My glasses are a slightly different prescription than my contacts, so they totally throw me off! But sometimes, my eyes need the rest from contacts. :P
hey. first off thank you for the info. you cleared up a Lott for me. the only question i have is, what would be the best way to view packet info without having to save then open each. is there a preview feature, or maybe a viewer program?
i want to analyze the youtube video through wireshark. i need a video link or any reference video from which i can get the information that how to read all the KPI's during the video playback. e.g. analyzing the poor quality result of youtube video and its reason, analyzing the data transfer during video, time to display the 1st picture. Plzzzz Help me
Shannon Morse Sweet!! I love this series by the way.. I actually took a Wireshark Course with one of the (many) developers teaching it. Your teaching methods and subjects you choose to cover really help connect the dots. My biggest confusion was switched networks and hubs.. even after knowing what they did I got a wee bit confused when using Wireshark. Thank you, Shannon!
+Shannon Morse Eh, just how do switches and hubs (they are not used anymore by the way) make networks weird? They are the very definition of networks - can you show me a network without a switch?
+Skjalg Landsem How are hubs not used anymore if I have one right in front of me.. Hubs just distribute all traffic to connected devices. Switches are port specific. If you have switches VLAN'd out things get weird. That's what I was talking about.
If you have a "true" hub in front of you - hang on to it! You can't buy them anymore and the highest throughput you can get from the old 3Com hubs is 10Mb I believe. I'll get back to you on how switched networks work. Are you interested in switching in general or just VLAN propagation over a switched/routed network?
@1:40 you selected packet 1382 and follow tcp stream.@2:13 you say tcp.stream eq 105 means packet 105 - but you selected packet 1382. What? 105 means the one-hundred-fifth occurrence of a tcp stream in this capture. Teaching the wrong thing is not better than teaching nothing at all. And this is not free since we have to sit through all the ads.
@2:03 tcp stream is a byte stream not a packet stream - that would be closer to a udp stream. How can you teach somebody to use a tool with the wrong fundamentals.
+pocodedo A TCP stream is the collection of all segments belonging to a unique "pair of IP addresses and port numbers". If you get the entire stream it always begins with empty data parts of the segments with only the SYN, SYN-ACK and finally ACK bit set (3-way handshake) in the TCP flags. TCP streams will eventually end in a FIN, FIN-ACK, ACK or a plain RST.Given a large enough trace file that unique combination of IP addresses and port numbers will be reused - Wireshark detects this and warns you.Btw: it is not wise to choose a TCP segment from early in the trace file to showcase TCP streams. The earlier in the trace file, the less chance of the stream having the 3-way handshake in it.
Have you checked out steelcentral software from riverbed? Pretty neat tool to display aspects of a packet capture with a graphical interface.
And who was now behind "refinery dot something?" 1:15
I just used this to get a bunch of points for a hacking competition. Thanks Shannon!
woohoo! Glad it helped :)
Thank you so much for the video, This really helped me out in a final project I was working on.
CISCO classes brush over Wireshark so this series is an awesome supplement to the training! Also, keep the glasses Shannon. ;)
My glasses are a slightly different prescription than my contacts, so they totally throw me off! But sometimes, my eyes need the rest from contacts. :P
Ahh... My favorite tech tips show by my favorite hosts :-)
I learned about about da packets today.
Thanks for the video. Nicely explained
them high pitched tones its does my head in!
@7:44 your reactions is so amazing i love it Shannon :D :D :D
;) Also learned something new. Had no idea you could save images from wireshark. etc etc. Nice vid. thnx
good program, Ive been using this for years.
10/10.....the video was cool too
hey. first off thank you for the info. you cleared up a Lott for me. the only question i have is, what would be the best way to view packet info without having to save then open each. is there a preview feature, or maybe a viewer program?
I've been working with Wireshark since 2014 and I never imagined there would be a hot girl teaching me about it
i want to analyze the youtube video through wireshark. i need a video link or any reference video from which i can get the information that how to read all the KPI's during the video playback. e.g. analyzing the poor quality result of youtube video and its reason, analyzing the data transfer during video, time to display the 1st picture. Plzzzz Help me
HOTTTTTT
Hak5 should do a gamergate episode.
can you do a Wireshark HakTip explaining switched networks.. and how that does not work.
Ahh, switches. Switches and hubs make networks act weird. Yes! That would be a good subject to define. Thanks!
Shannon Morse Sweet!! I love this series by the way.. I actually took a Wireshark Course with one of the (many) developers teaching it. Your teaching methods and subjects you choose to cover really help connect the dots. My biggest confusion was switched networks and hubs.. even after knowing what they did I got a wee bit confused when using Wireshark. Thank you, Shannon!
+Shannon Morse Eh, just how do switches and hubs (they are not used anymore by the way) make networks weird? They are the very definition of networks - can you show me a network without a switch?
+Skjalg Landsem How are hubs not used anymore if I have one right in front of me.. Hubs just distribute all traffic to connected devices. Switches are port specific. If you have switches VLAN'd out things get weird. That's what I was talking about.
If you have a "true" hub in front of you - hang on to it! You can't buy them anymore and the highest throughput you can get from the old 3Com hubs is 10Mb I believe.
I'll get back to you on how switched networks work. Are you interested in switching in general or just VLAN propagation over a switched/routed network?
BOOBA (oh dang this vid from 2014 wow)
i thought this was about decoding tcp stream ?
I would love to take more lessons in wireshark with her lol
@1:40 you selected packet 1382 and follow tcp stream.@2:13 you say tcp.stream eq 105 means packet 105 - but you selected packet 1382. What? 105 means the one-hundred-fifth occurrence of a tcp stream in this capture. Teaching the wrong thing is not better than teaching nothing at all. And this is not free since we have to sit through all the ads.
it was weird hearing OSI pronounced O S I. we just pronounce it ozi, ozi model.
Really? Weird! I was taught in school it was pronounced O S I. I guess everyone pronounces things differently. - Shannon
@2:03 tcp stream is a byte stream not a packet stream - that would be closer to a udp stream. How can you teach somebody to use a tool with the wrong fundamentals.
+pocodedo A TCP stream is the collection of all segments belonging to a unique "pair of IP addresses and port numbers". If you get the entire stream it always begins with empty data parts of the segments with only the SYN, SYN-ACK and finally ACK bit set (3-way handshake) in the TCP flags. TCP streams will eventually end in a FIN, FIN-ACK, ACK or a plain RST.Given a large enough trace file that unique combination of IP addresses and port numbers will be reused - Wireshark detects this and warns you.Btw: it is not wise to choose a TCP segment from early in the trace file to showcase TCP streams. The earlier in the trace file, the less chance of the stream having the 3-way handshake in it.