Wireshark Tutorial // Lesson 6 // Name Resolution
HTML-код
- Опубликовано: 11 июн 2024
- In this tutorial we will look at how we can use the name resolution features to work with DNS or manually configured names.
Download the sample trace file here:
www.cloudshark.org/captures/6...
(Select Export | Download to pull the trace down locally)
Please smash the like button to let me know if you enjoy this content!
== More On-Demand Training from Chris ==
▶Getting Started with Wireshark - bit.ly/udemywireshark
▶Getting Started with Nmap - bit.ly/udemynmap
== Live Wireshark Training ==
▶TCP/IP Deep Dive Analysis with Wireshark - bit.ly/virtualwireshark
== Private Wireshark Training ==
Let's get in touch - packetpioneer.com/product/pri...
Chapters in video:
0:00 Introduction to Naming
1:07 Resolving MAC and TCP ports
2:56 Resolving IP and IPv6 Addresses
6:10 Manually configuring host names
This channel is gold! I just have to finish the Sharkfest and Quic playlists, the others I watched last week =).
Thanks for the comment Rafael! Please share with others who may enjoy the content too - that is a huge help.
This series hits all the right notes and you can tell the author has probably suffered watching many bad videos. The content is excellent and he has a great grasp of the subject. Short intros, concise video with no extra filler. I have been using Wireshark sporadically for years, but never long enough to really get comfortable. I like that he spends a lot of time on setup. Too many videos dive into packet analysis but the environment needs to be customized to make the most of the capture. I like that he takes the time to go through this customization, offering excellent tips that you can use right away. By far the best tutorial on Wireshark I have seen. Great job and very much enjoying the series.
Thanks for the feedback! Really glad you are enjoying the series!
The Wireshark guru! It's so nice to have certain go to teachers on RUclips who are the best at what they do in the area they reside in. Thanks as always.
Thank you for the comment!
YOUR WS VIDEOS ARE LIFE SAVING!!! I am able to understand, not get bored, and learn so much!! 💯💯💯💯💯💯💯
Thank you! Glad you like them!
Thank you so much, Chris, for sharing this video. Since i've subscribed your channel i've gained so much information.
Great work, Chris!!!
Great approach - short videos TO THE POINT - I am learning THE PRACTICAL WAY Thanks 🙏
Dude, thank you so much for your video. You have really helped me prepare for my test that i have in wireshark. Your settings make life so much easier.
Chris, thank you for your lessons🤝
THis is just more than a Masterclass it's a god class
Thanks Chris! Great Tip
Great videos Chris God bless you
Your videos really helped me in troubleshooting
Glad to hear it
Best channel ❤ Learning a lot from you
big thanks to you for making these videos.
You are welcome!
Great Video. Thank you! Very useful features.
Glad it was helpful!
Epic as usual
Thank you Chris. amazing contents.
Glad you think so!
Thanks, Chris
Great videos Chris!!
Thanks!
Another great video!!! Keep it up
Thanks! Will do!
Thanks for this video
Thank you!
Question, when download the example capture, what's diff in commented vs original files ?
And which one do I want when following along ?
Bro this is Awsome, I owe you lunch if you're ever in Debary FL.
I WILL take you up on that!! 😆
Thanks for the videos Chris. Towards the end of the lecture, my View->Reload as File Format/Capture and Reload buttons are greyed out. What could be the reason pse? I am running Ubuntu desktop on a raspberry pi 400, where I intsalled wireshark.
7:00 - seems like this could be used to spoof resolved names?
Can you please tell me how one can extract the information from the signals that are captured from the monitor mode ...(protocol says IEEE 802.11)
hi chris ,can u please mention the display filter to view SYN and SYN/ACK at the same time.
thanks
Sure - tcp.flags.syn==1
That will show both the syn and syn/ack
BTW, anyone looking for the "Name Resolution Block", on the video here it is at the very end of the block list. However, in the newer version of WireShark it appears at the very top of the blocks. I saw mine on "Block 3" which is in other words towards the beginning/header!
Hey @marwit2928 - thanks for the comment!
Absolutely Boss! My little comment is nothing compared to the great contributions of @@ChrisGreer!!! Thank YOU!
Does Wireshark use the cached DNS entries of windows or does it always have to a do a DNS query even if it's been done before ?
Hey that's a good question. In the documentation - www.wireshark.org/docs/wsug_html_chunked/ChAdvNameResolutionSection.html it mentions that in addition to looking within the pcap and making active DNS queries, Wireshark can also use the local system hosts file. However I don't have much info on how that actually works, nor have I done much testing with it.
good cap litle boy
in my capturing the name resolution block is not coming what is the reason behind of this things
mine either
so usful