In this live event I will be playing with Wireshark. I'll go through where to capture, what to capture, and the basics of decoding the traffic. It will be a fun and interactive event!
No waffle, straight into real world usage examples. Finally a great Wireshark tutorial from someone who clearly knows their stuff and can communicate it well. Thank you.
Hi Mike. God bless you, man. This is the video I have been searching for quite some time. It is so clear and so easy to understand. Especially the fact that you dismiss the color which has been an annoyance in almost all the rest of the videos on Wireshark. Many thanks
I thought this whole video was great, but my favorite part may have been at the end when you made yourself way bigger to emphasize the importance of capturing packets and learning everything before actual issues happen. I actually laughed out loud from seeing you become giant all of a sudden. Thank you for that.
The way you are teaching is great, I am new to Wireshark, but the way you conveyed the topic is great. Sir, please let me your another video. I want to start learning Wireshark from scratch till end means as a beginner till a fresher expert needed in Companies. I have worked as Network Engineer for two years and switching to Cyber Security. Currently a student at University. Your guidance would be of great help.
nice info.. i am interested in checking PLC packets in controllogix, automationDirect, HMI-touch-screens, Modbus, ethernet, etc. like some of the Fluke pricey stuff. thanks
AT about 27:00, I don't understand how we can definitively conclude that the problem is with the server. How can we assume that the 4.8 seconds it took to get the packet back is due to server processing time? What about the network path, can we be sure that the path back is the same as the path to?
John, good point. Since we received the ACK back, we have a pretty good idea of the round trip time of the circuit. While it is possible that it took a different path to get back, we would not expect a significant increase in the latency added by the network. If it were a few milliseconds different, that could be explained by network path. Once we start getting into seconds, it will be on the server side. I've always joked there is no Packet Lounge on the network. There really isn't a place that could buffer up packets for 4.8 seconds on the Internet.
Ive never worked with a tap before much less a fault tolerant tap. So its basically a small switch that has redundant Ethernet connections to the source. Do these types of taps have redundant power somehow? like a battery? I imagine having two power supplies connected to the same wall is pointless since the 2 wall outlets you're connecting to for power probably aren't redundant at all.
These taps have relays in them that are held open by the power. When they lose power, the relay closes and bypasses the electronics in the tap. It will pass data, but can't be used for monitoring, when power is lost.
Hi! When I click 'Follow TCP Stream' instead of showing me the info it shows you, it shows me some gibberish... Do you know what that is? I'm using Ubuntu.
Follow TCP Stream creates a filter on the TCP conversation and reassembles the data portion of the packets. In the case of protocols such as HTTP and SMTP, we can often see the clear text contents of the packets. Unfortunately, when we are assembling protocols such as HTTPS, the traffic in the packets is encrypted and comes out as gibberish. In that case, I just close the packet contents window and work on analyzing the flow of packets. As time goes on, more and more traffic is encrypted and that window serves less of a purpose. Which is a big bummer.
Hi, I'm really new to wireshark (got it about two days ago)... and for some reason I can't decrypt the packets, I've already entered a WPA-pwd (in a valid format, checked it multiple times) , yet only some packets seem to be decrypet, while most stay encrypted.... I well aware of the 4 way handsahke and wireshark needing to capture the device connect to the internet in order to decrypt it.. Which I've tried doing waayyy to many times (probably spend more than 6 hours trying) I'm really confused on how wireshark is supposed to capture the 4 way handshake, am I supposed to connect to the internet with my laptop, start wireshark and then boot up the device I want to analysis/watch it's traffic or am I supposed to capture my laptop connecting to the internet ( btw my laptop is connected via wifi and the target device it connected via lan cable). Don't mind the run on sentence and typos, I'm in quite a hurry... ^_^
as with a lot of these videos you know it so well you just scoot around the screen and say things like "go here and then here" etc. Please slow down and explain what to you is obvious. For a newbie, we do not know most of the basics and that is why we are watching. for the most part good explanations but show us how you got there. ie now we send the trace again. th anks
That and it has some good examples of packet loss and the TCP retransmission timer in action. I probably should update some of those. Good news is that TCP hasn't changed much in the last 15 years.
On the bottom of that window try changing, "Show and save data as" to Hex dump or something else. Otherwise make sure you have added the WEP and WPA decryption keys under preferences>protocols>IEEE 802.11>"Decryption keys: Edit...". There are videos on here about how to do this that explain in more detail.
No waffle, straight into real world usage examples. Finally a great Wireshark tutorial from someone who clearly knows their stuff and can communicate it well. Thank you.
Hi Mike. God bless you, man. This is the video I have been searching for quite some time. It is so clear and so easy to understand. Especially the fact that you dismiss the color which has been an annoyance in almost all the rest of the videos on Wireshark. Many thanks
I thought this whole video was great, but my favorite part may have been at the end when you made yourself way bigger to emphasize the importance of capturing packets and learning everything before actual issues happen. I actually laughed out loud from seeing you become giant all of a sudden. Thank you for that.
Great video. Understanding the significance of the capture was exactly what I was looking for. Good work!
Great tutorial especially on DNS troubleshooting! Thanks a lot!
The way you are teaching is great, I am new to Wireshark, but the way you conveyed the topic is great. Sir, please let me your another video. I want to start learning Wireshark from scratch till end means as a beginner till a fresher expert needed in Companies. I have worked as Network Engineer for two years and switching to Cyber Security. Currently a student at University. Your guidance would be of great help.
Great video! Very easy to watch and understand. This was a great refresher for me.
Top shelf as always.
Thank you so much ! very informative video !
Very interesting and well made. Thanks a lot!
Great work an information... Thank you very much Mike
great video; learnt so much in short time. thanks.
Thank you. Really nicely explained. Liked the DNS server tip.
Nice deep dive on Wireshark.
Excellent video Mike.
Thank you for keeping this video on You Tube...very nicely explained.
This guy's speech has shades of Jeff Goldblum.
Great Video
Very impressive
wow its a great video and trouble shooting thanks
Please can you elaborate on how to decode the hex in each frame.
Very well done practical presentation of Wire Shark .Will you be attending the Cyber Symposium in Sioux Falls, SD on Aug 11,11,12?
Great Video New to wire shark so a great start for me
nice info.. i am interested in checking PLC packets in controllogix, automationDirect, HMI-touch-screens, Modbus, ethernet, etc. like some of the Fluke pricey stuff. thanks
Thank you very much
Thanks a lot. Very
GOLDBERG sure does know a lot
AT about 27:00, I don't understand how we can definitively conclude that the problem is with the server. How can we assume that the 4.8 seconds it took to get the packet back is due to server processing time? What about the network path, can we be sure that the path back is the same as the path to?
John, good point. Since we received the ACK back, we have a pretty good idea of the round trip time of the circuit. While it is possible that it took a different path to get back, we would not expect a significant increase in the latency added by the network. If it were a few milliseconds different, that could be explained by network path. Once we start getting into seconds, it will be on the server side. I've always joked there is no Packet Lounge on the network. There really isn't a place that could buffer up packets for 4.8 seconds on the Internet.
Ive never worked with a tap before much less a fault tolerant tap. So its basically a small switch that has redundant Ethernet connections to the source. Do these types of taps have redundant power somehow? like a battery? I imagine having two power supplies connected to the same wall is pointless since the 2 wall outlets you're connecting to for power probably aren't redundant at all.
These taps have relays in them that are held open by the power. When they lose power, the relay closes and bypasses the electronics in the tap. It will pass data, but can't be used for monitoring, when power is lost.
Hi, I know long time agoi since the video was provided but is it possible to get the PCAP Files? the link below does not have it
the content in the hex needs to be decoded and converted into messageFrame
Hi! When I click 'Follow TCP Stream' instead of showing me the info it shows you, it shows me some gibberish... Do you know what that is? I'm using Ubuntu.
Follow TCP Stream creates a filter on the TCP conversation and reassembles the data portion of the packets. In the case of protocols such as HTTP and SMTP, we can often see the clear text contents of the packets. Unfortunately, when we are assembling protocols such as HTTPS, the traffic in the packets is encrypted and comes out as gibberish. In that case, I just close the packet contents window and work on analyzing the flow of packets. As time goes on, more and more traffic is encrypted and that window serves less of a purpose. Which is a big bummer.
@@MikePennacchi got it, thank you very much!!!
Thanks sir
Hi, I'm really new to wireshark (got it about two days ago)... and for some reason I can't decrypt the packets, I've already entered a WPA-pwd (in a valid format, checked it multiple times) , yet only some packets seem to be decrypet, while most stay encrypted.... I well aware of the 4 way handsahke and wireshark needing to capture the device connect to the internet in order to decrypt it.. Which I've tried doing waayyy to many times
(probably spend more than 6 hours trying) I'm really confused on how wireshark is supposed to capture the 4 way handshake, am I supposed to connect to the internet with my laptop, start wireshark and then boot up the device I want to analysis/watch it's traffic or am I supposed to capture my laptop connecting to the internet ( btw my laptop is connected via wifi and the target device it connected via lan cable).
Don't mind the run on sentence and typos, I'm in quite a hurry... ^_^
can you explain what is protected payloads
How did you set up a "fault tolerant tap?"
Got a link to that amazon page?
sir pls tell me the procedure for extracting RTP or SIP streams from USBPCAP..
how should one analyse captured wireshark and give report
as with a lot of these videos you know it so well you just scoot around the screen and say things like "go here and then here" etc. Please slow down and explain what to you is obvious. For a newbie, we do not know most of the basics and that is why we are watching. for the most part good explanations but show us how you got there. ie now we send the trace again. th anks
I'm trying to find free host site webpages for my cellphone isp can you help me?
Can you provide data packets?
He used a 15 year old trace file because everything is compressed and https now.
That and it has some good examples of packet loss and the TCP retransmission timer in action. I probably should update some of those. Good news is that TCP hasn't changed much in the last 15 years.
Where can I find pcap files to download and analyze?
Here is a great source for sample capture files - wiki.wireshark.org/SampleCaptures
23:45
20:11 after i follow TCP i get to that window but mine looks encrypted
On the bottom of that window try changing, "Show and save data as" to Hex dump or something else. Otherwise make sure you have added the WEP and WPA decryption keys under preferences>protocols>IEEE 802.11>"Decryption keys: Edit...". There are videos on here about how to do this that explain in more detail.
why wouldn't you just use some 18650's
where is the ( Decoding ) lol
Did you not watch the video? This is basic level information, but highly valuable.
two forty five //// 34:13
how did you rip off your thumb nail?
The first part is useless. Since when did the power suddenly go off? We live in 2019 man.
easy for u to say, u don't live in a 3rd world country
@@abde999 it's called a generator it's not rocket science.
power never went out in 1700 but its going out now... smh