1
00:00:00,000 --> 00:00:08,419


2
00:00:08,419 --> 00:00:12,373
In our next module, we will talk about exporting data

3
00:00:12,373 --> 00:00:15,476
and why exporting data is relevant

4
00:00:15,476 --> 00:00:17,876
and important when working with Wireshark.

5
00:00:17,883 --> 00:00:21,258
So, why would we export data?

6
00:00:21,258 --> 00:00:24,462
Obviously, as we drill down into the tool,

7
00:00:24,462 --> 00:00:27,838
the export option, you'll be able to see

8
00:00:27,838 --> 00:00:30,591
specifically, how it does so but

9
00:00:30,591 --> 00:00:34,434
there's, there's times when you want to export

10
00:00:34,426 --> 00:00:38,041
key conversation, maybe send just that conversation

11
00:00:38,046 --> 00:00:40,486
and the easiest way to send it in a

12
00:00:40,486 --> 00:00:43,901
simple text file to share with others.

13
00:00:43,901 --> 00:00:47,868
You can save that or export that in ASCII text

14
00:00:47,868 --> 00:00:49,868
and send it.

15
00:00:49,868 --> 00:00:51,963
There's other reasons to change.

16
00:00:51,963 --> 00:00:53,963
You might have to change the format to,

17
00:00:53,963 --> 00:00:57,059
let's say, postscript, scripts.

18
00:00:57,059 --> 00:01:00,967
So there's, there's reasons to export the data.

19
00:01:00,967 --> 00:01:05,792
And there are multiple file or 
export formats that you can use.

20
00:01:05,792 --> 00:01:09,250
You can export it into C rays.

21
00:01:09,250 --> 00:01:11,250
We already mentioned the ASCII and postscript.

22
00:01:11,250 --> 00:01:14,378
CSV is also extremely helpful.

23
00:01:14,378 --> 00:01:18,261
When we were talking about advanced statistics,

24
00:01:18,261 --> 00:01:21,050
there are ways to take data,

25
00:01:21,050 --> 00:01:24,293
drop it into a spreadsheet program,

26
00:01:24,293 --> 00:01:28,112
 such as Microsoft Excel and do advanced

27
00:01:28,112 --> 00:01:31,164
statistical operation on it.

28
00:01:31,164 --> 00:01:34,480
So, there are many reasons and 

29
00:01:34,480 --> 00:01:37,924
many ways to take data out of Wireshark.

30
00:01:37,924 --> 00:01:39,924
Obviously, we talked about how to file,

31
00:01:39,924 --> 00:01:43,082
save as different formats and 

32
00:01:43,082 --> 00:01:48,450
how to, how to change how the file is saved but

33
00:01:48,450 --> 00:01:52,048
it's a little bit different where we're actually exporting

34
00:01:52,048 --> 00:01:54,672
data directly out of Wireshark

35
00:01:54,672 --> 00:01:57,722
and when we do so, we can, we can adjust

36
00:01:57,722 --> 00:01:59,722
those settings pretty specifically.

37
00:01:59,722 --> 00:02:02,879
So, just to give you an example,

38
00:02:02,879 --> 00:02:06,534
if you were going to export

39
00:02:06,534 --> 00:02:10,866


40
00:02:10,866 --> 00:02:17,301
you can open Wireshark,

41
00:02:17,301 --> 00:02:22,603
open up a previous capture and we can file

42
00:02:22,603 --> 00:02:27,046
and then we have export,
specific or specified packets,

43
00:02:27,060 --> 00:02:31,400
packet dissections, packet bytes.

44
00:02:31,400 --> 00:02:36,221
We can export SSL session keys, 
very helpful.

45
00:02:36,221 --> 00:02:38,710
And we can export objects.

46
00:02:38,710 --> 00:02:41,627
So, if we wanted to do dissections,

47
00:02:41,627 --> 00:02:43,340
we can do as a text file.

48
00:02:43,340 --> 00:02:46,556
We'd mentioned that we can export as a CSP,

49
00:02:46,556 --> 00:02:48,556
and when we do that, again,

50
00:02:48,556 --> 00:02:52,238
some specific things that you can select here

51
00:02:52,238 --> 00:02:55,612
such as the file name, you can do all packets,

52
00:02:55,612 --> 00:02:57,612
packet range and so on and so forth,

53
00:02:57,612 --> 00:02:59,457
very customizable.

54
00:02:59,457 --> 00:03:01,457
But just remember that

55
00:03:01,457 --> 00:03:04,172
the reason why you're using this is to get data

56
00:03:04,172 --> 00:03:09,305
out of Wireshark quite possibly 
to use it in a different format.

57
00:03:09,305 --> 00:03:12,781
CSP which I have selected here is 

58
00:03:12,781 --> 00:03:17,568
very helpful if you want just a straight file data

59
00:03:17,568 --> 00:03:21,852
in a spreadsheet that you can 
further manipulate in another tool,

60
00:03:21,852 --> 00:03:28,190
and so on and so forth.

61
00:03:28,190 --> 00:03:30,709
You can also export objects.

62
00:03:30,720 --> 00:03:33,195
This is extremely helpful.

63
00:03:33,195 --> 00:03:36,163
We've highlighted on this earlier

64
00:03:36,163 --> 00:03:39,606
when we were talking about 
capturing and troubleshooting

65
00:03:39,606 --> 00:03:46,355
HTTP traffic, there's DICOM and SMB, as well.

66
00:03:46,355 --> 00:03:48,694
For example, if I wanted to see

67
00:03:48,694 --> 00:03:53,660
specifically all the pages in a capture

68
00:03:53,660 --> 00:04:00,152
for HTTP, I can do that by quickly 
opening up an HTTP capture

69
00:04:00,152 --> 00:04:07,556
and then file export objects HTTP

70
00:04:07,556 --> 00:04:10,687
and it will provide me specifically 

71
00:04:10,687 --> 00:04:11,853
what those objects are. 

72
00:04:11,853 --> 00:04:15,577
So the packet number and exactly

73
00:04:15,577 --> 00:04:17,849
what objects here are mapped to what.

74
00:04:17,849 --> 00:04:20,079
So, very simple one, however,

75
00:04:20,079 --> 00:04:23,752
it can get very complex depending on the capture.

76
00:04:23,752 --> 00:04:26,726
And you can use other tools,

77
00:04:26,726 --> 00:04:29,850
for example, server message block,

78
00:04:29,850 --> 00:04:31,850
if you wanted to see file shares,

79
00:04:31,850 --> 00:04:36,456
or paths through the network, map drives and so on.

80
00:04:36,482 --> 00:04:42,608
And you can use other export objects options.

81
00:04:42,630 --> 00:04:47,823
And an example here, we just see some,

82
00:04:47,823 --> 00:04:50,513
some HTTP objects.

83
00:04:50,513 --> 00:04:53,310
Here's a list of some, some things that 

84
00:04:53,310 --> 00:04:55,763
were explored from Google, as you can see

85
00:04:55,763 --> 00:04:58,709
it'll show you the objects, it's a very quick way

86
00:04:58,709 --> 00:05:01,151
to see exactly what's going on,

87
00:05:01,165 --> 00:05:03,680
what pages were hit, and so on and so forth.

88
00:05:03,719 --> 00:05:06,597
As you can see, exporting data 

89
00:05:06,597 --> 00:05:07,851
there's many different ways, 

90
00:05:07,851 --> 00:05:10,297
many different things you can get out of it,

91
00:05:10,297 --> 00:05:12,937
and there are, they're very helpful

92
00:05:12,937 --> 00:05:15,628
depending on what it is that 
you want to do with that data.

93
00:05:15,628 --> 00:05:18,124
For example, like we said, if you want some simple data 

94
00:05:18,124 --> 00:05:20,506
to export, to put into another tool,

95
00:05:20,506 --> 00:05:22,874
and or if you want to do this advanced ones 

96
00:05:22,874 --> 00:05:25,567
with the object to see specific things like

97
00:05:25,567 --> 00:05:28,797
map drives or file shares on your network.

98
00:05:28,797 --> 00:05:36,904