1 00:00:01,00 --> 00:00:03,07 - [Narrator] Wireshark is one of the most well-known 2 00:00:03,07 --> 00:00:08,04 packet or protocol analysis software. 3 00:00:08,04 --> 00:00:12,06 This type of software is also called packet sniffer 4 00:00:12,06 --> 00:00:16,01 because it collects and inspect packets 5 00:00:16,01 --> 00:00:22,01 like dogs sniffing for evidence in a crime scene. 6 00:00:22,01 --> 00:00:25,05 In this lesson, our goal is to observe 7 00:00:25,05 --> 00:00:30,00 three-way handshaking, using Wireshark. 8 00:00:30,00 --> 00:00:33,04 Transmission control protocol or TCP, 9 00:00:33,04 --> 00:00:36,01 is a connection oriented protocol 10 00:00:36,01 --> 00:00:40,00 that ensures packets are error-free, 11 00:00:40,00 --> 00:00:43,06 and in sequence on the receiving side. 12 00:00:43,06 --> 00:00:48,00 For TCP to establish a reliable connection, 13 00:00:48,00 --> 00:00:49,08 it has to go through this process 14 00:00:49,08 --> 00:00:53,04 called three-way handshaking. 15 00:00:53,04 --> 00:00:56,06 The process consists of three steps, 16 00:00:56,06 --> 00:01:01,01 which is why it's called three-way handshaking. 17 00:01:01,01 --> 00:01:04,05 The first one is SYN or synchronize. 18 00:01:04,05 --> 00:01:10,02 The second one is SYN/ACK or synchronize and acknowledge. 19 00:01:10,02 --> 00:01:15,00 And finally ACK or acknowledge. 20 00:01:15,00 --> 00:01:17,03 Here is a diagram that shows 21 00:01:17,03 --> 00:01:21,01 how three-way handshaking occurs. 22 00:01:21,01 --> 00:01:24,03 When starting your Wireshark instance, 23 00:01:24,03 --> 00:01:27,08 remember that you're running it as root. 24 00:01:27,08 --> 00:01:32,05 The root privilege gives you access to network interfaces. 25 00:01:32,05 --> 00:01:37,04 Also, familiarize yourself with the use of filters 26 00:01:37,04 --> 00:01:40,09 to display TCP traffic only. 27 00:01:40,09 --> 00:01:45,02 To install Wireshark, type sudo, 28 00:01:45,02 --> 00:01:49,02 space, apt get, 29 00:01:49,02 --> 00:01:55,01 space, install, space, Wireshark, 30 00:01:55,01 --> 00:02:01,01 and press enter. 31 00:02:01,01 --> 00:02:04,04 Wireshark has now been installed. 32 00:02:04,04 --> 00:02:12,08 To start Wireshark, type sudo, space, Wireshark. 33 00:02:12,08 --> 00:02:17,01 And press enter. 34 00:02:17,01 --> 00:02:19,04 Wireshark is now up and running. 35 00:02:19,04 --> 00:02:22,02 Choose a proper network interface. 36 00:02:22,02 --> 00:02:29,02 In this case, eth0, the first network interface of the host, 37 00:02:29,02 --> 00:02:37,00 and then click the shark fin button. 38 00:02:37,00 --> 00:02:39,04 The packets are being captured. 39 00:02:39,04 --> 00:02:42,00 To generate some more traffic, 40 00:02:42,00 --> 00:02:44,07 we'll be opening up a web browser. 41 00:02:44,07 --> 00:02:46,04 Let's visit a website. 42 00:02:46,04 --> 00:02:53,05 Type, worldwide web, microsoft.com. 43 00:02:53,05 --> 00:02:59,02 Press enter. 44 00:02:59,02 --> 00:03:03,02 You can see lots of messages are passing by. 45 00:03:03,02 --> 00:03:09,09 We'll stop capturing, by clicking on the red square button. 46 00:03:09,09 --> 00:03:15,03 Let's filter the packets by typing TCP in the filter window, 47 00:03:15,03 --> 00:03:17,01 and press enter. 48 00:03:17,01 --> 00:03:21,01 Now you only see TCP traffic. 49 00:03:21,01 --> 00:03:29,09 Let's see if you can find the three-way handshaking process. 50 00:03:29,09 --> 00:03:31,09 It's right here. 51 00:03:31,09 --> 00:03:35,05 Here it says SYN. 52 00:03:35,05 --> 00:03:39,08 The next line says SYN/ACK, 53 00:03:39,08 --> 00:03:44,04 and finally the last line says ACK. 54 00:03:44,04 --> 00:03:48,04 Congratulations, you have successfully observed 55 00:03:48,04 --> 00:03:52,00 the TCP three-way handshaking.