. The attribution to Franklin makes sense, the guy said a lot of wise things. Since this does originate in a Confucian context, "Chinese proverb" almost passes muster, but it's not quite complete.
There's probably a good career in pop psychology for someone who can deconstruct the various motivations for false attribution of profound and wise words.
"The big book of wise words and why we lie about who said them."
Probably the easiest answer to ascribing this is simply the lack of knowledge about the origin of the words, so they just... fill in the gaps with whom they believe could credibly say it. Not malice, just lack of knowledge. It's also simpler to convince and expose people with things that fit easyer with their model of the world and the cliches they have in their head.
Loved this book when I took my networking course. That course was one of the fondest memories in my undergraduate career. This book was a contribution.
I am wondering if the Wireshark "cryptographically opinionated" stance will change with the news of what OpenSSH has done with NTRU Prime.
This will be interesting to see.
"ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method."
"Formal complaint regarding 8 June 2021 incident - 2021.06.15, Daniel J. Bernstein
"Executive summary. A week ago Dr. Daniel Apon from NIST publicly accused me of professional misconduct. Specifically, he accused me of initiating private contact with NIST so as to provide false information to NIST regarding the timing of an upcoming announcement relevant to NIST’s ongoing decisions..."
> the Wireshark "cryptographically opinionated" stance
Are you thinking of WireGuard? This comment seems entirely unrelated to the link, which has exercises for using the WireShark packet sniffer to learn about network protocols.
In the latest 8th edition the authors have removed the multimedia networking chapter for good and add more contents on Software Defined Network (SDN). Also finally in the latest edition the authors have also added the diagrams and discussions on IP as the narrow waist of the Internet. This very fact is so significant and important that it has been discussed here in HN recently [1].
[1]The internet was designed with a narrow waist:
https://news.ycombinator.com/item?id=30483914