1
00:00:00,750 --> 00:00:05,190
In this lecture we will start exploring the wide gooey.

2
00:00:05,220 --> 00:00:09,260
And we will work with captcha filters.

3
00:00:09,360 --> 00:00:20,860
So here we see the list of the interfaces that our shark can capture traffic from and to capture traffic

4
00:00:21,130 --> 00:00:22,060
from an interface.

5
00:00:22,060 --> 00:00:26,200
For example the wireless network connection interface.

6
00:00:26,200 --> 00:00:35,290
I can double click on the interface or select it and then go to the captured menu and click on Start

7
00:00:35,980 --> 00:00:39,220
or simply click on this icon.

8
00:00:42,910 --> 00:00:56,710
So now we see the packets that are being captured on this interface and I can stop the capture by clicking

9
00:00:56,710 --> 00:01:00,730
on this icon or button.

10
00:01:00,730 --> 00:01:03,740
And here we see that we have three things.

11
00:01:03,820 --> 00:01:13,900
The first pane is The Bucket List pane which contains the columns of no time source destination.

12
00:01:14,260 --> 00:01:22,990
Protocol length and therefore that gives content details.

13
00:01:22,990 --> 00:01:26,920
And this view of columns can be customized.

14
00:01:29,050 --> 00:01:36,760
And here we see the details Bane which gives information about each layer content.

15
00:01:37,340 --> 00:01:37,690
So

16
00:01:40,760 --> 00:01:51,470
we see the protocols and airfields content and at the bottom we have the facts byte Spain which displays

17
00:01:51,470 --> 00:02:03,200
the data content in hexadecimal or in binary which why a shark interprets in the details vein and we

18
00:02:03,200 --> 00:02:14,690
can change the layout by going to the editing new and then references and then out and we can change

19
00:02:15,290 --> 00:02:17,750
to the layout that we like.

20
00:02:19,340 --> 00:02:29,600
So this one is the default layout so let us now start to capture again and continue without saving

21
00:02:32,830 --> 00:02:39,910
and here we see that we have many of protocols in this capture.

22
00:02:41,230 --> 00:02:57,290
So what if we want to focus our energies on specific protocol and to prevent the network interface card

23
00:02:57,290 --> 00:03:14,050
from being overwhelmed so we can do that by going to the capture filter will it so if for example if

24
00:03:14,050 --> 00:03:16,810
we want to capture

25
00:03:19,440 --> 00:03:21,380
TCB traffic

26
00:03:25,230 --> 00:03:40,610
you see now that we have packets of TCB only but no packets of UDP for example another way is by going

27
00:03:42,050 --> 00:03:42,710
to this button

28
00:03:45,790 --> 00:03:48,200
and then for example if I want to

29
00:03:50,760 --> 00:03:59,200
capture the traffic that is not TCB so I will say no start.

30
00:03:59,350 --> 00:04:08,460
Now we see that we do not have any traffic third way is by going to the capture I mean you and then

31
00:04:09,150 --> 00:04:21,770
options and we see that the same dialog box we have seen before was opened and we can use existing

32
00:04:24,490 --> 00:04:25,960
packet filters.

33
00:04:25,960 --> 00:04:35,580
So for example if I click here you see that we have an existing captcha filters that we are included

34
00:04:35,730 --> 00:04:36,970
by default with white shark.

35
00:04:37,350 --> 00:04:48,370
So for example if I want to display would be only traffic I will sit here and click on the interface.

36
00:04:48,580 --> 00:04:58,410
So how we see that we have traffic that is would be only and we do not see any traffic

37
00:05:01,160 --> 00:05:12,360
and here we see this protocol the as is VB that is UDP protocol with the Port of nineteen hundred.

38
00:05:13,660 --> 00:05:18,130
So what if we want to capture a traffic of that protocol only we can

39
00:05:21,470 --> 00:05:25,640
go here.

40
00:05:26,680 --> 00:05:39,270
We can manage these start filters and edit the existing one so this one of you to be only I can copy

41
00:05:39,280 --> 00:05:40,960
that one and then here

42
00:05:43,710 --> 00:05:48,590
said the would you want to be nineteen hundred

43
00:05:51,530 --> 00:05:57,680
and then let us change this name to be as s DV

44
00:06:01,700 --> 00:06:02,910
and then click on.

45
00:06:02,940 --> 00:06:04,910
OK.

46
00:06:04,950 --> 00:06:15,900
And now I can find this filter I did and then I think on the interface.

47
00:06:16,290 --> 00:06:30,690
So now we see buckets of it as DV only so no TCB packets and no other UDP packets are captured

48
00:06:34,110 --> 00:06:41,970
final way of working with capture filters is by going to the capturing you and then select capture filters

49
00:06:42,060 --> 00:06:48,740
and this time I will create a new filter from scratch instead of modifying an existing one.

50
00:06:48,780 --> 00:06:51,930
So I click here and let us

51
00:06:55,920 --> 00:07:11,160
capture traffic going to the IP address of Google DNS and I will modify the name to we we will need

52
00:07:11,470 --> 00:07:14,510
an S and then click on.

53
00:07:14,520 --> 00:07:15,420
Okay.

54
00:07:15,690 --> 00:07:17,580
And then I reach like that packets filter

55
00:07:21,470 --> 00:07:23,850
and click on the interface.

56
00:07:23,870 --> 00:07:34,640
So now we do not see any packets because we do not have any traffic to or from the specified IP address.

57
00:07:34,640 --> 00:07:39,170
So I tried now to being that IP address

58
00:07:42,050 --> 00:07:45,890
we see no traffic captured.

59
00:07:45,890 --> 00:07:53,090
So in this picture we have explored the gooey of white shark and have seen multiple ways to walk with

60
00:07:53,450 --> 00:08:02,360
the capture filters and in the next picture we will start see how to work with display filters.