I have always wanted to learn more about Wireshark but felt imitimidated by it but this video does a good job of breaking down some of the confusion around it. Modern computers are so complicated! I would love to see more videos about Wireshark or of this nature.
Been using this alongside Portmaster. Makes me giddy to know that my tweaks and mods to minimize telemetry on Windows 10/11 work! :D I'd only see Windows telemetry being blocked by Portmaster when Windows tries to check for updates in the BG.
@@cryptoafc7655 Better bring it up to the Portmaster devs or in their community (can't mention the name here cos YT auto-deletes comments that mention other socials, lol). I haven't encountered that yet, but Portmaster does use a kernel driver so BSODs are possible.
Would love more videos like this, I was struggling with learning a lot of protocols for my IT program I am in, and this video was explained perfectly, The examples on screen were very easy to follow, and your approach to explaining how exactly things worked was very easy to follow, need a full series like this, from Zero to Hero! Great job honestly.
Yes, great video. I'm in cybersecurity program in college and so far I'm doing the general studies but I can't wait to get into the cybersecurity stuff like this.
This video seems like it's missing an important part of the usefulness of wireshark. How do I identify what I don't know what I'm looking for? No shit if I connect to youtube I'll see youtube but what about unrecognized connections from potentially malicious software on my PC
You have to look at this differently it’s made for people who never used it before you can’t start somewhere in the middle or very complicated if you are learning something new
In that scenario you would wanna look for network connections involving unusual ports, so lets say you have a typical Windows home edition PC, but you spot a some random executables (Apps and .exe) successfully connecting via Port 22, Port 3389 BUT you don’t even have Remote Desktop feature because that’s unavailable in Home editions. This is just one example and trust me this can be a rabbit hole of being over suspicions but this is one example of an outbound C&C connection
Thank you for a straight up start to this tool. Shows the basics of how to get in there and how it's used by focusing on specific things one might be looking for, strings, ports, specific apps or sites. Great place to start. Thank yoU!
Excellent info picked up,through this video. Yea I'd love too see some more videos like this,is good too understand more of what it all means,cheers buddy!
Good tutorial but I think you miss a important point for some people who can not see any readable DNS query. If DNS query is encrypted(maybe by HTTPS), WireShark can not capture those DNS query in readable string.
@@zapa1pnt Is disabled. By the way, the motherboard does this without a hard drive attached. It turns itself on in a kind of low-power mode and connects to the Internet.
@@zapa1pnt I already do. But how many people don't know? How many people are affected by this? Gigabyte is famous for doing this, google the topic and you will see that Gigabyte has been caught with his pants down more than once doing exactly the same thing.
I’m interested in computer science and how they connect with the world. It’s fascinating but intimidating and overwhelming.. I subscribed hoping you’ll put up more content like this. Break it down for us..
Hi, once you see the packets that show the sites you may not want, can you block those or will they just keep communicating each time you go to that site ?
Yes, please do more videos to add on this one (advance). Is there anything further to see if the connections are not easily identifiable? Is there a way to pinpoint a remote connection quickly?
great stuff 👍 many useful cases for this tool last time i used it was to check my dns traffic to make sure it was all configured/encrypted correctly for a deeper dive, chris greer has some good wireshark content on youtube, explains filters well
I don't know if you do this already but maybe create a 'related series' as an aside to the main thrust of the channel. Anyway those are my thoughts and content like this is very useful for 'dipping' the toe in, which may be useful down the track.
I would like to snoop on WiFi traffic to the various WiFi-enabled devices that are proliferating in my house. This is mostly a curiosity, but I expect there will also be surprises, some perhaps concerning. I've been told that I can use Wireshark to do this, but I need to add a separate dedicated WiFi interface on my PC that supports "promiscuous mode". I found some trailing edge WiFi dongles that are supposed to support promiscuous mode, but I also need a compatible driver. This is where I have hit a dead-end, as I have been warned that the drivers for these trailing edge WiFi interfaces often have embedded malware, and I don't have a sacrificial PC available to dedicate to this effort. Any light you can shed on this in a future video would be of interest to me.
I see my private IP address sending and receiving HTTP requests from public IP addresses. Is this weird? Why isn't it my public IP address that is handling these requests?
Maybe we would go more in depth on this software sometime? What do the colors mean, if anything? How do you really determine what is and isn't a good IP once you see something you don't recognize? How do VPNs interact with and change the packets you see? Stuff like that. I'm just getting into the whole cybersecurity scene. Although I've been careful since the days of Limewire to never click links, ads, and to distrust anything I see in emails, etc, I haven't ever really been big in actually finding out what goes wrong in the system and network. I visit the same sites that I've always gone to. But I find myself wondering if somehow they are getting in anyway even if I've been careful just by little things I notice happening on my PC once in a while such as the CMD window opening for just a moment and disappearing, a game minimizing to desktop with no input, etc. These coupled with data leaks from big tech leaking email, account info, and so on. It's probably totally benign and I'm being paranoid but you never know.
My old Outpost Firewall used to show me similar information, separated by the apps (or component of the O.S.) which was generating the connection... Is there a tool for this or is there an option available on Wireshark for monitoring this? Or is only doable on firewalls?
To achieve what you were doing with Outpost Firewall-monitoring traffic per application or OS component-you can use Wireshark but with some limitations, as it primarily focuses on packet-level analysis rather than app-based monitoring. However, with the right filters, you can approximate similar functionality by analyzing traffic specific to certain processes or connections. Wireshark allows you to apply **display filters** to identify specific network traffic based on protocols, IP addresses, or ports, which indirectly helps monitor app activity. However, it does not directly show traffic sorted by applications unless you pair it with OS tools to map the process to network traffic. For more straightforward app-based monitoring, a dedicated firewall or monitoring tool like **PRTG Network Monitor** or **SolarWinds Deep Packet Inspection** might be more suitable【7†source】【9†source】. If you want a direct replacement for the Outpost Firewall's style of monitoring, consider using **NetFlow** or **Deep Packet Inspection (DPI)** tools, which can classify traffic by app category and offer more detailed insights into app-level connections【9†source】. If you still prefer Wireshark, combining it with system monitoring tools could provide a similar overview, but it will require manual filtering and linking to specific processes.
Not going to lie if you start using Wireshark and if you have familiarity with osi model like layer with layer 3 routers packets and layer 2 switches frames then it's not bad at all. To read the traffic and knowing udp tcp protocols you're golden. I think I need help with adjusting ethernet adapter into promiscuous mode and the other mode. And what's the functionality.
I don't know why but my instant reaction to something like this is: How can I trust it? As it could quite easily see current webpages you are on or applications you're typing passwords into, and then hide its ip: protocol transaction with a server... but it's probably fine 👀
can you do us a favor and review costume os like tiny11, Ghost Spectre, windows x lite, from a security prespective many people want to use them. just give us a genral security test of them please. :(
Wireshark has to be a " backdoor" to catch " backdoor entries " too. The ethics of the admin of any empowerment matters as much as the expected service😅!
If you try to download a cracked version of any program it will come up as having a virus because of the software used to crack the program This is piracy and if you want the full version of a paid program then go pay them for it and you don't have false positives for virus alerts. Wireshark is free and used by a lot of people so it is very unlikely to come preloaded with a virus. I've just installed Wireshark and there are NO viruses at all...
"What applications are reaching out and what data is being sent?" -> You only show how to look at DNS requests, this show nothing about what data applications are sending. You only show which DNS queries your PC as a whole is making. "Maybe you are even hacked and your computer is connecting to attackers" -> By just looking at DNS that shows nothing, maybe they are using IPs instead of domain names. Maybe they use some Amazon or Google endpoint which doesn't make it clear either. Maybe they embedded a Tor tunnel. Once a domain has been resolved, it wouldn't re-resolve unless you've flushed your DNS cache or forcefully look up the domain again (using nslookup for example). I would've preferred to see how to isolate traffic from a specific application to see exactly what it does and exactly what data is being sent.
Wireshark is one of the most important tool in IT. Mastering this tool is such a great advantage. Thank you!
I have always wanted to learn more about Wireshark but felt imitimidated by it but this video does a good job of breaking down some of the confusion around it. Modern computers are so complicated! I would love to see more videos about Wireshark or of this nature.
Been using this alongside Portmaster. Makes me giddy to know that my tweaks and mods to minimize telemetry on Windows 10/11 work! :D I'd only see Windows telemetry being blocked by Portmaster when Windows tries to check for updates in the BG.
Portmaster made my windows go in blue screen mode
@@cryptoafc7655 Better bring it up to the Portmaster devs or in their community (can't mention the name here cos YT auto-deletes comments that mention other socials, lol). I haven't encountered that yet, but Portmaster does use a kernel driver so BSODs are possible.
@@KyanoAng3l0_Mtvtks havent encountered bsod aswell, using portmaster for 1 week now
May i know what kind of tweaks mods you do to reduce telemetry. I am interested to know
@@rrakesh6434 winaero tweaker is pretty good for W10/11.
Would love more videos like this, I was struggling with learning a lot of protocols for my IT program I am in, and this video was explained perfectly, The examples on screen were very easy to follow, and your approach to explaining how exactly things worked was very easy to follow, need a full series like this, from Zero to Hero! Great job honestly.
Yes, great video. I'm in cybersecurity program in college and so far I'm doing the general studies but I can't wait to get into the cybersecurity stuff like this.
Been using Wireshark on personal PC for years. While working it was Network Instruments that was pre-2009. Thanks for the videos.
really intersting tutorial, would love to see more wireshak tutorials! :D
Going back to school for cyber security and studying for sec+ and cysa+ you have been very helpful
Wireshark is such an important tool. I use it all of the time both at work and at home. Such a great tool. Good video for beginners.
Thanks for the video. Would love to see more Wireshark instructional videos. You do a great job of simplifying complexity.
This video seems like it's missing an important part of the usefulness of wireshark. How do I identify what I don't know what I'm looking for? No shit if I connect to youtube I'll see youtube but what about unrecognized connections from potentially malicious software on my PC
You have to look at this differently it’s made for people who never used it before you can’t start somewhere in the middle or very complicated if you are learning something new
Wireshark is an investigative tool, not anti-malware. If you want a quick and easy way to detect malware, this isn't it.
In that scenario you would wanna look for network connections involving unusual ports, so lets say you have a typical Windows home edition PC, but you spot a some random executables (Apps and .exe) successfully connecting via Port 22, Port 3389 BUT you don’t even have Remote Desktop feature because that’s unavailable in Home editions. This is just one example and trust me this can be a rabbit hole of being over suspicions but this is one example of an outbound C&C connection
@@pcsecuritychannel Sounds like an opportuniy for something AI to "sit" on top of wireshark and do this.
@@pcsecuritychanneldo you recommend any tools for this?
Thank you for a straight up start to this tool. Shows the basics of how to get in there and how it's used by focusing on specific things one might be looking for, strings, ports, specific apps or sites. Great place to start. Thank yoU!
Good video for absolute beginners
hey just wanna tell you that you are a great guy these videos are so easy to understand
been waiting for a vid like this, ty
Very simple and straight forward tutorial.
I've always liked using Wireshark to monitor connections from other devices a like IoT devices etc. It's super useful for that.
Good video as always.
Indeed
Can you monitor all traffic on your network from just one computer?
Excellent info picked up,through this video. Yea I'd love too see some more videos like this,is good too understand more of what it all means,cheers buddy!
Just a note at the beginning you can select multiple network adapters by holding CTRL as well.
Good tutorial but I think you miss a important point for some people who can not see any readable DNS query. If DNS query is encrypted(maybe by HTTPS), WireShark can not capture those DNS query in readable string.
Loved the video, simple and powerful! Hope more to come on wireshark
1) More content on Wireshark would be great (aka Tutorials).
2) How much does Wireshark cost?
It's free
Open Source and free forever, unlike for example Metasploit, which is partly open and partly with proprietary upgrades.
My Gigabyte GA-990FXA-UD5 R5 motherboard connects to the internet in the middle of the night after I turn it off.
If Windows, go into settings and turn off "wake on LAN".
@@zapa1pnt Is disabled. By the way, the motherboard does this without a hard drive attached. It turns itself on in a kind of low-power mode and connects to the Internet.
@@coisasnatv: Well, if you can't find it in the BIOS, you will need to unplug it, after shutdown. 😁✌🖖
@@zapa1pnt I already do. But how many people don't know? How many people are affected by this? Gigabyte is famous for doing this, google the topic and you will see that Gigabyte has been caught with his pants down more than once doing exactly the same thing.
Yes please, Leo, more videos like this one. Thanks as always.
Well done. Super easy to understand!
I’m interested in computer science and how they connect with the world. It’s fascinating but intimidating and overwhelming.. I subscribed hoping you’ll put up more content like this. Break it down for us..
What to do to get rid of the 12 or so UAC notification whenever we start Wireshark?
I liked the video, it was very interesting thanks Leo😄❣️
Thanks, this was really informative!
An interesting video subject would be on what to do when you find your computer connecting to places you don't want it to.
I am very curious about why there is no option to have a professional packet capturing software like Wireshark for mobile/Android?
would love a more deep dive to understand what other kinds of network requests are being made if a malicious software is installed.
Thank You So Much For The Video Sir Please Make More Videos On How To Use Wireshark 💓✨
I collected all ad urls and added them to my hosts file. Can now browse anyplace without background ad data exchanges without consent.
Hi, once you see the packets that show the sites you may not want, can you block those or will they just keep communicating each time you go to that site ?
Thank you for this wonderful tutorial!
Yes, please do more videos to add on this one (advance). Is there anything further to see if the connections are not easily identifiable?
Is there a way to pinpoint a remote connection quickly?
this is a tool that is great for checking if your computer has been RATTED right?
DNS can be also encrypted using DNS over TLS or DNS over HTTPS. So than you cannot see any DNS requests which was made. ISP also cannot see it 😊
great stuff 👍 many useful cases for this tool
last time i used it was to check my dns traffic to make sure it was all configured/encrypted correctly
for a deeper dive, chris greer has some good wireshark content on youtube, explains filters well
I like the way you explain it and it is really helpful!!! thanks
What browser are you using?
Hello Leo, many thanks for a great content as always.
Would you ever consider doing a content on how to use Wireshark for hunting malware?!
enjoyable video ,thank you . one question how do we stop the spyware. a video on how to turn it off, individually would be most welcome . 🙂
is there a browser that does not make any queries to any links until i actually click on it? it simply puts a place holder, the link...
I don't know if you do this already but maybe create a 'related series' as an aside to the main thrust of the channel. Anyway those are my thoughts and content like this is very useful for 'dipping' the toe in, which may be useful down the track.
Does Wireshark show only the activity on the computer it’s downloaded to, or the LAN the computer is part of?
Now I know you have a website. =) Glad to know.
Totally awesome! Thank you for Sharing! 💯✴
What about reading the cap file...how can that be done?
I would like to snoop on WiFi traffic to the various WiFi-enabled devices that are proliferating in my house. This is mostly a curiosity, but I expect there will also be surprises, some perhaps concerning. I've been told that I can use Wireshark to do this, but I need to add a separate dedicated WiFi interface on my PC that supports "promiscuous mode". I found some trailing edge WiFi dongles that are supposed to support promiscuous mode, but I also need a compatible driver. This is where I have hit a dead-end, as I have been warned that the drivers for these trailing edge WiFi interfaces often have embedded malware, and I don't have a sacrificial PC available to dedicate to this effort.
Any light you can shed on this in a future video would be of interest to me.
How about an app for a phone and firewall to block outgoing requests?
I see my private IP address sending and receiving HTTP requests from public IP addresses. Is this weird? Why isn't it my public IP address that is handling these requests?
i dont see that much DNS listings on mine, just a couple from kaspersky, maybe it didn't install right?
is it normal to have remote desktop to be running in the background?
how would one check a hacked PC on this environment?
Great video!
How did you get it in Dark Look/Mode?
Maybe we would go more in depth on this software sometime? What do the colors mean, if anything? How do you really determine what is and isn't a good IP once you see something you don't recognize? How do VPNs interact with and change the packets you see? Stuff like that.
I'm just getting into the whole cybersecurity scene. Although I've been careful since the days of Limewire to never click links, ads, and to distrust anything I see in emails, etc, I haven't ever really been big in actually finding out what goes wrong in the system and network. I visit the same sites that I've always gone to. But I find myself wondering if somehow they are getting in anyway even if I've been careful just by little things I notice happening on my PC once in a while such as the CMD window opening for just a moment and disappearing, a game minimizing to desktop with no input, etc. These coupled with data leaks from big tech leaking email, account info, and so on.
It's probably totally benign and I'm being paranoid but you never know.
links to amazon popped up when I tested wireshark on my own personal computer.
Shoved the link in a url blocker. No more amazon lol X D
My old Outpost Firewall used to show me similar information, separated by the apps (or component of the O.S.) which was generating the connection... Is there a tool for this or is there an option available on Wireshark for monitoring this? Or is only doable on firewalls?
To achieve what you were doing with Outpost Firewall-monitoring traffic per application or OS component-you can use Wireshark but with some limitations, as it primarily focuses on packet-level analysis rather than app-based monitoring. However, with the right filters, you can approximate similar functionality by analyzing traffic specific to certain processes or connections.
Wireshark allows you to apply **display filters** to identify specific network traffic based on protocols, IP addresses, or ports, which indirectly helps monitor app activity. However, it does not directly show traffic sorted by applications unless you pair it with OS tools to map the process to network traffic. For more straightforward app-based monitoring, a dedicated firewall or monitoring tool like **PRTG Network Monitor** or **SolarWinds Deep Packet Inspection** might be more suitable【7†source】【9†source】.
If you want a direct replacement for the Outpost Firewall's style of monitoring, consider using **NetFlow** or **Deep Packet Inspection (DPI)** tools, which can classify traffic by app category and offer more detailed insights into app-level connections【9†source】.
If you still prefer Wireshark, combining it with system monitoring tools could provide a similar overview, but it will require manual filtering and linking to specific processes.
You need to do a video, kaspersky vs malwarebytes premium
i love your desktop wallpaper. Please share downloadable link to download the same wallpaper.
Is Malewarebytes still poot for on the fly? I trust it is still great at scans
hey , I wonder how MacOS handle this? can you do these on MacOS also?
Not going to lie if you start using Wireshark and if you have familiarity with osi model like layer with layer 3 routers packets and layer 2 switches frames then it's not bad at all. To read the traffic and knowing udp tcp protocols you're golden. I think I need help with adjusting ethernet adapter into promiscuous mode and the other mode. And what's the functionality.
The most useful video, thnaks
This is an awesome video thanks.
I don't know why but my instant reaction to something like this is: How can I trust it?
As it could quite easily see current webpages you are on or applications you're typing passwords into, and then hide its ip: protocol transaction with a server... but it's probably fine 👀
This reminds me of back in late 90s early2000s there was a free app (can’t remember name) that backtracked incoming pings.
That Wallpaper look sick!
Where did you get it? @The Pc Security Channel
Merci 😊😊😊
how to restart everything it does something watching my pc
can you do us a favor and review costume os like tiny11, Ghost Spectre, windows x lite, from a security prespective many people want to use them.
just give us a genral security test of them please. :(
Portmaster and winaero tweaker are my ho to programs for shutting down telemetry.
I want to see the entire on my network not just for my computer!!!
there should be a function in wireshark make a image of all connection, install software, make image again and compare.
Yes, more vids like this!
i took an entire. class in community college on wireshark, and i was afraid of it after this class. but now. not so much
How to know about suspicious connection
Very good vid.
Wireshark has to be a " backdoor" to catch " backdoor entries " too. The ethics of the admin of any empowerment matters as much as the expected service😅!
Skoda octavia is not that bad if you are still looking into it =)
Waiting for eset smart security 17.
Now if we could just firewall all traffic until I actually open google, or open my video game, then I would be happy
Thanks !!!!!!
Cool. Thanks!
This is so complex, its like a programming language. I initially thought it was just gonna be a program that detects and blocks everything
Lol
Good video
Can you test Firewall of Avast Free? Thanks
the biggest question is are wireshark is safe to used it since all virus check website say have something on it?
If you try to download a cracked version of any program it will come up as having a virus because of the software used to crack the program This is piracy and if you want the full version of a paid program then go pay them for it and you don't have false positives for virus alerts. Wireshark is free and used by a lot of people so it is very unlikely to come preloaded with a virus. I've just installed Wireshark and there are NO viruses at all...
Better use Portmaster
always there is a "tool" to...
"What applications are reaching out and what data is being sent?" -> You only show how to look at DNS requests, this show nothing about what data applications are sending. You only show which DNS queries your PC as a whole is making.
"Maybe you are even hacked and your computer is connecting to attackers" -> By just looking at DNS that shows nothing, maybe they are using IPs instead of domain names. Maybe they use some Amazon or Google endpoint which doesn't make it clear either. Maybe they embedded a Tor tunnel.
Once a domain has been resolved, it wouldn't re-resolve unless you've flushed your DNS cache or forcefully look up the domain again (using nslookup for example).
I would've preferred to see how to isolate traffic from a specific application to see exactly what it does and exactly what data is being sent.
is epic games spyware because when i launch my laptop fans starting turning
This is why you need to be careful if you work from home.Only connect your work laptop to guest wifi
Boot up Win7 with wireshark. Boot up Win11 with wireshark. Now throw away that Win11 installer.
you'll understand wireshark much better if you fully understand the lower layers of the OSI model of networking
I have little snitch. Not as deep as this, but it is powerful
Cool!