1
00:00:00,000 --> 00:00:08,277



2
00:00:08,285 --> 00:00:10,525
Essentially with navigating the GUI,

3
00:00:10,525 --> 00:00:12,525
one of the things that we want to do

4
00:00:12,525 --> 00:00:16,193
is we want to ensure that 

5
00:00:16,193 --> 00:00:17,988
we've started with the dashboard and

6
00:00:17,988 --> 00:00:19,870
we understand what the launchpad is.

7
00:00:19,870 --> 00:00:24,095
This is the start page or what we call,

8
00:00:24,095 --> 00:00:25,993
I like to call the launchpad 'cause

9
00:00:25,990 --> 00:00:28,398
you're going to basically select an interface,

10
00:00:28,384 --> 00:00:30,384
you're going to start or load a capture.

11
00:00:30,384 --> 00:00:33,060
And then from there, you're a, you know,

12
00:00:33,057 --> 00:00:35,692
you're going to start your capture window

13
00:00:35,695 --> 00:00:37,874
and you're going to see your 3 panes and

14
00:00:37,875 --> 00:00:40,054
be able to capture data. But with newer

15
00:00:40,060 --> 00:00:43,909
versions of Wireshark, the launchpad tier

16
00:00:43,904 --> 00:00:48,166
and it just helps you to do what's 

17
00:00:48,169 --> 00:00:51,035
one of the most important things is select 

18
00:00:51,035 --> 00:00:54,612
the correct interface which is confusing to some.

19
00:00:54,616 --> 00:00:58,201
Because as an example, if you're trying just

20
00:00:58,200 --> 00:01:00,490
to capture wireless LAN data and you just, 

21
00:01:00,494 --> 00:01:03,333
you know, ran a capture, you may not have 

22
00:01:03,334 --> 00:01:05,445
selected the wireless LAN adapter,

23
00:01:05,450 --> 00:01:07,560
you may have selected the LAN adapter.

24
00:01:07,569 --> 00:01:11,458
Simple mistake, but this dashboard helps you

25
00:01:11,458 --> 00:01:16,053
to limit that as well as when you configure

26
00:01:16,052 --> 00:01:18,924
capture options like we were just saying before

27
00:01:18,930 --> 00:01:20,930
when we were answering questions

28
00:01:20,930 --> 00:01:24,225
you can set up a pre-capture rule.

29
00:01:24,225 --> 00:01:26,550
You can choose not to see all the traffic

30
00:01:26,550 --> 00:01:28,222
originating from your machine.

31
00:01:28,222 --> 00:01:31,308
You can limit the amount of data

32
00:01:31,317 --> 00:01:34,543
in the capture files. And there's a lot of things

33
00:01:34,537 --> 00:01:37,053
that you can do from this launch pad.

34
00:01:37,044 --> 00:01:38,631
You can also do this from the capture window,

35
00:01:38,631 --> 00:01:39,734
just makes it easier.

36
00:01:39,734 --> 00:01:45,723
And you can select currently viewed captures

37
00:01:45,730 --> 00:01:49,491
as well as, you know, getting help.

38
00:01:49,491 --> 00:01:52,662
So, the main interface capture window

39
00:01:52,662 --> 00:01:54,662
what we'd like to call, launch pad

40
00:01:54,662 --> 00:01:58,548
is basically, your navigation panes

41
00:01:58,548 --> 00:02:02,257
which is capture, files and online.

42
00:02:02,257 --> 00:02:06,136
And with these particularly,

43
00:02:06,136 --> 00:02:07,793
one of the things that we want to do,

44
00:02:07,793 --> 00:02:11,728
is we want to understand that in the 

45
00:02:11,723 --> 00:02:15,157
capture section, we have an interface list,

46
00:02:15,161 --> 00:02:18,616
we can select what interface we want,

47
00:02:18,616 --> 00:02:21,651
we can hide interfaces we don't want to see,

48
00:02:21,651 --> 00:02:25,856
we can adjust specifically settings on

49
00:02:25,855 --> 00:02:28,145
those interfaces and capture options.

50
00:02:28,157 --> 00:02:30,660
We can check the health of them.

51
00:02:30,660 --> 00:02:32,660
We could see what IP addresses configured.

52
00:02:32,660 --> 00:02:36,026
We can set pre-capture filters,

53
00:02:36,026 --> 00:02:38,563
so that we can limit the amount of data

54
00:02:38,562 --> 00:02:40,791
we capture and, and more.

55
00:02:40,796 --> 00:02:43,369
In the file section basically if you're going to

56
00:02:43,367 --> 00:02:45,938
open a previously saved capture, 

57
00:02:45,941 --> 00:02:47,913
and the sample captures,

58
00:02:47,918 --> 00:02:50,788
so, just a brief note on sample captures.

59
00:02:50,802 --> 00:02:55,223
So, this ties in to the online pane where you 

60
00:02:55,226 --> 00:02:58,077
see the website user guide and so on.

61
00:02:58,066 --> 00:03:03,186
The Wireshark.org site is very robust.

62
00:03:03,186 --> 00:03:06,095
I like that it's actually very clean.

63
00:03:06,095 --> 00:03:09,052
It's not something overblown 

64
00:03:09,052 --> 00:03:11,812
but it's a, it's got a ton of information.

65
00:03:11,812 --> 00:03:14,891
You'll see in future modules the, the 2 links

66
00:03:14,894 --> 00:03:17,961
directly to the website, so you can right click

67
00:03:17,965 --> 00:03:22,166
at some data in, that you've captured.

68
00:03:22,169 --> 00:03:23,865
and it'll take you directly to the website

69
00:03:23,865 --> 00:03:25,527
to help explain something.

70
00:03:25,527 --> 00:03:29,479
And it has a sample capture repository.

71
00:03:29,479 --> 00:03:30,923
It is not the only one.

72
00:03:30,923 --> 00:03:34,338
But it happens to be a large one and it's helpful

73
00:03:34,335 --> 00:03:36,452
to help round out exactly 

74
00:03:36,451 --> 00:03:38,202
what it is that you're looking for.

75
00:03:38,202 --> 00:03:40,630
When you learn about protocols and or

76
00:03:40,651 --> 00:03:42,010
if you're capturing data that you may not

77
00:03:42,014 --> 00:03:44,587
understand, there's some sample captures up 

78
00:03:44,587 --> 00:03:48,282
there to help show you how to, to find and

79
00:03:48,281 --> 00:03:50,111
translate this data and what it looks

80
00:03:50,106 --> 00:03:52,850
like when you capture it.

81
00:03:52,844 --> 00:03:57,098
So as we mentioned,

82
00:03:57,098 --> 00:03:58,851
you're going to select an interface.

83
00:03:58,851 --> 00:04:00,851
You're going to pick the one that's appropriate.

84
00:04:00,851 --> 00:04:03,615
You're going to either load or start a capture.

85
00:04:03,615 --> 00:04:06,540
And once you do, you're ready to go.

86
00:04:06,540 --> 00:04:09,179
And if you need help,

87
00:04:09,182 --> 00:04:11,386
that's a direct link to getting help.

88
00:04:11,388 --> 00:04:15,224
Once you start your interface capture,

89
00:04:15,224 --> 00:04:16,960
you're going to open up the capture window,

90
00:04:16,960 --> 00:04:18,960
and you're going to see your 3 main panes.

91
00:04:18,960 --> 00:04:22,647
We'll start with the packets list pane.

92
00:04:22,647 --> 00:04:24,407
We'll get more into detail into

93
00:04:24,407 --> 00:04:26,128
the other 2 panes as we go.

94
00:04:26,128 --> 00:04:28,936
But the most important one is the top pane,

95
00:04:28,926 --> 00:04:31,869
called the packets list pane where

96
00:04:31,869 --> 00:04:35,120
in that particular pane, you're going to see

97
00:04:35,119 --> 00:04:37,339
streaming data. You're going to see all

98
00:04:37,339 --> 00:04:38,892
the data that's captured

99
00:04:38,892 --> 00:04:41,508
with Wireshark during live capture.

100
00:04:41,508 --> 00:04:43,779
It's going to be numbered sequentially.

101
00:04:43,779 --> 00:04:45,591
It's going to be timed. You can change

102
00:04:45,604 --> 00:04:47,842
the time which we'll get to.

103
00:04:47,830 --> 00:04:50,995
These columns of data, you can customize, 

104
00:04:51,002 --> 00:04:53,941
you can add. You can build upon to show

105
00:04:53,940 --> 00:04:55,539
what it is that you want to see.

106
00:04:55,539 --> 00:04:57,387
So it's a lot of customization we're going to

107
00:04:57,396 --> 00:04:59,912
get to in the next few modules.

108
00:04:59,913 --> 00:05:02,019
But particularly, this is what you're 

109
00:05:02,019 --> 00:05:03,664
going to see when you open up 

110
00:05:03,656 --> 00:05:05,404
the capture and begin your capture.

111
00:05:05,404 --> 00:05:11,260
So the 3 main panes obviously,

112
00:05:11,268 --> 00:05:14,771
we discussed the packets list displays all the

113
00:05:14,778 --> 00:05:16,992
packets in the current capture file.

114
00:05:16,992 --> 00:05:20,890
The packet details - so when you're in packets,

115
00:05:20,905 --> 00:05:25,287
packets list pane and you select the

116
00:05:25,284 --> 00:05:27,885
packet you want to review in deeper detail,

117
00:05:27,885 --> 00:05:29,954
you can double click on it and

118
00:05:29,954 --> 00:05:31,451
it can open up a second window

119
00:05:31,459 --> 00:05:33,272
or you can see a, single click it, and

120
00:05:33,274 --> 00:05:36,160
you'll see it in the capture window.

121
00:05:36,178 --> 00:05:38,489
But this is what it's going to do the drill down

122
00:05:38,489 --> 00:05:40,210
so that you can see deeper in.

123
00:05:40,210 --> 00:05:42,958
And that's what the packet details will display -

124
00:05:42,958 --> 00:05:44,703
the more granular detail about

125
00:05:44,703 --> 00:05:46,258
the packet that you select.

126
00:05:46,258 --> 00:05:48,796
And then the packet bytes is going to show

127
00:05:48,796 --> 00:05:51,752
you selected packet list in hex,

128
00:05:51,760 --> 00:05:53,760
give you some ASCII data and so on.

129
00:05:53,760 --> 00:05:58,363
So the capture window, 

130
00:05:58,363 --> 00:06:00,199
we're going to get into this next, but

131
00:06:00,208 --> 00:06:03,334
there's a lot of menus and a lot of toolbars.

132
00:06:03,327 --> 00:06:04,706
A lot of tools that you need

133
00:06:04,706 --> 00:06:06,033
to learn how to use to be able

134
00:06:06,030 --> 00:06:08,036
to navigate the system correctly.

135
00:06:08,046 --> 00:06:09,630
We're going to go into detail

136
00:06:09,632 --> 00:06:10,765
on every single menu.

137
00:06:10,765 --> 00:06:12,190
We're going to talk about the tools.

138
00:06:12,190 --> 00:06:14,104
We're going to show captured data, 

139
00:06:14,104 --> 00:06:16,924
sample data. We'll show specifically,

140
00:06:16,928 --> 00:06:19,557
the tools that are in the menus and

141
00:06:19,557 --> 00:06:22,094
we're not going to cover every single detail

142
00:06:22,094 --> 00:06:23,146
and every single menu 

143
00:06:23,146 --> 00:06:23,975
but we're going to talk about

144
00:06:23,975 --> 00:06:25,975
what's most relevant to troubleshooting.

145
00:06:25,975 --> 00:06:28,369
We're going to go very deep into filtering

146
00:06:28,369 --> 00:06:31,944
and displaying filtered data, regular expressions,

147
00:06:31,941 --> 00:06:34,761
and specifically tools that

148
00:06:34,761 --> 00:06:38,521
will allow you to look at streams and how data

149
00:06:38,513 --> 00:06:41,361
interacts from source to destination.

150
00:06:41,353 --> 00:06:46,289