1
00:00:00,060 --> 00:00:01,060
‫What's going on, guys?

2
00:00:01,080 --> 00:00:07,230
‫My name is Hussein, and welcome to another episode of Wireshark of them all when we wireshark every

3
00:00:07,230 --> 00:00:10,190
‫single particle and existing back in engineering.

4
00:00:10,470 --> 00:00:12,480
‫So how about we jump into it today?

5
00:00:12,510 --> 00:00:17,580
‫Today we are wired shanking or shanking wire sharking.

6
00:00:17,670 --> 00:00:22,040
‫Mongo DB is going to be extreme fun.

7
00:00:22,260 --> 00:00:24,450
‫So among the TV guys is a known sequel database.

8
00:00:24,450 --> 00:00:32,790
‫That's a key value store and I already spent up Mangel Atlas database with the user and and all that

9
00:00:32,790 --> 00:00:33,180
‫stuff.

10
00:00:33,180 --> 00:00:40,230
‫They they give me a free assistance with three, three shards, three clusters, one cluster, three

11
00:00:40,230 --> 00:00:40,770
‫shards.

12
00:00:40,980 --> 00:00:46,650
‫And we're going to just basically run this code which connects to the database, does a little bit of

13
00:00:46,650 --> 00:00:52,380
‫sleep just because I want to see what's going on there and then connect to the database called Thunderbolt,

14
00:00:52,380 --> 00:00:58,230
‫which I created there, gets the employee and literally find the employee that's name Hussein and then

15
00:00:58,560 --> 00:01:00,150
‫execute a search cursor.

16
00:01:00,510 --> 00:01:04,140
‫And then once we get the search console we printed and then after that we close the connection.

17
00:01:04,410 --> 00:01:06,060
‫So I'm going to show you that.

18
00:01:06,060 --> 00:01:14,040
‫And then slowly, I'm going to start breaking up the connections one by one after each operation.

19
00:01:14,580 --> 00:01:15,610
‫So how about we do that?

20
00:01:15,630 --> 00:01:23,880
‫So here's a Wireshark I filtered based on Amazon's public IP addresses, which is there, which is the

21
00:01:23,880 --> 00:01:28,220
‫provider I'm using for Mongul atleast for Monga to be Atlas, least that's the IP address.

22
00:01:28,230 --> 00:01:32,120
‫So now anything going to that IP address will be logged here.

23
00:01:32,430 --> 00:01:44,820
‫And another thing I did, I use SSL key log NPM package for NOGs to split up that session to Lasky's

24
00:01:44,820 --> 00:01:48,090
‫because Mongo DB is always encrypted by default.

25
00:01:49,770 --> 00:01:52,020
‫Golf upload for Mongo DB team.

26
00:01:52,050 --> 00:01:52,890
‫That's awesome.

27
00:01:53,280 --> 00:01:53,610
‫Right.

28
00:01:53,620 --> 00:01:59,190
‫So because it's encrypted, I won't be won't be able to see it in Warshak unless I decrypted.

29
00:01:59,310 --> 00:02:03,030
‫And in order to do that I spit up the key logs.

30
00:02:03,030 --> 00:02:08,850
‫Right, the key log which I showed how to do that and stood to you when we wireshark to.

31
00:02:09,510 --> 00:02:15,900
‫And once we do that I said that that key to.

32
00:02:17,260 --> 00:02:22,470
‫Ta ta ta wireshark in the TLS option here, where the.

33
00:02:23,620 --> 00:02:30,430
‫Right here, and that basically will allow Wireshark to decrypt the keys because no one in the middle

34
00:02:30,430 --> 00:02:35,650
‫can actually decrypt anything, right, until unless they have the final exchange keys.

35
00:02:35,650 --> 00:02:40,300
‫And this works on any cipher, whether defacement, elliptic, cooperative element, anything, because

36
00:02:40,300 --> 00:02:42,240
‫you're at the end of the line.

37
00:02:42,250 --> 00:02:43,760
‫So you do have the keys.

38
00:02:44,050 --> 00:02:50,380
‫This is just an option for for a four month form, no gas to spit of those keys so we can use them for

39
00:02:50,380 --> 00:02:51,370
‫debugging purposes.

40
00:02:51,430 --> 00:02:51,810
‫All right.

41
00:02:52,000 --> 00:02:52,990
‫How about we jump into it?

42
00:02:53,230 --> 00:02:58,310
‫So I'm going to go ahead and run out there.

43
00:02:58,410 --> 00:02:58,780
‫All right.

44
00:02:59,230 --> 00:03:02,020
‫I'm going to go ahead and run node tester, Jess.

45
00:03:02,470 --> 00:03:06,490
‫And what this will do, it will literally connect.

46
00:03:08,670 --> 00:03:09,270
‫Spends.

47
00:03:10,500 --> 00:03:12,090
‫Brent and then close.

48
00:03:13,580 --> 00:03:14,060
‫That's it.

49
00:03:15,050 --> 00:03:19,400
‫So Prince Hussein, which is the employee we found and then closed the connection.

50
00:03:19,940 --> 00:03:23,480
‫Let's go to beautiful, beautiful Wireshark.

51
00:03:24,510 --> 00:03:33,210
‫Look at all this stuff, so that's what I love about Warshak, it actually knew that we're dealing with

52
00:03:33,210 --> 00:03:33,970
‫Mongo DB.

53
00:03:34,170 --> 00:03:34,740
‫Look at that.

54
00:03:34,740 --> 00:03:36,470
‫It actually knows the protocol.

55
00:03:36,480 --> 00:03:38,090
‫It does all that stuff.

56
00:03:38,400 --> 00:03:44,340
‫So how about we go through that stuff and then slowly after we go through all the operations until we

57
00:03:44,340 --> 00:03:46,350
‫close the connection, where's the fun?

58
00:03:46,620 --> 00:03:47,280
‫Right here.

59
00:03:49,440 --> 00:03:55,800
‫I don't see often where the fanfan there is often, yeah, until we close the connection, let's go

60
00:03:55,800 --> 00:03:56,130
‫through that.

61
00:03:56,760 --> 00:03:59,140
‫So Mungiu just disappear.

62
00:03:59,160 --> 00:04:01,790
‫So obviously since inexactly.

63
00:04:01,920 --> 00:04:04,850
‫So that's the three way handshake which we talked about right here.

64
00:04:04,860 --> 00:04:05,550
‫Go check it out.

65
00:04:05,730 --> 00:04:12,210
‫So every TCP connection has to be first agreed on the sequence number that we will be used to basically

66
00:04:12,210 --> 00:04:18,360
‫a number and you have to to agree for client sequence number and a server sequence number that will

67
00:04:18,360 --> 00:04:24,180
‫be used to label those packets that you send across the wire so they can be reordered, so they can

68
00:04:24,180 --> 00:04:26,700
‫be retransmitted if they are lost and things like that.

69
00:04:27,330 --> 00:04:32,460
‫Lionello to eleven point three, go beautiful one.

70
00:04:32,460 --> 00:04:33,370
‫Go look at this.

71
00:04:33,410 --> 00:04:38,720
‫There's one of the three and this is my Mongul client, Norges.

72
00:04:38,880 --> 00:04:39,230
‫Right.

73
00:04:39,390 --> 00:04:45,060
‫And said, look at all this beautiful sciver so powerful suites, powerful suites.

74
00:04:45,600 --> 00:04:46,800
‫Look at that stuff.

75
00:04:46,830 --> 00:04:51,060
‫At Elliptic of the Fidelman there is a diffie helmond one.

76
00:04:51,420 --> 00:04:51,920
‫Right.

77
00:04:52,560 --> 00:04:54,720
‫It's like, all right, all right.

78
00:04:54,720 --> 00:04:55,650
‫That's good stuff.

79
00:04:55,650 --> 00:04:56,910
‫Good stuff.

80
00:04:57,630 --> 00:04:57,940
‫Right.

81
00:04:58,260 --> 00:05:00,430
‫That's not very secure if you ask me.

82
00:05:00,430 --> 00:05:02,820
‫I it depends on how how is the bit size for this.

83
00:05:02,820 --> 00:05:03,870
‫But look at this.

84
00:05:04,350 --> 00:05:08,870
‫You can use any of these encryption methods first.

85
00:05:08,880 --> 00:05:09,480
‫Which methods.

86
00:05:09,480 --> 00:05:09,760
‫Right.

87
00:05:11,560 --> 00:05:20,680
‫And then since we're using TLC one point three, sort of her name is and I will go into this charade.

88
00:05:20,680 --> 00:05:26,740
‫So Shahd zero zero zero one, that's the primary charge that we're hitting and doing all that stuff.

89
00:05:26,750 --> 00:05:33,480
‫Supporters support secession because that's part of the tools or is it a part of Kerberos?

90
00:05:33,490 --> 00:05:34,530
‫I'm not sure about that.

91
00:05:34,670 --> 00:05:38,110
‫I don't think you can do a comparison deal as Labora version.

92
00:05:38,140 --> 00:05:39,330
‫This is the most important thing.

93
00:05:39,340 --> 00:05:44,470
‫We support one point two and one point three, and we send that stuff right.

94
00:05:44,490 --> 00:05:45,400
‫I'm not going to go through all this.

95
00:05:45,400 --> 00:05:48,640
‫And we went through the details, the services.

96
00:05:48,640 --> 00:05:50,980
‫Yo, I love you a lot.

97
00:05:51,000 --> 00:05:58,360
‫Let's use tearless one point three to communicate, but we have to say one point two, unfortunately,

98
00:05:58,360 --> 00:06:06,700
‫because there are dumb routers on the Web that unfortunately blocks the one point three on the version.

99
00:06:06,700 --> 00:06:07,770
‫So this is fake.

100
00:06:07,990 --> 00:06:14,560
‫This is not reality as one point to write the real version somewhere right here where we actually say,

101
00:06:14,560 --> 00:06:17,860
‫hey, what is this one point three supported version?

102
00:06:18,400 --> 00:06:18,910
‫There you go.

103
00:06:18,910 --> 00:06:23,220
‫It's under supported version that we had to add and you just didn't do that stuff.

104
00:06:23,650 --> 00:06:24,010
‫All right.

105
00:06:24,040 --> 00:06:29,140
‫So we exchange the key and then acknowledge and send the certificate, the server sends the certificates

106
00:06:29,140 --> 00:06:30,100
‫and all that stuff.

107
00:06:30,100 --> 00:06:32,440
‫We talked about that many, many times in this general.

108
00:06:33,160 --> 00:06:39,550
‫Verify the certificate that's the server and acknowledge acknowledge some Tsipi loss.

109
00:06:39,550 --> 00:06:42,340
‫And there is the first thing we send a query.

110
00:06:42,340 --> 00:06:43,520
‫What is this query?

111
00:06:44,860 --> 00:06:47,440
‫All right, Mongo wire protocol.

112
00:06:47,440 --> 00:06:49,160
‫We're using the wire Mongul.

113
00:06:49,550 --> 00:06:51,250
‫So it's a specific protocol for Mongo.

114
00:06:51,580 --> 00:06:55,390
‫It's around three hundred byte, not that big as good.

115
00:06:55,930 --> 00:06:59,560
‫And look at this, where querying a database called Edman.

116
00:06:59,860 --> 00:07:03,010
‫Technically, I didn't say any of that stuff.

117
00:07:03,280 --> 00:07:05,650
‫The admin database is not created by me.

118
00:07:05,680 --> 00:07:07,870
‫I didn't create it and do not anything.

119
00:07:08,110 --> 00:07:10,330
‫And there's no collection called Dorson cmd.

120
00:07:10,360 --> 00:07:13,360
‫That's probably some some built in collection.

121
00:07:13,360 --> 00:07:14,920
‫And that if we just apparently use.

122
00:07:15,580 --> 00:07:16,120
‫All right.

123
00:07:16,810 --> 00:07:19,600
‫And then we query and this is the thing we ask for.

124
00:07:19,960 --> 00:07:22,560
‫We asked for so many other information.

125
00:07:22,580 --> 00:07:31,360
‫We as for the compression type we ask for, that's the SS itself record stands for.

126
00:07:31,360 --> 00:07:40,480
‫This is the the URL LDAP alternative I forgot was stands for the master is the one I'm connected to

127
00:07:40,480 --> 00:07:43,270
‫is the mass that I want to connect to the master clients.

128
00:07:43,270 --> 00:07:50,170
‫Can I say the driver I'm connecting through from Norges and this is the version of the Mongo DB client

129
00:07:50,170 --> 00:07:52,480
‫and all that stuff to look at.

130
00:07:52,480 --> 00:07:54,820
‫That's compression, what kind of compression I'm using.

131
00:07:55,510 --> 00:08:03,940
‫And I said and the server obviously acknowledges that I received your query and then sends back the

132
00:08:03,940 --> 00:08:13,450
‫reply and the reply in the reply says, Hey, here's the list of horse that you can connect to.

133
00:08:13,480 --> 00:08:14,740
‫This is awesome, by the way, guys.

134
00:08:15,160 --> 00:08:17,530
‫So this is the three shots that we talked about.

135
00:08:18,010 --> 00:08:20,530
‫So I connected, I believe, to this one.

136
00:08:20,920 --> 00:08:22,060
‫This is the master.

137
00:08:22,270 --> 00:08:23,200
‫We're going to find out.

138
00:08:23,560 --> 00:08:27,880
‫And they gave us, like, by the way, this is this is another two shots that you can connect it.

139
00:08:27,880 --> 00:08:30,130
‫So it's almost like a client side sharding.

140
00:08:30,190 --> 00:08:30,490
‫Right.

141
00:08:30,820 --> 00:08:32,440
‫And that's how long TV works.

142
00:08:32,440 --> 00:08:33,970
‫The client side is aware of the shot.

143
00:08:35,050 --> 00:08:35,560
‫All right.

144
00:08:36,220 --> 00:08:39,910
‫And Satnam, the atlas we're using Atlas is master.

145
00:08:39,910 --> 00:08:40,150
‫Yes.

146
00:08:40,150 --> 00:08:41,580
‫You're connected to the master, are you?

147
00:08:41,590 --> 00:08:42,430
‫Connect to the secondary.

148
00:08:42,430 --> 00:08:42,790
‫Nope.

149
00:08:43,030 --> 00:08:44,140
‫Ah, you connect to the primary.

150
00:08:44,170 --> 00:08:46,300
‫This is the primary one as the primary.

151
00:08:46,510 --> 00:08:46,860
‫Right.

152
00:08:47,170 --> 00:08:49,480
‫And that's all that other stuff.

153
00:08:49,480 --> 00:08:52,360
‫Look, and that electable.

154
00:08:52,540 --> 00:08:54,220
‫Whether this is electable or not.

155
00:08:54,340 --> 00:08:57,100
‫A.W. is a region where where is it.

156
00:08:57,100 --> 00:08:57,970
‫It's in the east.

157
00:08:58,240 --> 00:09:00,880
‫All the information is that by the way, this is encrypted guys.

158
00:09:00,880 --> 00:09:04,090
‫But I have managed to decrypt it because I'm using that we talked about.

159
00:09:04,090 --> 00:09:04,330
‫Right.

160
00:09:05,170 --> 00:09:05,620
‫Well, yeah.

161
00:09:05,620 --> 00:09:06,400
‫What other stuff?

162
00:09:06,400 --> 00:09:06,780
‫Election.

163
00:09:06,800 --> 00:09:07,930
‫I don't care about that.

164
00:09:08,060 --> 00:09:10,620
‫Really late last.

165
00:09:10,640 --> 00:09:18,550
‫Right at Max and the binary JSON that is I don't I think I'm not an expert in Monga, so I don't know

166
00:09:18,550 --> 00:09:20,230
‫what what all this stuff is.

167
00:09:20,440 --> 00:09:22,300
‫Most of the stuff I know basic stuff.

168
00:09:22,720 --> 00:09:25,590
‫The, the versions manoir version maximizer.

169
00:09:25,630 --> 00:09:30,880
‫This is the response that's a little bit lengthy response time and that's it.

170
00:09:31,000 --> 00:09:31,840
‫So query.

171
00:09:31,840 --> 00:09:32,860
‫And here's the thing guys.

172
00:09:33,250 --> 00:09:34,240
‫You'll notice that.

173
00:09:35,180 --> 00:09:36,140
‫After that.

174
00:09:38,020 --> 00:09:42,640
‫That client also sends another query, and that's left me a little bit baffled.

175
00:09:43,210 --> 00:09:45,700
‫So we're sending another query around one 24.

176
00:09:45,820 --> 00:09:50,020
‫And what we're asking here, we're doing the Sarcelles start think.

177
00:09:50,180 --> 00:09:50,500
‫Right.

178
00:09:51,250 --> 00:09:52,370
‫So let's let's Google this.

179
00:09:52,420 --> 00:09:52,680
‫All right.

180
00:09:52,690 --> 00:09:56,140
‫So it's simple authentication and security layer protocol.

181
00:09:56,950 --> 00:10:01,400
‫So simple authentication, security protocol.

182
00:10:01,420 --> 00:10:03,610
‫So that's the protocol that they're using.

183
00:10:04,690 --> 00:10:05,320
‫Scram.

184
00:10:05,740 --> 00:10:10,600
‫That's another hashing algorithm that Mongo uses.

185
00:10:10,600 --> 00:10:14,110
‫And apparently this is they they are agreeing on this stuff.

186
00:10:16,470 --> 00:10:24,210
‫I don't know, scram, as I had to look at this, scram, so stands for salted challenge response authentication

187
00:10:24,360 --> 00:10:26,340
‫mechanisms cramb.

188
00:10:26,340 --> 00:10:32,090
‫So this is apparently an authentication mechanism and there are two there are many times there shall

189
00:10:32,130 --> 00:10:32,620
‫one.

190
00:10:33,540 --> 00:10:36,830
‫Why are we still using one guy's cha cha?

191
00:10:36,900 --> 00:10:37,860
‫One is dead.

192
00:10:38,160 --> 00:10:39,750
‫It's been proven to be weak.

193
00:10:40,200 --> 00:10:43,290
‫So and apparently what am I missing here?

194
00:10:43,320 --> 00:10:44,520
‫I'm using sha one.

195
00:10:45,750 --> 00:10:47,660
‫I probably is not a bad idea.

196
00:10:47,670 --> 00:10:54,930
‫No big deal because this person have to also decrypts in order to get into the show on to, to, to

197
00:10:54,930 --> 00:10:55,460
‫break it.

198
00:10:55,470 --> 00:10:59,580
‫So I don't see, I don't see it as a big deal unless you guys disagree.

199
00:10:59,730 --> 00:11:00,330
‫What do you think.

200
00:11:01,160 --> 00:11:01,470
‫So yeah.

201
00:11:01,480 --> 00:11:05,910
‫So this is the first Sarcelles query and then the replies back and it says.

202
00:11:07,730 --> 00:11:14,090
‫We having a conversation, so this is like a conversation, so there's a lot of chattiness just to establish

203
00:11:14,090 --> 00:11:16,070
‫the Mongo DB connection.

204
00:11:17,030 --> 00:11:17,510
‫All right.

205
00:11:18,020 --> 00:11:21,200
‫So we have done are we done false?

206
00:11:21,200 --> 00:11:21,980
‫We're not done.

207
00:11:21,980 --> 00:11:23,380
‫So it's almost like a conversation.

208
00:11:23,390 --> 00:11:28,150
‫I don't know the size of the protocol and how it works, but this is extremely chatty.

209
00:11:28,160 --> 00:11:28,610
‫Look at this.

210
00:11:28,760 --> 00:11:33,830
‫We're going to see that this is the first query reply, the second query and reply.

211
00:11:34,190 --> 00:11:37,070
‫The third query, almost the same thing.

212
00:11:37,070 --> 00:11:39,530
‫We're going to the admin CMD collection.

213
00:11:39,770 --> 00:11:41,780
‫We're just having the conversation again.

214
00:11:42,110 --> 00:11:47,660
‫There's some negotiation that is going on and then we get a reply back and it's not done yet.

215
00:11:47,960 --> 00:11:54,770
‫And then until the fourth query, the fourth round trip, we say, yo, let's continue sampling.

216
00:11:55,160 --> 00:11:59,980
‫And then we say done and then we're done the connection.

217
00:11:59,990 --> 00:12:03,170
‫So this I believe this is just the connection part.

218
00:12:03,470 --> 00:12:05,970
‫So we're and we're going to see that later.

219
00:12:06,380 --> 00:12:08,750
‫When I continue that, I think we're just here.

220
00:12:10,160 --> 00:12:14,810
‫That was just here, so little bit slow, if you ask me, I am.

221
00:12:16,210 --> 00:12:24,790
‫And this is the first request, request, extensible message format, is this the Ximo is that way extensible

222
00:12:24,790 --> 00:12:28,770
‫message format that just ximo that's what the XML stands for.

223
00:12:28,990 --> 00:12:31,810
‫Extensible message, markup language.

224
00:12:31,810 --> 00:12:32,520
‫Maybe it's different.

225
00:12:32,530 --> 00:12:33,520
‫I think it's a different thing.

226
00:12:34,600 --> 00:12:39,700
‫All right, so what are we're sending the where the user's sending the query to find.

227
00:12:39,700 --> 00:12:39,970
‫Right.

228
00:12:39,980 --> 00:12:41,170
‫We're sending a find.

229
00:12:41,560 --> 00:12:43,390
‫That's the find right here.

230
00:12:43,720 --> 00:12:43,960
‫Right.

231
00:12:44,020 --> 00:12:47,480
‫So this we're going to find out that this doesn't do anything.

232
00:12:47,830 --> 00:12:53,530
‫This is all clients ideologic going and getting the database, getting that collection until where you

233
00:12:53,530 --> 00:13:00,640
‫want to do something as the client and Mongo as the lazy is a lazy load approach, right where I found

234
00:13:00,640 --> 00:13:08,560
‫out by actually stopping in each step and there are no network packets sent when you're doing this stuff,

235
00:13:08,740 --> 00:13:11,460
‫only even here you don't send anything.

236
00:13:11,470 --> 00:13:13,630
‫It's only here, actually, we're going to find out that.

237
00:13:13,750 --> 00:13:14,020
‫Right.

238
00:13:14,560 --> 00:13:23,150
‫So find we're going to find and on the employees collection, do we specify the the collection here

239
00:13:23,150 --> 00:13:23,710
‫of the database?

240
00:13:23,740 --> 00:13:30,480
‫I mean, the database that we specify the diaries, we specify the collection, but none of the database.

241
00:13:31,130 --> 00:13:32,020
‫So that's the filter.

242
00:13:32,110 --> 00:13:34,780
‫Hosain, I want to go to who find me Hussein.

243
00:13:35,680 --> 00:13:40,360
‫The name Hussein retain key show and document.

244
00:13:40,850 --> 00:13:42,850
‫Look at all this stuff, man.

245
00:13:43,210 --> 00:13:44,290
‫The time stamp.

246
00:13:44,290 --> 00:13:46,000
‫And there's a DB Thunderbolt.

247
00:13:46,240 --> 00:13:46,600
‫Right.

248
00:13:47,350 --> 00:13:47,830
‫Awesome.

249
00:13:48,100 --> 00:13:49,470
‫And we acknowledge the service.

250
00:13:49,470 --> 00:13:51,310
‫Say, I got your request.

251
00:13:51,550 --> 00:13:53,620
‫And now here's what I think.

252
00:13:53,920 --> 00:13:56,200
‫This is just weird.

253
00:13:56,200 --> 00:13:59,440
‫It's not really a request because it's coming from the server.

254
00:13:59,440 --> 00:14:01,490
‫So it should be a reply or a response.

255
00:14:01,500 --> 00:14:10,090
‫So I think this is a problem in Wireshark Warshak just expanding the messages and treating it as a request

256
00:14:10,090 --> 00:14:11,710
‫where it is actually a response.

257
00:14:12,310 --> 00:14:12,990
‫I think so.

258
00:14:13,840 --> 00:14:16,060
‫So we're going to curser a beautiful cursor.

259
00:14:16,360 --> 00:14:18,310
‫This is a client site courser.

260
00:14:18,400 --> 00:14:21,910
‫We're going to show that because we asked for everything basically.

261
00:14:21,910 --> 00:14:22,140
‫Right?

262
00:14:22,570 --> 00:14:28,780
‫We asked for to array and we get back in an array of every single element, which is one basically.

263
00:14:29,140 --> 00:14:31,570
‫And the ID, the object idea of the element.

264
00:14:32,230 --> 00:14:32,590
‫Right.

265
00:14:32,920 --> 00:14:34,390
‫And the string, which is name same.

266
00:14:34,930 --> 00:14:42,120
‫If you notice here, this is five F to five F two and the name is the same.

267
00:14:42,580 --> 00:14:48,680
‫And then we get the the collection and the idea and all that stuff, OK.

268
00:14:48,720 --> 00:14:54,220
‫The cluster time for some reason we're exchanging the cluster time a lot and I don't know what's the

269
00:14:54,220 --> 00:14:54,980
‫purpose of this.

270
00:14:55,030 --> 00:14:55,900
‫That's very interesting.

271
00:14:57,010 --> 00:15:00,560
‫I think it's just for cinching purposes, that would be interesting to know.

272
00:15:01,230 --> 00:15:02,670
‫All right, some lost packages.

273
00:15:02,680 --> 00:15:03,580
‫No problem.

274
00:15:03,610 --> 00:15:04,540
‫Another request.

275
00:15:04,810 --> 00:15:05,100
‫Hmm.

276
00:15:05,590 --> 00:15:06,830
‫We don't know out the request course.

277
00:15:06,830 --> 00:15:07,370
‫That's weird.

278
00:15:07,690 --> 00:15:11,400
‫So if you look at this request, that request I didn't do that.

279
00:15:11,410 --> 00:15:16,910
‫Cissé intercessions was like almost like it's ending the session.

280
00:15:17,290 --> 00:15:23,800
‫Well, there is a document that says I.D. that gives you a value, a fort, a five était.

281
00:15:23,800 --> 00:15:25,310
‫I didn't do any of that stuff.

282
00:15:25,870 --> 00:15:28,450
‫Only thing I did as printed and just close that connection.

283
00:15:28,790 --> 00:15:33,630
‫So maybe that's part of the closing the connection and that's the client sending it right.

284
00:15:34,510 --> 00:15:40,810
‫And then the time stamp and we're getting all of this adamant, I didn't do that, we're doing something

285
00:15:40,810 --> 00:15:41,560
‫to the admin.

286
00:15:41,710 --> 00:15:46,300
‫The Mongo DB client is sending a request to the admin.

287
00:15:46,990 --> 00:15:48,930
‫Oh, look at that.

288
00:15:49,090 --> 00:15:51,530
‫This is part of a negotiation with the shards.

289
00:15:51,580 --> 00:15:52,030
‫Look at that.

290
00:15:52,420 --> 00:15:55,420
‫Says, Hey, I prefer the primary.

291
00:15:55,450 --> 00:15:58,090
‫Well, we are connected to the primary.

292
00:15:58,090 --> 00:15:58,570
‫All right.

293
00:15:58,850 --> 00:15:59,980
‫What's wrong with you, sir?

294
00:16:00,820 --> 00:16:03,480
‫Also, why no one is good.

295
00:16:04,030 --> 00:16:14,380
‫And then we get a response back from this gentleman saying what server saying, OK, one time don't

296
00:16:14,380 --> 00:16:15,820
‫really care about the cost of time now.

297
00:16:15,820 --> 00:16:20,980
‫And the operation that's nothing is just responding back with a response.

298
00:16:21,520 --> 00:16:25,320
‫So I didn't send that as a client, as a user, as a developer.

299
00:16:25,360 --> 00:16:26,140
‫I didn't write that.

300
00:16:26,920 --> 00:16:27,820
‫It's all Mongo.

301
00:16:28,450 --> 00:16:35,620
‫And then obviously this is the close of the connection and the Fehn or is it Fennec so that the client

302
00:16:35,620 --> 00:16:39,950
‫initiating the closing of the connection, look at all that stuff.

303
00:16:40,000 --> 00:16:40,470
‫All right, guys.

304
00:16:40,500 --> 00:16:41,530
‫So here's what I do now.

305
00:16:41,590 --> 00:16:43,390
‫So we went through all that stuff.

306
00:16:44,140 --> 00:16:49,750
‫This is a very basic Mongo DB request to pull all that stuff.

307
00:16:50,050 --> 00:16:55,960
‫How about we spice things a little bit and I'm going to copy this thing.

308
00:16:57,510 --> 00:16:58,620
‫And do it right here.

309
00:16:59,920 --> 00:17:02,770
‫Right after that connect, I'm going to close the connection.

310
00:17:03,700 --> 00:17:10,030
‫And we're sleeping here just because I noticed that, I think that it's almost like a bug here, when

311
00:17:10,030 --> 00:17:12,580
‫we don't close, we close immediately.

312
00:17:12,610 --> 00:17:17,110
‫We get a reset on the can on the on the on the TCP stack.

313
00:17:17,110 --> 00:17:20,800
‫So I'm just adding milliseconds so we avoid the reset.

314
00:17:21,610 --> 00:17:24,400
‫So let's go ahead and clear, which we shouldn't get to.

315
00:17:24,410 --> 00:17:27,730
‫If you think about we shouldn't get this reset lesson.

316
00:17:29,030 --> 00:17:30,920
‫And one second.

317
00:17:32,180 --> 00:17:34,430
‫And then, Don, let's take a look.

318
00:17:35,270 --> 00:17:35,780
‫All right.

319
00:17:36,720 --> 00:17:47,370
‫Three way handshake deals, handshake all the way, we get a query, reply, a query, reply, I query,

320
00:17:47,700 --> 00:17:52,050
‫reply, a query, reply, that's what we show, right.

321
00:17:52,470 --> 00:18:00,930
‫And then Ifan So for round trips, that is, man, if you the next time you establish a DCB connection,

322
00:18:00,930 --> 00:18:02,640
‫a Mongo DB client connection.

323
00:18:02,940 --> 00:18:05,480
‫Think about this as a back, an engineer.

324
00:18:05,820 --> 00:18:07,260
‫Think about what you're doing.

325
00:18:07,680 --> 00:18:08,030
‫Right.

326
00:18:08,340 --> 00:18:15,690
‫So pull this connection as much as possible if you can and and eagerly load them because lazy load this

327
00:18:15,690 --> 00:18:22,010
‫thing, the user will feel it because it is extremely slow, especially if you're fear mongering is

328
00:18:22,140 --> 00:18:23,030
‫all over there.

329
00:18:23,730 --> 00:18:24,720
‫And this is another thing.

330
00:18:24,720 --> 00:18:29,760
‫Guys like your TV client should be very close to the to the to the Mongo DB database.

331
00:18:29,910 --> 00:18:37,890
‫Mine is mine is in the West, a client of the West and the database is somewhere in the east.

332
00:18:37,890 --> 00:18:38,340
‫Right.

333
00:18:38,370 --> 00:18:39,990
‫So that's bad anyway.

334
00:18:40,020 --> 00:18:42,830
‫But that is just negotiation and authentication.

335
00:18:42,870 --> 00:18:45,270
‫I still don't understand why do we need Sasol?

336
00:18:45,270 --> 00:18:47,970
‫To be honest, there's a part of Kerberos authentication.

337
00:18:48,420 --> 00:18:51,000
‫I don't need to do any of that stuff.

338
00:18:51,510 --> 00:18:51,870
‫Right.

339
00:18:52,530 --> 00:18:59,250
‫I mean, mutual TLC can solve this problem to authenticate me as a client if that's what it's doing.

340
00:18:59,310 --> 00:19:00,720
‫But I might be wrong.

341
00:19:00,720 --> 00:19:02,040
‫I might be missing something here.

342
00:19:02,760 --> 00:19:03,180
‫All right.

343
00:19:03,870 --> 00:19:05,220
‫So let's move this a little bit.

344
00:19:05,760 --> 00:19:10,280
‫Just this sense for four packets yike.

345
00:19:10,300 --> 00:19:12,030
‫See, what the hell are you doing?

346
00:19:13,530 --> 00:19:15,930
‫And now I'm going to.

347
00:19:16,960 --> 00:19:19,150
‫Do it all the way here, right?

348
00:19:19,690 --> 00:19:27,700
‫So this, this and this, and you've got a guy who's going to notice that nothing I'm saying nothing

349
00:19:27,700 --> 00:19:30,060
‫will be sent to the to the server after that.

350
00:19:30,430 --> 00:19:32,280
‫It's the exact same thing.

351
00:19:32,920 --> 00:19:35,080
‫Exact same thing.

352
00:19:35,500 --> 00:19:35,830
‫Right.

353
00:19:35,890 --> 00:19:36,280
‫So.

354
00:19:37,180 --> 00:19:37,980
‫Let's go home again.

355
00:19:39,650 --> 00:19:46,550
‫Query, reply, query, reply, query, reply, query, reply.

356
00:19:47,640 --> 00:19:48,830
‫That said, and Fent.

357
00:19:50,250 --> 00:19:59,700
‫So that whatever we did hear all this work, it's all lazy, loaded, all of this is a lazy loading

358
00:19:59,700 --> 00:20:01,590
‫client side, which is a good thing, right.

359
00:20:01,830 --> 00:20:04,680
‫So this is to avoid round traps.

360
00:20:04,680 --> 00:20:04,970
‫Right.

361
00:20:05,220 --> 00:20:07,070
‫And DBI, Thunderball, this is.

362
00:20:07,200 --> 00:20:07,590
‫Yeah.

363
00:20:07,680 --> 00:20:09,120
‫Give me the Thunderbolt database.

364
00:20:09,120 --> 00:20:14,130
‫But why do you if we're not going to use it immediately, I'm not going to send a request to give you

365
00:20:14,130 --> 00:20:14,850
‫a thunderbolt.

366
00:20:15,120 --> 00:20:15,310
‫Right.

367
00:20:15,480 --> 00:20:19,140
‫So let's let's pull this connections that of course as much as possible.

368
00:20:19,140 --> 00:20:22,470
‫So, OK, you want the Thunderbolt derivates, OK, you want the collection employees.

369
00:20:22,480 --> 00:20:24,180
‫OK, I'm not going to send a request yet.

370
00:20:24,540 --> 00:20:29,130
‫You want to find that the employees that name Hosain.

371
00:20:29,130 --> 00:20:30,510
‫OK, I'm not going to send it yet.

372
00:20:30,720 --> 00:20:31,040
‫Why?

373
00:20:31,260 --> 00:20:34,290
‫Because technically you didn't consume the search courser yet.

374
00:20:34,530 --> 00:20:36,750
‫Because what other methods do you have guys.

375
00:20:36,750 --> 00:20:39,380
‫It engineers.

376
00:20:39,390 --> 00:20:39,870
‫Let me know.

377
00:20:39,870 --> 00:20:41,070
‫Mongul experts.

378
00:20:41,100 --> 00:20:42,750
‫What's there is there is a next.

379
00:20:43,500 --> 00:20:44,130
‫Is it next.

380
00:20:44,130 --> 00:20:45,170
‫Yeah, I think it's called next.

381
00:20:45,360 --> 00:20:46,620
‫So this is next.

382
00:20:46,620 --> 00:20:49,270
‫We'll do something else then to Arae, for example.

383
00:20:49,270 --> 00:20:56,720
‫Right once I do next or to Arae that will do all of this in one trip.

384
00:20:56,820 --> 00:21:00,000
‫So they're kind of optimizing things, which I'm going to give them.

385
00:21:01,440 --> 00:21:05,850
‫I'm going to give them the props for that.

386
00:21:05,850 --> 00:21:06,510
‫That's good.

387
00:21:07,260 --> 00:21:08,010
‫But look at this.

388
00:21:08,010 --> 00:21:08,790
‫Look at this stuff.

389
00:21:09,900 --> 00:21:17,070
‫And here's my message, request, message, request to hear their request, extensible message format,

390
00:21:17,580 --> 00:21:20,570
‫so that's the message extensible message format that we sent, right?

391
00:21:21,210 --> 00:21:22,260
‫That's our query.

392
00:21:22,650 --> 00:21:27,380
‫And the second one is basically the response for this, right?

393
00:21:27,750 --> 00:21:28,880
‫Well, that's that's the first one.

394
00:21:28,890 --> 00:21:29,130
‫Sorry.

395
00:21:29,370 --> 00:21:35,400
‫That's the second request that that client just does send word that we don't know what's going on there.

396
00:21:35,880 --> 00:21:38,430
‫It's sending it to the admin database.

397
00:21:38,430 --> 00:21:40,020
‫So it's some sort of a messaging.

398
00:21:40,530 --> 00:21:40,910
‫Right.

399
00:21:41,220 --> 00:21:48,720
‫Just like we saw on WebSocket there is that was it a websocket, the heart, the heart beat thing,

400
00:21:48,840 --> 00:21:51,240
‫the ping pong or something else?

401
00:21:51,530 --> 00:21:59,010
‫It was it was a stab to the messaging, the solar system stream or the magic stream where they are not

402
00:21:59,130 --> 00:22:00,020
‫on the magic stream.

403
00:22:00,180 --> 00:22:04,550
‫It's basically a specific stream just for exchanging messages.

404
00:22:04,680 --> 00:22:06,060
‫That's what that's what was it.

405
00:22:06,720 --> 00:22:11,850
‫So this is like, I think the exchanging of information about the cluster, about other stuff like that.

406
00:22:12,270 --> 00:22:14,960
‫But yeah, that's the idea of this stuff.

407
00:22:15,270 --> 00:22:16,770
‫And then finally, we close the connection.

408
00:22:17,400 --> 00:22:17,780
‫All right.

409
00:22:18,240 --> 00:22:22,050
‫The last thing I want to do, something I didn't do offline, but I'm going to do it with you because

410
00:22:22,120 --> 00:22:24,330
‫I'm I'm very courageous.

411
00:22:25,230 --> 00:22:28,350
‫Not really is I'm going to try this.

412
00:22:28,350 --> 00:22:33,690
‫I got to see what happen when I do this cursor dot next.

413
00:22:35,960 --> 00:22:45,830
‫So this will give me the next result, we'll see what will happen when I do this, the result they call

414
00:22:45,830 --> 00:22:48,550
‫this, let's just do this and see what will happen.

415
00:22:50,220 --> 00:22:56,910
‫And there's just sure, let's just printed that Eau Claire clear.

416
00:23:00,100 --> 00:23:00,580
‫Clear.

417
00:23:00,910 --> 00:23:02,400
‫And then boom.

418
00:23:04,470 --> 00:23:10,460
‫So the normal queries, no more queries, no more queries, extensible message, format, the same thing,

419
00:23:10,740 --> 00:23:14,180
‫it's the same thing, guys, it's the same thing.

420
00:23:14,190 --> 00:23:16,550
‫Maybe it's not really an array.

421
00:23:16,800 --> 00:23:18,180
‫So this is a request, OK?

422
00:23:18,660 --> 00:23:20,810
‫This is the response I like.

423
00:23:20,830 --> 00:23:21,870
‫That's a little bit different.

424
00:23:21,900 --> 00:23:24,120
‫The cursor, its first batch.

425
00:23:24,270 --> 00:23:25,030
‫It is an all right.

426
00:23:25,130 --> 00:23:25,320
‫Huh.

427
00:23:25,840 --> 00:23:26,750
‫I guess the same thing.

428
00:23:28,060 --> 00:23:29,040
‫All right, never mind.

429
00:23:30,180 --> 00:23:34,140
‫Just giving you the same results, right, but just one at a time.

430
00:23:34,850 --> 00:23:40,940
‫So this is this is whenever you want something, you just ask for it and you get the second one in second

431
00:23:40,940 --> 00:23:41,160
‫once.

432
00:23:41,170 --> 00:23:41,900
‫I like that.

433
00:23:41,900 --> 00:23:48,200
‫So there will be a round trip for each one of them versus if you do to array, they will all be brought

434
00:23:48,200 --> 00:23:48,700
‫locally.

435
00:23:48,710 --> 00:23:49,070
‫So.

436
00:23:50,260 --> 00:23:53,490
‫Kind of a server side versus client side cursor.

437
00:23:53,710 --> 00:23:55,060
‫All right, guys, that's it for me today.

438
00:23:55,240 --> 00:23:58,570
‫That was Mongul Wireshark Mongo DB.

439
00:23:58,780 --> 00:24:01,970
‫What should I WARSHAK Next, let me know in the comments section below.

440
00:24:02,020 --> 00:24:03,220
‫I'm going to see you in the next one.

441
00:24:03,230 --> 00:24:04,450
‫You guys, they all go by.