WEBVTT

00:01.220 --> 00:07.400
Wireshark offers a comprehensive framework for analyzing network traffic, and it performs well on most

00:07.400 --> 00:14.720
operating systems, and the interface is streamlined with shortcuts and methods to make navigation easier

00:14.720 --> 00:18.880
and get you up and running with analyzing traffic.

00:18.890 --> 00:24.650
And in this lecture we will discover how the Wireshark presents information along with where to find

00:24.650 --> 00:26.570
a list of keyboard shortcuts.

00:26.570 --> 00:32.240
And we will also take a look at the many authors who have been who have made this application possible

00:32.240 --> 00:36.670
and describe some ways you can obtain help and learn about Wireshark.

00:36.680 --> 00:41.300
So let's start with a brief look at the Wireshark interface.

00:41.300 --> 00:43.640
So let's first start Wireshark.

00:43.670 --> 00:50.540
You can also start Wireshark from Terminal without just typing Wire, Wireshark, and you can also start

00:50.540 --> 00:52.940
with a pseudo credentials.

00:52.940 --> 00:59.510
But in this case we will just start it with a normal wireshark without sudo or anything for now.

01:00.080 --> 01:06.570
And in some cases you will need, uh, you will need to start mashrakh with sudo privileges.

01:06.570 --> 01:14.700
And now when you first launch Wireshark, you will see a list of active interfaces and some have a spark

01:14.700 --> 01:18.600
line or moving graph symbol next to the interface here.

01:18.600 --> 01:25.920
And when present, the spark line represents actively exchanging data and you can select that interface

01:25.920 --> 01:27.180
and begin capturing.

01:27.180 --> 01:31.500
And here, as you can see, our arrow is down, our analysis is down here.

01:31.500 --> 01:36.540
So whenever we enter some website here, let's actually coliforms.

01:36.660 --> 01:39.270
And here, as you can see, it spiked up.

01:39.450 --> 01:44.700
So as shown here, this is our both Ethernet.

01:45.030 --> 01:46.050
Also select any.

01:46.050 --> 01:51.780
In this case we don't have connected Bluetooth or any wireless devices.

01:51.780 --> 01:56.130
So now during analysis, Wireshark has many ways to improve your experience.

01:56.130 --> 02:00.180
So first let's actually select firstly Ethernet and then we will start here.

02:00.180 --> 02:01.470
As you can see, it's empty.

02:01.470 --> 02:08.410
So whenever we go here, let's actually go to Nethunter and as you can see it.

02:09.150 --> 02:17.460
It's actually very it works actually very fast and real time data on your screen here.

02:17.730 --> 02:20.040
So it might look like.

02:21.510 --> 02:21.880
Pretty.

02:23.600 --> 02:30.880
Is arranged, but it's actually it arranged in some way, which I will explain all of this in this section.

02:30.890 --> 02:36.860
So now, for example, when working with a package capture with Wireshark, we can easily add columns

02:36.860 --> 02:38.030
to the interface.

02:38.030 --> 02:44.600
So simply right click on a value with the packet details here and now.

02:45.620 --> 02:46.810
You can also apply.

02:46.900 --> 02:48.050
Apply as filter.

02:48.050 --> 02:49.400
Prepare as filter.

02:49.400 --> 02:53.570
Mark Unworked Protocol Preferences Decode.

02:53.570 --> 02:55.520
Show packet new info here.

02:55.520 --> 03:03.800
As you can see, there is a also we can also edit resize contents and resize column width and here apply

03:03.800 --> 03:04.610
as filter.

03:04.760 --> 03:05.630
So.

03:06.900 --> 03:11.100
Now we will select something here and.

03:12.050 --> 03:12.800
And see here.

03:12.800 --> 03:17.840
We can also select a num number at that column and so on.

03:17.840 --> 03:20.060
We can also change the title of it.

03:20.060 --> 03:22.250
So number.

03:23.030 --> 03:24.290
And so on.

03:25.530 --> 03:34.860
So, which also includes intelligent scrollbar, which is on the right side of the packet list here.

03:37.570 --> 03:46.360
You can also go to view and here we can expand all view, reset layout, colorize conversations, resize

03:46.360 --> 03:48.310
column reset layout.

03:48.340 --> 03:48.690
We.

03:49.720 --> 03:54.310
Receptor layout kernels packet in a new window.

03:54.310 --> 04:00.700
And as you can see here, the new window just popped out and we can see more information.

04:01.300 --> 04:02.110
Now.

04:02.850 --> 04:03.990
And here.

04:05.420 --> 04:09.920
We can also type our display filters, which you will learn all of this.

04:11.210 --> 04:12.800
This horse.

04:12.800 --> 04:15.230
And now.

04:16.670 --> 04:22.700
We'll start with how to discover keyboard shortcuts in Wireshark.

04:22.700 --> 04:27.680
So with millions of downloads per year, Russia has become a significant tool.

04:27.680 --> 04:34.130
It has proven to be flexible as an open source utility and encourages developers to add functionality

04:34.130 --> 04:36.350
as well as improve overall experience.

04:36.350 --> 04:42.620
So each new version improves the application, and improvements can include fixing a simple visual or

04:42.620 --> 04:50.690
display usually or more significant problems that can cause an application to crash, such as sulfur

04:50.730 --> 04:51.560
detectors.

04:51.560 --> 04:57.200
So when you update Wireshark, take time to read the notes, which will see.

04:57.200 --> 05:01.130
You can also see here where just Google it var.

05:02.700 --> 05:04.020
Wireshark.

05:04.060 --> 05:07.590
OBS, Wireshark, update notes.

05:07.590 --> 05:10.110
And here there's also.

05:10.700 --> 05:18.590
Uh, you can see the what's new bug fixes new and updated features like a new protocol support.

05:18.620 --> 05:22.970
Updated protocol support new and updated capture file support.

05:22.970 --> 05:25.610
And you can also get help from that.

05:25.640 --> 05:29.450
So first, let's actually solve this capture, and we will.

05:30.250 --> 05:30.700
Again.

05:32.080 --> 05:33.350
Uh, explaining.

05:35.300 --> 05:36.260
It's not working.

05:36.410 --> 05:38.080
So we can rule out.

05:38.090 --> 05:38.510
No.

05:39.200 --> 05:39.680
Stan.

05:39.860 --> 05:44.060
As you can see, there's a release notes on Wireshark's official Web page.

05:44.150 --> 05:48.290
As you can see, the last version of this 4.0.5.

05:48.410 --> 05:56.690
And here what's new in what's new section, you can see bug fixes, file locations, getting Wireshark

05:56.690 --> 05:58.280
and so on.

05:58.280 --> 05:59.270
So let's get started.

05:59.270 --> 06:05.090
Fastly with the let's get started with discovering the keyboard shortcuts.

06:05.090 --> 06:05.420
Right?

06:05.420 --> 06:09.250
So everyone has a preferences as how they interact with Wireshark's.

06:09.260 --> 06:16.100
Some individuals prefer using keyboard as it's faster and more intuitive and using a mouse like that.

06:16.100 --> 06:22.340
So Wireshark has a list of keyboard shortcuts that can be found by selecting from the this Help menu

06:22.340 --> 06:29.480
choice, then clicking about Wireshark and then selecting keyboard shortcuts here and see in the tab

06:29.480 --> 06:30.050
here.

06:30.050 --> 06:37.040
So now we are seeing every shortcut, every possible shortcut in Wireshark.

06:37.670 --> 06:44.880
So for example, when working with a package capture, many times I will select, as you can see, control

06:44.880 --> 06:49.050
plus plus, which will zoom in on the main text of the interface.

06:49.050 --> 06:50.760
Let's try that actually click.

06:50.760 --> 06:54.030
Okay, let's zoom in that here.

06:55.220 --> 06:57.350
I'll sit here and zoom in.

06:57.350 --> 06:58.790
Zoom out like that.

06:59.180 --> 06:59.900
Zoom in.

07:01.130 --> 07:02.540
Please zoom in now.

07:02.570 --> 07:03.140
Here.

07:10.930 --> 07:11.230
It's.

07:11.350 --> 07:13.580
We can barely see it.

07:13.600 --> 07:15.790
That's because I will zoom.

07:16.840 --> 07:17.230
Again.

07:19.040 --> 07:19.460
Yes.

07:20.820 --> 07:21.450
Actually check.

07:21.570 --> 07:22.230
Check that.

07:22.530 --> 07:24.660
Shortcut shortcuts again.

07:24.990 --> 07:26.550
And here, zoom in.

07:26.550 --> 07:27.990
Zoom out.

07:28.230 --> 07:30.240
Zoom in and zoom out here.

07:30.450 --> 07:31.620
So now.

07:33.590 --> 07:34.010
We will.

07:35.250 --> 07:36.570
To and zoom in.

07:36.930 --> 07:41.520
Unfortunately, it's actually close that wireshark and open the wireshark.

07:41.550 --> 07:43.770
Again, we have some shortcut problem here.

07:44.890 --> 07:46.180
Then zero.

07:46.190 --> 07:49.310
And here we let's go to some website.

07:50.370 --> 07:52.770
And here we are seeing that again.

07:57.760 --> 08:02.290
I guess my plus keyboard plus key on my keyboard is broken.

08:02.290 --> 08:04.780
So we will use that.

08:04.780 --> 08:05.130
We will.

08:05.140 --> 08:07.690
You can also change that here.

08:07.930 --> 08:08.290
Oops.

08:08.290 --> 08:09.250
Uh, not here.

08:09.430 --> 08:16.690
You should change this from the file and no edit preferences.

08:16.690 --> 08:25.180
And here you can change that font and columns layout captcha, expert filter buttons, name resolutions.

08:25.300 --> 08:26.920
You can also change the protocols.

08:26.980 --> 08:32.680
You can give them individual colors to know exactly what protocol is it or not.

08:32.680 --> 08:38.080
And you can see the statics advanced and so on.

08:38.230 --> 08:39.100
So.

08:40.940 --> 08:41.690
Yes.

08:41.930 --> 08:48.680
I use my laptop's keyboard to hear and see if we can zoom in and zoom out.

08:48.800 --> 08:50.240
And now.

08:51.110 --> 08:57.110
All of these improvements over the years have been possible because of the generosity of the open source

08:57.260 --> 08:57.800
community.

08:58.400 --> 09:05.600
And here you can see keyboard shortcuts, plug ins, that these are the default plugins.

09:06.230 --> 09:10.400
As of this lecture, I didn't installed any plugins for you.

09:10.400 --> 09:15.590
If we would need any plugins we will install on this lecture.

09:15.590 --> 09:16.340
So.

09:17.790 --> 09:22.020
Now let's firstly recognize our authors, right?

09:22.170 --> 09:23.460
Who developed this?

09:25.010 --> 09:26.480
This awesome application.

09:26.690 --> 09:33.200
So these are the many authors have contributed to the success of the Wireshark by providing ongoing

09:33.230 --> 09:35.540
development and maintenance of the application.

09:35.540 --> 09:43.700
So some constituent, some consistently jump in to add their expertise and others contribute only when

09:43.700 --> 09:46.700
they need a specific protocol Dissector.

09:46.700 --> 09:52.280
So anyone can be involved as there is a plenty of documentation on how to add a basic dissector.

09:52.280 --> 09:58.760
If you do modify Wireshark to edit the sector or visual enhancement for your work with the Wireshark

09:58.790 --> 10:02.620
team so that everyone can benefit.

10:02.630 --> 10:09.710
So now let's find information here across the bottom of the right hand side of the Wireshark.

10:09.950 --> 10:10.790
So.

10:11.840 --> 10:14.180
Welcome interface you will see learn label.

10:14.180 --> 10:19.610
So firstly, of course we need to first quit and let's go to wireshark's.

10:19.610 --> 10:23.000
Welcome screen right and here.

10:24.210 --> 10:27.210
We have profile Bluetooth classic here.

10:27.210 --> 10:32.520
Let's select classic actually click hold for you here now.

10:34.970 --> 10:38.810
Now we're going to understand the phases of packet analysis.