1
00:00:00,000 --> 00:00:07,669


2
00:00:07,669 --> 00:00:13,815
Ok, welcome back. We're going to talk our last module on

3
00:00:13,815 --> 00:00:17,653
the saving of files and saving them correctly

4
00:00:17,653 --> 00:00:23,279
is to briefly discuss the different formats
on which you can save them.

5
00:00:23,279 --> 00:00:28,360
So file formats, obviously as we narrow down the,

6
00:00:28,360 --> 00:00:33,701
the options to save our files,
you can save them in different formats.

7
00:00:33,701 --> 00:00:35,464
And why would you do this?

8
00:00:35,464 --> 00:00:38,493
So there are many other tools out there.

9
00:00:38,493 --> 00:00:41,617
There's TCP dump, there's WIN dump.

10
00:00:41,617 --> 00:00:45,644
There's wireless packet capture tools,

11
00:00:45,644 --> 00:00:51,496
there's fluke analyzers, 
there's window server network monitor.

12
00:00:51,493 --> 00:00:57,016
There's literally dozens of available tools out there 

13
00:00:57,016 --> 00:01:01,457
and a lot of them if not all of them,
save them in different file formats.

14
00:01:01,457 --> 00:01:05,206
So being able to transfer and open these files

15
00:01:05,206 --> 00:01:08,888
in between all these systems requires you to

16
00:01:08,888 --> 00:01:14,771
really take a look at a, you know,
what you're saving it as

17
00:01:14,771 --> 00:01:21,102
and how you can take your data and then 
make it open in those other tools and vice versa.

18
00:01:21,102 --> 00:01:27,329
So, just remember that you need to 
consider opening in different formats,

19
00:01:27,330 --> 00:01:33,821
so saving in different formats so 
when you are working with others in

20
00:01:33,821 --> 00:01:37,626
the world of network analysis or protocol analysis

21
00:01:37,626 --> 00:01:42,781
just be aware to ask the question -
what tool are you using particularly

22
00:01:42,781 --> 00:01:46,318
and what format do yo expect to get this in?

23
00:01:46,318 --> 00:01:54,002
Also, as we mentioned earlier, you can save 
in the old Pcap format or the Pcap-ng,

24
00:01:54,002 --> 00:01:57,844
the next generation format which will allow you to

25
00:01:57,844 --> 00:02:03,076
do more or save more from capture file.

26
00:02:03,076 --> 00:02:09,425
Good in, good to know that a lot of them 
will open up with the Pcap.

27
00:02:09,425 --> 00:02:13,854
So, some of these tools will open your file,

28
00:02:13,862 --> 00:02:19,471
regardless, but in any case, 
generally I like to stick to one rule.

29
00:02:19,464 --> 00:02:23,233
I like to record or capture with a tool.

30
00:02:23,233 --> 00:02:28,152
And save it in that native format and try to use it 
and analyze it within that native format.

31
00:02:28,152 --> 00:02:32,208
And not bounce the file around too much 
in between tools because

32
00:02:32,208 --> 00:02:35,835
you tend to lose some information.

33
00:02:35,835 --> 00:02:40,098
And just remember that it's essential

34
00:02:40,098 --> 00:02:44,629
because a lot of what you're trying to do
is look at all the data that you can.

35
00:02:44,621 --> 00:02:48,038
Again, yes, we're going to refine it
but we don't want to lose

36
00:02:48,038 --> 00:02:52,889
key information within that file 
before we refine it that we may need.

37
00:02:52,905 --> 00:03:00,929
So just be aware of that. Also most compress
with some type of file compressor,

38
00:03:00,929 --> 00:03:09,540
Gzip, there's many, Winzip,
there's multiple compression utilities,

39
00:03:09,532 --> 00:03:13,481
just make sure that 
when you decompress the file or extract it, 

40
00:03:13,498 --> 00:03:16,042
you download and use the correct tool,

41
00:03:16,057 --> 00:03:21,194
and extract the files and check and validate them.

42
00:03:21,194 --> 00:03:25,426
As we mentioned earlier, in the earlier module,

43
00:03:25,426 --> 00:03:30,457
you can file save as and save the file 
with an intelligent name.

44
00:03:30,457 --> 00:03:36,799
And save it in a place where you can 
reference it. You can make it secure.

45
00:03:36,812 --> 00:03:44,526
Also select the correct or appropriate file format 
that you want to save this file in

46
00:03:44,526 --> 00:03:49,208
so that you can open in the correct tool 
or you do not lose, 

47
00:03:49,208 --> 00:03:54,688
you retain all the information that it is 
that you captured with the native tool.

48
00:03:54,688 --> 00:03:59,014
So as we mentioned, there's many tools.

49
00:03:59,014 --> 00:04:01,670
TCP dump is one of the most common.

50
00:04:01,670 --> 00:04:06,113
It's generally interchangeable.
You have Windows version.

51
00:04:06,113 --> 00:04:10,834
You have network monitor. 
You have, like I had mentioned before,

52
00:04:10,834 --> 00:04:17,106
fluke has a series of tools.
As we looked in the save as dialog

53
00:04:17,111 --> 00:04:24,402
there's a pretty much a flavor of packet capture 
for many of the different versions of Unix,

54
00:04:24,415 --> 00:04:29,646
for example, Sun Solaris or AIX or 
so on and so forth, HPUX.

55
00:04:29,647 --> 00:04:34,185
Just remember when you file save as,

56
00:04:34,185 --> 00:04:38,682
you save it as a format in which 
you can open it and analyze

57
00:04:38,682 --> 00:04:43,649
the data within it and hopefully not
lose any of the captured information.

58
00:04:43,649 --> 00:04:51,094