1
00:00:00,000 --> 00:00:08,198


2
00:00:08,198 --> 00:00:09,680
Ok, on our next module,

3
00:00:09,695 --> 00:00:11,695
we will talk about preferences.

4
00:00:11,709 --> 00:00:14,641
Again, this won't take very long but

5
00:00:14,641 --> 00:00:18,467
it's part of unerstanding profiles.

6
00:00:18,467 --> 00:00:22,888
We highlighted why profiles are very important.

7
00:00:22,888 --> 00:00:26,738
We try to work very efficiently.

8
00:00:26,738 --> 00:00:29,072
When something breaks on a network, 

9
00:00:29,074 --> 00:00:31,283
it's never a good thing.

10
00:00:31,284 --> 00:00:34,420
The network impacts everything 

11
00:00:34,414 --> 00:00:36,502
so when a router is flaky or a

12
00:00:36,502 --> 00:00:39,835
switch goes down that's very different

13
00:00:39,835 --> 00:00:42,073
from a client desktop not working

14
00:00:42,065 --> 00:00:44,638
and or a server having an IO problem.

15
00:00:44,638 --> 00:00:47,424
It generally impacts a wide scale

16
00:00:47,424 --> 00:00:51,593
part of the enterprise so we try to get

17
00:00:51,597 --> 00:00:55,560
things done in efficient manner so that 

18
00:00:55,560 --> 00:00:57,793
we can get to the root cause and try to

19
00:00:57,788 --> 00:01:00,689
isolate and solve what the problem may be.

20
00:01:00,688 --> 00:01:02,894
Part of doing that is being able to work

21
00:01:02,898 --> 00:01:06,038
efficiently and to do that what's

22
00:01:06,042 --> 00:01:07,605
recommended is that you set up

23
00:01:07,607 --> 00:01:10,473
the preferences for profiles so that


24
00:01:10,480 --> 00:01:13,244
when you go in and you try to solve 

25
00:01:13,243 --> 00:01:15,319
a problem with Wireshark, you start

26
00:01:15,322 --> 00:01:17,665
ascertaining what the problem may be.

27
00:01:17,665 --> 00:01:19,096
You're gathering your information,

28
00:01:19,096 --> 00:01:20,571
you're gathering your facts.

29
00:01:20,571 --> 00:01:21,860
You're starting to see while

30
00:01:21,856 --> 00:01:24,167
this may be a wireless related issue,

31
00:01:24,170 --> 00:01:26,634
I have to adjust to my wireless profile,

32
00:01:26,632 --> 00:01:30,429
begin capture. So at preferences,

33
00:01:30,431 --> 00:01:32,591
that's where most of these starts.

34
00:01:32,592 --> 00:01:36,239
So we highlighted and touched on it earlier but

35
00:01:36,239 --> 00:01:39,671
you can change basically your settings,

36
00:01:39,671 --> 00:01:42,657
the look and feel, the technical aspects

37
00:01:42,662 --> 00:01:46,345
of how Wireshark captures such as specifics

38
00:01:46,343 --> 00:01:49,753
related to the NIC card and other dynamics.

39
00:01:49,761 --> 00:01:53,674
And remember, preferences can be saved

40
00:01:53,674 --> 00:01:54,846
in profiles.

41
00:01:54,846 --> 00:01:56,663
When you've change your preferences,

42
00:01:56,666 --> 00:01:58,659
you match them up to the profiles and

43
00:01:58,652 --> 00:02:00,591
and you save your changes and hopefully,

44
00:02:00,596 --> 00:02:02,812
you're naming your profiles specifically

45
00:02:02,825 --> 00:02:04,590
in ways that you know

46
00:02:04,581 --> 00:02:06,725
what's contained within them.

47
00:02:06,732 --> 00:02:09,560
So as we mentioned before,

48
00:02:09,566 --> 00:02:13,200
there's preferences.You can hit shift control P.

49
00:02:13,201 --> 00:02:14,947
One of the things that you may want to learn

50
00:02:14,945 --> 00:02:17,662
as you move through learning Wireshark

51
00:02:17,672 --> 00:02:22,895
is there's a lot of handy shortcuts, so that 

52
00:02:22,895 --> 00:02:25,420
you can use the keyboard very quickly

53
00:02:25,420 --> 00:02:27,176
to move between the tools.

54
00:02:27,176 --> 00:02:30,564
It's not a pre-requisite however

55
00:02:30,564 --> 00:02:32,992
to using the tool because you can now

56
00:02:32,993 --> 00:02:35,216
operate through all the menus.

57
00:02:35,216 --> 00:02:39,079
However it's a, it's very easy for things

58
00:02:39,070 --> 00:02:41,018
that you use very often to learn a

59
00:02:41,024 --> 00:02:43,567
quick key stroke to get into them.

60
00:02:43,567 --> 00:02:45,271
So you can view preferences

61
00:02:45,271 --> 00:02:47,269
by going to the edit menu and you select

62
00:02:47,275 --> 00:02:48,530
preferences and will open up

63
00:02:48,531 --> 00:02:50,555
the preferences dialogue box

64
00:02:50,564 --> 00:02:52,684
as you could see on the screen.

65
00:02:52,701 --> 00:02:55,740
And in this dialogue box, there's, 

66
00:02:55,740 --> 00:02:57,698
there's some sections of things you can change.

67
00:02:57,698 --> 00:03:00,397
So for example, in the left navigation pane,

68
00:03:00,395 --> 00:03:01,840
you'll see the user interface

69
00:03:01,840 --> 00:03:04,589
where you can change layout,

70
00:03:04,602 --> 00:03:08,456
the columns that you view, fonting colors, 

71
00:03:08,436 --> 00:03:11,701
and you can also change the capture dynamics.

72
00:03:11,715 --> 00:03:14,886
You can build filter expressions to be used

73
00:03:14,894 --> 00:03:18,231
in that profile which we'll get to.

74
00:03:18,231 --> 00:03:19,842
You make a little shortcut.

75
00:03:19,842 --> 00:03:22,377
You can also do that in your capture window

76
00:03:22,385 --> 00:03:26,092
and the name resolution information.

77
00:03:26,092 --> 00:03:29,842
You can adjust information in the files

78
00:03:29,842 --> 00:03:32,544
such as the protocols and how you see them

79
00:03:32,547 --> 00:03:36,128
and some statistical information.

80
00:03:36,129 --> 00:03:41,282
And again the preferences is

81
00:03:41,288 --> 00:03:43,464
basically adjusting the look and feel,

82
00:03:43,464 --> 00:03:45,614
the layout adjustments.

83
00:03:45,606 --> 00:03:48,246
Columns are very important.

84
00:03:48,248 --> 00:03:50,448
You will find that if you layout your

85
00:03:50,457 --> 00:03:53,164
columns correctly, you will be able, 

86
00:03:53,158 --> 00:03:55,414
if you set up a filter correctly

87
00:03:55,415 --> 00:03:57,415
and your column information correctly,

88
00:03:57,416 --> 00:04:00,550
you will be able to quickly select the profile

89
00:04:00,550 --> 00:04:03,878
and see specific things that you need to see

90
00:04:03,865 --> 00:04:05,888
directly from the packets list pane.

91
00:04:05,880 --> 00:04:09,649
They're very helpful. It's very efficient and

92
00:04:09,649 --> 00:04:13,646
it will help solve problems quicker.

93
00:04:13,646 --> 00:04:15,285
Fonts and colors, we're going to learn

94
00:04:15,277 --> 00:04:18,621
how to colorize packets in a separate module.

95
00:04:18,633 --> 00:04:22,857
But colorizing is very helpful, for example,

96
00:04:22,877 --> 00:04:25,492
if you want things to stick out 

97
00:04:25,492 --> 00:04:26,741
very quickly to you.

98
00:04:26,741 --> 00:04:30,691
So, you will see in the packets list pane,

99
00:04:30,691 --> 00:04:33,692
that there's a default set of colors that show up.

100
00:04:33,691 --> 00:04:36,672
You may see things show up yellow or pink,

101
00:04:36,679 --> 00:04:41,947
and you may want to see something in big

102
00:04:41,947 --> 00:04:45,626
bold red, or red highlight with black lettering

103
00:04:45,626 --> 00:04:48,214
to really show what it is

104
00:04:48,219 --> 00:04:49,078
that you're trying to capture.

105
00:04:49,074 --> 00:04:52,224
For example, you wanted to see some

106
00:04:52,217 --> 00:04:54,524
specific source destination traffic

107
00:04:54,540 --> 00:04:57,411
and you want to colorize that with big bold

108
00:04:57,400 --> 00:04:59,417
red or black so that you can see it

109
00:04:59,417 --> 00:05:01,200
immediately in your capture pane.

110
00:05:01,200 --> 00:05:04,014
That is something that you can set up in

111
00:05:04,019 --> 00:05:08,347
preference and adjust to a, to save the

112
00:05:08,343 --> 00:05:10,423
colorizing information and you can use 

113
00:05:10,429 --> 00:05:12,873
it when you load up profiles.

114
00:05:12,884 --> 00:05:17,513
And you can adjust the capture specifics

115
00:05:17,519 --> 00:05:20,578
as well to your user interface.

116
00:05:20,562 --> 00:05:25,044
Some of the information such as the fonts and

117
00:05:25,041 --> 00:05:27,967
the coloring information can be adjusted in here.

118
00:05:27,964 --> 00:05:33,240
This is as I mentioned, it's, it's very important

119
00:05:33,245 --> 00:05:35,981
for how you want to view things and,

120
00:05:35,984 --> 00:05:39,373
the whole, the whole point of this topic is that

121
00:05:39,373 --> 00:05:41,787
you want to set up Wireshark in a way

122
00:05:41,794 --> 00:05:44,834
you can use it effectively and efficiently.

123
00:05:44,886 --> 00:05:48,825
There was questions earlier that exams and 

124
00:05:48,825 --> 00:05:52,621
specifically, you know, content related to exams.

125
00:05:52,620 --> 00:05:54,234
So this may seem like something

126
00:05:54,239 --> 00:05:55,869
that's not important to you.

127
00:05:55,893 --> 00:05:58,163
This may seem like something that

128
00:05:58,163 --> 00:05:59,473
may be trivial.

129
00:05:59,473 --> 00:06:01,243
This may seem like something that

130
00:06:01,243 --> 00:06:02,202
may just be an exam.

131
00:06:02,202 --> 00:06:04,190
And this may seem like something that

132
00:06:04,187 --> 00:06:07,079
is very helpful in helping you identify traffic

133
00:06:07,094 --> 00:06:10,727
quickly and easily but no matter what that is,

134
00:06:10,744 --> 00:06:12,744
no matter what your purpose for doing this,

135
00:06:12,752 --> 00:06:16,485
the most important thing to me,

136
00:06:16,494 --> 00:06:19,035
is that I want to set up Wireshark

137
00:06:19,053 --> 00:06:21,000
so that when I am in a heated battle

138
00:06:20,996 --> 00:06:24,017
I am able to very quickly look at

139
00:06:24,014 --> 00:06:28,095
and pull up a file, profile that matches 

140
00:06:28,095 --> 00:06:30,123
specific set of preferences that show me

141
00:06:30,120 --> 00:06:31,520
specific things immediately

142
00:06:31,520 --> 00:06:32,449
when I want to see them.

143
00:06:32,449 --> 00:06:35,154
I want to filter for traffic that I want to see.

144
00:06:35,154 --> 00:06:37,716
I want to pre-capture and pre-filter,

145
00:06:37,718 --> 00:06:40,739
pre-filter capture traffic to not see

146
00:06:40,749 --> 00:06:42,771
what it is that I don't want to see

147
00:06:42,781 --> 00:06:44,744
and I want to be able to expertly 

148
00:06:44,752 --> 00:06:46,752
maneuver this tool in a way where someone

149
00:06:46,755 --> 00:06:51,167
asks me, "Can you capture this problem?"

150
00:06:51,159 --> 00:06:53,818
I can minimize and, and remove the stuff

151
00:06:53,818 --> 00:06:55,800
that I don't want to see and quickly

152
00:06:55,800 --> 00:07:00,445
show in Wireshark what it is that is relevant.

153
00:07:00,445 --> 00:07:03,110
So back to creating a new preference for 

154
00:07:03,114 --> 00:07:06,399
the example that I had shown in this module.

155
00:07:06,410 --> 00:07:08,654
We're just going to customize the columns

156
00:07:08,650 --> 00:07:11,809
and specifically show certain things

157
00:07:11,814 --> 00:07:14,589
in the packets list, packets list pane.

158
00:07:14,601 --> 00:07:18,026
And it's really, really cool because

159
00:07:18,026 --> 00:07:19,891
columns are very important.

160
00:07:19,891 --> 00:07:22,488
You may not know but you can adjust

161
00:07:22,497 --> 00:07:24,593
what you see in columns.

162
00:07:24,585 --> 00:07:27,059
And you can select many other columns

163
00:07:27,059 --> 00:07:28,512
than what's set there by default.

164
00:07:28,512 --> 00:07:32,494
Some of the examples are specific time settings.

165
00:07:32,494 --> 00:07:35,277
We will learn about absolute relative time.

166
00:07:35,269 --> 00:07:38,234
However, what's important is that you can

167
00:07:38,240 --> 00:07:40,880
customize and set up a column to show you

168
00:07:40,879 --> 00:07:43,483
immediately what that is 

169
00:07:43,483 --> 00:07:45,283
right in the packets list pane, 

170
00:07:45,283 --> 00:07:47,670
right from the onset of your capture.

171
00:07:47,670 --> 00:07:50,275
So just be aware in the preferences

172
00:07:50,268 --> 00:07:52,541
that you can adjust all your columns.

173
00:07:52,548 --> 00:07:56,666
You can make new columns and choose to,

174
00:07:56,663 --> 00:08:00,363
to show what it is that you want to show and

175
00:08:00,375 --> 00:08:02,429
to remove what it is that you don't want to show.

176
00:08:02,429 --> 00:08:06,492