1
00:00:01,220 --> 00:00:07,400
Wireshark offers a comprehensive framework for analyzing network traffic, and it performs well on most

2
00:00:07,400 --> 00:00:14,720
operating systems, and the interface is streamlined with shortcuts and methods to make navigation easier

3
00:00:14,720 --> 00:00:18,880
and get you up and running with analyzing traffic.

4
00:00:18,890 --> 00:00:24,650
And in this lecture we will discover how the Wireshark presents information along with where to find

5
00:00:24,650 --> 00:00:26,570
a list of keyboard shortcuts.

6
00:00:26,570 --> 00:00:32,240
And we will also take a look at the many authors who have been who have made this application possible

7
00:00:32,240 --> 00:00:36,670
and describe some ways you can obtain help and learn about Wireshark.

8
00:00:36,680 --> 00:00:41,300
So let's start with a brief look at the Wireshark interface.

9
00:00:41,300 --> 00:00:43,640
So let's first start Wireshark.

10
00:00:43,670 --> 00:00:50,540
You can also start Wireshark from Terminal without just typing Wire, Wireshark, and you can also start

11
00:00:50,540 --> 00:00:52,940
with a pseudo credentials.

12
00:00:52,940 --> 00:00:59,510
But in this case we will just start it with a normal wireshark without sudo or anything for now.

13
00:01:00,080 --> 00:01:06,570
And in some cases you will need, uh, you will need to start mashrakh with sudo privileges.

14
00:01:06,570 --> 00:01:14,700
And now when you first launch Wireshark, you will see a list of active interfaces and some have a spark

15
00:01:14,700 --> 00:01:18,600
line or moving graph symbol next to the interface here.

16
00:01:18,600 --> 00:01:25,920
And when present, the spark line represents actively exchanging data and you can select that interface

17
00:01:25,920 --> 00:01:27,180
and begin capturing.

18
00:01:27,180 --> 00:01:31,500
And here, as you can see, our arrow is down, our analysis is down here.

19
00:01:31,500 --> 00:01:36,540
So whenever we enter some website here, let's actually coliforms.

20
00:01:36,660 --> 00:01:39,270
And here, as you can see, it spiked up.

21
00:01:39,450 --> 00:01:44,700
So as shown here, this is our both Ethernet.

22
00:01:45,030 --> 00:01:46,050
Also select any.

23
00:01:46,050 --> 00:01:51,780
In this case we don't have connected Bluetooth or any wireless devices.

24
00:01:51,780 --> 00:01:56,130
So now during analysis, Wireshark has many ways to improve your experience.

25
00:01:56,130 --> 00:02:00,180
So first let's actually select firstly Ethernet and then we will start here.

26
00:02:00,180 --> 00:02:01,470
As you can see, it's empty.

27
00:02:01,470 --> 00:02:08,410
So whenever we go here, let's actually go to Nethunter and as you can see it.

28
00:02:09,150 --> 00:02:17,460
It's actually very it works actually very fast and real time data on your screen here.

29
00:02:17,730 --> 00:02:20,040
So it might look like.

30
00:02:21,510 --> 00:02:21,880
Pretty.

31
00:02:23,600 --> 00:02:30,880
Is arranged, but it's actually it arranged in some way, which I will explain all of this in this section.

32
00:02:30,890 --> 00:02:36,860
So now, for example, when working with a package capture with Wireshark, we can easily add columns

33
00:02:36,860 --> 00:02:38,030
to the interface.

34
00:02:38,030 --> 00:02:44,600
So simply right click on a value with the packet details here and now.

35
00:02:45,620 --> 00:02:46,810
You can also apply.

36
00:02:46,900 --> 00:02:48,050
Apply as filter.

37
00:02:48,050 --> 00:02:49,400
Prepare as filter.

38
00:02:49,400 --> 00:02:53,570
Mark Unworked Protocol Preferences Decode.

39
00:02:53,570 --> 00:02:55,520
Show packet new info here.

40
00:02:55,520 --> 00:03:03,800
As you can see, there is a also we can also edit resize contents and resize column width and here apply

41
00:03:03,800 --> 00:03:04,610
as filter.

42
00:03:04,760 --> 00:03:05,630
So.

43
00:03:06,900 --> 00:03:11,100
Now we will select something here and.

44
00:03:12,050 --> 00:03:12,800
And see here.

45
00:03:12,800 --> 00:03:17,840
We can also select a num number at that column and so on.

46
00:03:17,840 --> 00:03:20,060
We can also change the title of it.

47
00:03:20,060 --> 00:03:22,250
So number.

48
00:03:23,030 --> 00:03:24,290
And so on.

49
00:03:25,530 --> 00:03:34,860
So, which also includes intelligent scrollbar, which is on the right side of the packet list here.

50
00:03:37,570 --> 00:03:46,360
You can also go to view and here we can expand all view, reset layout, colorize conversations, resize

51
00:03:46,360 --> 00:03:48,310
column reset layout.

52
00:03:48,340 --> 00:03:48,690
We.

53
00:03:49,720 --> 00:03:54,310
Receptor layout kernels packet in a new window.

54
00:03:54,310 --> 00:04:00,700
And as you can see here, the new window just popped out and we can see more information.

55
00:04:01,300 --> 00:04:02,110
Now.

56
00:04:02,850 --> 00:04:03,990
And here.

57
00:04:05,420 --> 00:04:09,920
We can also type our display filters, which you will learn all of this.

58
00:04:11,210 --> 00:04:12,800
This horse.

59
00:04:12,800 --> 00:04:15,230
And now.

60
00:04:16,670 --> 00:04:22,700
We'll start with how to discover keyboard shortcuts in Wireshark.

61
00:04:22,700 --> 00:04:27,680
So with millions of downloads per year, Russia has become a significant tool.

62
00:04:27,680 --> 00:04:34,130
It has proven to be flexible as an open source utility and encourages developers to add functionality

63
00:04:34,130 --> 00:04:36,350
as well as improve overall experience.

64
00:04:36,350 --> 00:04:42,620
So each new version improves the application, and improvements can include fixing a simple visual or

65
00:04:42,620 --> 00:04:50,690
display usually or more significant problems that can cause an application to crash, such as sulfur

66
00:04:50,730 --> 00:04:51,560
detectors.

67
00:04:51,560 --> 00:04:57,200
So when you update Wireshark, take time to read the notes, which will see.

68
00:04:57,200 --> 00:05:01,130
You can also see here where just Google it var.

69
00:05:02,700 --> 00:05:04,020
Wireshark.

70
00:05:04,060 --> 00:05:07,590
OBS, Wireshark, update notes.

71
00:05:07,590 --> 00:05:10,110
And here there's also.

72
00:05:10,700 --> 00:05:18,590
Uh, you can see the what's new bug fixes new and updated features like a new protocol support.

73
00:05:18,620 --> 00:05:22,970
Updated protocol support new and updated capture file support.

74
00:05:22,970 --> 00:05:25,610
And you can also get help from that.

75
00:05:25,640 --> 00:05:29,450
So first, let's actually solve this capture, and we will.

76
00:05:30,250 --> 00:05:30,700
Again.

77
00:05:32,080 --> 00:05:33,350
Uh, explaining.

78
00:05:35,300 --> 00:05:36,260
It's not working.

79
00:05:36,410 --> 00:05:38,080
So we can rule out.

80
00:05:38,090 --> 00:05:38,510
No.

81
00:05:39,200 --> 00:05:39,680
Stan.

82
00:05:39,860 --> 00:05:44,060
As you can see, there's a release notes on Wireshark's official Web page.

83
00:05:44,150 --> 00:05:48,290
As you can see, the last version of this 4.0.5.

84
00:05:48,410 --> 00:05:56,690
And here what's new in what's new section, you can see bug fixes, file locations, getting Wireshark

85
00:05:56,690 --> 00:05:58,280
and so on.

86
00:05:58,280 --> 00:05:59,270
So let's get started.

87
00:05:59,270 --> 00:06:05,090
Fastly with the let's get started with discovering the keyboard shortcuts.

88
00:06:05,090 --> 00:06:05,420
Right?

89
00:06:05,420 --> 00:06:09,250
So everyone has a preferences as how they interact with Wireshark's.

90
00:06:09,260 --> 00:06:16,100
Some individuals prefer using keyboard as it's faster and more intuitive and using a mouse like that.

91
00:06:16,100 --> 00:06:22,340
So Wireshark has a list of keyboard shortcuts that can be found by selecting from the this Help menu

92
00:06:22,340 --> 00:06:29,480
choice, then clicking about Wireshark and then selecting keyboard shortcuts here and see in the tab

93
00:06:29,480 --> 00:06:30,050
here.

94
00:06:30,050 --> 00:06:37,040
So now we are seeing every shortcut, every possible shortcut in Wireshark.

95
00:06:37,670 --> 00:06:44,880
So for example, when working with a package capture, many times I will select, as you can see, control

96
00:06:44,880 --> 00:06:49,050
plus plus, which will zoom in on the main text of the interface.

97
00:06:49,050 --> 00:06:50,760
Let's try that actually click.

98
00:06:50,760 --> 00:06:54,030
Okay, let's zoom in that here.

99
00:06:55,220 --> 00:06:57,350
I'll sit here and zoom in.

100
00:06:57,350 --> 00:06:58,790
Zoom out like that.

101
00:06:59,180 --> 00:06:59,900
Zoom in.

102
00:07:01,130 --> 00:07:02,540
Please zoom in now.

103
00:07:02,570 --> 00:07:03,140
Here.

104
00:07:10,930 --> 00:07:11,230
It's.

105
00:07:11,350 --> 00:07:13,580
We can barely see it.

106
00:07:13,600 --> 00:07:15,790
That's because I will zoom.

107
00:07:16,840 --> 00:07:17,230
Again.

108
00:07:19,040 --> 00:07:19,460
Yes.

109
00:07:20,820 --> 00:07:21,450
Actually check.

110
00:07:21,570 --> 00:07:22,230
Check that.

111
00:07:22,530 --> 00:07:24,660
Shortcut shortcuts again.

112
00:07:24,990 --> 00:07:26,550
And here, zoom in.

113
00:07:26,550 --> 00:07:27,990
Zoom out.

114
00:07:28,230 --> 00:07:30,240
Zoom in and zoom out here.

115
00:07:30,450 --> 00:07:31,620
So now.

116
00:07:33,590 --> 00:07:34,010
We will.

117
00:07:35,250 --> 00:07:36,570
To and zoom in.

118
00:07:36,930 --> 00:07:41,520
Unfortunately, it's actually close that wireshark and open the wireshark.

119
00:07:41,550 --> 00:07:43,770
Again, we have some shortcut problem here.

120
00:07:44,890 --> 00:07:46,180
Then zero.

121
00:07:46,190 --> 00:07:49,310
And here we let's go to some website.

122
00:07:50,370 --> 00:07:52,770
And here we are seeing that again.

123
00:07:57,760 --> 00:08:02,290
I guess my plus keyboard plus key on my keyboard is broken.

124
00:08:02,290 --> 00:08:04,780
So we will use that.

125
00:08:04,780 --> 00:08:05,130
We will.

126
00:08:05,140 --> 00:08:07,690
You can also change that here.

127
00:08:07,930 --> 00:08:08,290
Oops.

128
00:08:08,290 --> 00:08:09,250
Uh, not here.

129
00:08:09,430 --> 00:08:16,690
You should change this from the file and no edit preferences.

130
00:08:16,690 --> 00:08:25,180
And here you can change that font and columns layout captcha, expert filter buttons, name resolutions.

131
00:08:25,300 --> 00:08:26,920
You can also change the protocols.

132
00:08:26,980 --> 00:08:32,680
You can give them individual colors to know exactly what protocol is it or not.

133
00:08:32,680 --> 00:08:38,080
And you can see the statics advanced and so on.

134
00:08:38,230 --> 00:08:39,100
So.

135
00:08:40,940 --> 00:08:41,690
Yes.

136
00:08:41,930 --> 00:08:48,680
I use my laptop's keyboard to hear and see if we can zoom in and zoom out.

137
00:08:48,800 --> 00:08:50,240
And now.

138
00:08:51,110 --> 00:08:57,110
All of these improvements over the years have been possible because of the generosity of the open source

139
00:08:57,260 --> 00:08:57,800
community.

140
00:08:58,400 --> 00:09:05,600
And here you can see keyboard shortcuts, plug ins, that these are the default plugins.

141
00:09:06,230 --> 00:09:10,400
As of this lecture, I didn't installed any plugins for you.

142
00:09:10,400 --> 00:09:15,590
If we would need any plugins we will install on this lecture.

143
00:09:15,590 --> 00:09:16,340
So.

144
00:09:17,790 --> 00:09:22,020
Now let's firstly recognize our authors, right?

145
00:09:22,170 --> 00:09:23,460
Who developed this?

146
00:09:25,010 --> 00:09:26,480
This awesome application.

147
00:09:26,690 --> 00:09:33,200
So these are the many authors have contributed to the success of the Wireshark by providing ongoing

148
00:09:33,230 --> 00:09:35,540
development and maintenance of the application.

149
00:09:35,540 --> 00:09:43,700
So some constituent, some consistently jump in to add their expertise and others contribute only when

150
00:09:43,700 --> 00:09:46,700
they need a specific protocol Dissector.

151
00:09:46,700 --> 00:09:52,280
So anyone can be involved as there is a plenty of documentation on how to add a basic dissector.

152
00:09:52,280 --> 00:09:58,760
If you do modify Wireshark to edit the sector or visual enhancement for your work with the Wireshark

153
00:09:58,790 --> 00:10:02,620
team so that everyone can benefit.

154
00:10:02,630 --> 00:10:09,710
So now let's find information here across the bottom of the right hand side of the Wireshark.

155
00:10:09,950 --> 00:10:10,790
So.

156
00:10:11,840 --> 00:10:14,180
Welcome interface you will see learn label.

157
00:10:14,180 --> 00:10:19,610
So firstly, of course we need to first quit and let's go to wireshark's.

158
00:10:19,610 --> 00:10:23,000
Welcome screen right and here.

159
00:10:24,210 --> 00:10:27,210
We have profile Bluetooth classic here.

160
00:10:27,210 --> 00:10:32,520
Let's select classic actually click hold for you here now.

161
00:10:34,970 --> 00:10:38,810
Now we're going to understand the phases of packet analysis.