1
00:00:00,000 --> 00:00:08,326


2
00:00:08,326 --> 00:00:10,379
In this module we will be discussing

3
00:00:10,379 --> 00:00:12,346
capturing packets.

4
00:00:12,346 --> 00:00:17,208
So, one of the interesting things about
capturing packets is that 

5
00:00:17,200 --> 00:00:21,635
 up until now, everything we learned
we have moved into, you know,

6
00:00:21,635 --> 00:00:23,986
where do we put Wireshark? 
What do we do with it?

7
00:00:23,986 --> 00:00:29,528
How do we capture the, the traffic and, 
and specifically, what does that really mean?

8
00:00:29,528 --> 00:00:35,311
So. in this example, I think what 
we should do here is take a moment

9
00:00:35,311 --> 00:00:43,481
just to quickly show what it is that we're actually 
talking about when we say capturing data.

10
00:00:43,481 --> 00:00:48,290
So what I'm going to do here is,
if you could see it on the screen -

11
00:00:48,290 --> 00:00:56,640
I am going to select an interface,
and for this one, I think I am going to

12
00:00:56,640 --> 00:01:02,304
select my wireless interface and I am going to run

13
00:01:02,315 --> 00:01:05,243
and start a catpure.

14
00:01:05,251 --> 00:01:09,602
So, this is essentially, what this whole next module 

15
00:01:09,611 --> 00:01:11,843
is really going to focus on is that

16
00:01:11,844 --> 00:01:18,364
we want to understand how to get 
to this level of Wireshark.

17
00:01:18,365 --> 00:01:21,652
How we're actually capturing this data?
What are we capturing?

18
00:01:21,652 --> 00:01:26,576
So as we discussed with capturing up until now,

19
00:01:26,576 --> 00:01:28,575
do these things that we can set up,

20
00:01:28,575 --> 00:01:31,843
we could move into adjusting it.

21
00:01:31,843 --> 00:01:36,162
While With wireshark, we are capturing the data

22
00:01:36,162 --> 00:01:40,019
to review and analyze, and
we need to place this correctly.

23
00:01:40,027 --> 00:01:43,209
We need to understand what it is 
that we're looking for.

24
00:01:43,203 --> 00:01:46,941
At least, in essence, to be able to place it correctly. 

25
00:01:46,941 --> 00:01:52,404
We need to have a little bit of an understanding
of what it is that we're trying to troubleshoot

26
00:01:52,404 --> 00:01:54,404
so we know when to run the capture.

27
00:01:54,404 --> 00:01:59,273
We need to know if there's going to be things 
that we want to adjust prior to. 

28
00:01:59,273 --> 00:02:03,350
So that we can eliminate some of the things
that we're going to see.

29
00:02:03,350 --> 00:02:07,641
We want to consider what protocols 
we're going to be involved in using

30
00:02:07,641 --> 00:02:12,756
and we're going to be considering 
the traffic patterns from source to destination.

31
00:02:12,756 --> 00:02:18,745
Just to reflect back on where we're troubleshooting

32
00:02:18,754 --> 00:02:22,000
from and to in our simple network diagram -

33
00:02:22,040 --> 00:02:28,043
we are a network - the source, the network client, the host.

34
00:02:28,043 --> 00:02:31,529
We are trying to access something on the server.

35
00:02:31,529 --> 00:02:37,866
And we have Wireshark configured so that 
we can capture that communication.

36
00:02:37,866 --> 00:02:44,204
So as we just observed, 
we want to open up Wireshark.

37
00:02:44,204 --> 00:02:46,538
It's been installed. It's pre-configured.

38
00:02:46,538 --> 00:02:49,112
Everything is set. I have my profile ready.

39
00:02:49,112 --> 00:02:51,908
I have my basic preferences set.

40
00:02:51,908 --> 00:02:53,908
I know what interface I want to depict.

41
00:02:53,908 --> 00:03:00,325
And I know exactly what it is that I am trying
 to capture in this particular case.

42
00:03:00,325 --> 00:03:02,933
I wanted to see what was on the wireless network.

43
00:03:02,933 --> 00:03:05,593
I selected the wireless adaptor.

44
00:03:05,593 --> 00:03:09,179
I had some pre-configuration options already set up.

45
00:03:09,179 --> 00:03:13,372
And I then launch my capture.

46
00:03:13,372 --> 00:03:22,570
And then once I was done, I was shown 
a handful of data on this network.

47
00:03:22,570 --> 00:03:29,204
And this is not from a pre-captured filter,

48
00:03:29,204 --> 00:03:32,102
this is just all the data that was available at the time.

49
00:03:32,102 --> 00:03:38,035
And as we see, it captured everything 
from when I started to when I stopped.

50
00:03:38,035 --> 00:03:47,236
As we mentioned, we captured data. 
We selected the correct interface.

51
00:03:47,236 --> 00:03:53,528
In this, unfortunately in this graphic, 
it's set to LAN.

52
00:03:53,528 --> 00:03:57,166
For the example I showed, it was set,
set to wireless LAN, but again

53
00:03:57,166 --> 00:04:01,206
that is exactly the point. You want to know what interface to pick.

54
00:04:01,206 --> 00:04:03,206
And what it is that you need to see.

55
00:04:03,206 --> 00:04:14,278
You want to start the capture. 
And you want to stop the capture.

56
00:04:14,278 --> 00:04:20,415
And you want to save the capture.
So, and particularly, and we'll get to this,

57
00:04:20,415 --> 00:04:28,217
when we get into this on module 4, 
at the end, on day 3, but

58
00:04:28,217 --> 00:04:34,308
you want to basically save the data, 
and here, I could just say, sample capture.

59
00:04:34,308 --> 00:04:42,004
And I have my caption.

60
00:04:42,006 --> 00:04:48,123
If you want to capture data, 
you can use the capture window.

61
00:04:48,135 --> 00:04:53,474
Here, you can select the interfaces 
that you saw on the launch pad.

62
00:04:53,477 --> 00:04:58,595
The same thing with the options,
you can start and stop the capture.

63
00:04:58,595 --> 00:05:02,658
Set the pre-capture filter, or refresh the interfaces.

64
00:05:02,658 --> 00:05:06,735
So, for example, if you disabled an interface

65
00:05:06,735 --> 00:05:11,137
within Windows or Linux,
 and it's off and you want to refresh it,

66
00:05:11,137 --> 00:05:14,628
you can then refresh the interfaces 
and then it will show specifically

67
00:05:14,628 --> 00:05:19,621
what it is that you have as an option to capture with.

68
00:05:19,621 --> 00:05:36,118
And that's it. Alright, so we move in 
to a couple of quick questions.

69
00:05:36,118 --> 00:05:40,301
This is basically how you start
 and run a capture on Wireshark.

70
00:05:40,301 --> 00:05:45,704
It's not incredibly difficult but
we did a lot of work to get here.

71
00:05:45,704 --> 00:05:50,108
And this is the whole point of 
what we were trying to discuss prior to.

72
00:05:50,108 --> 00:05:54,915
We just wanted to make sure
that before you run Wireshark

73
00:05:54,915 --> 00:05:59,033
and if this was new to you or 
if you were just a beginner in using it

74
00:05:59,033 --> 00:06:02,695
or you didn't have a lot of 
advanced knowledge in using Wireshark

75
00:06:02,695 --> 00:06:07,324
it's not as easy as it seems. 
It's not you just download it and run it,

76
00:06:07,324 --> 00:06:09,828
capture data and there's my problem.

77
00:06:09,828 --> 00:06:16,133
No, it's not always going to be that simple.
As a matter of fact, it's not often that simple.

78
00:06:16,133 --> 00:06:20,455
It requires all the information 
that we went through up until now

79
00:06:20,455 --> 00:06:25,348
to be able to hit that start button and 
know what it is that you're going to capture

80
00:06:25,348 --> 00:06:27,348
and why, why are you capturing it.

81
00:06:27,348 --> 00:06:32,128
It required a look at what interfaces 
do I have configured.

82
00:06:32,128 --> 00:06:35,550
Is it on the right subnet?
Is it on the right segment of the network?

83
00:06:35,550 --> 00:06:41,291
Is it configured correctly?
 Is everything set up in a way where

84
00:06:41,291 --> 00:06:46,335
I have everything in my profile 
and it's everything that I want to see.

85
00:06:46,335 --> 00:06:52,671
So, I hope that up until now, everything that 
you've been able to gather out of this is

86
00:06:52,671 --> 00:07:00,691
at the highest level. No it's not rocket scientist, 
rocket science using Wireshark

87
00:07:00,691 --> 00:07:06,003
it can get very complex.
 And as we continue on with this series and

88
00:07:06,003 --> 00:07:11,040
and other series and everything it is 
that you will work on and do with Wireshark

89
00:07:11,040 --> 00:07:16,588
it will become increasingly more complex
and will become a life-long learning event.

90
00:07:16,588 --> 00:07:20,203
Where as the networks, the topologies, 
and the protocols, and everything 

91
00:07:20,203 --> 00:07:22,597
continues to change and get more advanced

92
00:07:22,597 --> 00:07:25,082
so will the need for you to understand it

93
00:07:25,082 --> 00:07:27,266
so that when you do capture with Wireshark

94
00:07:27,279 --> 00:07:31,660
you know what it is that you're looking for
and why you're using the tool such as this.

95
00:07:31,660 --> 00:07:39,028