1
00:00:00,090 --> 00:00:08,010
Now that I've got tea shock and shock installed, I could run t shock directly and capture packets.

2
00:00:08,460 --> 00:00:11,250
But that's not actually what we want to do.

3
00:00:11,400 --> 00:00:16,440
But notice here we sing in real time that we are able to capture spending free packets.

4
00:00:16,440 --> 00:00:23,070
He has ERP, he has OSPF, so I am actually capturing packets of the network.

5
00:00:23,250 --> 00:00:28,380
But what I want to do is capture packets and write that to a file.

6
00:00:28,920 --> 00:00:30,900
So I'm going to write that to this.

7
00:00:30,900 --> 00:00:34,320
Pcap file t shock one pcap.

8
00:00:35,520 --> 00:00:39,570
Now I want to leave this for a while so that packets are captured.

9
00:00:39,840 --> 00:00:49,200
But to generate additional traffic, what I can do on my router, for example, is ping some addresses.

10
00:00:49,200 --> 00:00:56,730
So I could ping as an example one, two, one, six, eight and 122.

11
00:00:56,730 --> 00:01:02,760
And what I'll do here is ping the broadcast address to 55 and those packets will be captured.

12
00:01:05,489 --> 00:01:10,560
I could ping a multicast address as an example and those packets will be captured.

13
00:01:10,950 --> 00:01:11,700
So.

14
00:01:12,580 --> 00:01:22,510
Various packets are being captured by the tea shock application on the Ubuntu PC.

15
00:01:22,780 --> 00:01:28,810
I could as an example reset my OSPF process to generate some OSPF updates.

16
00:01:29,620 --> 00:01:34,750
But I mean, we've captured about 60 packets already, so what I'll do is stop that capture.

17
00:01:36,130 --> 00:01:43,630
So now that I've got my t shock pcap file on my local directory.

18
00:01:44,460 --> 00:01:45,360
So.

19
00:01:48,860 --> 00:01:55,340
Notice I've got that file on my counter host now that I've captured packets off the network.

20
00:01:55,370 --> 00:01:59,270
I can open that up with py shock.

21
00:01:59,720 --> 00:02:07,310
Now, in the first example, I'm going to show you commands directly from within Python three and then

22
00:02:07,310 --> 00:02:08,630
I'll create a script.

23
00:02:09,169 --> 00:02:15,230
So for the moment, I just want to show you the commands and the first thing I'm going to do is import

24
00:02:15,230 --> 00:02:19,040
py shock and then I'm going to say cap, this could be any name.

25
00:02:19,040 --> 00:02:29,210
This is just a variable py shock file capture and the file I want to capture is t shock one pcap that's

26
00:02:29,210 --> 00:02:31,040
the Wireshark capture file.

27
00:02:31,850 --> 00:02:36,670
Cap shows me the file that I'm using and now I can do all kinds of things.

28
00:02:36,680 --> 00:02:39,440
Now remember, this is from within Python.

29
00:02:40,100 --> 00:02:44,840
So if I want to look at the first packet, there you go.

30
00:02:44,960 --> 00:02:49,610
Notice we captured a spanning tree packet again.

31
00:02:49,610 --> 00:02:51,910
This is running within Python.

32
00:02:51,990 --> 00:02:53,900
I can see the length of the packet.

33
00:02:53,900 --> 00:02:58,520
I can see the Ethernet header so I'll make this bigger source.

34
00:02:58,880 --> 00:03:01,130
Mac address destination MAC Address.

35
00:03:01,460 --> 00:03:04,190
I can see that this is a spanning tree BPU.

36
00:03:05,020 --> 00:03:06,940
I can see who the root is.

37
00:03:06,970 --> 00:03:12,400
Notice there's root identifier priority mac address.

38
00:03:12,730 --> 00:03:15,040
So root bridge priority is this.

39
00:03:16,000 --> 00:03:23,140
For delays this hollow time is this route bridge system ID is this bridge priority is this so forth

40
00:03:23,140 --> 00:03:23,800
and so on.

41
00:03:25,360 --> 00:03:28,200
I could look at packet one as an example.

42
00:03:28,210 --> 00:03:37,960
This is an IGP packet, so layer two Ethernet header source MAC Address Destination Mac address.

43
00:03:37,960 --> 00:03:44,320
This is the multicast MAC address at layer two for IP version four, notice ten.

44
00:03:44,320 --> 00:03:48,360
That's the multicast address used for EGP.

45
00:03:49,490 --> 00:03:51,890
Ether top is IPv4.

46
00:03:51,890 --> 00:03:54,000
So at layer three, we have an IP header.

47
00:03:54,020 --> 00:03:57,590
IP version for DHCP is set to six.

48
00:03:57,590 --> 00:04:00,650
Very important traffic source IP addresses.

49
00:04:00,650 --> 00:04:04,700
This protocol number is 88 IGP.

50
00:04:04,700 --> 00:04:10,280
So notice at the higher layers we have IGP, we can see the K values.

51
00:04:10,280 --> 00:04:12,500
Now this output is all over the place but notice

52
00:04:12,500 --> 00:04:19,910
k1k2k3k4k5k6.

53
00:04:20,180 --> 00:04:23,270
We can see software version.

54
00:04:24,400 --> 00:04:27,250
We can see the autonomous system number 100.

55
00:04:27,970 --> 00:04:33,400
If we have a look at packet two, we can see that this is a.

56
00:04:34,550 --> 00:04:37,100
Spending tree update once again.

57
00:04:37,130 --> 00:04:37,910
So spending tree.

58
00:04:38,960 --> 00:04:40,400
What about cap three?

59
00:04:40,430 --> 00:04:49,250
Spending tree cap for the size ii gop again five spending tree six OSPF.

60
00:04:50,120 --> 00:04:57,860
So six is OSPF layer two header layer three header notice protocol number is 89.

61
00:04:58,310 --> 00:04:59,440
Here's OSPF.

62
00:04:59,450 --> 00:05:02,270
Now please remember this is running within Python.

63
00:05:02,960 --> 00:05:06,290
I'm showing you some basics now, but later on I'll show you how to script stuff.

64
00:05:06,590 --> 00:05:14,690
So as an example, if we looked at packet one and we use the show option, so print and I don't actually

65
00:05:14,690 --> 00:05:18,050
need to use print from within Python, I can just do it this way.

66
00:05:18,140 --> 00:05:19,610
So cap one show.

67
00:05:21,650 --> 00:05:23,600
And I actually want to do it this way.

68
00:05:24,980 --> 00:05:28,580
Notice here's my job packet in pretty format.

69
00:05:28,910 --> 00:05:30,500
So Ethernet header.

70
00:05:30,530 --> 00:05:31,520
IP header.

71
00:05:32,790 --> 00:05:33,160
Yeah.

72
00:05:33,180 --> 00:05:34,110
GOP.

73
00:05:35,980 --> 00:05:37,120
Let's look at six.

74
00:05:37,900 --> 00:05:40,170
Six is OSPF, if I remember correctly.

75
00:05:40,180 --> 00:05:40,810
Yes, it is.

76
00:05:40,810 --> 00:05:45,040
So here's our OSPF output again.

77
00:05:45,040 --> 00:05:48,190
This is all being used from within.

78
00:05:48,980 --> 00:05:49,980
Python.

79
00:05:50,000 --> 00:05:52,310
I'm running this output in Python.

80
00:05:53,060 --> 00:05:56,900
Now you might say, okay, but this doesn't really help me notice.

81
00:05:56,930 --> 00:06:00,890
What you could do is I could say, okay, print.

82
00:06:04,420 --> 00:06:06,760
Kept one, which was.

83
00:06:07,000 --> 00:06:08,590
JP, if I remember right.

84
00:06:08,950 --> 00:06:17,080
IP Notice this is the IP header or I could say only show me the IGP information.

85
00:06:17,890 --> 00:06:21,430
So once again, this is everything.

86
00:06:23,110 --> 00:06:24,160
Make some spaces yet.

87
00:06:24,190 --> 00:06:25,810
So this is everything.

88
00:06:26,940 --> 00:06:27,300
Notice.

89
00:06:27,300 --> 00:06:28,740
Print cap one.

90
00:06:28,770 --> 00:06:30,240
This is everything.

91
00:06:30,240 --> 00:06:40,590
But what I could do is just look at the IP header or just look at the IGP header or taking this a step

92
00:06:40,590 --> 00:06:45,030
further, look at the autonomous system number and that should be an S.

93
00:06:45,030 --> 00:06:48,750
So A is number, A is number is 100.

94
00:06:48,960 --> 00:06:53,910
So rather than trying to dig through the information, this makes it much easier.

95
00:06:53,910 --> 00:06:59,550
This this application pie shop allows me to look at specific details.

96
00:06:59,970 --> 00:07:07,710
I could, as an example, look at the parameter k one what's k one said to its 1k2 set to 0k3 set to

97
00:07:07,710 --> 00:07:09,360
1k4 set to zero.

98
00:07:09,360 --> 00:07:11,730
K five is zero six is zero.

99
00:07:12,000 --> 00:07:20,340
The moral of the story is I can burrow into the CAPTCHA and get information and then store that in a

100
00:07:21,090 --> 00:07:21,780
variable.

101
00:07:22,020 --> 00:07:26,940
So I could say II job as equals that.

102
00:07:28,400 --> 00:07:29,330
And.

103
00:07:30,700 --> 00:07:31,860
Let's get rid of the bracket.

104
00:07:31,870 --> 00:07:39,910
So if I just look at Egpus, that's what it is, and then I could do something with that in my programming.

105
00:07:42,540 --> 00:07:46,950
Commands such as do our work here so I could look at a specific package.

106
00:07:46,950 --> 00:07:47,600
Let's look at the air.

107
00:07:47,610 --> 00:07:53,160
Drop one again and I can see all kinds of options available for that packet.

108
00:07:53,190 --> 00:07:56,520
So I could, as an example, print IP.

109
00:07:57,690 --> 00:07:58,860
And I'm doing that wrong.

110
00:07:58,860 --> 00:08:00,750
It should be IP like this.

111
00:08:01,080 --> 00:08:03,030
So there's the IP header once again.

112
00:08:03,030 --> 00:08:04,680
So let's do that draw again.

113
00:08:04,920 --> 00:08:07,200
So a lot of options are available.

114
00:08:08,990 --> 00:08:10,280
In this application.

115
00:08:10,460 --> 00:08:16,400
Notice, looking at layers, we've got an Ethernet layer, IP layer and IP layer.

116
00:08:17,310 --> 00:08:23,370
We can look at the Ethernet header, so just look at EITH, there's our Ethernet header, we can see

117
00:08:23,370 --> 00:08:28,260
source MAC address, destination, MAC address, a lot of options available here.

118
00:08:29,510 --> 00:08:29,810
Okay.

119
00:08:29,810 --> 00:08:31,730
So that was basic python.

120
00:08:31,730 --> 00:08:35,809
Let's see if we can create a script, however, rather than.

121
00:08:36,809 --> 00:08:39,990
Doing it directly live coding in Python.

122
00:08:40,020 --> 00:08:42,270
Now I have seen this error come up.

123
00:08:42,840 --> 00:08:48,660
Now StackOverflow is a great place to go and look for help if you're having problems with programming.

124
00:08:49,900 --> 00:08:54,940
Someone else has had this problem as well where this message displays.

125
00:08:55,960 --> 00:09:00,220
So notice as an example, they're having these errors very similar to me.

126
00:09:01,880 --> 00:09:02,660
Over here.

127
00:09:04,270 --> 00:09:11,890
And the answer is to upgrade the versions of of software.

128
00:09:12,340 --> 00:09:15,790
This was actually a bug in one of the versions of software.

129
00:09:16,060 --> 00:09:20,160
Now, I'm not going to worry too much about that because it doesn't really affect what we're doing here.

130
00:09:20,170 --> 00:09:21,820
So I'm going to clear the screen.

131
00:09:22,000 --> 00:09:24,970
And what I'm going to do now is create a Python script.