With all the buzz around Deepseek AI, I threw a couple of packet captures at it to see if it could help with the analysis and find root cause. I was actually pretty happy with the results, but I still had to dig deeper and fact-check the AI analysis. Not quite there yet but close! You can download the first pcap and follow along here: github.com/packetpioneer/yout... If you like, please let me know!! It helps. Really. Want more packet goodness? == More On-Demand Training from Chris == ▶Getting Started with Wireshark - bit.ly/udemywireshark ▶Getting Started with Nmap - bit.ly/udemynmap
That's pretty cool. I did this on a local copy of Deepseek and Ollama to run it local. I used a packet from created when I started got through your masterclass series. Very cool. I can see where this would be extremely helpful to help navigate a capture. I'd still look at the actual capture but a 2nd set of eyes to partner with. This is where AI has great potential.
It's something we've been doing in cybersecurity for a few years. There are some interesting open-source projects from Nvidia using Morpheus and the Triton inference server. Converting to text might not be the best method, either. With the Nvidia projects, we convert to JSON, which the APIs speak natively. There's a lot of existing research and development on these topics if you're interested.
ya.... AI is not for making giraffe snakes or helping sponsored gladiator/astrologers and witches do "technomancy" while the old have not caught up with the new... the new have not caught up to the old....
One issue is that you're using the older v3 model instead of the newer reasoning (r1) model which is what deepseek blew up in popularity from. At the bottom of the input text bar you can enable the R1 Reasoning "Deepthink". You will likely see better and more in depth results.
I can't believe he is not aware of it as well. Almost everyone else reviewing DeepSeek online has pointed that option out, and that it is also right below the prompt field with a clear label. He seems to have just jumped right into it without actually exploring how to use it, just unbelievable! 🤣
Chris! This is really nice. Thank you for putting this video together for us. I will use it to practice and get some guidance to improve my traffic analysis skills 🤗
Thank You Chris once again for your hints! Haven't been long on your channel, but glad You are still here and making very handy content. ;-) (literally a few years back You teached me from scratch thru your series how to read pcaps) From zero to hero BRO 👍
That was fascinating. I'm now going to go back and use the packet captures that you've supplied to us previously and experiment with DeepSeek and the other AI platforms, see if I can learn something new. Thanks.
I do this often and it's dependant on the size of model used. I run models locally and compare those to o1 for example. What's impressive is that the response from a
Amazing video and great content as always. Thank you for doing these videos. My two cents: could you name the files differently like 'capture1.txt' before uploading to Deepseek? This way we will know that Deepseek didn't use the file name as a clue of the issue. Again, thank you.
wow chris I just finish your video with D.Bombal u guys are doing a great great job, now so quick u are teeling us about deepseek THx for all the information you give
I use a tool called Tracewrangler. I would share a video of how to use it but I haven't made one yet! My mistake, I will get to that soon... www.tracewrangler.com/
I know you can ask these LLMs loaded questions to get them on the right track or to sway them. I wonder if the filename affects its output, or the speed of response. Are we leading it?
The file name is not as crucial for RAG as the contents. The file can be called anything. What's used in the embedding is the contents of that file. The name is far less significant than the process.
How about running DeepSeek locally, then monitor the network to see if it is secretly reaching out and sending data back to China. In concerns me anytime I run anything that was developed in China. I know Ollama and LMStudio can run DeepSeek models. I find it hard to believe they wouldn't embed something bad in DeepSeek.
Amazing!! ....by the way: I'm a dummy on this, but, I'd listened that you can hear calls/audio/packets. Is it possible? How?....and....can we automate this with A.i.?......Thanks!
Oh I thought you were going to run wireshark while you use a local DeepSeek model and examine its network activity so we can 'know' where or if the data is going.
Thanks for the comment and with all due respect, when did I say that you can put anything into an American AI server? You need to sanitize your pcaps if you put them anywhere not your network, esp that is accessible. Period. End.
You might have kind of given it away by naming the files... like, undoubtably it adds bias to the output when you name the datasource e.g. "rst errors" instead of just "pcap", no?
I recommend asking it the problem he found it the packet without saying further information such, why does break Meanwhile if this working well by training it can do some complex tasks that cybersecurity analyst take around 15 minutes to find out.
Imagine you create AI agen to automatically do all that for you and report back to you! I have already left this Cyber Security career..after 30 years doing this shit!
The one thing AI will not thrive on is cyber security. If this thing hallucinates and misses a serious threat while analyzing packets, the company is done.
Helo Cris i lookin g you do this deepsek wit the sharks ande i like. looke good fo me tank you much. so look mor sharks for this deepsek. also my siestes like you hannesom i pushe thies botton an look fo buy shaks you my fient. i like thies anmay be i now won the gifft you tank you. I hav ni poblem fo many monnies buy the sharhs. how much for tis sharks to buy tank you? im like thies vere good tank you cris tank you
With all the buzz around Deepseek AI, I threw a couple of packet captures at it to see if it could help with the analysis and find root cause. I was actually pretty happy with the results, but I still had to dig deeper and fact-check the AI analysis. Not quite there yet but close!
You can download the first pcap and follow along here:
github.com/packetpioneer/yout...
If you like, please let me know!! It helps. Really.
Want more packet goodness?
== More On-Demand Training from Chris ==
▶Getting Started with Wireshark - bit.ly/udemywireshark
▶Getting Started with Nmap - bit.ly/udemynmap
what did you have to fact check please
As always, no BS, straight to the point content, Chris's videos are the best!!
Thanks for the comment! 🙏
That's pretty cool. I did this on a local copy of Deepseek and Ollama to run it local. I used a packet from created when I started got through your masterclass series. Very cool. I can see where this would be extremely helpful to help navigate a capture. I'd still look at the actual capture but a 2nd set of eyes to partner with. This is where AI has great potential.
Never thought of using AI model for pcap analysis. Thank uou
It’s a powerful combo, right? Thanks for watching!
It's something we've been doing in cybersecurity for a few years. There are some interesting open-source projects from Nvidia using Morpheus and the Triton inference server. Converting to text might not be the best method, either. With the Nvidia projects, we convert to JSON, which the APIs speak natively. There's a lot of existing research and development on these topics if you're interested.
@@redlinejoes you mind sharing more details pls.
ya.... AI is not for making giraffe snakes or helping sponsored gladiator/astrologers and witches do "technomancy"
while the old have not caught up with the new...
the new have not caught up to the old....
Chris this is fantastic! It is interesting how it can help speed up analysis however knowing the skill is essential and so fortunate for your work.
One issue is that you're using the older v3 model instead of the newer reasoning (r1) model which is what deepseek blew up in popularity from. At the bottom of the input text bar you can enable the R1 Reasoning "Deepthink".
You will likely see better and more in depth results.
I recommend trying it again and seeing the difference between a normal model and a reasoning model (If any in this case.)
Nice call thank you.
It produces similar results, but sometimes, the MoE in the CoT process of the "reasoning" model will argue with itself and get stuck in a loop.
I can't believe he is not aware of it as well. Almost everyone else reviewing DeepSeek online has pointed that option out, and that it is also right below the prompt field with a clear label. He seems to have just jumped right into it without actually exploring how to use it, just unbelievable! 🤣
@@redlinejoes They are definitely not producing similar results; r1 is much more 'error-proof'
Chris! This is really nice. Thank you for putting this video together for us.
I will use it to practice and get some guidance to improve my traffic analysis skills 🤗
Go get it!!
At last one sensible expert, warning about security and privacy of deepseek👍
YES ! Everyone is so exited to use the newest 'smartes' CSV file they forget who/where it reports to.
Chris, always cutting edge, on spot, current. Nice
Thank You Chris once again for your hints! Haven't been long on your channel, but glad You are still here and making very handy content. ;-)
(literally a few years back You teached me from scratch thru your series how to read pcaps) From zero to hero BRO 👍
Welcome back!
Excited for the future auto AI packet analysis
That was fascinating. I'm now going to go back and use the packet captures that you've supplied to us previously and experiment with DeepSeek and the other AI platforms, see if I can learn something new. Thanks.
Have fun!
Thank you for great tutorial. Didn't think about Deepseek for packet debugging
Thanks for keeping us up to date, this is really cool.
Thanks for this Video, it's very cool to see the posibilies of AI in the IT Security!
Good Job DeepSeek AI! one more source to get job done! and thank you Chris happy new year for you and your family
Thanks for watching!
Great video sir. I look forward to your next video.
Great video as always. So the message is, "Deepseek is good, but not Chris Greer good." I can empathize with Deepseek, we do our best.
haha.. one day it will be better. But for now at least it got us most of the way there. Thanks for watching and commenting!
Better prompts produce better results. It's a skill issue, not a limitation of the model.
@@redlinejoes but if you know networking you don't need to query the LLM in the first place, so no real skill issue😉
@@TheGTP1995 Are you lost?
Great video Chris. Very interesting!
Amazing job, Chris.
You're gonna make a packet head out of DeepSeek! Thanks for the video, great to see it!
I'll send it the tshirt. 👍 Thanks for watching!
Good video, I just discovered your channel. It will be great to see this experiment with the R1 model.
Thanks for coming and commenting! I’m gonna do a few more of these with more models. Stay tuned! 👍
Thanks, Chris! Great demo and information. I appreciate the insight.
Thanks for the watch!
Hey! I am Working for SonicWall! don't blame us! ..just kidding...
never used AI to analyze packets, will give a try!
awesome video! as usual!
thanks
Hey it was just the config not the box, it's all good. I've got other pcaps that blame other vendors too... 😆
It can be interesting if you compare the result with another AI like chatgpt to see which can be more precise in this exercise 😁
Great thinking - I actually have that on my list of videos to shoot. Thanks for the comment! 👍
I do this often and it's dependant on the size of model used. I run models locally and compare those to o1 for example. What's impressive is that the response from a
good video,i always watch every video you uploaded,and i have learned lots of network knowledge especially wireshark ,thanks for your efforts
Thank you for the comment!
Thank you Chris, Excellent test and confirmation that AI chat bots may in fact become part of our workflow.
I agree - I think they are going to be a very helpful tool, at least with an initial analysis!
Amazing video and great content as always. Thank you for doing these videos.
My two cents: could you name the files differently like 'capture1.txt' before uploading to Deepseek? This way we will know that Deepseek didn't use the file name as a clue of the issue.
Again, thank you.
Nice analysis demo.
Great stuff 👍🏻
This could be fantastic with a local DeepSeek r1 instance.
New insights..thanks Chris
More to come!
as usual, amazing stuff
Thanks!.. Didn't know you can do this with wireshark
Glad it helps, enjoy!
Interesting lab! Thanks for sharing!!!
Thanks for watching!
Thanks for the video. I wonder how it would have performed on the second capture if you had turned on deepthink for reasoning
I'll try it out and see what happens!
Awesome video! Curious to see how Qwen 2.5 would perform as well...
Hmmm…. Comparison? Next vid?
It would be very interesting in finding out with wireshark if there are leaks in a local install of Deepseek??? Important for businesses
wow chris I just finish your video with D.Bombal u guys are doing a great great job, now so quick u are teeling us about deepseek THx for all the information you give
Thanks for the feedback! Deepseek is pretty cool.
Really fun stuff. NG AI-based IDS systems do this all day, but they don't really analyze why something didn't work, rather suspicious things.
Is there any particular reason you did not click on the DeepThink (R1) button in DeepSeek's UI?
then he wouldn't have any content for his channel lol
Very cool. Would love to see some cyber security examples to see if it comes up with the correct conclusion.
Great idea. On to some malware analysis!
Would love to see the comparison with chatgpt and other AI models
On it! Next up I am going to do a Deepseek vs ChatGPT vs Packet Copilot sort of thing. Thanks for the suggestion.
Waiting...😊
@@ChrisGreeryou are a gentleman and a scholar
Get info as usual Chris. One question I have is how do you sanitize the data before submitting it?
I use a tool called Tracewrangler. I would share a video of how to use it but I haven't made one yet! My mistake, I will get to that soon...
www.tracewrangler.com/
@ChrisGreer You sir, are a certified Rock Star!!!!!
Awesome, idea!!!!
Thanks for the feedback! Gonna do a few more of these.
I know you can ask these LLMs loaded questions to get them on the right track or to sway them. I wonder if the filename affects its output, or the speed of response. Are we leading it?
It could be interesting to see, if the distilled versions of Deep Seek could come to the same conclusion.
Cool video!
🔥🔥🔥
I wonder if the file name helps it though.
I was actually wondering that myself as well. I'm going to shoot another video with a different AI and see if that makes a diff. I'll post it.
The file name is not as crucial for RAG as the contents. The file can be called anything. What's used in the embedding is the contents of that file. The name is far less significant than the process.
Thanks 🙂.
absorbed knowledge thanks bro
Always welcome
Great video.
Can I provide AP logs and syslogs to Deepseek and will it debug the logs and give client disconnect reasons?
I think you just used deepseek v3 and not r1 (you need to activate it by toggling the deepthink button in the right bottom of the chat text box)
I am following the sames you did, but deepseek not accepting the fille saying "extract only text from images and files"
Very nice. Going to try it locally using ollama AND LM Studio to rate their inferences. I mean, why feed someone else when you can run your own.
I'm gonna start working on my own as well... more to come and thank you for the comment!
Love from Bangladesh bro.
Love back!
Chasing that algorithmic trend ;)
Ok kewl. Now, lets feed it some from Malware Traffic Analysis repo pls
Nice ❤
am not able to upload text file
Dude enable R1 …..this is weird to use the older v3 model without reasoning
How about running DeepSeek locally, then monitor the network to see if it is secretly reaching out and sending data back to China. In concerns me anytime I run anything that was developed in China. I know Ollama and LMStudio can run DeepSeek models. I find it hard to believe they wouldn't embed something bad in DeepSeek.
That is a GREAT idea!! 👏👏 💡
Amazing!! ....by the way: I'm a dummy on this, but, I'd listened that you can hear calls/audio/packets. Is it possible? How?....and....can we automate this with A.i.?......Thanks!
Thanks
lol you didn't even use the reasoning R1 model, which is probably way better for this task
Not really TBH, I’ll be posting soon on R1 vs Chat vs OpenAI soon.
But didn't you already give it a hint by namking the file name as tlsbroken.txt ??
Possibly. - we will see on another video 👍
I got palo firewall to analyze 😅😅
👏🏻👏🏻👏🏻
Song name??
Oh I thought you were going to run wireshark while you use a local DeepSeek model and examine its network activity so we can 'know' where or if the data is going.
That video is definitely in the works! Thanks for watching and please stay tuned. 👍
Maybe run a pcap?
How do you use the deepseek? I can get submit a couple of prompts daily, otherwise the servers are busy...
I saw that too - give it another try in a few mins.
Run it locally using your GPU
If it is American ai server whatever data you can put, but if it other countries, warning signs. Isn't that hypocrisy
Thanks for the comment and with all due respect, when did I say that you can put anything into an American AI server? You need to sanitize your pcaps if you put them anywhere not your network, esp that is accessible. Period. End.
neato!
👏👏👏
You might have kind of given it away by naming the files... like, undoubtably it adds bias to the output when you name the datasource e.g. "rst errors" instead of just "pcap", no?
I recommend asking it the problem he found it the packet without saying further information such, why does break
Meanwhile if this working well by training it can do some complex tasks that cybersecurity analyst take around 15 minutes to find out.
That is definitely the goal. I will be posting much more on this topic.
"Tell me what the problem is in this file that I named with what the problem is" doesn't seem like much of a test.
Imagine you create AI agen to automatically do all that for you and report back to you!
I have already left this Cyber Security career..after 30 years doing this shit!
A/b with other well known and used ai enhancements led search engines
The one thing AI will not thrive on is cyber security. If this thing hallucinates and misses a serious threat while analyzing packets, the company is done.
Splunk should AI jazzed their software
I _am_ a packet-person... :o
I wonder if it could be jerry rigged into any APIable network ecosystem and eat Mist's lunch
Great stuff
Why did you name the file 'tcpresets'? You gave extra-context, man!
Haha you are totally right, I am gonna do some further content about that. Thanks for the comment!
Men you look soo good with Beard ... pls dont do full shave ever ... Thank you for the video
Thanks! I’ll keep it. 🧔🏻♂️
Why no one before do this tests to any other llm !!!!!!!
Is not a question
Enable the “deep think R1” flag, then it will try to reason its conclusions
You're not using R1, you're using DeepSeek V3, you need to select R1 to activate it....
Next video…. On it! 👍 thanks for commenting.
Helo Cris i lookin g you do this deepsek wit the sharks ande i like. looke good fo me tank you much. so look mor sharks for this deepsek. also my siestes like you hannesom i pushe thies botton an look fo buy shaks you my fient. i like thies anmay be i now won the gifft you tank you. I hav ni poblem fo many monnies buy the sharhs. how much for tis sharks to buy tank you? im like thies vere good tank you cris tank you
It looks like cybersecurity will be cut by 90% like software engineers in a couple of years right ? I see people are so much in denial 😂
Yeah I will prob be out of a job soon too 😆
@ well you can still be part of the 10% that stays mate or you think all will be wiped iut
There should be always a human in this loop
@ sure thats why i said 90%
All good great until it's found it really Chinese spyware.
All LLMs are Spyware.