Network Forensics with Wireshark

Demystifying Network Traces with Wireshark.

Key Features

● Decode and analyze network packets using Wireshark.
● Detect malware, and covert channel attacks in live traffic.
● Decrypt SSL/TLS traffic, and trace attacks end-to-end.

Book Description

In today’s digital world, Wireshark stands as the most powerful tool for uncovering what truly happens on a network.

Network Forensics with Wireshark will take you through a structured, hands-on journey — from grasping the basics of TCP/IP communication to advanced forensic analysis. Beginning with how data flows across networks, readers will learn to capture and interpret packets, identify anomalies, and analyze encrypted traffic through SSL/TLS decryption. As the book progresses, it dives into detecting malware behavior, tracing covert channel attacks, and understanding how attackers exploit vulnerabilities across evolving network architectures. Each concept is reinforced with practical exercises and real-world case studies, helping readers apply theory to investigation.

So, whether you are a student, network engineer, or cybersecurity professional, this book empowers you to analyze smarter, respond faster, and transform data into actionable security insight.

What you will learn

● Understand core network protocols and packet flow in depth.
● Capture, filter, and analyze traffic using Wireshark effectively.
● Identify anomalies, threats, and malware patterns in captures.
● Perform SSL decryption, and inspect encrypted traffic behavior.
● Reconstruct and analyze the complete cyber kill chain visually.
● Apply forensic techniques to detect and prevent network breaches.

Who is this book for?

This book is tailored for students, network engineers, cybersecurity analysts, SOC professionals, incident responders, penetration testers, and IT administrators who want to master network communication and packet analysis using Wireshark. A basic understanding of networking and curiosity about the OSI model will maximize the learning outcomes.

1. Overview of TCP/IP Model
2. Flow of Internet Traffic
3. SSL and Certificate Chaining
4. Evolving Network Architecture
5. Introduction to Wireshark
6. Tools to Analyze Wireshark Traffic
7. Malware Analysis on Wireshark
Index

Bhavik Shah has over 17 years of experience in Cyber Security, with deep expertise in designing and architecting networks where security is a primary focus. He has been a speaker at several universities, delivering talks on Network Forensics, and also at Cybersecurity Communities like Null. He has also spoken at Cisco Live on topics related to AI security and its various components. Through his first book, Network Forensics with Wireshark, Bhavik aims to highlight the significance of Wireshark, and how it can help in analyzing Network Traces efficiently.

About the Technical Reviewer

Om Karrahe is an Implementation Engineer with over three years of experience in the telecom and networking domain, specializing in protocol testing and packet-level analysis. He has worked extensively with tools such as Wireshark and the Seagull simulator to validate and troubleshoot signaling flows across 4G and 5G networks. His expertise spans key telecom components including CHF, PCRF, PCF, OCS, NRF, and OCSDRA, with practical knowledge of interfaces likeGy, Gx, Sy, and Ro.

Om’s strong foundation in Linux, SQL, and application configuration complements his deep interest in network protocols such as SIP, TCP, UDP, and Diameter. He has hands-on experience in analyzing PCAP traces, identifying anomalies, and ensuring system performance under load. His ability to connect theoretical protocol concepts with real-world packet behavior makes him an enthusiastic contributor to knowledge resources in the networking field.