Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:02,830 --> 00:00:05,929 This is a free, complete course for the CCNA. 2 00:00:05,929 --> 00:00:09,779 If you like these videos, please subscribe\n 3 00:00:09,779 --> 00:00:13,759 Also, please like and leave a comment, and\n 4 00:00:16,778 --> 00:00:19,179 In this video we’ll take a look at Wireshark. 5 00:00:19,179 --> 00:00:23,448 I have shown you Wireshark a couple times\n 6 00:00:25,350 --> 00:00:28,640 Although there is a lot you can learn about\n 7 00:00:30,239 --> 00:00:34,259 Network engineers use it as a tool in their\n 8 00:00:36,189 --> 00:00:40,530 Using Packet Tracer’s ‘simulation’ mode\n 9 00:00:40,530 --> 00:00:43,439 not at the same level as Wireshark. 10 00:00:43,439 --> 00:00:47,599 Packet Tracer is a network simulator, but\n 11 00:00:49,600 --> 00:00:53,140 Up here you can see the packets as they are\n 12 00:00:53,140 --> 00:00:57,850 you are capturing traffic from, and if you\n 13 00:00:59,840 --> 00:01:04,000 Note that this kind of software is called\n 14 00:01:04,000 --> 00:01:10,000 Packet is just a general term we use, it doesn’t\n 15 00:01:10,000 --> 00:01:14,290 As you can see here, the entire frame is indeed\ncaptured. 16 00:01:14,290 --> 00:01:17,740 To download Wireshark, go to wireshark.org. 17 00:01:17,739 --> 00:01:21,079 It’s totally free, so you really should\nget it. 18 00:01:21,079 --> 00:01:25,769 At the end of this demonstration I’ll give\n 19 00:01:25,769 --> 00:01:29,759 so you’ll need to download it if you want\nto do them. 20 00:01:29,760 --> 00:01:33,910 Usually in my lab videos I give a shoutout\n 21 00:01:33,909 --> 00:01:37,759 simulator with a ton of guided practice labs. 22 00:01:37,760 --> 00:01:41,719 Since I’m not doing a regular configuration\n 23 00:01:41,719 --> 00:01:45,569 Boson’s CCNA courseware, which they released\nrecently. 24 00:01:45,569 --> 00:01:50,109 Basically, this is Boson’s complete course\nfor the CCNA. 25 00:01:50,109 --> 00:01:52,239 What do you get in the courseware? 26 00:01:52,239 --> 00:01:56,769 You get the curriculum, which is the main\n 27 00:01:56,769 --> 00:02:02,310 You get a PDF lab guide, and on top of that\n 28 00:02:02,310 --> 00:02:06,799 These are not the labs included in NetSim\n 29 00:02:09,008 --> 00:02:13,869 Here’s the table of contents for the curriculum,\n 30 00:02:14,870 --> 00:02:20,230 I always recommend using multiple resources\n 31 00:02:21,669 --> 00:02:27,429 I didn’t use their courseware for the previous\n 32 00:02:27,430 --> 00:02:31,170 courseware to study for my exams and it was\nexcellent. 33 00:02:31,169 --> 00:02:35,039 If you want to get Boson’s courseware, follow\n 34 00:02:35,039 --> 00:02:37,429 You can download a sample from their website. 35 00:02:40,889 --> 00:02:44,988 First up I’m just going to show you a brief\n 36 00:02:44,989 --> 00:02:49,680 being sent and received by the network interface\nof my PC. 37 00:02:49,680 --> 00:02:53,390 When the capture starts you’ll see there’s\n 38 00:02:55,330 --> 00:02:59,940 Then I open a YouTube page and start watching\n 39 00:02:59,939 --> 00:03:04,329 Okay, let’s just watch the video, it’s\n 40 00:03:04,330 --> 00:03:07,060 through an actual analysis of some of the\ntraffic. 41 00:03:55,280 --> 00:03:57,860 Okay, so that was a lot of traffic that went\npassing by. 42 00:04:00,400 --> 00:04:03,840 Notice that in Wireshark you are able to filter\noutput. 43 00:04:03,840 --> 00:04:06,360 There are many ways you can do so. 44 00:04:06,360 --> 00:04:11,599 This video isn’t about how to master Wireshark,\n 45 00:04:11,598 --> 00:04:15,280 Just notice that I filtered by the TCP port\nnumber. 46 00:04:15,280 --> 00:04:20,939 If you do want to learn more about Wireshark,\n 47 00:04:20,939 --> 00:04:25,329 and also a free Wireshark and ethical hacking\n 48 00:04:27,069 --> 00:04:32,300 Okay, notice the first message here, under\n 49 00:04:35,550 --> 00:04:40,270 Under ‘info’ you can see the source and\ndestination ports. 50 00:04:40,269 --> 00:04:48,219 From 62652 to 443 in the first message, and\n 51 00:04:53,459 --> 00:04:58,789 It’s the random source port my PC selected\n 52 00:05:00,750 --> 00:05:09,620 That’s HTTPS, Hypertext Transfer Protocol\n 53 00:05:09,620 --> 00:05:12,829 Look here, do you recognize this series of\nmessages? 54 00:05:19,829 --> 00:05:27,810 So, in these first three messages my PC and\n 55 00:05:27,810 --> 00:05:33,620 You can also see the sequence number, acknowledgment number, and 56 00:05:33,620 --> 00:05:37,439 Remember that I said the initial sequence\n 57 00:05:37,439 --> 00:05:41,629 You might be thinking it’s a big coincidence\n 58 00:05:43,290 --> 00:05:48,470 In Wireshark it is displayed as 0 here to\n 59 00:05:48,470 --> 00:05:51,160 but that’s not the actual sequence number. 60 00:05:51,160 --> 00:05:55,580 When we look further at the details of the\n 61 00:05:55,579 --> 00:06:01,099 So, sequence number 0 is acknowledged with\n 62 00:06:03,000 --> 00:06:05,350 Then my PC sends sequence number 1. 63 00:06:05,350 --> 00:06:09,860 Once again, these aren’t the real sequence\n 64 00:06:09,860 --> 00:06:15,050 this to make it easier to look at and analyze\nthe data exchange. 65 00:06:15,050 --> 00:06:18,520 Then there is the actual exchange of data\nhere. 66 00:06:18,519 --> 00:06:22,649 Notice that most of these display SSL in the\nprotocol column. 67 00:06:22,649 --> 00:06:29,289 SSL is what gives the security to HTTPS, Hypertext\n 68 00:06:29,290 --> 00:06:35,569 TCP is still being used, but Wireshark displays\n 69 00:06:35,569 --> 00:06:41,050 Finally, you can see the exchange of FINs\n 70 00:06:42,839 --> 00:06:46,000 You probably noticed that the flags are a\n 71 00:06:46,000 --> 00:06:51,329 lecture, there is an extra ACK in the first\nand third messages. 72 00:06:51,329 --> 00:06:55,359 There are some nuances to the connection termination\n 73 00:06:57,560 --> 00:07:04,780 I recommend just remembering the basic FIN,\n 74 00:07:04,779 --> 00:07:08,399 Now let’s briefly look inside one of those\nsegments. 75 00:07:08,399 --> 00:07:14,219 This is the very first SYN message at the\n 76 00:07:14,220 --> 00:07:19,530 First up, notice that the segment is of course\n 77 00:07:19,529 --> 00:07:25,109 We’re just looking deeper than we did before,\n 78 00:07:25,110 --> 00:07:29,550 Okay, I want to point out the sequence number\nhere. 79 00:07:29,550 --> 00:07:33,550 Notice that ‘0’ is the relative sequence\nnumber. 80 00:07:33,550 --> 00:07:37,180 Wireshark does this to make it easier to analyze\nthe traffic. 81 00:07:37,180 --> 00:07:40,379 Below you can see the real sequence number. 82 00:07:40,379 --> 00:07:45,038 As you can probably imagine, it is much harder\n 83 00:07:45,038 --> 00:07:50,009 numbers like 1 billion 224 million 315 thousand\n781. 84 00:07:50,009 --> 00:07:55,270 Okay, there are just a couple other things\n 85 00:07:55,269 --> 00:08:00,560 Because this is a SYN message, under the ‘flags’\n 86 00:08:01,970 --> 00:08:05,760 All of the other flags are not set, they are\n0. 87 00:08:05,759 --> 00:08:09,879 Finally, you can see the TCP window size down\nhere. 88 00:08:09,879 --> 00:08:16,990 Okay, before wrapping up this brief demonstration\n 89 00:08:16,990 --> 00:08:21,740 First up, notice that this is a DNS, Domain\n 90 00:08:21,740 --> 00:08:24,780 This is from my PC to a DNS server. 91 00:08:24,779 --> 00:08:28,299 So, what will the destination port be? 92 00:08:28,300 --> 00:08:33,599 As you can see here, my PC selected a random\n 93 00:08:33,599 --> 00:08:39,720 used 53 as the destination port, because that’s\n 94 00:08:39,720 --> 00:08:44,830 Within the segment you can indeed see that\n 95 00:08:44,830 --> 00:08:49,600 This is a DNS query message, you’ll learn\n 96 00:08:49,600 --> 00:08:54,620 That’s all I wanted to point out about UDP,\n 97 00:08:55,778 --> 00:09:01,600 Finally, here’s a little bit of homework\n 98 00:09:01,600 --> 00:09:05,290 You don’t have to do this, of course, but\n 99 00:09:05,289 --> 00:09:09,769 First, download Wireshark from wireshark.org. 100 00:09:09,769 --> 00:09:13,929 Then use it to capture network traffic sent\n 101 00:09:13,929 --> 00:09:17,159 Visit some websites while Wireshark is running. 102 00:09:17,159 --> 00:09:19,730 Then stop the Wireshark capture. 103 00:09:19,730 --> 00:09:24,600 Check out the packet captures, and find a\n 104 00:09:26,570 --> 00:09:30,660 Then find a TCP four-way handshake, a TCP\n 105 00:09:30,659 --> 00:09:34,990 Again, if you really want to learn how to\n 106 00:09:34,990 --> 00:09:39,639 Bombal’s free videos on YouTube or getting\n 107 00:09:39,639 --> 00:09:44,480 I’m no Wireshark expert myself, David Bombal\n 108 00:09:45,480 --> 00:09:49,289 Okay, that’s all for the video, I hope it\n 109 00:09:49,289 --> 00:09:55,289 captures and see some of the things we studied\n 110 00:09:55,289 --> 00:09:59,659 Before finishing today’s video I want to\n 111 00:09:59,659 --> 00:10:03,370 To join, please click the ‘Join’ button\nunder the video. 112 00:10:03,370 --> 00:10:10,450 Thank you to Benjamin, Deepak, Tshepiso, Justin,\n 113 00:10:10,450 --> 00:10:16,028 Erlison, Apogee, Wasseem, Marko, Florian,\n 114 00:10:16,028 --> 00:10:22,120 Value, John, Funnydart, Scott, Hassan, Gerrard,\n 115 00:10:22,120 --> 00:10:28,070 Mark, Yousif, Sidi, Boson Software, Charlesetta,\n 116 00:10:28,070 --> 00:10:32,820 Sorry if I pronounced your name incorrectly,\n 117 00:10:32,820 --> 00:10:37,209 One of you is still displaying as Channel\n 118 00:10:37,208 --> 00:10:40,359 me know and I’ll see if YouTube can fix\nit. 119 00:10:40,360 --> 00:10:44,730 This is the list of JCNP-level members at\n 120 00:10:44,730 --> 00:10:49,629 29th 2020, if you signed up recently and your\n 121 00:10:55,450 --> 00:10:59,360 Please subscribe to the channel, like the\n 122 00:10:59,360 --> 00:11:02,700 with anyone else studying for the CCNA. 123 00:11:02,700 --> 00:11:05,910 If you want to leave a tip, check the links\nin the description. 124 00:11:05,909 --> 00:11:11,328 I'm also a Brave verified publisher and accept\n 10258