1 00:00:00,480 --> 00:00:01,560 Welcome back, everyone. 2 00:00:01,590 --> 00:00:10,290 This is new shaggin, and I welcome you, all of you, for this wonderful, lovely cause that's on trend 3 00:00:10,290 --> 00:00:18,480 hunting with Wireshark people who are either on networking or system administration or any of the IP 4 00:00:18,840 --> 00:00:26,940 people might be aware about Wireshark, but this is one of the most powerful and robust tools that can 5 00:00:26,940 --> 00:00:32,490 be used for troubleshooting many IP related stuff, Web application challenges. 6 00:00:32,880 --> 00:00:41,430 And you can actually go very deep inside to understand what really went wrong and what could be the 7 00:00:41,430 --> 00:00:46,130 big fix, what could be the solutions to come over from that challenge. 8 00:00:46,620 --> 00:00:51,390 Now we are going to use washrag, especially for the threat. 9 00:00:51,390 --> 00:00:59,640 Hunting in our case will understand how can we use Wireshark tool to find out any malicious strophic? 10 00:00:59,820 --> 00:01:01,470 That could be a phishing e-mail. 11 00:01:01,710 --> 00:01:03,840 It could be any malicious file. 12 00:01:04,050 --> 00:01:07,340 It could be any malicious user in the network. 13 00:01:07,590 --> 00:01:09,420 So it's going to be a lot of fun. 14 00:01:09,660 --> 00:01:15,240 And I hope you want to enjoy this entire course and let's get started. 15 00:01:16,050 --> 00:01:23,690 So the first thing that we'll be doing is, will be I'll be taking you through the wash to the you know, 16 00:01:23,910 --> 00:01:31,330 how the two product really looks like so far that will have to get the Wireshark to install on our system. 17 00:01:31,770 --> 00:01:40,140 So what you can do is you can make use of any browser, let's say I can go for it and then simply search 18 00:01:40,140 --> 00:01:41,160 for Warshak. 19 00:01:43,920 --> 00:01:52,560 Those who have been using it for them, it won't be a challenge just to give you an idea there to support 20 00:01:52,630 --> 00:01:57,670 it for those 64 32 Mac OS and Linux as well. 21 00:01:57,990 --> 00:02:02,690 And, of course, we can will be also using it on our candy machine as well. 22 00:02:03,060 --> 00:02:10,920 But sometimes because it is not something where you you need to have a secure environment, you can 23 00:02:10,920 --> 00:02:13,710 make use of it even on the infected machines. 24 00:02:13,740 --> 00:02:14,060 All right. 25 00:02:14,520 --> 00:02:19,950 So we'll be making use of it on the Windows machine and of the machine as well, which is, again, 26 00:02:19,950 --> 00:02:22,560 going to be a big machine in a way. 27 00:02:24,030 --> 00:02:26,780 So once that is downloaded, you just click on it. 28 00:02:27,060 --> 00:02:33,630 There will be multiple click, click, click, and you get installed with teashop, which is the UCLA 29 00:02:33,630 --> 00:02:34,350 version of it. 30 00:02:34,560 --> 00:02:40,440 If you want to impress your colleagues or your friends about how how the workshop really looks like 31 00:02:40,440 --> 00:02:41,130 on the cloud. 32 00:02:41,520 --> 00:02:43,860 This is for you for the rest of the folks. 33 00:02:44,100 --> 00:02:50,790 If you really want to make use of it for this wonderful UI, you can go for Wireshark as well. 34 00:02:50,790 --> 00:02:53,980 Wireshark to learn other than dishrag. 35 00:02:54,060 --> 00:02:58,580 You also get to have you also will be having unmap installed by default. 36 00:02:58,920 --> 00:03:05,700 There will be a gap of options to also get installed for you as BITA. 37 00:03:06,060 --> 00:03:09,810 So this will be the Add-On Software which usually get installed with it. 38 00:03:11,280 --> 00:03:12,450 Once it is installed. 39 00:03:12,450 --> 00:03:14,310 You can quickly search for Wireshark. 40 00:03:15,360 --> 00:03:23,610 Once you hit, enter the first thing that comes for you to select the interfaces, select this one and 41 00:03:25,230 --> 00:03:26,370 this by default. 42 00:03:26,370 --> 00:03:33,360 Whatever the traffic that is there on your wireless interface that we have just selected, you get to 43 00:03:33,360 --> 00:03:34,890 see all the traffic with it. 44 00:03:35,220 --> 00:03:43,290 And for those who are new to the networking or new to security or anything, you will be talking about 45 00:03:43,290 --> 00:03:48,480 the entire Wireshark stack one by one for them to give them more idea about it. 46 00:03:48,900 --> 00:03:50,160 So what are all you can do? 47 00:03:50,160 --> 00:03:51,330 There are a lot of fun. 48 00:03:51,330 --> 00:03:53,400 You can have a look at the statistics. 49 00:03:53,640 --> 00:04:01,410 You can get to know the entire hierarchy of the protocol where very you can get the idea where you can 50 00:04:01,510 --> 00:04:10,110 get the idea what all protocols we have as per the stacks from the IP for BTP, IP and everything. 51 00:04:10,110 --> 00:04:18,660 In fact, you can also get the idea about what are the different ports and different IP addresses available 52 00:04:19,110 --> 00:04:21,350 or in fact are communicating. 53 00:04:21,690 --> 00:04:26,580 So you get to know how many packets are displayed on real time. 54 00:04:27,030 --> 00:04:28,020 That's 100 percent. 55 00:04:28,230 --> 00:04:34,470 If you filter if you apply any kind of a filter, let's say I apply, will talk about it in more detail. 56 00:04:34,830 --> 00:04:41,340 But just to give you an example, if let's say I apply a filter for IP address, you can get to see 57 00:04:41,340 --> 00:04:49,650 these are the one one one that are these many packets has been selected, which are nine point five 58 00:04:49,650 --> 00:04:52,670 percent of the entire package that are going back and forth. 59 00:04:52,680 --> 00:04:53,020 All right. 60 00:04:53,430 --> 00:04:55,140 So this is just an idea. 61 00:04:55,140 --> 00:05:00,120 Just to show you how this really looks like, you can zoom zoom in a bit more. 62 00:05:00,120 --> 00:05:04,350 You can zoom out as well there once once you select any of the packet. 63 00:05:04,590 --> 00:05:06,120 These are multiple stacks. 64 00:05:06,420 --> 00:05:15,270 You can get to get through the frames to 800 packets to IP address to Tsipi IP mode and even application 65 00:05:15,270 --> 00:05:19,890 headers as well, which could be SCDP, DNS, SBP, all the strophic. 66 00:05:19,890 --> 00:05:20,140 Right. 67 00:05:20,580 --> 00:05:24,050 So this is just about the interaction going further. 68 00:05:24,060 --> 00:05:27,660 There are a lot of fun and trust me, you would enjoy this. 69 00:05:27,840 --> 00:05:28,200 All right. 70 00:05:28,210 --> 00:05:32,200 So be with me to the scores and we'll catch you in the next one. 71 00:05:32,520 --> 00:05:33,030 Thank you.