1 00:00:00,06 --> 00:00:03,03 - [Instructor] Let's try some more advanced 2 00:00:03,03 --> 00:00:05,08 Wireshark features. 3 00:00:05,08 --> 00:00:08,03 The first one I'd like to show you 4 00:00:08,03 --> 00:00:11,04 is how to start Wireshark packet capturing 5 00:00:11,04 --> 00:00:13,02 directly without going 6 00:00:13,02 --> 00:00:16,01 through the initial gooey screen. 7 00:00:16,01 --> 00:00:29,05 Type sudo space Wireshark space -i space. 8 00:00:29,05 --> 00:00:33,03 Here, I stands for interface. 9 00:00:33,03 --> 00:00:34,04 Let's make a choice in terms 10 00:00:34,04 --> 00:00:37,08 of which interface to monitor. 11 00:00:37,08 --> 00:00:40,01 The interface number starts with one. 12 00:00:40,01 --> 00:00:42,07 I have only one interface on this host. 13 00:00:42,07 --> 00:00:46,09 Therefore, the interface number is one. 14 00:00:46,09 --> 00:00:55,06 Type one space, next type - k 15 00:00:55,06 --> 00:00:57,01 which is the option 16 00:00:57,01 --> 00:01:01,02 that starts the capture session immediately. 17 00:01:01,02 --> 00:01:06,06 Now, press enter. 18 00:01:06,06 --> 00:01:08,02 As you can see, 19 00:01:08,02 --> 00:01:12,07 we're completely bypassing the initial gooey screen. 20 00:01:12,07 --> 00:01:14,09 Let's generate some more traffic 21 00:01:14,09 --> 00:01:19,04 by opening up our web browser. 22 00:01:19,04 --> 00:01:24,05 Let's visit world wide web.Microsoft.com 23 00:01:24,05 --> 00:01:34,06 Type www.microsoft.com press enter. 24 00:01:34,06 --> 00:01:38,09 You can see a lot more traffic being generated. 25 00:01:38,09 --> 00:01:41,09 There's so many IP address numbers 26 00:01:41,09 --> 00:01:44,06 and it will be nice if you could turn some 27 00:01:44,06 --> 00:01:49,07 of them into more meaningful domain names. 28 00:01:49,07 --> 00:01:51,08 How do we do that? 29 00:01:51,08 --> 00:02:02,02 Let's go to view and select name resolution 30 00:02:02,02 --> 00:02:09,06 and choose resolve network addresses. 31 00:02:09,06 --> 00:02:11,03 As soon as I do that, 32 00:02:11,03 --> 00:02:17,05 some of the IP addresses are now turned into domain names. 33 00:02:17,05 --> 00:02:20,03 Lastly, let's try the tools menu option 34 00:02:20,03 --> 00:02:28,00 and then choose firewall ACL or access control list rules. 35 00:02:28,00 --> 00:02:29,06 Using this tool 36 00:02:29,06 --> 00:02:34,00 you can generate a firewall rule automatically. 37 00:02:34,00 --> 00:02:36,06 Note that before using this tool, 38 00:02:36,06 --> 00:02:40,01 you need to pick and choose a particular entry 39 00:02:40,01 --> 00:02:42,03 in the Wireshark window. 40 00:02:42,03 --> 00:02:46,04 Let's close this window 41 00:02:46,04 --> 00:02:50,00 and stop snipping. 42 00:02:50,00 --> 00:02:57,06 Pick and choose one of the entries. 43 00:02:57,06 --> 00:03:01,07 Then choose the tools menu option again 44 00:03:01,07 --> 00:03:05,07 and click on firewall, ACL rules. 45 00:03:05,07 --> 00:03:11,00 Next select the file product you're using. 46 00:03:11,00 --> 00:03:15,07 We'll keep the default option, which is not filter. 47 00:03:15,07 --> 00:03:19,05 You also have options to specify more details 48 00:03:19,05 --> 00:03:24,07 like denying inbound traffic as part of the firewall rule. 49 00:03:24,07 --> 00:03:26,04 You can now copy the rules 50 00:03:26,04 --> 00:03:30,03 and add them to your net filter shell script. 51 00:03:30,03 --> 00:03:33,09 There are many more advanced features to explore. 52 00:03:33,09 --> 00:03:37,03 I recommend that you keep trying to discover them 53 00:03:37,03 --> 00:03:40,00 as you get more familiar with Wireshark.