1
00:00:00,300 --> 00:00:00,540
Okay.

2
00:00:00,540 --> 00:00:02,520
So let's install tomb shock.

3
00:00:02,969 --> 00:00:07,410
The first thing I'm going to do is install wget.

4
00:00:07,530 --> 00:00:12,840
This is going to allow me to download an application from github.

5
00:00:13,810 --> 00:00:16,810
I could use it, but I'm simply going to use wget.

6
00:00:17,690 --> 00:00:24,780
What I'm going to do now is use wget and connect to GitHub and download term shock.

7
00:00:24,800 --> 00:00:27,020
I'll put the links below this video.

8
00:00:27,050 --> 00:00:34,100
This is essentially a GitHub page and I'm downloading term shock from GitHub.

9
00:00:34,670 --> 00:00:41,030
So here's the GitHub page for term shock or terminal UI for shock.

10
00:00:42,530 --> 00:00:46,550
And we can see a little bit of information about the application.

11
00:00:48,640 --> 00:00:51,230
You can also do a clone or download.

12
00:00:51,250 --> 00:00:55,210
So I'm simply downloading this file from GitHub.

13
00:00:55,570 --> 00:00:58,810
So Liz shows me that I've got the file downloaded.

14
00:00:58,960 --> 00:01:03,820
The next thing I'm going to do is under zip or on top of that file.

15
00:01:03,970 --> 00:01:06,940
So until the file.

16
00:01:08,030 --> 00:01:09,020
There it is.

17
00:01:09,770 --> 00:01:12,800
I'm going to move to that directory.

18
00:01:14,150 --> 00:01:16,340
And I see the term shock.

19
00:01:16,730 --> 00:01:26,510
So what I'm going to do is install term shock to user local ban, and then I'm going to go back to my

20
00:01:26,510 --> 00:01:27,470
home directory.

21
00:01:28,130 --> 00:01:32,570
So back in my home directory of Root, I'll clear the screen.

22
00:01:34,980 --> 00:01:40,710
Notice I've got this file which I previously created by capturing traffic off the network.

23
00:01:40,920 --> 00:01:47,240
So what I can do now is type two shock read t shock pcap file.

24
00:01:47,250 --> 00:01:49,230
So I'm going to read my pcap file.

25
00:01:50,960 --> 00:01:56,330
And what you can see through a terminal window now is the traffic that's being captured.

26
00:01:56,720 --> 00:02:01,970
So as an example, I could filter for OSPF and apply my filter.

27
00:02:02,630 --> 00:02:05,600
Notice I see my OSPF messages.

28
00:02:06,200 --> 00:02:12,140
So as an example, this is the source mac address of the router.

29
00:02:15,760 --> 00:02:17,740
Show interface gigabit.

30
00:02:17,830 --> 00:02:19,720
Zero zero Notice.

31
00:02:19,720 --> 00:02:21,850
Mac Address of router.

32
00:02:22,240 --> 00:02:24,610
IP Address of router.

33
00:02:26,440 --> 00:02:27,870
That's what we see over here.

34
00:02:28,420 --> 00:02:32,650
Destination is 224005, which is the multicast address for OSPF.

35
00:02:32,810 --> 00:02:34,720
There's the layer two mac address.

36
00:02:36,470 --> 00:02:38,590
Open up the IP header.

37
00:02:38,930 --> 00:02:41,970
Can use my up and down arrow keys.

38
00:02:41,990 --> 00:02:43,910
Use enter to open this up.

39
00:02:44,480 --> 00:02:48,380
Notice dhcp is set to see a six very important traffic.

40
00:02:48,410 --> 00:02:53,810
Scrolling down I can see that the protocol is 89 which is OSPF.

41
00:02:54,500 --> 00:02:58,850
So at layer four notice we have ospf press enter there.

42
00:02:58,850 --> 00:02:59,960
Press enter here.

43
00:03:00,170 --> 00:03:02,210
A version of OSPF has version two.

44
00:03:02,240 --> 00:03:09,620
This is a hollow packet source IP address is this as we saw over here, IP address of router.

45
00:03:10,670 --> 00:03:12,500
Area is the backbone area.

46
00:03:13,710 --> 00:03:22,530
So I can see all the traffic that I would normally see through a graphical user interface directly through

47
00:03:22,530 --> 00:03:23,700
a terminal.

48
00:03:23,790 --> 00:03:28,590
Notice once again, if I quit out of here, I am in a terminal.

49
00:03:28,590 --> 00:03:30,930
There's no graphical user interface here.

50
00:03:31,020 --> 00:03:32,520
It's a simple terminal.

51
00:03:34,470 --> 00:03:39,630
But Tom Chalk allows me to read Wireshark captures through a terminal window.

52
00:03:40,170 --> 00:03:42,150
I'll filter for EGP.

53
00:03:42,660 --> 00:03:45,030
Notice there's IGP messages.

54
00:03:46,120 --> 00:03:48,790
I can go up and down through my messages.

55
00:03:48,880 --> 00:03:50,860
Use the up and down arrows if I like.

56
00:03:50,860 --> 00:03:53,440
I can press tab to jump from one window to another.

57
00:03:53,890 --> 00:03:55,480
So Tab takes me down here.

58
00:03:55,480 --> 00:03:56,770
Tab to the first window.

59
00:03:56,770 --> 00:03:57,700
Second window.

60
00:03:57,820 --> 00:03:59,860
Press enter to collapse.

61
00:03:59,860 --> 00:04:01,570
That enter to open it up.

62
00:04:01,930 --> 00:04:05,980
I can press forward slash and that will allow me to change the protocol.

63
00:04:05,980 --> 00:04:08,260
So to keep as an example.

64
00:04:09,340 --> 00:04:11,470
Now I can see spanning tree messages.

65
00:04:12,120 --> 00:04:15,480
Once again click and you have our like your copy.

66
00:04:15,600 --> 00:04:16,740
Click apply.

67
00:04:17,470 --> 00:04:19,990
There's my IGP messages once again.

68
00:04:19,990 --> 00:04:23,530
Source IP address destination 2 to 4 zero zero ten.

69
00:04:23,530 --> 00:04:26,770
Well known multicast address for EGP.

70
00:04:27,490 --> 00:04:31,330
So I'm using my mouse, but I could use a keyboard.

71
00:04:31,690 --> 00:04:34,720
So up and down keys.

72
00:04:35,170 --> 00:04:36,250
And to key.

73
00:04:36,250 --> 00:04:37,570
And to key again.

74
00:04:39,170 --> 00:04:41,150
And to key here to see parameters.

75
00:04:41,150 --> 00:04:51,710
Notice their my k values and to key to see software version information enter up key enter press tab.

76
00:04:52,220 --> 00:04:56,390
And now I can go up and down through the protocols forward slash.

77
00:04:56,390 --> 00:05:01,130
I could specify, let's say STP again and click apply.

78
00:05:02,560 --> 00:05:04,270
Here's my spending tree protocol.

79
00:05:04,390 --> 00:05:05,110
So.

80
00:05:06,180 --> 00:05:12,750
I can see the root identifier, etc., etc. So I'm not going to bore you through all the options in

81
00:05:12,750 --> 00:05:13,370
this application.

82
00:05:13,380 --> 00:05:14,370
Have a look on GitHub.

83
00:05:14,400 --> 00:05:21,240
A lot of good examples and documentation on GitHub, but I'm hoping this has shown you a really nice

84
00:05:21,240 --> 00:05:22,290
application.

85
00:05:22,320 --> 00:05:27,960
You can run term shock through a console and read t shock messages.

86
00:05:28,590 --> 00:05:34,770
TikTok is great because I could put sniffers in different parts of my network and not have to use a

87
00:05:34,770 --> 00:05:37,620
application with a graphical user interface.

88
00:05:37,980 --> 00:05:43,830
I can also schedule it so I could use cron just to schedule T shock to capture traffic if I wanted to.

89
00:05:44,340 --> 00:05:49,380
There are a lot of options with tea shock and term shock is great because it allows you to view the

90
00:05:49,380 --> 00:05:52,140
tea shock captures directly through a console.

91
00:05:52,470 --> 00:05:54,180
Okay, so I hope you've learned something.

92
00:05:54,180 --> 00:05:55,590
I hope you've enjoyed this video.