1
00:00:04,870 --> 00:00:06,950
Pockets and network traffic.

2
00:00:07,750 --> 00:00:08,530
Hello, everyone.

3
00:00:08,560 --> 00:00:15,670
Today, we're going to dig a little bit more into the Wireshark, too, and talk about the possibilities

4
00:00:15,910 --> 00:00:19,140
for assessing the traffic that you have when using the tool.

5
00:00:19,350 --> 00:00:24,340
Let's actually go to the end zero and see everything we get there.

6
00:00:24,340 --> 00:00:31,060
So you can see that here we have a few protocols and they continue updating and you can see that there

7
00:00:31,060 --> 00:00:33,420
are different towers for some of them.

8
00:00:33,430 --> 00:00:39,340
So this is a network traffic in the network traffic basically is the amount of packets that are moving

9
00:00:39,340 --> 00:00:40,670
across our network.

10
00:00:40,900 --> 00:00:48,820
So usually we can see that the traffic volume is equal to the traffic intensity rate multiplied by the

11
00:00:48,820 --> 00:00:49,190
time.

12
00:00:49,510 --> 00:00:57,490
So if we want to estimate the traffic volume for, let's say, one hour, this will be the traffic intensity

13
00:00:57,490 --> 00:01:01,700
rate multiplied by one hour or the packet that we receive per hour.

14
00:01:01,960 --> 00:01:07,350
So you can see here that for every packet there are several pieces of information.

15
00:01:07,960 --> 00:01:12,430
So here we see the time over the time at which the packets are captured.

16
00:01:12,820 --> 00:01:17,800
Then we see the source or from where the packet originates.

17
00:01:18,100 --> 00:01:25,270
Then we see the destination, which defines the place that the packet routes is final location, then

18
00:01:25,270 --> 00:01:33,000
the protocol or the type of type that the packets follow during the journey from the source to the destination.

19
00:01:33,220 --> 00:01:36,030
And you can see that there are many different protocols here.

20
00:01:36,250 --> 00:01:41,440
And then you have the information about the packet, which is some additional notes for you to read

21
00:01:41,440 --> 00:01:42,640
if you want to assess it.

22
00:01:42,820 --> 00:01:50,500
Now, information or symbols for capturing files, you can actually assess on Wickett Dot Wireshark

23
00:01:50,500 --> 00:01:52,840
with a dog sample capturers.

24
00:01:53,080 --> 00:01:56,380
And you can read through these bullets here.

25
00:01:56,380 --> 00:02:02,860
If you want to dig a little bit more into the Wireshark tool, I advise you to investigate some of the

26
00:02:02,860 --> 00:02:05,250
protocols, especially the most famous one.

27
00:02:05,310 --> 00:02:12,670
For example, if we search here for HTP and they select this protocol, you can actually find different

28
00:02:12,670 --> 00:02:21,130
files that contain HTP requests in response for you to test the HTP traffic on your device.

29
00:02:21,310 --> 00:02:27,610
Now, let's talk about the powers in the Wireshark tool, because now you can see here different powers

30
00:02:27,970 --> 00:02:34,390
that you might not be clear exactly what they mean, you know, so let's look at them and let's try

31
00:02:34,390 --> 00:02:35,240
to explain them.

32
00:02:35,260 --> 00:02:43,210
So when you're capturing packets, Wireshark is usually using powers to identify different types of

33
00:02:43,210 --> 00:02:44,440
traffic that occur.

34
00:02:44,590 --> 00:02:52,630
So if I double click here, you can see all the information about the specific packet available in front

35
00:02:52,630 --> 00:02:53,100
of you.

36
00:02:53,110 --> 00:03:01,860
And also, if I go to view and then they go to coerce or cowering rules, you can see all the current

37
00:03:01,870 --> 00:03:03,310
rules that are available here.

38
00:03:03,520 --> 00:03:10,030
And you can see that, for example, if we are getting the bad TCAP protocol, it's going to be displayed

39
00:03:10,030 --> 00:03:15,640
like this with this bluish green color with the red.

40
00:03:15,950 --> 00:03:21,270
Then the state change might be displayed in orange, which is usually a word in color.

41
00:03:21,280 --> 00:03:25,530
And you can see also the rest of the colors.

42
00:03:25,570 --> 00:03:33,150
So if we get into any of those states, we're going to get the specific color that refers to that state

43
00:03:33,490 --> 00:03:36,640
you can obviously take.

44
00:03:36,640 --> 00:03:44,470
And until these boxes, if you would like to see this war and incourt display over the certain connections

45
00:03:44,470 --> 00:03:45,760
that are in certain states.

46
00:03:45,970 --> 00:03:52,420
So, for example, if we remove the tick here from the bed TCAP, it will actually be removed from our

47
00:03:52,420 --> 00:03:55,870
screens and you will not be able to see if there is a better DP.

48
00:03:56,290 --> 00:04:05,500
So also, as you can see, guys here, USMA system keep updating and updating and new connections are

49
00:04:05,500 --> 00:04:06,060
received.

50
00:04:06,310 --> 00:04:13,030
You can see that the list of connections is actually going quite a bit like we have plenty of connections

51
00:04:13,030 --> 00:04:17,380
and trust me, there are a number will increase over time for that reason.

52
00:04:17,800 --> 00:04:24,940
It is a very good idea to use filters here in order to find the desired connection that you need in

53
00:04:24,940 --> 00:04:32,080
order for you to do your job and to find the exact connection that you require for your tasks.

54
00:04:32,410 --> 00:04:39,880
So with the search, it allows you to see the data collection only that fits to your search criteria.

55
00:04:40,180 --> 00:04:45,070
Actually, the search criteria is supported by the library called records here.

56
00:04:45,490 --> 00:04:48,160
It's called the Leap B cap.

57
00:04:48,640 --> 00:04:52,930
And this is in the library in the background that works with your search.

58
00:04:52,930 --> 00:04:58,870
And for that reason, for example, for ITC, you can see the different parameters from this library

59
00:04:59,130 --> 00:05:00,820
research protocol.

60
00:05:01,060 --> 00:05:03,060
You can see them here and for.

61
00:05:03,460 --> 00:05:09,940
If you search for a protocol, for example, the DNS protocol, if we search for it, you can see that

62
00:05:09,940 --> 00:05:13,930
it filters only the traffic that is coming from the DNS.

63
00:05:14,230 --> 00:05:17,560
You can also click on different types such as the analyzed type.

64
00:05:17,770 --> 00:05:24,180
And you can see here we have the display filter display macros so we can also use macros here.

65
00:05:24,550 --> 00:05:26,820
We can apply different filters and so on.

66
00:05:27,310 --> 00:05:34,210
We have plenty of options here, but if we select the display filters, you can actually see the display

67
00:05:34,210 --> 00:05:39,060
filters that you can apply when you're a kid during packets with water.

68
00:05:39,490 --> 00:05:43,750
So this is really the main filter that you can use pretty much.

69
00:05:43,760 --> 00:05:50,650
For example, if you want the issue to be traffic, obviously you can use the HTP filter in here.

70
00:05:50,660 --> 00:05:53,980
You can simply see the name and then you can see the filter here.

71
00:05:54,010 --> 00:06:01,010
So let's check the APIs that are with the expression IPV six so far.

72
00:06:01,060 --> 00:06:03,070
Right, IPV six.

73
00:06:03,070 --> 00:06:07,620
You can see all the traffic that is coming from the IPV six and so on.

74
00:06:08,140 --> 00:06:10,930
So use the filters and investigate them.

75
00:06:11,140 --> 00:06:13,860
You can also do this from the Wireshark website.

76
00:06:14,140 --> 00:06:20,500
So they're quite useful, especially if you want to find Veera among many different traffic election

77
00:06:20,500 --> 00:06:21,130
messages.

78
00:06:21,700 --> 00:06:30,730
So which is good to know that you can actually filter your connections or packets by different criteria.

79
00:06:30,730 --> 00:06:43,720
For example, you can use the HTP filter by typing HTP, not content type, and you can actually search

80
00:06:44,080 --> 00:06:51,550
for the type of different content of the website or you can search for the full address on that website.

81
00:06:51,550 --> 00:07:00,790
For example, Charite htp dot location to you can see that here is the screen so you can pretty much

82
00:07:01,330 --> 00:07:02,850
filter here by location.

83
00:07:02,890 --> 00:07:10,240
So that was everything that we wanted to cover about for this to please use in your favor in order to

84
00:07:10,240 --> 00:07:11,910
analyze the different connections.

85
00:07:12,340 --> 00:07:14,710
So that was everything for this picture.

86
00:07:14,760 --> 00:07:17,390
In the next one, we're going to talk about Bizshark.

87
00:07:17,710 --> 00:07:18,550
Thanks for watching.