1
00:00:00,000 --> 00:00:08,044


2
00:00:08,044 --> 00:00:12,929
The next module will be on profiles.

3
00:00:12,929 --> 00:00:16,397
So why is the profile important?

4
00:00:16,397 --> 00:00:19,877
So a profile like that quickly use Wireshark

5
00:00:19,873 --> 00:00:22,902
set up specific preferences you will,

6
00:00:22,902 --> 00:00:27,261
you will use ongoing - these are things

7
00:00:27,256 --> 00:00:29,857
that the changes that you can make such as 

8
00:00:29,857 --> 00:00:31,637
things that you want to see when,

9
00:00:31,639 --> 00:00:33,711
everytime you open up Wireshark,

10
00:00:33,715 --> 00:00:35,825
things that you don't want to see.

11
00:00:35,825 --> 00:00:37,362
Here's a good example.

12
00:00:37,362 --> 00:00:42,789
Let's say you wanted to use Wireshark to

13
00:00:42,797 --> 00:00:46,196
to capture data and you didn't know really

14
00:00:46,196 --> 00:00:47,909
what IP addresses you were looking at

15
00:00:47,909 --> 00:00:50,141
and you wanted those IP addresses to be

16
00:00:50,149 --> 00:00:52,834
resolved to a local DNS server.

17
00:00:52,838 --> 00:00:57,621
So you could set in your preferences, 

18
00:00:57,625 --> 00:01:00,589
to always resolve the DNS server name,

19
00:01:00,599 --> 00:01:03,156
server names of the IP addresses captured 

20
00:01:03,152 --> 00:01:05,513
and you can configure that in the profile

21
00:01:05,517 --> 00:01:06,964
on seeing the profile.

22
00:01:06,978 --> 00:01:09,205
So that everytime you load up Wireshark,

23
00:01:09,198 --> 00:01:11,671
you could select that profile 

24
00:01:11,671 --> 00:01:13,654
and each and everytime you capture,

25
00:01:13,654 --> 00:01:16,615
it will query the local DNS server and

26
00:01:16,635 --> 00:01:19,253
try to resolve those names for you.

27
00:01:19,253 --> 00:01:23,140
So, why does it not come like that by default?

28
00:01:23,140 --> 00:01:25,011
The good question may be that

29
00:01:25,011 --> 00:01:29,691
DNS traffic, DNS create, create a lot of traffic.

30
00:01:29,691 --> 00:01:32,000
You will actually see this traffic

31
00:01:32,000 --> 00:01:33,865
when you're running your capture so

32
00:01:33,865 --> 00:01:35,899
you may or may not want to do that.

33
00:01:35,889 --> 00:01:40,402
It may send so much traffic to your

34
00:01:40,402 --> 00:01:43,149
DNS server, you know, thousands of packets,

35
00:01:43,159 --> 00:01:46,032
It may be an issue but those are the options.

36
00:01:46,033 --> 00:01:47,495
Those are the types of things that if you 

37
00:01:47,488 --> 00:01:49,137
want to set them up everytime you use

38
00:01:49,136 --> 00:01:51,662
Wireshark, you could select from that profile.

39
00:01:51,682 --> 00:01:52,737
Here's a good example 

40
00:01:52,737 --> 00:01:53,738
when you may want to use it.

41
00:01:53,738 --> 00:01:55,650
You want to run a quick capture.

42
00:01:55,650 --> 00:01:57,142
You're not going to capture more than,

43
00:01:57,142 --> 00:01:58,790
let's say, a hundred packets.

44
00:01:58,790 --> 00:02:01,745
You've set up your pre-capture filter

45
00:02:01,745 --> 00:02:04,265
and you wanted to resolve DNS. 

46
00:02:04,265 --> 00:02:07,124
You select that profile, you hit go,

47
00:02:07,134 --> 00:02:09,765
and it's done for you.

48
00:02:09,761 --> 00:02:13,194
When you customize Wireshark, you do,

49
00:02:13,192 --> 00:02:17,101
you do so use the profiles, set preferences

50
00:02:17,109 --> 00:02:19,109
and then you save it as a profile.

51
00:02:19,109 --> 00:02:22,537
And you could find that in the edit menu.

52
00:02:22,537 --> 00:02:25,985
You could select configuration profile, 

53
00:02:25,989 --> 00:02:30,003
profiles and or click on shift control A.

54
00:02:30,006 --> 00:02:33,772
Once you do select the profile for use,

55
00:02:33,772 --> 00:02:35,320
excuse me, you will find this on the 

56
00:02:35,312 --> 00:02:37,768
bottom right part of the capture window.

57
00:02:37,778 --> 00:02:40,347
It'll tell what profile and you can even click

58
00:02:40,344 --> 00:02:41,617
in that area and you can select

59
00:02:41,617 --> 00:02:42,506
the different profile.

60
00:02:42,506 --> 00:02:44,725
So, why is this important?

61
00:02:44,725 --> 00:02:46,329
'Cause you can very quickly select

62
00:02:46,329 --> 00:02:48,121
through what profiles you want to see,

63
00:02:48,121 --> 00:02:49,567
you could set up one for wireless.

64
00:02:49,567 --> 00:02:51,850
It's a, it's, it's different, it adds 

65
00:02:51,853 --> 00:02:54,605
a new toolbar, toolbar to your window.

66
00:02:54,597 --> 00:02:58,073
There's just certain things that you may 

67
00:02:58,066 --> 00:03:00,232
want to configure in these profiles

68
00:03:00,246 --> 00:03:01,742
so that when you're operating,

69
00:03:01,742 --> 00:03:03,229
you can operate quickly.

70
00:03:03,229 --> 00:03:06,897
Now, just a side note on the operating quickly.

71
00:03:06,931 --> 00:03:09,284
I don't condone rushing through anything.

72
00:03:09,290 --> 00:03:13,751
I think, I think that's not what I'm implying.

73
00:03:13,751 --> 00:03:15,777
I think what we're implying 

74
00:03:15,771 --> 00:03:18,362
is that you want to be prepared

75
00:03:18,364 --> 00:03:22,532
to operate the, as efficiently as you can.

76
00:03:22,532 --> 00:03:24,100
Because sometimes when you're having

77
00:03:24,083 --> 00:03:28,241
problems, that is, the pressure

78
00:03:28,256 --> 00:03:30,453
and the stress to solve that problem

79
00:03:30,457 --> 00:03:32,787
you don't want to be, you know, navigating 

80
00:03:32,797 --> 00:03:35,368
through Wireshark trying to configure things.

81
00:03:35,385 --> 00:03:37,850
You want to have your system as

82
00:03:37,841 --> 00:03:40,047
prepped and prepared as possible

83
00:03:40,058 --> 00:03:42,307
so that when you're moving through

84
00:03:42,305 --> 00:03:44,863
and you're trying to do stuff, you can

85
00:03:44,866 --> 00:03:48,115
quickly adjust your system,

86
00:03:48,107 --> 00:03:49,834
capture the data that you want

87
00:03:49,830 --> 00:03:52,039
and try to analyze it in a, 

88
00:03:52,039 --> 00:03:53,584
and again in efficient manner.

89
00:03:53,584 --> 00:03:57,414
So how you configure these profiles 

90
00:03:57,414 --> 00:03:59,386
quickly and easily, that's what this is about.

91
00:03:59,383 --> 00:04:02,573
This is about taking the time in advance

92
00:04:02,580 --> 00:04:06,358
to set your system up, set your tool up.

93
00:04:06,360 --> 00:04:08,360
so that when you get into the heat of battle,

94
00:04:08,360 --> 00:04:11,851
you can select what you need to see 

95
00:04:11,846 --> 00:04:16,998
and, and get it set as quickly as possible.

96
00:04:17,018 --> 00:04:21,359
So when you're configuring a profile basically

97
00:04:21,367 --> 00:04:22,977
you're going to have your default profile.

98
00:04:22,977 --> 00:04:25,359
It's recommended that if you start going in 

99
00:04:25,389 --> 00:04:27,389
and you really start tweaking

100
00:04:27,419 --> 00:04:33,380
that you save, save your default profile and

101
00:04:33,380 --> 00:04:35,380
you know, you can always go back in

102
00:04:35,380 --> 00:04:38,975
and re-install Wireshark very quickly.

103
00:04:38,975 --> 00:04:41,805
This will allow you to refresh everything

104
00:04:41,805 --> 00:04:43,240
if you make a mess of it.

105
00:04:43,240 --> 00:04:45,896
Or you can go into the files themselves

106
00:04:45,904 --> 00:04:49,226
and save them and then reuse them.

107
00:04:49,231 --> 00:04:51,550
You can transfer files between

108
00:04:51,549 --> 00:04:54,133
Wireshark users if you want to try to use 

109
00:04:54,148 --> 00:04:56,106
other people's profile so that something 

110
00:04:56,116 --> 00:04:58,116
you can do, you can load other profiles.

111
00:04:58,125 --> 00:04:59,383
But here, you're going to see some

112
00:04:59,387 --> 00:05:01,897
standard ones generally, the default.

113
00:05:01,904 --> 00:05:05,661
I created one called "use DNS resolution".

114
00:05:05,661 --> 00:05:08,340
Basically, it's just what the preference 

115
00:05:08,342 --> 00:05:11,056
is set to resolve the DNS name.

116
00:05:11,067 --> 00:05:13,009
And when I load up, if I want to 

117
00:05:13,005 --> 00:05:15,867
resolve DNS, I could select this profile

118
00:05:15,867 --> 00:05:17,867
and where I go when resolving DNS.

119
00:05:17,867 --> 00:05:23,583
Case used, scenarios where you're

120
00:05:23,583 --> 00:05:25,326
going to use these types of profiles,

121
00:05:25,336 --> 00:05:27,887
I hinted on a few of them.

122
00:05:27,892 --> 00:05:30,099
Some of the bigger ones are with

123
00:05:30,099 --> 00:05:32,772
VOIP and wireless, particularly with

124
00:05:32,775 --> 00:05:35,055
wireless because there's a lot of 

125
00:05:35,056 --> 00:05:37,264
specific things that you want to set

126
00:05:37,264 --> 00:05:40,047
as preferences and save them to

127
00:05:40,050 --> 00:05:41,822
a particular profile, so that when you

128
00:05:41,811 --> 00:05:43,877
are troubleshooting with wireless,

129
00:05:43,873 --> 00:05:46,255
you can just load up those preferences

130
00:05:46,255 --> 00:05:49,199
rather quickly and you will be ready to go.

131
00:05:49,204 --> 00:05:53,198
And here you can see in the preferences,

132
00:05:53,198 --> 00:05:55,877
which we'll, we'll talk about it a little bit more

133
00:05:55,877 --> 00:05:58,898
are the preferences particularly here,

134
00:05:58,898 --> 00:06:02,538
the name resolution - this is what I adjusted to

135
00:06:02,555 --> 00:06:06,967
configure my current, my new profile

136
00:06:06,958 --> 00:06:11,948
so that it will resolve particularly the DNS names

137
00:06:11,942 --> 00:06:15,428
of the IP addresses upon capture.

138
00:06:15,428 --> 00:06:20,412