1 00:00:00,05 --> 00:00:01,04 - [Instructor] Once you get used 2 00:00:01,04 --> 00:00:03,06 to the basic features of Wireshark, 3 00:00:03,06 --> 00:00:07,04 it's time to learn some more advanced features to 4 00:00:07,04 --> 00:00:11,08 make your life easier when using Wireshark. 5 00:00:11,08 --> 00:00:13,01 One of these useful 6 00:00:13,01 --> 00:00:18,09 extra Wireshark features includes using filters. 7 00:00:18,09 --> 00:00:22,02 Wireshark sometimes gives you the experience 8 00:00:22,02 --> 00:00:27,04 of information overload because there's so much to review. 9 00:00:27,04 --> 00:00:31,02 Therefore, knowing how to use filters is essential to 10 00:00:31,02 --> 00:00:35,05 avoid this information overload problem. 11 00:00:35,05 --> 00:00:37,03 In our previous lesson, 12 00:00:37,03 --> 00:00:41,05 we already used a filter to hide network messages 13 00:00:41,05 --> 00:00:47,05 other than those using transmission control protocol or TCP. 14 00:00:47,05 --> 00:00:51,06 Another useful feature is DNS resolution. 15 00:00:51,06 --> 00:00:53,03 Usually you get a bunch 16 00:00:53,03 --> 00:00:57,09 of numeric IP addresses in your Wireshark display. 17 00:00:57,09 --> 00:01:00,01 Resolving these IP addresses 18 00:01:00,01 --> 00:01:04,07 into more meaningful domain names allows you to spot hosts 19 00:01:04,07 --> 00:01:08,07 of your interest more quickly. 20 00:01:08,07 --> 00:01:12,01 Another useful feature is to start your Wireshark program 21 00:01:12,01 --> 00:01:15,08 and to be able to catch your packets right away 22 00:01:15,08 --> 00:01:17,07 without really having to navigate 23 00:01:17,07 --> 00:01:20,06 through the graphical user interface or GUI 24 00:01:20,06 --> 00:01:24,06 and then start capturing packets. 25 00:01:24,06 --> 00:01:27,03 You can also use Wireshark to create rules 26 00:01:27,03 --> 00:01:31,09 to be used by your file software. 27 00:01:31,09 --> 00:01:35,01 Lastly, Wireshark can capture packets 28 00:01:35,01 --> 00:01:37,02 from a remote computer. 29 00:01:37,02 --> 00:01:40,06 Let's say that you want to use your Wireshark program 30 00:01:40,06 --> 00:01:44,01 on a local computer to snip packets going 31 00:01:44,01 --> 00:01:47,06 through the network interface of a remote windows host 32 00:01:47,06 --> 00:01:50,03 in your network. 33 00:01:50,03 --> 00:01:52,00 To make this happen, 34 00:01:52,00 --> 00:01:55,06 the first requirement is to install WinPcap 35 00:01:55,06 --> 00:01:58,04 on the remote windows host. 36 00:01:58,04 --> 00:02:00,03 WinPcap is an underlying tool 37 00:02:00,03 --> 00:02:03,00 that allows packet snippers 38 00:02:03,00 --> 00:02:05,06 like Wireshark to capture packets directly 39 00:02:05,06 --> 00:02:09,03 from network interfaces. 40 00:02:09,03 --> 00:02:11,04 Assuming that WinPcap is active 41 00:02:11,04 --> 00:02:13,09 and running as a background process 42 00:02:13,09 --> 00:02:16,04 on a remote windows host, let's proceed 43 00:02:16,04 --> 00:02:20,06 with configuring Wireshark to receive the remote packets. 44 00:02:20,06 --> 00:02:27,03 Click on capture, options, 45 00:02:27,03 --> 00:02:34,08 manage interfaces and then remote interfaces. 46 00:02:34,08 --> 00:02:38,04 Click on the plus sign, 47 00:02:38,04 --> 00:02:41,05 enter the host IP and the port number. 48 00:02:41,05 --> 00:02:43,02 And that's all you have to do. 49 00:02:43,02 --> 00:02:45,05 Now, you're ready to receive packets 50 00:02:45,05 --> 00:02:48,03 from a remote network interface. 51 00:02:48,03 --> 00:02:50,06 In the next lesson, we'll continue to explore 52 00:02:50,06 --> 00:02:54,09 the advanced Wireshark features such as DNS resolution, 53 00:02:54,09 --> 00:02:58,04 capturing packets by bypassing GUI, 54 00:02:58,04 --> 00:03:03,00 and how to create firewall rules using Wireshark. 55 00:03:03,00 --> 00:03:04,00 Are you ready?