Wireshark Tutorial for Beginners | Network Scanning Made Easy
HTML-код
- Опубликовано: 14 май 2024
- Learn how to use Wireshark to easily capture packets and analyze network traffic. View packets being sent to and from your network connected devices, scan for malicious network activity and learn how to navigate through all of the sniffed packets. It’s time to finally see who’s accessing your network!
📋 Table of Contents
Intro: 00:00
Installing: 00:24
Capture devices: 00:35
Capturing packets: 01:06
What is a packet?: 01:44
The big picture (conversations): 02:34
What to look for?: 04:26
Right-click filtering: 05:27
Capturing insecure data (HTTP): 07:25
Filtering HTTP: 08:43
Viewing packet contents: 09:18
Viewing entire streams: 10:05
Viewing insecure data: 10:21
Filtering HTTPS (secure) traffic: 11:45
Buttons: 12:44
Coloring rules: 13:32
Packet diagrams: 15:03
Delta time: 15:48
Filter: Hide protocols: 16:42
Filter: Show SYN flags: 17:19
Filter: Show flagged packets: 17:53
Filter: Connection releases: 18:33
Examples & exercises: 19:10
🔗 Links Mentioned:
Text version of this video:
ansonalex.com/tutorials/wires...
Practice PCAPs:
malware-traffic-analysis.net
💻 More Tips and Tutorials
AnsonAlex.com
📚 LinkedIn Learning Courses
/ anson-alexander
🔎 Request a Tutorial
forms.gle/sciVnK4tHno7sCcGA
☎️ Get in Contact with Me
/ ansonalexander
/ ansonalex
🎥 Behind the Scenes
/ ansonalex.c0m
![Gunna - whatsapp (wassam) [Official Video]](http://i.ytimg.com/vi/bY1kLt4iz94/mqdefault.jpg)
CORRECTION: At 11:45 HTTPS traffic goes on port 443, not 80. The correct filter is: "tcp.port==443". Port 80 is usually HTTP traffic. Sorry, had a lot going on in this one!
You were looking at compressed (gzip) data. That's why it looks like encrypted data.
@@BettyDuBois This clarified my confusion. I was wondering why the HTTP packets were encrypted. I was starting to doubt my knowledge of computer networking, haha
Yea I was waiting to hear 443 . But thanks .
I am impressed by the easy way this boy giving the information you really make me eager to learn how this Wireshark works.
Thanks! Hope you enjoy WS!
Amazing video. Very clear and to the point! Subscribed!
Anson, outstanding fast simple straight forward. Thanks
Where was this when I was in university, that actually sums up more than I learned on how to use wireshark in my first semester.
Seriously the most useful video on this thanks
Very helpful and great video! I would also like to watch more videos about wireshark, to learn more. Excellent work!
Thanks much for clear teaching and nice graphics. Just studying my ham radio UDP multicasting network with WSJT-X, JTAlert, Log4OM, and Grid Tracker. This is getting deep!
Thanks for this tutorial. I'm new to using Wireshark
So helpful for a newbie like myself. Totally able to comprehend your whole video. Thank you.
Excellent presentation
Nice someone that actually makes it work in the real world for IOT and such, not just big url talk. Thanks
very good video .Thank You.
Thank You, awesome Wireshark details.
Best video I’ve seen explaining WireShark.
This video is totally useless. He explains very well but he is not talking about anything.
He lists all functions but he doesn’t teach what to do with them, It’s like I tell you how many options you can find into a Ferrari but at the end of the video you still don’t know how to drive a Ferrari 🤷🏼♂️
Did you really start to analyze your network after watching this video? I guess not, because this is not a tutorial, this is an introduction of the introduction of Wireshark.
Thank you
Excellent, Anson. Deserves both thumbs up and "Subscribed." joe.
Excellent tutorial. Thank you.
I have been watching videos on the topic of Wireshark. Your video blew all of those videos out of the water! Your step-by-step examples and tips were so helpful! I also really like how your video was straight to the point! THANK YOU!!
Nice
Thanks for the great explanation.
really helpful , very consise and amazing pacing, thank you :)
Great update video.
Thanks! It was long overdue...
You've got an absolutely amazing ability to explain things quickly and clearly. I tend to get bored and distracted when I visit RUclipsr videos explaining topics like these so I quickly jump to something else. People can talk so slow and repeat themselves so many times, I get antsy to hear what's next. I'm learning a lot from your video. I just downloaded Wireshark yesterday. I graduated over 30 years ago with a BSEE and haven't written ANY code for well over 20 years. I've been able to pick up enough to start troubleshooting the massive data consumption issue I'm having on my plan. Consumption has more than doubled in one month with only 2 of us in our home. I can now identify which device is consuming the largest amount of data at any given time. WOO HOO!! Still waiting for Comcast to call me after multiple calls and Agent Chats. I hope to figure out my issue myself with help from providers like you! THANK YOU!!
This video is totally useless. He explains very well but he is not talking about anything.
He enumerates a lot of functions but he doesn’t teach what to do with them, It’s like I tell you how many options you can find into a Mercedes but at the end of the video you still don’t know how to drive a Mercedes 🤷🏼♂️
Awsome😊😊
Do mor of Wireshark presentation you best teacher as I have seen it!
Thank you for the Knowledge!! Great videos
You're welcome, glad to help!
I love this video and the resources you've provided. I have been studying and getting into cybersecurity and am grateful for your informational video. Subscribed!
That's awesome to hear, I'm glad to be able to help. Good luck with the degree and thanks for the sub!
Very Well Explained and Easy to understand
Thanks, I'm glad you found it helpful!
thanks for well explaining
You are very helpful thank you
Thank you brother, you seem like a good man.
Haha, thanks... and you're welcome!
Thanks!
You're welcome!
Thanks bruh!
Nice vid.
@AnsonAlexander I appreciate this. I was going to do this but I love your delivery and your examples appreciate your detail.
Im In information tech doing my Bach, Wireshark is something i learning right now.
Thank you!!!
Thank you sir!
You are welcome!
EASY TUTORIAL TO FOLLOW.
Step by step clear explanation
NOT CLICK BAIT!
Thanks
Subbed.
gudluck for yours new project
This is a great video
Thanks - sorry again about the port mix up.
excellent intro
Thanks for sharing.
Quick question, can you use Wireshark to only monitor activities on your personal computer or laptop?
Hello, can you show or tell me how and where to install the master key on mac, where the protocols are stored, it's clear on windows, but for mac I can't find the answer, please help
superb
Thanks 🤗
hey, what to do after you want to finish monitoring the network? after checking the network with wireshark, many sites refuse to give me access to browse, which didn't happen before
Very nice vid. Is it normal that one pc just connected to one interetsource, is sending and recieving 1000 packets in 2 minuts? I have no knowledge and are just trying tro troubleshot a bad game serverconnection, despite having fibernet - but I will hardly have time to gaming, if I have to learn to do all that...
Hi anson great video.on malware analysis there arent anymore the answers.
Hi Anson, I'm routing UDP telemetry data from a drone to my external IP, then using router port forwarding to route to my PC, which I've assigned a fixed IP. It's not working, I downloaded Wireshark yesterday and tried to debug. I see a bunch of UDP transmissions, but my phone is connected so it might be just my phone. I was overwhelmed by all the data in Wireshark. Still trying to figure out where the problem is.
Hey Alex, would you consider doing some contents on how to detect malware or spywares utilizing Wireshark?!
It's definitely on my radar. It's just that setting up the environment is tough. I think I would use the PCAPS from Malwarebytes. Thanks for the suggestion, I will take it into account for sure!
how to find timestamp in wireshark packets?
Captured an IP private IP that wasn't listed in clients for my router utilizing my wifi and i was trying to figure out why this IP was receiving massive amounts of packets. I then tried blocking all tcp and udp packets and for some reason one of the computers in my house that had a different private ip no longer had internet connection. Why would a device have two private IPs?
how would you tract a browser hijacker?
Extremely helpful video but side note he looks alot like nadeshot!
how do you load websites
Port 80 is unencrypted traffic via http and 443 is encrypted traffic via https, I think you mistakenly said port 80 for secure traffic.
Yup I found this out while looking through the video as well.
The statement "generally to see secure traffic you need to look on port 80" is incorrect under conventional networking standards. Here's a clarification:
- **Port 80** is traditionally used for **HTTP** traffic, which is **not secure**. HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the World Wide Web, and when it's used without SSL/TLS, the data is sent in plaintext. This can be easily intercepted and read by third parties.
- **Port 443** is used for **HTTPS** traffic, which is **secure**. HTTPS (HTTP Secure) encrypts the data sent and received with SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols, providing confidentiality, integrity, and authentication. This is why when you access a website with HTTPS, your browser shows a lock icon, indicating that the connection is secure.
To see secure traffic using a network protocol analyzer like Wireshark, you would typically filter for traffic on port 443, not port 80. Filtering traffic on port 443 allows you to see encrypted HTTPS communication. However, without the appropriate decryption keys, you would not be able to see the plaintext of the encrypted traffic; you would only see that the data is being encrypted and transferred securely.
There might be some confusion or a misunderstanding in the way the statement was made. If the intent was to demonstrate or inspect HTTPS traffic specifically, then the correct port to focus on would be 443, not 80. It's possible that the context in which this statement was made was misunderstood, or there was a communication error in the tutorial. Always remember, for secure web traffic, look towards port 443 for HTTPS.
Good explanation about wireshark but is wireshark safe to use?
Thanks and good question. Wireshark doesn't introduce any security concerns that aren't already there. An insecure network is an insecure network regardless of whether or not you're using Wireshark. If anything, you could use it to do a manual security scan on an insecure network. If you bring in network security guys to do almost anything, Wireshark is one of the first software applications they're going to open up.
"Wire-shark is one of the most powerful tools for both Mac and Windows"
Linux and BSDs: Am I a joke to you?
Jokes aside, it's a good video tho
I'm a complete noob at this. Just installed it and have no idea what to do..hopefully your video helps
It definitely should - one of my main goals was showing people what to look for. Good luck!
Do I understand correctly that Wireshark doesn't have the capability to inspect COM ports, for example on a Win10 machine ?
Can't you just use PuTTY for that?
But I thought port 80 was http, in the clear. And https is port 443. Am I tripping?
Not tripping, was my bad, check the pinned comment. Well done being on it!
@@AnsonAlexander thanks. I'm still trying to figure out what path to take in IT. I wanna do something that won't bore me to death and pays well
Port 80 for encrypted traffic?
See pinned comment.
Not even mentioning Linux exists?
Apologies... I usually don't forget Linux... I guess I should setup a Linux system myself as an easy reminder...
@@AnsonAlexanderdaily drive linux
Mac users are all equal.
Even if you say Linux in there presence they collapse and start whipping themselves to repent their sins.
How to protect the network away from people using supper tools like Kaili and White-shark around you?
Whitelisting IP addresses and within your browser is probably the easiest way but if someone is intent and knows what they're doing then they can spoof it and potentially still gain access. If you want to get more complicated there are plenty of programs available for IP traffic monitoring where you can set alerts, rules, and notification preferences.
Oh man. You're probably not going to see any encrypted traffic on port 80, since it's just plain HTTP. Port 443 is encrypted HTTP (SSL).
Yeah... (check pinned comment)
...and Linux!
No Linux huh
Well, I guess I just don't get Wireshark, then. If the purpose is to monitor traffic on your network but you can't even see what other computers/devices that are connected to ethernet are doing, then you're missing out on a big portion of network traffic. Enabling promiscuous mode does nothing, I still get no option to even see anything happening on any ethernet. And like, at a big corporation with floors of cubicles, are not all those computers connected via ethernet? So what does wireshark even do? Checks up on what site you're using via wifi on your phone? From the looks of it, youhave to go to every individual computer and put wireshark on it to be able to see the traffic to and from that specific device, but what's the point, I can see what websites I'm visiting on my own computer.....
Actually no. The first thing I show is how to see the conversations between devices on your network. You need to know which IP address is which device (standard network administration) but you can see all traffic with Wireshark. Maybe try looking again at the beginning where I talk about conversations.
I get no option to see Ethernet connections, though. I see a bunch of Local Area Connection* 1, 2, 3, or other numbers. The more I look into it, it seems that the inability to see Ethernet connections is commonly messed up on Windows, I guess? I've tried a couple of the "fixes" (npcap incorrectly installed, something about a watchdog I can't seem to find, among other things) but all I'm seeing is Wifi activity. LOL I guess I'll just try to do it on Linux but imma be real mad if I try to figure all that out and it still wont work! @@AnsonAlexander
You can only see the data that is passing through your NIC, so if you are connected to a switch you will not see data between two other computers.
Wireshark is a packet capture tool. It captures whatever packets the selected network adapter receives. By design, modern computer networks only "see" traffic that is destined for them. You can try putting your computer's network adapter in promiscuous mode to capture packets that are not intended for it.
In business networks, if you wanted to capture you would setup something called SPAN -Switch Port Analyzer. It basically allows you to mirror the traffic from 1 interface to another interface. You then plug in a computer running Wireshark (or similar) or a specialized device that captures packets.
Wireshark isn't specifically aimed at telling you what websites you visit. As I said, it captures network packets. Those don't necessarily just mean web traffic. It can be network services like DHCP, DNS, ssh, etc. There are a myriad of use cases for. The thing is that it is a tool. And to effectively use it, you have to have a good understanding of computer networking. Otherwise you just see a bunch of data that may not be meaningful to you.
You're talking about traversing subnets switches and routers... And no by default it's not going to just magically grant you access to the entire network 😂 I wish... You have to know how subnets are created then you might get an idea of what subnets exist on a given segment and then start to understand how to gain access across network segments. Which is usually through the compromise of the access point hub or the router. All this program will do is record whatever network traffic you are currently connected to through your selected adapter. Which is very powerful if you know what you are getting.
Whyn't Linux !
That's where I normally use it, though I'll also run it on Windows, if I must.
Bro, slow down when talking. Jesus Christ, you talk faster than I do. Had to replay the video a ton of times.
You know you can play RUclips videos at .75, .5 and .25 speed right? It's hard to go at a pace that pleases everyone but these RUclips features help users pace the videos themselves. Good luck with Wireshark.
Hello.
Seeing as you are using a Mac, do you think you could tell the Meer mortals of planet earth how you got a http site up? I can see there are many people complaining about apple’s default to https.
Excellent presentation
Thanks!