CORRECTION: At 11:45 HTTPS traffic goes on port 443, not 80. The correct filter is: "tcp.port==443". Port 80 is usually HTTP traffic. Sorry, had a lot going on in this one!
@@BettyDuBois This clarified my confusion. I was wondering why the HTTP packets were encrypted. I was starting to doubt my knowledge of computer networking, haha
You've got an absolutely amazing ability to explain things quickly and clearly. I tend to get bored and distracted when I visit UA-camr videos explaining topics like these so I quickly jump to something else. People can talk so slow and repeat themselves so many times, I get antsy to hear what's next. I'm learning a lot from your video. I just downloaded Wireshark yesterday. I graduated over 30 years ago with a BSEE and haven't written ANY code for well over 20 years. I've been able to pick up enough to start troubleshooting the massive data consumption issue I'm having on my plan. Consumption has more than doubled in one month with only 2 of us in our home. I can now identify which device is consuming the largest amount of data at any given time. WOO HOO!! Still waiting for Comcast to call me after multiple calls and Agent Chats. I hope to figure out my issue myself with help from providers like you! THANK YOU!!
Old man in my 70's recently hacked trying to get to grips with all this stuff. It's a nightmare journey but you have seriously eased the way. Many thanks.
Dawg I’m fresh out university . I went for business after fiddling around with Kali vm and firewalls I ran into wire shark and now I’m capturing packets for fun 😂 it’s only been a month
I have been watching videos on the topic of Wireshark. Your video blew all of those videos out of the water! Your step-by-step examples and tips were so helpful! I also really like how your video was straight to the point! THANK YOU!!
Studying at university and this video is a job well done! Lot of time saved. A very good starting point. Also appreciate the part where you go a little further like the security key to decrypt what's in encrypted protocols. I'll for sure check your other videos. Continue your great work.
Thanks much for clear teaching and nice graphics. Just studying my ham radio UDP multicasting network with WSJT-X, JTAlert, Log4OM, and Grid Tracker. This is getting deep!
Thank you for this tutorial. I am starting my new career in Cybersecurity and really appreciate the Malware-Traffic-Analysis suggestion. The class I'm taking just started discussing tools and I find Wireshark a bit overwhelming and intimidating, hence my search to your video. I believe this will assist greatly in gaining a greater understanding and competency with Wireshark! Subscribed!! :)
Subscribed half way through your video. I love the pacing you have in your content as well as the use and instructions. I encourage you to please continue posting things as I will certainly watch every one of them and apply them to my career.
I love this video and the resources you've provided. I have been studying and getting into cybersecurity and am grateful for your informational video. Subscribed!
Thank you so much for this video. I'm trying to switch careers and have decided to focus on Cybersecurity. Currently taking the Google Cybersecurity Cert course. Hopefully everything goes well.
Excellent video. Content is great, your explanations are crystal clear, and made even clearer by the excellent production values (use of zoom, annotation, etc., making everything VISIBLE, easy to see and read). Great info! Thanks, brother!
Hi Anson, I'm routing UDP telemetry data from a drone to my external IP, then using router port forwarding to route to my PC, which I've assigned a fixed IP. It's not working, I downloaded Wireshark yesterday and tried to debug. I see a bunch of UDP transmissions, but my phone is connected so it might be just my phone. I was overwhelmed by all the data in Wireshark. Still trying to figure out where the problem is.
It's definitely on my radar. It's just that setting up the environment is tough. I think I would use the PCAPS from Malwarebytes. Thanks for the suggestion, I will take it into account for sure!
hey, what to do after you want to finish monitoring the network? after checking the network with wireshark, many sites refuse to give me access to browse, which didn't happen before
Yup I found this out while looking through the video as well. The statement "generally to see secure traffic you need to look on port 80" is incorrect under conventional networking standards. Here's a clarification: - **Port 80** is traditionally used for **HTTP** traffic, which is **not secure**. HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the World Wide Web, and when it's used without SSL/TLS, the data is sent in plaintext. This can be easily intercepted and read by third parties. - **Port 443** is used for **HTTPS** traffic, which is **secure**. HTTPS (HTTP Secure) encrypts the data sent and received with SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols, providing confidentiality, integrity, and authentication. This is why when you access a website with HTTPS, your browser shows a lock icon, indicating that the connection is secure. To see secure traffic using a network protocol analyzer like Wireshark, you would typically filter for traffic on port 443, not port 80. Filtering traffic on port 443 allows you to see encrypted HTTPS communication. However, without the appropriate decryption keys, you would not be able to see the plaintext of the encrypted traffic; you would only see that the data is being encrypted and transferred securely. There might be some confusion or a misunderstanding in the way the statement was made. If the intent was to demonstrate or inspect HTTPS traffic specifically, then the correct port to focus on would be 443, not 80. It's possible that the context in which this statement was made was misunderstood, or there was a communication error in the tutorial. Always remember, for secure web traffic, look towards port 443 for HTTPS.
Will Wireshark show an Outbound connection that has been stopped by, say Malwarebytes? I need to find out about a blocked Outbound connection - to find out what app or file it is using.
Sir on switch ...switch does not allow to capture other devices one to one conversations ,it only allows traffic between your pc and pc devjces broadcast mcast ARP stp traffic only ...not other pc to pc communications
You can get an inexpensive "managed" switch (eg: TP-Link TL-105E) which can be configured for various special functions. One function is "Port Mirroring", which configures a port to duplicate the traffic on another port. So you can interpose this switch in a leg of the existing network, and you can attach your PC/Mac to the mirror port. You can then use WireShark to "snoop" on the ongoing traffic on the original network.
Thanks and good question. Wireshark doesn't introduce any security concerns that aren't already there. An insecure network is an insecure network regardless of whether or not you're using Wireshark. If anything, you could use it to do a manual security scan on an insecure network. If you bring in network security guys to do almost anything, Wireshark is one of the first software applications they're going to open up.
I have a Programmable Logic Control that sends out packets but wireshark cant see the data as it sends to the pc. Filtering use TCP.port == 1234 no data on this port coming for the PLC. have if i use labview and build out a TCP send protocol it see it and the data I am sending out. I can filter IP or Port works fine?
Captured an IP private IP that wasn't listed in clients for my router utilizing my wifi and i was trying to figure out why this IP was receiving massive amounts of packets. I then tried blocking all tcp and udp packets and for some reason one of the computers in my house that had a different private ip no longer had internet connection. Why would a device have two private IPs?
I'm having a very hard time finding HTTP protocols, and when I expand on the HTTP stream, the website where I am at does not show up. I have turned on all the dissectors and nothing, it usually takes a long while for me to get a HTTP protocol packet, but it does not show the actual website I am visiting.
Most modern webpages use HTTPS rather than HTTP. HTTPS is an encrypted version of HTTP which offers more security and privacy compared to HTTP which is just plaintext. That's why you're not seeing much HTTP traffic.
Hello, can you show or tell me how and where to install the master key on mac, where the protocols are stored, it's clear on windows, but for mac I can't find the answer, please help
If you're talking about inspecting within a web browser, yes you can do that. however, when you're working in Wireshark, you can't inspect encrypted traffic, unless as he says, you have the decryption key.
CORRECTION: At 11:45 HTTPS traffic goes on port 443, not 80. The correct filter is: "tcp.port==443". Port 80 is usually HTTP traffic. Sorry, had a lot going on in this one!
You were looking at compressed (gzip) data. That's why it looks like encrypted data.
@@BettyDuBois This clarified my confusion. I was wondering why the HTTP packets were encrypted. I was starting to doubt my knowledge of computer networking, haha
Yea I was waiting to hear 443 . But thanks .
😅
It is always possible to not know or forget something. Don't worry, you're doing a good job!
You've got an absolutely amazing ability to explain things quickly and clearly. I tend to get bored and distracted when I visit UA-camr videos explaining topics like these so I quickly jump to something else. People can talk so slow and repeat themselves so many times, I get antsy to hear what's next. I'm learning a lot from your video. I just downloaded Wireshark yesterday. I graduated over 30 years ago with a BSEE and haven't written ANY code for well over 20 years. I've been able to pick up enough to start troubleshooting the massive data consumption issue I'm having on my plan. Consumption has more than doubled in one month with only 2 of us in our home. I can now identify which device is consuming the largest amount of data at any given time. WOO HOO!! Still waiting for Comcast to call me after multiple calls and Agent Chats. I hope to figure out my issue myself with help from providers like you! THANK YOU!!
@@yeayea8334 it's meant for beginners
Old man in my 70's recently hacked trying to get to grips with all this stuff. It's a nightmare journey but you have seriously eased the way. Many thanks.
Im 22 and barely understand theese things so id say you're doing great gramps
Where was this when I was in university, that actually sums up more than I learned on how to use wireshark in my first semester.
Yo fr don’t lie I’m studying that rn
Dawg I’m fresh out university . I went for business after fiddling around with Kali vm and firewalls I ran into wire shark and now I’m capturing packets for fun 😂 it’s only been a month
Seriously the most useful video on this thanks
Amazing video. Very clear and to the point! Subscribed!
Anson, outstanding fast simple straight forward. Thanks
I have been watching videos on the topic of Wireshark. Your video blew all of those videos out of the water! Your step-by-step examples and tips were so helpful! I also really like how your video was straight to the point! THANK YOU!!
Nice
Very helpful and great video! I would also like to watch more videos about wireshark, to learn more. Excellent work!
Studying at university and this video is a job well done!
Lot of time saved.
A very good starting point.
Also appreciate the part where you go a little further like the security key to decrypt what's in encrypted protocols.
I'll for sure check your other videos.
Continue your great work.
Thanks for this tutorial. I'm new to using Wireshark
Díky!
You’re welcome and thank you!!
Good stuff man. I’m gonna have to do some investigating tomorrow on some weird network issues and this was a good refresh for an amateur network admin
Thanks much for clear teaching and nice graphics. Just studying my ham radio UDP multicasting network with WSJT-X, JTAlert, Log4OM, and Grid Tracker. This is getting deep!
Thank you for this tutorial. I am starting my new career in Cybersecurity and really appreciate the Malware-Traffic-Analysis suggestion. The class I'm taking just started discussing tools and I find Wireshark a bit overwhelming and intimidating, hence my search to your video. I believe this will assist greatly in gaining a greater understanding and competency with Wireshark! Subscribed!! :)
Subscribed half way through your video. I love the pacing you have in your content as well as the use and instructions. I encourage you to please continue posting things as I will certainly watch every one of them and apply them to my career.
Nice video, but- Ports 80 & 8080 are HTTP, Ports 443 & 8443 are HTTPS. :)
One single video explained all my questions about Wireshark. Thanks.
I am impressed by the easy way this boy giving the information you really make me eager to learn how this Wireshark works.
Thanks! Hope you enjoy WS!
That's an excellent tuto man. Kudos
I love this video and the resources you've provided. I have been studying and getting into cybersecurity and am grateful for your informational video. Subscribed!
That's awesome to hear, I'm glad to be able to help. Good luck with the degree and thanks for the sub!
Nice someone that actually makes it work in the real world for IOT and such, not just big url talk. Thanks
Do mor of Wireshark presentation you best teacher as I have seen it!
So helpful for a newbie like myself. Totally able to comprehend your whole video. Thank you.
Outstanding overview.
Fed with a fire hose, but valuable.
Kudos for an excellent presentation.
you killed this and saved me so many headaches. thank you
EASY TUTORIAL TO FOLLOW.
Step by step clear explanation
NOT CLICK BAIT!
Thanks
Subbed.
@AnsonAlexander I appreciate this. I was going to do this but I love your delivery and your examples appreciate your detail.
Thank you so much for this video. I'm trying to switch careers and have decided to focus on Cybersecurity. Currently taking the Google Cybersecurity Cert course. Hopefully everything goes well.
Excellent presentation
First time I see someone who simplify this tool for a beginner like me
great video, really helped me grasp the basics of wireshark
Great update video.
Thanks! It was long overdue...
This is fricken good bud! I just found your you tube page. I need wireshark for CCTV testing and troubleshooting.
Very Well Explained and Easy to understand
Thanks, I'm glad you found it helpful!
Thank you brother, you seem like a good man.
Haha, thanks... and you're welcome!
Great video, was super useful!
Excellent, Anson. Deserves both thumbs up and "Subscribed." joe.
wow, u made me understand what i was struggling with thanks alot
You're welcome. I really tried to make this video in a way that would change peoples' understanding of Wireshark.
What a great video and explanation man! Good job!
Thank you
Thank you for the Knowledge!! Great videos
You're welcome, glad to help!
Excellent video. Content is great, your explanations are crystal clear, and made even clearer by the excellent production values (use of zoom, annotation, etc., making everything VISIBLE, easy to see and read).
Great info! Thanks, brother!
Great video 🙌
Excellent presentation
Thanks!
To enable Packet Diagrams on Windows Wireshark version, go to Edit > Preferences > Appearance > Layout, and under Pane 3, choose Packet Diagram
Thanks for the tip!
Hi Anson, I'm routing UDP telemetry data from a drone to my external IP, then using router port forwarding to route to my PC, which I've assigned a fixed IP. It's not working, I downloaded Wireshark yesterday and tried to debug. I see a bunch of UDP transmissions, but my phone is connected so it might be just my phone. I was overwhelmed by all the data in Wireshark. Still trying to figure out where the problem is.
very good video .Thank You.
Loved your educational content and quality 😊.
Enjoyed the video and content, you got a new scriber 😅
really helpful , very consise and amazing pacing, thank you :)
Im In information tech doing my Bach, Wireshark is something i learning right now.
Great video Sir. Thank you.
Thanks!
You're welcome!
Excellent video. Thank you, brother.
nice job my friend, greats from Morocco
from what Im seeing on the internet port 80 is used for regular http communication but port 443 is used for secure https communication
Yeah… check comments
Hey Alex, would you consider doing some contents on how to detect malware or spywares utilizing Wireshark?!
It's definitely on my radar. It's just that setting up the environment is tough. I think I would use the PCAPS from Malwarebytes. Thanks for the suggestion, I will take it into account for sure!
Outstanding and thanks for sharing the knowledge!!
Excellent tutorial. Thank you.
Thank You, awesome Wireshark details.
Awsome😊😊
hey, what to do after you want to finish monitoring the network? after checking the network with wireshark, many sites refuse to give me access to browse, which didn't happen before
best one very concise and save alot of time
Thanks for sharing.
Quick question, can you use Wireshark to only monitor activities on your personal computer or laptop?
more of this please
This is a great video
Thanks - sorry again about the port mix up.
Great Video👍
Thanks for the great explanation.
I am trying to use wireshark to fault find my a game I play. It might not give me the full picture, but maybe it can give me a direction to look at.
Thank you
Thank you sir!
You are welcome!
Port 80 is unencrypted traffic via http and 443 is encrypted traffic via https, I think you mistakenly said port 80 for secure traffic.
Yup I found this out while looking through the video as well.
The statement "generally to see secure traffic you need to look on port 80" is incorrect under conventional networking standards. Here's a clarification:
- **Port 80** is traditionally used for **HTTP** traffic, which is **not secure**. HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the World Wide Web, and when it's used without SSL/TLS, the data is sent in plaintext. This can be easily intercepted and read by third parties.
- **Port 443** is used for **HTTPS** traffic, which is **secure**. HTTPS (HTTP Secure) encrypts the data sent and received with SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols, providing confidentiality, integrity, and authentication. This is why when you access a website with HTTPS, your browser shows a lock icon, indicating that the connection is secure.
To see secure traffic using a network protocol analyzer like Wireshark, you would typically filter for traffic on port 443, not port 80. Filtering traffic on port 443 allows you to see encrypted HTTPS communication. However, without the appropriate decryption keys, you would not be able to see the plaintext of the encrypted traffic; you would only see that the data is being encrypted and transferred securely.
There might be some confusion or a misunderstanding in the way the statement was made. If the intent was to demonstrate or inspect HTTPS traffic specifically, then the correct port to focus on would be 443, not 80. It's possible that the context in which this statement was made was misunderstood, or there was a communication error in the tutorial. Always remember, for secure web traffic, look towards port 443 for HTTPS.
Will Wireshark show an Outbound connection that has been stopped by, say Malwarebytes?
I need to find out about a blocked Outbound connection - to find out what app or file it is using.
Extremely helpful thanks
Really useful. Thanks!
thanks for well explaining
thanks man
Welcome!
Can you use Wireshark to see which cables inside a keystone are potentially faulty?
Thanks !!!
Welcome!
Sir on switch ...switch does not allow to capture other devices one to one conversations ,it only allows traffic between your pc and pc devjces broadcast mcast ARP stp traffic only ...not other pc to pc communications
You can get an inexpensive "managed" switch (eg: TP-Link TL-105E) which can be configured for various special functions. One function is "Port Mirroring", which configures a port to duplicate the traffic on another port. So you can interpose this switch in a leg of the existing network, and you can attach your PC/Mac to the mirror port. You can then use WireShark to "snoop" on the ongoing traffic on the original network.
Very simplified and detailed.. Do you have tutorials on using splunk
gudluck for yours new project
Thanks bruh!
Nice vid.
Good explanation about wireshark but is wireshark safe to use?
Thanks and good question. Wireshark doesn't introduce any security concerns that aren't already there. An insecure network is an insecure network regardless of whether or not you're using Wireshark. If anything, you could use it to do a manual security scan on an insecure network. If you bring in network security guys to do almost anything, Wireshark is one of the first software applications they're going to open up.
Do you have more videos on Wireshark?
Hi anson great video.on malware analysis there arent anymore the answers.
I have a Programmable Logic Control that sends out packets but wireshark cant see the data as it sends to the pc. Filtering use TCP.port == 1234 no data on this port coming for the PLC. have if i use labview and build out a TCP send protocol it see it and the data I am sending out. I can filter IP or Port works fine?
You are very helpful thank you
superb
Thanks 🤗
is it possible to capture the request made by Internet Download Manager with wireshark? i cant find out how
excellent intro
Captured an IP private IP that wasn't listed in clients for my router utilizing my wifi and i was trying to figure out why this IP was receiving massive amounts of packets. I then tried blocking all tcp and udp packets and for some reason one of the computers in my house that had a different private ip no longer had internet connection. Why would a device have two private IPs?
I'm having a very hard time finding HTTP protocols, and when I expand on the HTTP stream, the website where I am at does not show up. I have turned on all the dissectors and nothing, it usually takes a long while for me to get a HTTP protocol packet, but it does not show the actual website I am visiting.
Most modern webpages use HTTPS rather than HTTP. HTTPS is an encrypted version of HTTP which offers more security and privacy compared to HTTP which is just plaintext. That's why you're not seeing much HTTP traffic.
Do I understand correctly that Wireshark doesn't have the capability to inspect COM ports, for example on a Win10 machine ?
Can't you just use PuTTY for that?
good shit
Hello, can you show or tell me how and where to install the master key on mac, where the protocols are stored, it's clear on windows, but for mac I can't find the answer, please help
Thank you!!!
so can't you do this stuff 12:20 just by right clicking a inspecting
If you're talking about inspecting within a web browser, yes you can do that. however, when you're working in Wireshark, you can't inspect encrypted traffic, unless as he says, you have the decryption key.
I'm a complete noob at this. Just installed it and have no idea what to do..hopefully your video helps
It definitely should - one of my main goals was showing people what to look for. Good luck!