CORRECTION: At 11:45 HTTPS traffic goes on port 443, not 80. The correct filter is: "tcp.port==443". Port 80 is usually HTTP traffic. Sorry, had a lot going on in this one!
@@BettyDuBois This clarified my confusion. I was wondering why the HTTP packets were encrypted. I was starting to doubt my knowledge of computer networking, haha
You've got an absolutely amazing ability to explain things quickly and clearly. I tend to get bored and distracted when I visit UA-camr videos explaining topics like these so I quickly jump to something else. People can talk so slow and repeat themselves so many times, I get antsy to hear what's next. I'm learning a lot from your video. I just downloaded Wireshark yesterday. I graduated over 30 years ago with a BSEE and haven't written ANY code for well over 20 years. I've been able to pick up enough to start troubleshooting the massive data consumption issue I'm having on my plan. Consumption has more than doubled in one month with only 2 of us in our home. I can now identify which device is consuming the largest amount of data at any given time. WOO HOO!! Still waiting for Comcast to call me after multiple calls and Agent Chats. I hope to figure out my issue myself with help from providers like you! THANK YOU!!
Studying at university and this video is a job well done! Lot of time saved. A very good starting point. Also appreciate the part where you go a little further like the security key to decrypt what's in encrypted protocols. I'll for sure check your other videos. Continue your great work.
Thank you for this tutorial. I am starting my new career in Cybersecurity and really appreciate the Malware-Traffic-Analysis suggestion. The class I'm taking just started discussing tools and I find Wireshark a bit overwhelming and intimidating, hence my search to your video. I believe this will assist greatly in gaining a greater understanding and competency with Wireshark! Subscribed!! :)
Subscribed half way through your video. I love the pacing you have in your content as well as the use and instructions. I encourage you to please continue posting things as I will certainly watch every one of them and apply them to my career.
Thanks much for clear teaching and nice graphics. Just studying my ham radio UDP multicasting network with WSJT-X, JTAlert, Log4OM, and Grid Tracker. This is getting deep!
I have been watching videos on the topic of Wireshark. Your video blew all of those videos out of the water! Your step-by-step examples and tips were so helpful! I also really like how your video was straight to the point! THANK YOU!!
Thank you so much for this video. I'm trying to switch careers and have decided to focus on Cybersecurity. Currently taking the Google Cybersecurity Cert course. Hopefully everything goes well.
I love this video and the resources you've provided. I have been studying and getting into cybersecurity and am grateful for your informational video. Subscribed!
Hi Anson, I'm routing UDP telemetry data from a drone to my external IP, then using router port forwarding to route to my PC, which I've assigned a fixed IP. It's not working, I downloaded Wireshark yesterday and tried to debug. I see a bunch of UDP transmissions, but my phone is connected so it might be just my phone. I was overwhelmed by all the data in Wireshark. Still trying to figure out where the problem is.
Excellent video. Content is great, your explanations are crystal clear, and made even clearer by the excellent production values (use of zoom, annotation, etc., making everything VISIBLE, easy to see and read). Great info! Thanks, brother!
It's definitely on my radar. It's just that setting up the environment is tough. I think I would use the PCAPS from Malwarebytes. Thanks for the suggestion, I will take it into account for sure!
Yup I found this out while looking through the video as well. The statement "generally to see secure traffic you need to look on port 80" is incorrect under conventional networking standards. Here's a clarification: - **Port 80** is traditionally used for **HTTP** traffic, which is **not secure**. HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the World Wide Web, and when it's used without SSL/TLS, the data is sent in plaintext. This can be easily intercepted and read by third parties. - **Port 443** is used for **HTTPS** traffic, which is **secure**. HTTPS (HTTP Secure) encrypts the data sent and received with SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols, providing confidentiality, integrity, and authentication. This is why when you access a website with HTTPS, your browser shows a lock icon, indicating that the connection is secure. To see secure traffic using a network protocol analyzer like Wireshark, you would typically filter for traffic on port 443, not port 80. Filtering traffic on port 443 allows you to see encrypted HTTPS communication. However, without the appropriate decryption keys, you would not be able to see the plaintext of the encrypted traffic; you would only see that the data is being encrypted and transferred securely. There might be some confusion or a misunderstanding in the way the statement was made. If the intent was to demonstrate or inspect HTTPS traffic specifically, then the correct port to focus on would be 443, not 80. It's possible that the context in which this statement was made was misunderstood, or there was a communication error in the tutorial. Always remember, for secure web traffic, look towards port 443 for HTTPS.
hey, what to do after you want to finish monitoring the network? after checking the network with wireshark, many sites refuse to give me access to browse, which didn't happen before
Sir on switch ...switch does not allow to capture other devices one to one conversations ,it only allows traffic between your pc and pc devjces broadcast mcast ARP stp traffic only ...not other pc to pc communications
You can get an inexpensive "managed" switch (eg: TP-Link TL-105E) which can be configured for various special functions. One function is "Port Mirroring", which configures a port to duplicate the traffic on another port. So you can interpose this switch in a leg of the existing network, and you can attach your PC/Mac to the mirror port. You can then use WireShark to "snoop" on the ongoing traffic on the original network.
Thanks and good question. Wireshark doesn't introduce any security concerns that aren't already there. An insecure network is an insecure network regardless of whether or not you're using Wireshark. If anything, you could use it to do a manual security scan on an insecure network. If you bring in network security guys to do almost anything, Wireshark is one of the first software applications they're going to open up.
I have a Programmable Logic Control that sends out packets but wireshark cant see the data as it sends to the pc. Filtering use TCP.port == 1234 no data on this port coming for the PLC. have if i use labview and build out a TCP send protocol it see it and the data I am sending out. I can filter IP or Port works fine?
Hello, can you show or tell me how and where to install the master key on mac, where the protocols are stored, it's clear on windows, but for mac I can't find the answer, please help
Captured an IP private IP that wasn't listed in clients for my router utilizing my wifi and i was trying to figure out why this IP was receiving massive amounts of packets. I then tried blocking all tcp and udp packets and for some reason one of the computers in my house that had a different private ip no longer had internet connection. Why would a device have two private IPs?
I'm having a very hard time finding HTTP protocols, and when I expand on the HTTP stream, the website where I am at does not show up. I have turned on all the dissectors and nothing, it usually takes a long while for me to get a HTTP protocol packet, but it does not show the actual website I am visiting.
Most modern webpages use HTTPS rather than HTTP. HTTPS is an encrypted version of HTTP which offers more security and privacy compared to HTTP which is just plaintext. That's why you're not seeing much HTTP traffic.
If you're talking about inspecting within a web browser, yes you can do that. however, when you're working in Wireshark, you can't inspect encrypted traffic, unless as he says, you have the decryption key.
I downloaded Wireshark selected my Ethernet connection and then typed http into the search bar and it doesn't filter out http protocol it just caries on dumping everything. Anyone any suggestions as to what is wrong ?
Whitelisting IP addresses and within your browser is probably the easiest way but if someone is intent and knows what they're doing then they can spoof it and potentially still gain access. If you want to get more complicated there are plenty of programs available for IP traffic monitoring where you can set alerts, rules, and notification preferences.
CORRECTION: At 11:45 HTTPS traffic goes on port 443, not 80. The correct filter is: "tcp.port==443". Port 80 is usually HTTP traffic. Sorry, had a lot going on in this one!
You were looking at compressed (gzip) data. That's why it looks like encrypted data.
@@BettyDuBois This clarified my confusion. I was wondering why the HTTP packets were encrypted. I was starting to doubt my knowledge of computer networking, haha
Yea I was waiting to hear 443 . But thanks .
😅
It is always possible to not know or forget something. Don't worry, you're doing a good job!
You've got an absolutely amazing ability to explain things quickly and clearly. I tend to get bored and distracted when I visit UA-camr videos explaining topics like these so I quickly jump to something else. People can talk so slow and repeat themselves so many times, I get antsy to hear what's next. I'm learning a lot from your video. I just downloaded Wireshark yesterday. I graduated over 30 years ago with a BSEE and haven't written ANY code for well over 20 years. I've been able to pick up enough to start troubleshooting the massive data consumption issue I'm having on my plan. Consumption has more than doubled in one month with only 2 of us in our home. I can now identify which device is consuming the largest amount of data at any given time. WOO HOO!! Still waiting for Comcast to call me after multiple calls and Agent Chats. I hope to figure out my issue myself with help from providers like you! THANK YOU!!
@@yeayea8334 it's meant for beginners
Nice someone that actually makes it work in the real world for IOT and such, not just big url talk. Thanks
Studying at university and this video is a job well done!
Lot of time saved.
A very good starting point.
Also appreciate the part where you go a little further like the security key to decrypt what's in encrypted protocols.
I'll for sure check your other videos.
Continue your great work.
Anson, outstanding fast simple straight forward. Thanks
Seriously the most useful video on this thanks
Where was this when I was in university, that actually sums up more than I learned on how to use wireshark in my first semester.
Amazing video. Very clear and to the point! Subscribed!
Thanks for this tutorial. I'm new to using Wireshark
Very helpful and great video! I would also like to watch more videos about wireshark, to learn more. Excellent work!
Thank you for this tutorial. I am starting my new career in Cybersecurity and really appreciate the Malware-Traffic-Analysis suggestion. The class I'm taking just started discussing tools and I find Wireshark a bit overwhelming and intimidating, hence my search to your video. I believe this will assist greatly in gaining a greater understanding and competency with Wireshark! Subscribed!! :)
you killed this and saved me so many headaches. thank you
Subscribed half way through your video. I love the pacing you have in your content as well as the use and instructions. I encourage you to please continue posting things as I will certainly watch every one of them and apply them to my career.
One single video explained all my questions about Wireshark. Thanks.
I am impressed by the easy way this boy giving the information you really make me eager to learn how this Wireshark works.
Thanks! Hope you enjoy WS!
To enable Packet Diagrams on Windows Wireshark version, go to Edit > Preferences > Appearance > Layout, and under Pane 3, choose Packet Diagram
Thanks for the tip!
Thanks much for clear teaching and nice graphics. Just studying my ham radio UDP multicasting network with WSJT-X, JTAlert, Log4OM, and Grid Tracker. This is getting deep!
First time I see someone who simplify this tool for a beginner like me
I have been watching videos on the topic of Wireshark. Your video blew all of those videos out of the water! Your step-by-step examples and tips were so helpful! I also really like how your video was straight to the point! THANK YOU!!
Nice
Excellent presentation
Do mor of Wireshark presentation you best teacher as I have seen it!
Great update video.
Thanks! It was long overdue...
Outstanding overview.
Fed with a fire hose, but valuable.
Kudos for an excellent presentation.
Thank you so much for this video. I'm trying to switch careers and have decided to focus on Cybersecurity. Currently taking the Google Cybersecurity Cert course. Hopefully everything goes well.
So helpful for a newbie like myself. Totally able to comprehend your whole video. Thank you.
great video, really helped me grasp the basics of wireshark
Very Well Explained and Easy to understand
Thanks, I'm glad you found it helpful!
very good video .Thank You.
EASY TUTORIAL TO FOLLOW.
Step by step clear explanation
NOT CLICK BAIT!
Thanks
Subbed.
I love this video and the resources you've provided. I have been studying and getting into cybersecurity and am grateful for your informational video. Subscribed!
That's awesome to hear, I'm glad to be able to help. Good luck with the degree and thanks for the sub!
Loved your educational content and quality 😊.
@AnsonAlexander I appreciate this. I was going to do this but I love your delivery and your examples appreciate your detail.
What a great video and explanation man! Good job!
Thank you brother, you seem like a good man.
Haha, thanks... and you're welcome!
wow, u made me understand what i was struggling with thanks alot
You're welcome. I really tried to make this video in a way that would change peoples' understanding of Wireshark.
Thank you for the Knowledge!! Great videos
You're welcome, glad to help!
Hi Anson, I'm routing UDP telemetry data from a drone to my external IP, then using router port forwarding to route to my PC, which I've assigned a fixed IP. It's not working, I downloaded Wireshark yesterday and tried to debug. I see a bunch of UDP transmissions, but my phone is connected so it might be just my phone. I was overwhelmed by all the data in Wireshark. Still trying to figure out where the problem is.
Thank you
Excellent tutorial. Thank you.
Im In information tech doing my Bach, Wireshark is something i learning right now.
Excellent video. Thank you, brother.
Excellent presentation
Thanks!
Outstanding and thanks for sharing the knowledge!!
Excellent, Anson. Deserves both thumbs up and "Subscribed." joe.
Thanks!
You're welcome!
best one very concise and save alot of time
really helpful , very consise and amazing pacing, thank you :)
Enjoyed the video and content, you got a new scriber 😅
nice job my friend, greats from Morocco
Thank You, awesome Wireshark details.
Thanks for the great explanation.
This is fricken good bud! I just found your you tube page. I need wireshark for CCTV testing and troubleshooting.
Awsome😊😊
Nice video, but- Ports 80 & 8080 are HTTP, Ports 443 & 8443 are HTTPS. :)
Excellent video. Content is great, your explanations are crystal clear, and made even clearer by the excellent production values (use of zoom, annotation, etc., making everything VISIBLE, easy to see and read).
Great info! Thanks, brother!
Thanks for sharing.
Quick question, can you use Wireshark to only monitor activities on your personal computer or laptop?
Hey Alex, would you consider doing some contents on how to detect malware or spywares utilizing Wireshark?!
It's definitely on my radar. It's just that setting up the environment is tough. I think I would use the PCAPS from Malwarebytes. Thanks for the suggestion, I will take it into account for sure!
Extremely helpful thanks
Port 80 is unencrypted traffic via http and 443 is encrypted traffic via https, I think you mistakenly said port 80 for secure traffic.
Yup I found this out while looking through the video as well.
The statement "generally to see secure traffic you need to look on port 80" is incorrect under conventional networking standards. Here's a clarification:
- **Port 80** is traditionally used for **HTTP** traffic, which is **not secure**. HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the World Wide Web, and when it's used without SSL/TLS, the data is sent in plaintext. This can be easily intercepted and read by third parties.
- **Port 443** is used for **HTTPS** traffic, which is **secure**. HTTPS (HTTP Secure) encrypts the data sent and received with SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols, providing confidentiality, integrity, and authentication. This is why when you access a website with HTTPS, your browser shows a lock icon, indicating that the connection is secure.
To see secure traffic using a network protocol analyzer like Wireshark, you would typically filter for traffic on port 443, not port 80. Filtering traffic on port 443 allows you to see encrypted HTTPS communication. However, without the appropriate decryption keys, you would not be able to see the plaintext of the encrypted traffic; you would only see that the data is being encrypted and transferred securely.
There might be some confusion or a misunderstanding in the way the statement was made. If the intent was to demonstrate or inspect HTTPS traffic specifically, then the correct port to focus on would be 443, not 80. It's possible that the context in which this statement was made was misunderstood, or there was a communication error in the tutorial. Always remember, for secure web traffic, look towards port 443 for HTTPS.
hey, what to do after you want to finish monitoring the network? after checking the network with wireshark, many sites refuse to give me access to browse, which didn't happen before
Great Video👍
from what Im seeing on the internet port 80 is used for regular http communication but port 443 is used for secure https communication
Yeah… check comments
thanks for well explaining
Do you have more videos on Wireshark?
Really useful. Thanks!
more of this please
Can you use Wireshark to see which cables inside a keystone are potentially faulty?
This is a great video
Thanks - sorry again about the port mix up.
Very simplified and detailed.. Do you have tutorials on using splunk
You are very helpful thank you
Thank you sir!
You are welcome!
Sir on switch ...switch does not allow to capture other devices one to one conversations ,it only allows traffic between your pc and pc devjces broadcast mcast ARP stp traffic only ...not other pc to pc communications
You can get an inexpensive "managed" switch (eg: TP-Link TL-105E) which can be configured for various special functions. One function is "Port Mirroring", which configures a port to duplicate the traffic on another port. So you can interpose this switch in a leg of the existing network, and you can attach your PC/Mac to the mirror port. You can then use WireShark to "snoop" on the ongoing traffic on the original network.
Good explanation about wireshark but is wireshark safe to use?
Thanks and good question. Wireshark doesn't introduce any security concerns that aren't already there. An insecure network is an insecure network regardless of whether or not you're using Wireshark. If anything, you could use it to do a manual security scan on an insecure network. If you bring in network security guys to do almost anything, Wireshark is one of the first software applications they're going to open up.
gudluck for yours new project
Díky!
You’re welcome and thank you!!
Hi anson great video.on malware analysis there arent anymore the answers.
Thanks !!!
Welcome!
is it possible to capture the request made by Internet Download Manager with wireshark? i cant find out how
I have a Programmable Logic Control that sends out packets but wireshark cant see the data as it sends to the pc. Filtering use TCP.port == 1234 no data on this port coming for the PLC. have if i use labview and build out a TCP send protocol it see it and the data I am sending out. I can filter IP or Port works fine?
Thanks bruh!
Nice vid.
I'm a complete noob at this. Just installed it and have no idea what to do..hopefully your video helps
It definitely should - one of my main goals was showing people what to look for. Good luck!
Hello, can you show or tell me how and where to install the master key on mac, where the protocols are stored, it's clear on windows, but for mac I can't find the answer, please help
How did you add the website?
thanks man
Welcome!
Captured an IP private IP that wasn't listed in clients for my router utilizing my wifi and i was trying to figure out why this IP was receiving massive amounts of packets. I then tried blocking all tcp and udp packets and for some reason one of the computers in my house that had a different private ip no longer had internet connection. Why would a device have two private IPs?
I'm having a very hard time finding HTTP protocols, and when I expand on the HTTP stream, the website where I am at does not show up. I have turned on all the dissectors and nothing, it usually takes a long while for me to get a HTTP protocol packet, but it does not show the actual website I am visiting.
Most modern webpages use HTTPS rather than HTTP. HTTPS is an encrypted version of HTTP which offers more security and privacy compared to HTTP which is just plaintext. That's why you're not seeing much HTTP traffic.
excellent intro
how would you tract a browser hijacker?
Thank you!!!
superb
Thanks 🤗
Do I understand correctly that Wireshark doesn't have the capability to inspect COM ports, for example on a Win10 machine ?
Can't you just use PuTTY for that?
Oh man. You're probably not going to see any encrypted traffic on port 80, since it's just plain HTTP. Port 443 is encrypted HTTP (SSL).
Yeah... (check pinned comment)
how do you load websites
how to find timestamp in wireshark packets?
so can't you do this stuff 12:20 just by right clicking a inspecting
If you're talking about inspecting within a web browser, yes you can do that. however, when you're working in Wireshark, you can't inspect encrypted traffic, unless as he says, you have the decryption key.
Port 80 for encrypted traffic?
See pinned comment.
Extremely helpful video but side note he looks alot like nadeshot!
I downloaded Wireshark selected my Ethernet connection and then typed http into the search bar and it doesn't filter out http protocol it just caries on dumping everything.
Anyone any suggestions as to what is wrong ?
Did you press enter after typing http ?
@@JJFlores197 It has now cleared itself. I gave up for the day and next day when I started the PC Wireshark ran OK !
My degree is theoretical and useless. Came here for real applicable cybersecurity skills
How to protect the network away from people using supper tools like Kaili and White-shark around you?
Whitelisting IP addresses and within your browser is probably the easiest way but if someone is intent and knows what they're doing then they can spoof it and potentially still gain access. If you want to get more complicated there are plenty of programs available for IP traffic monitoring where you can set alerts, rules, and notification preferences.