Looks like UDP is going to be more and more important in the future Internet. With QUIC taking over, you better learn more about UDP. We go deep with Chris Greer and use Wireshark captures to learn about UDP. // MENU // 00:00 - Coming up 00:40 - Intro 00:45 - What's coming in SharkFest'22 & Defcon 30 01:34 - Udemy courses coming soon 02:00 - UDP & its importance 03:43 - Request For Comments (RFC) 07:06 - Difference between UDP & TCP 07:50 - Wireshark UDP demo 10:16 - How UDP works 14:51 - Wireshark UDP demo (cont'd) 25:11 - QUIC & UDP 28:21 - Wireshark UDP demo (cont'd) 33:02 - The nightmare of companies blocking QUIC 39:10 - Advice for learning UDP, TCP & QUIC 41:15 - Encrypted packets 44:43 - How to decrypt packets 48:18 - Knowledge & skills can save you 49:12 - Last advice 50:03 - Chris Greer RUclips, Twitter and live courses 51:42 - Conclusion // Wireshark pcap file // Wireshark UDP PCAP: www.dropbox.com/s/gpwnjnq41hp4v15/UDPDeepDive-Bombal.zip?dl=0 // HTTP3 deep dive // Robin Marx explains http3: ruclips.net/video/cdb7M37o9sU/видео.html // Chris Greer Videos // TCP Deep Dive: ruclips.net/video/rmFX1V49K8U/видео.html HTTPS Decryption with Wireshark: ruclips.net/video/GMNOT1aZmD8/видео.html Decrypting TLS, HTTP/2 and QUIC with Wireshark: ruclips.net/video/yodDbgoCnLM/видео.html //CHRIS GREER // Udemy course: davidbombal.wiki/chriswireshark LinkedIn: www.linkedin.com/in/cgreer/ RUclips: ruclips.net/user/ChrisGreer Twitter: twitter.com/packetpioneer // David SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal RUclips: ruclips.net/user/davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
I am in love with the content and information this channel provides, been around this channel for sooo long guys we should also make it a hype like Mr Beast!!! Sir David, you deserve millions of subs and respect from all!!!
Miss your motivational videos. It were very helpful. You changed my life and made me who i am today. Thank you for your informative videos and effort. Keep growing. Love from Kerala , India.
Absolute love this video, channel and all the amazing content you freely give out to the community David. Thank you for looking out for us little guys!
Great! one of the best tech interviewer with one of the best explainer. You two are the best duo talking "on the same frequency" Best content on the webz at the moment
Your content continues to amaze me. Hands on wire shark deciphering videos are a god send. I'm just working on a network + at this point but its never too early to learn how to packet sniff.
I recently stumbled on your channel and watched a few of your interviews like this one. This is absolutely invaluable content for the masses. As an IT Dev, we are less than trained in network, even though we interact with it literally at all times. These interviews provides a very different perspective and are absolutely full packed of resources for further reading, which as I said, is invaluable, especially coming in a free form, thanks.
As someone who helps large organizations troubleshoot media quality on almost a daily basis, its almost always large organizations attempting (and failing) to do deep packet inspection on UDP media traffic using something like ALG or FirePower. Putting in a bypass/override for the appropriate source and destination traffic has a measurable and immediate impact. Its so prevalent, I lead with this question. And as Dr. House often says, everyone lies. Show me your ALG/FirePower config, if I don't see the override/bypass I stop all further troubleshooting until its in place.
Do you post engineering? I work in LA as a technician helping in Post houses and other creative media spaces dealing with storage, networking, and software. Haven't come across ALG or FirePower just yet sounds interesting.
Newer audiences member, really like this series.. what would be great is when pointing out issues like “woah! This one took a full second” - sorta just throw out 2-3 potential/common reasons for it.. not so much in detail, just keywords or general concept. This would point us in **a** direction if we come across the problem IRL and we could branch out from there.
Same here...I like to think I know wireshark inside out, but have never seen that before! Tried it on my on implementation to check it worked...and it did
QUIC is encrypted not because they wanted, but because they needed it to be. Someone created an appliance to mangle the connection flags, counters etc, and if that was allowed to proliferate, making newer versions of QUIC would have been impossible. Look at what happened with MPTCP - they had to do so much to appease middle-boxes (make it look like TCP) that they couldn't achieve all their goals.
I wonder if we'll see Encrypted ClientHello, which sort of does double encryption, could we easily get the outer keys, then we could have a lot better idea of flows, etc. Without getting access to the encrypted data.
I think it should always be emphasized that QUIC is actually a full-fledged, complex layer 4 protocol by concept, it uses UDP only for compatibility with (older) middleboxes. And that is possible and fine because UDP is basically as bare and simple as a layer 4 protocol could be.
Would love to see a session with Chris specifically about IPERF. I noticed that he went to the typical webpage when describing IPERF, which is several versions behind the latest which the developers often call out when they get requests for help. Might also be interesting to note that IPERF doesn't seem to have native support in Windows.
woow when ever chris is around the subject become very intersting normal he is the radiologist of the packets thx Mr Bombal for this inovating subject thx Chris also
its been 20 years since i had a phone that rang like that and yet i sill had to check my cell.....that has never been out of silent mode since i got it. lol great video. love this deep dive.
I would not phrase this as a TCP vs UDP debate. As Robin mentioned in that interview the only reason they chose UDP is because it was already established and could get through aggressive firewalls. If QUIC effectively becomes the new transport layer thats fine as its still standardized and predictable (as Chris mentions its very much like TCP just optimized for current world networks not dial up from the 80s). If everyone tries building their own protocols on UDP you risk ending up with situations like MPEG transport streams where a packet arriving out of order is treated as lost (look up Continuity count error which can occur the 3 instances - incorrect packet order, a packet occurs more than twice or a packet is lost). Simply having a etherchannel in the path of that type of traffic will have the users up in arms because the video streams are unusable. This occurs because those specific protocols were never adapted to the general internet and only serve to hold the standardization process. It might give job security but it just as easily give gray hair, how Skype handles latency on a video stream may not translate to how google meet or twitch handles the same scenario. Gaming with all the variations to lag compensation, etc are a pretty good idea of what such a world could look like just with business critical stuff not your bullets not registering circa BF2048.
Amazingly - "flow control" is found in serial systems like UART where the RTS pin optionally is used to initiate exchange, it seems UDP was founded on the foundational elements of serial data transmission.
Hey David do you have this up as a podcast? I would really enjoy listening to stuff like this while on the road or when doing mundane tasks at work since it is a nice deep dive!
I just heard John Carmack say that most times when developers try to implement UPD, they end up implementing TCP/IP badly. He was on Lex Fridman's podcast.
UDP sounds like Event Dispatchers in Blueprint scripting in Unreal Engine. Fires of a message and anyone waiting for that call will join, basically fire and forget. I'm not sure if I'm correct in that analogy since it was long since I dabbled in that, it's based on C++ so a more technical person that use both might know what I'm talking about.
No mention of the QUIC Latency Spin Bit ? Do we expect it to help us ? And don't we expect tools like Wireshark to get better ? Similar to the TCP statistics.
An other option is widespread use of Encrypted Client Hello, wouldn't that allow us to get the outer keys and see all the flows without having access to the data ?
Something else I'm thinking: if you can just do F12 and get latency information from the browser that would also be very useful. The browser already keep statistics for the Performance and Navigation Timing API. Some graphs people can screenshot or create an export button in JSON or CSV would be very useful.
hi David Bombal i really enjoyed your videos i just want to ask a question i am don`t knowing anything in computer i want to learn cyber security any suggestions cause i feel as if i am in a maze right now
I just took a networking class. I built both a client and servers for utp, tcp, and smtp in Java. How well does these skills translate to the real world ? Tia
Hello David, I have such a problem when I run hahscat on my computer, I get a message that this application cannot be run on your PC. I installed hahscat on linux but it doesn't see my nvidia graphics card, only the CPU. David if you know how to solve these problems please help me. Thanks in advance
If the client doesn't see an answer pretty quickly, meaning question or answer was dropped (or we didn't wait long enough), then it asks again a few times (and waits longer each time.)
David, you said what if you do a Cisco TFTP update and you lose some of the data? ... or if it is corrupted... well XMODEM is your friend. Takes forever, but no better Lazarus chamber than XMODEM.
UDP is apparently unreliable and connectionless; is there something I am missing here or is there some outside of the box design going on around this protocol?
@@davidbombal thanks for such great content and helping us to learn , got great advantage from all your giveaways too sir , thanks a ton ! Love from India ❤️
This stuff is not just interesting for those seeking a carreer in IT. In times of Zoom and VOIP it should be compulsory in every secondary school to make people understand the way the world works..
Sir David is legend here have a alot of information please anyone guide I want to learn about the hacking please guide me how I can start this type of information from where
![I.N "HALLUCINATION" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/n5B5q1Hwt_U/mqdefault.jpg)
Didn't know UDP could be a deep dive but with David Bombal there are no limits!! Thank you for having me David. And I LOVE 52:12 - Go Wireshark Yoda!
Thanks for sharing your knowledge with us Chris!
Thanks for the explanation Chris, i subscribed to you
Looks like UDP is going to be more and more important in the future Internet. With QUIC taking over, you better learn more about UDP. We go deep with Chris Greer and use Wireshark captures to learn about UDP.
// MENU //
00:00 - Coming up
00:40 - Intro
00:45 - What's coming in SharkFest'22 & Defcon 30
01:34 - Udemy courses coming soon
02:00 - UDP & its importance
03:43 - Request For Comments (RFC)
07:06 - Difference between UDP & TCP
07:50 - Wireshark UDP demo
10:16 - How UDP works
14:51 - Wireshark UDP demo (cont'd)
25:11 - QUIC & UDP
28:21 - Wireshark UDP demo (cont'd)
33:02 - The nightmare of companies blocking QUIC
39:10 - Advice for learning UDP, TCP & QUIC
41:15 - Encrypted packets
44:43 - How to decrypt packets
48:18 - Knowledge & skills can save you
49:12 - Last advice
50:03 - Chris Greer RUclips, Twitter and live courses
51:42 - Conclusion
// Wireshark pcap file //
Wireshark UDP PCAP: www.dropbox.com/s/gpwnjnq41hp4v15/UDPDeepDive-Bombal.zip?dl=0
// HTTP3 deep dive //
Robin Marx explains http3: ruclips.net/video/cdb7M37o9sU/видео.html
// Chris Greer Videos //
TCP Deep Dive: ruclips.net/video/rmFX1V49K8U/видео.html
HTTPS Decryption with Wireshark: ruclips.net/video/GMNOT1aZmD8/видео.html
Decrypting TLS, HTTP/2 and QUIC with Wireshark: ruclips.net/video/yodDbgoCnLM/видео.html
//CHRIS GREER //
Udemy course: davidbombal.wiki/chriswireshark
LinkedIn: www.linkedin.com/in/cgreer/
RUclips: ruclips.net/user/ChrisGreer
Twitter: twitter.com/packetpioneer
// David SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
RUclips: ruclips.net/user/davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
I am in love with the content and information this channel provides, been around this channel for sooo long guys we should also make it a hype like Mr Beast!!! Sir David, you deserve millions of subs and respect from all!!!
Thank you so much Ayush! I will probably need to change my content a lot to become big like Mr Beast! 😂
Me Too! Subscriber earned
@@davidbombal I would rather you stick to the formula 😂
Miss your motivational videos.
It were very helpful.
You changed my life and made me who i am today.
Thank you for your informative videos and effort.
Keep growing.
Love from Kerala , India.
You both are awesome! I'm in the middle of my CCNA course and I love these deep dive videos ☺️
it's always a treat to see Chris on these collab videos.
I love this channel
One of the best Duo in terms of networking knowledge. Been a while since you were together! Thank you both for all the amazing job you do for us!
UDP has always been underrated due to the design. Excited to see what the future holds
Agree 💯
Absolute love this video, channel and all the amazing content you freely give out to the community David. Thank you for looking out for us little guys!
Thanks for letting me sit in on this great conversation.
I’ve learnt so much from these videos. U da man. Awesome for refreshing as well.
Great! one of the best tech interviewer with one of the best explainer. You two are the best duo talking "on the same frequency"
Best content on the webz at the moment
Your content continues to amaze me. Hands on wire shark deciphering videos are a god send. I'm just working on a network + at this point but its never too early to learn how to packet sniff.
Great Interview. Thank you both for this content. Would like to see more interviews with Chris for more deep dives on protocols.
I recently stumbled on your channel and watched a few of your interviews like this one.
This is absolutely invaluable content for the masses.
As an IT Dev, we are less than trained in network, even though we interact with it literally at all times. These interviews provides a very different perspective and are absolutely full packed of resources for further reading, which as I said, is invaluable, especially coming in a free form, thanks.
As someone who helps large organizations troubleshoot media quality on almost a daily basis, its almost always large organizations attempting (and failing) to do deep packet inspection on UDP media traffic using something like ALG or FirePower. Putting in a bypass/override for the appropriate source and destination traffic has a measurable and immediate impact. Its so prevalent, I lead with this question. And as Dr. House often says, everyone lies. Show me your ALG/FirePower config, if I don't see the override/bypass I stop all further troubleshooting until its in place.
Do you post engineering? I work in LA as a technician helping in Post houses and other creative media spaces dealing with storage, networking, and software. Haven't come across ALG or FirePower just yet sounds interesting.
Dear David, you are doing excellent/extraordinary job for the awareness among the security community. Thank you! Thank you so much.
I've yet to kick off this video and I already know it's gonna be great. Thanks David, & Chris
Thank you Joe!
Newer audiences member, really like this series.. what would be great is when pointing out issues like “woah! This one took a full second” - sorta just throw out 2-3 potential/common reasons for it.. not so much in detail, just keywords or general concept. This would point us in **a** direction if we come across the problem IRL and we could branch out from there.
You two are GREAT. Thanks for everything you're doing !
I think the title really understated the sheer amount of technical contents this talk contained.
Chris and David back again together 🔥🔥
Hope you enjoy the video Faran!
20:07 I consider myself as a Wireshark power user 😀 But this way of defining filters was new to me. Cheers!
Same here...I like to think I know wireshark inside out, but have never seen that before! Tried it on my on implementation to check it worked...and it did
QUIC is encrypted not because they wanted, but because they needed it to be. Someone created an appliance to mangle the connection flags, counters etc, and if that was allowed to proliferate, making newer versions of QUIC would have been impossible. Look at what happened with MPTCP - they had to do so much to appease middle-boxes (make it look like TCP) that they couldn't achieve all their goals.
I wonder if we'll see Encrypted ClientHello, which sort of does double encryption, could we easily get the outer keys, then we could have a lot better idea of flows, etc. Without getting access to the encrypted data.
I think it should always be emphasized that QUIC is actually a full-fledged, complex layer 4 protocol by concept, it uses UDP only for compatibility with (older) middleboxes.
And that is possible and fine because UDP is basically as bare and simple as a layer 4 protocol could be.
Sweet, great content.
I sincerely appreciate it guys.
Thank you RJ. Glad you enjoy it!
Am enjoying these shows nonstop ❤️
Glad you like them Bsguma!
Would love to see a session with Chris specifically about IPERF. I noticed that he went to the typical webpage when describing IPERF, which is several versions behind the latest which the developers often call out when they get requests for help. Might also be interesting to note that IPERF doesn't seem to have native support in Windows.
Guess who's back! Best duo finally back!
Thank you! Hope you enjoy the video :)
woow when ever chris is around the subject become very intersting normal he is the radiologist of the packets thx Mr Bombal for this inovating subject thx Chris also
This is such a great video.
It would be great to see a deep dive into iperf and diagnosing the performance issues mentioned in this video.
its been 20 years since i had a phone that rang like that and yet i sill had to check my cell.....that has never been out of silent mode since i got it. lol great video. love this deep dive.
It sounds like learning WireShark is a must, so having it run, and reviewing what’s there would be a key skill to have.
David thank You for your effort .
I would not phrase this as a TCP vs UDP debate. As Robin mentioned in that interview the only reason they chose UDP is because it was already established and could get through aggressive firewalls. If QUIC effectively becomes the new transport layer thats fine as its still standardized and predictable (as Chris mentions its very much like TCP just optimized for current world networks not dial up from the 80s).
If everyone tries building their own protocols on UDP you risk ending up with situations like MPEG transport streams where a packet arriving out of order is treated as lost (look up Continuity count error which can occur the 3 instances - incorrect packet order, a packet occurs more than twice or a packet is lost). Simply having a etherchannel in the path of that type of traffic will have the users up in arms because the video streams are unusable. This occurs because those specific protocols were never adapted to the general internet and only serve to hold the standardization process. It might give job security but it just as easily give gray hair, how Skype handles latency on a video stream may not translate to how google meet or twitch handles the same scenario. Gaming with all the variations to lag compensation, etc are a pretty good idea of what such a world could look like just with business critical stuff not your bullets not registering circa BF2048.
Zimbabwe🇿🇼🇿🇼🇿🇼 among the first top 10 to comment
Thank you for your support Kundai! It's really important that a new video gets views when it first is posted. So, thank you for watching so quickly!
Thanks for this great video! I subscribed on Davids channel and started the Wireshark Udemy course of Chris.
Amazing Video, thanks for the Quality Content!
Thank you so much Mr David, this year you're too much.
Bless you David
Great partnership here 👏🏽
Awesome video! By the way, I want one of those Packet Head shirts. It looks cool.
Chris Greer is SUCH A GREAT COMMUNICATOR
Agreed. He's amazing!
Thank you for the demo! Appreciate it :)
Amazingly - "flow control" is found in serial systems like UART where the RTS pin optionally is used to initiate exchange, it seems UDP was founded on the foundational elements of serial data transmission.
Hey!!! Lots of love from Bangladesh🇧🇩🇧🇩❤️❤️❤️
Welcome Bangladesh!
Im in love of this kind of video’s:-) thanks a gain David and you guest -:)
Perfect refresher
Oh hell YESSSSS! I'll be getting my hands on those Udemy courses the day they come out!
Hey David do you have this up as a podcast? I would really enjoy listening to stuff like this while on the road or when doing mundane tasks at work since it is a nice deep dive!
I just heard John Carmack say that most times when developers try to implement UPD, they end up implementing TCP/IP badly. He was on Lex Fridman's podcast.
Really excellent! Very informative! Thanks!
Great content ! Any chance you can do a deepdive on Microsoft Teams traffic analysis specifically?
UDP sounds like Event Dispatchers in Blueprint scripting in Unreal Engine. Fires of a message and anyone waiting for that call will join, basically fire and forget. I'm not sure if I'm correct in that analogy since it was long since I dabbled in that, it's based on C++ so a more technical person that use both might know what I'm talking about.
Not going to lie. When you played the telephone sound the back of my brain wanted to look for an old phone for a millisecond.
Thank you for this video! Very informative!
Yes please more on Udemy with the labs very helpful
No mention of the QUIC Latency Spin Bit ? Do we expect it to help us ?
And don't we expect tools like Wireshark to get better ? Similar to the TCP statistics.
An other option is widespread use of Encrypted Client Hello, wouldn't that allow us to get the outer keys and see all the flows without having access to the data ?
Something else I'm thinking: if you can just do F12 and get latency information from the browser that would also be very useful. The browser already keep statistics for the Performance and Navigation Timing API. Some graphs people can screenshot or create an export button in JSON or CSV would be very useful.
No mention of qlog and qvis ?
I can’t watch the entire video right now, but I think next weekend is going to be the “Bombal Binge”.
hi David Bombal i really enjoyed your videos i just want to ask a question i am don`t knowing anything in computer i want to learn cyber security any suggestions cause i feel as if i am in a maze right now
Always top notch 😎
can we have a troubleshooting video of video of DNS on udp. Thanks
Awesome video!
I just took a networking class. I built both a client and servers for utp, tcp, and smtp in Java. How well does these skills translate to the real world ? Tia
I love these topics David 🤟🤟
I'm the second btw
Thank you Ebrahim! It's really important that a new video gets views when it first is posted. So, thank you for watching so quickly!
if we ever see Mr Bombal not posting every sunday around this time then we should be worried
lol... I am a bit late today.... but managed to get the video posted 😀
Wow, so interesting 😍
David there's a company from South Africa, Cape Town called CapeNetworks have you covered their product ?
Do you have a discussion video concerning RTP, I can get the link here please? TIA...
Very interesting, Thanks!
Thanks David !
Sometime i wonder, what wireshark packet look like of UDP over NAT.
The last time i tried Zoom
a couple years ago
The sound didnt work
It didnt work on Winblows
and didnt work in Linux
Why? I have no idea
Hi sir iam new of learning in python but i am poor so not of money to gadgets buying so simply learning videos posted sir thank you
question for both of u guys is QUIC have to do with web.3 ?
Very informative
is defcon going to hold in the uk or us.?
Hello David, I have such a problem when I run hahscat on my computer, I get a message that this application cannot be run on your PC. I installed hahscat on linux but it doesn't see my nvidia graphics card, only the CPU. David if you know how to solve these problems please help me. Thanks in advance
Good morning
Good midnight
Nice to see people from around the world here 😀
@@davidbombal because your content hits me right at my brainspot😄😄
Second one from India 🇮🇳
Thank you Sreekanth! It's really important that a new video gets views when it first is posted. So, thank you for watching so quickly!
Sir when will you make the video of attacking wifi using nethunter , without root
Im not understanding how DNS takes control of packets that dont get sent properly through UDP...
If the client doesn't see an answer pretty quickly, meaning question or answer was dropped (or we didn't wait long enough), then it asks again a few times (and waits longer each time.)
@@tactileslut hmmm
ok
David, you said what if you do a Cisco TFTP update and you lose some of the data? ... or if it is corrupted... well XMODEM is your friend. Takes forever, but no better Lazarus chamber than XMODEM.
UDP is apparently unreliable and connectionless; is there something I am missing here or is there some outside of the box design going on around this protocol?
Hey David ✨
Hello!
@@davidbombal thanks for such great content and helping us to learn , got great advantage from all your giveaways too sir , thanks a ton ! Love from India ❤️
Yes, you are
INTERESTING!
Thank you is not enough
what the hellllll ...I'm stil trying to understand tcp conections :( quic ???? with udp ???? reliability ????
In the spirit of UDP, you guys should have chopped a couple of sections out of the video 😁
My pc was remotely hacked , how do I a novice attempt to fix it?
This stuff is not just interesting for those seeking a carreer in IT. In times of Zoom and VOIP it should be compulsory in every secondary school to make people understand the way the world works..
Why they use wired earphones. ??
Well, not so much for TCP.
hi dave ,
may be you can teach , how to hack gamble situs like pragmatic or sumn
🙏🏻
David you are doing the latest now
Hope you enjoy the videos Fahad!
@@davidbombal yes
I was going to tell you a joke about UDP, but i was not sure you would get it :)
ty
Sir David is legend here have a alot of information please anyone guide I want to learn about the hacking please guide me how I can start this type of information from where
Waiting for "wifi hacking with Android"