reference books
Wireshark Packet Analysis in Action (2nd Edition)" rearrangement
Specific protocol reference address
http://chrissanders.org/packet-captures/
Tcpdump usage instructions
tcpdump -i eth0 host 113.31.72.210 and port 80 -X -e -nn > client.txt
To allow wireshark to analyze tcpdump packets, the key point is the -s parameter, and it must be saved as a -w file, such as the following example:
./tcpdump -i eth0 -s 0 -w SuccessC2Server.pcap host 192.168.1.20 capture All packets on the host, let wireshark
filter./tcpdump -i eth0 'dst host 239.33.24.212' -w raw.pcap filter when capturing packets
Snort Detection Tool
wireless network tool
kismet
http://www.kismetwireless.net/
airpcap
Cain & Abel
Scapy
netdude
CloudShark
NetworkMiner
Tcpreplay
ngrep
libcap
hping
Domain Folder
SANS Security Intrusion Detection In-Depth Course
http://www.packetstan.com
http://www.wireshirktraining.com
TCP/IPIIIustrated
The TCP/IP Guide