You've got an absolutely amazing ability to explain things quickly and clearly. I tend to get bored and distracted when I visit RUclipsr videos explaining topics like these so I quickly jump to something else. People can talk so slow and repeat themselves so many times, I get antsy to hear what's next. I'm learning a lot from your video. I just downloaded Wireshark yesterday. I graduated over 30 years ago with a BSEE and haven't written ANY code for well over 20 years. I've been able to pick up enough to start troubleshooting the massive data consumption issue I'm having on my plan. Consumption has more than doubled in one month with only 2 of us in our home. I can now identify which device is consuming the largest amount of data at any given time. WOO HOO!! Still waiting for Comcast to call me after multiple calls and Agent Chats. I hope to figure out my issue myself with help from providers like you! THANK YOU!!
Studying at university and this video is a job well done! Lot of time saved. A very good starting point. Also appreciate the part where you go a little further like the security key to decrypt what's in encrypted protocols. I'll for sure check your other videos. Continue your great work.
CORRECTION: At 11:45 HTTPS traffic goes on port 443, not 80. The correct filter is: "tcp.port==443". Port 80 is usually HTTP traffic. Sorry, had a lot going on in this one!
@@BettyDuBois This clarified my confusion. I was wondering why the HTTP packets were encrypted. I was starting to doubt my knowledge of computer networking, haha
I have been watching videos on the topic of Wireshark. Your video blew all of those videos out of the water! Your step-by-step examples and tips were so helpful! I also really like how your video was straight to the point! THANK YOU!!
Thanks much for clear teaching and nice graphics. Just studying my ham radio UDP multicasting network with WSJT-X, JTAlert, Log4OM, and Grid Tracker. This is getting deep!
Thank you so much for this video. I'm trying to switch careers and have decided to focus on Cybersecurity. Currently taking the Google Cybersecurity Cert course. Hopefully everything goes well.
Thank you for this tutorial. I am starting my new career in Cybersecurity and really appreciate the Malware-Traffic-Analysis suggestion. The class I'm taking just started discussing tools and I find Wireshark a bit overwhelming and intimidating, hence my search to your video. I believe this will assist greatly in gaining a greater understanding and competency with Wireshark! Subscribed!! :)
Subscribed half way through your video. I love the pacing you have in your content as well as the use and instructions. I encourage you to please continue posting things as I will certainly watch every one of them and apply them to my career.
I love this video and the resources you've provided. I have been studying and getting into cybersecurity and am grateful for your informational video. Subscribed!
Excellent video. Content is great, your explanations are crystal clear, and made even clearer by the excellent production values (use of zoom, annotation, etc., making everything VISIBLE, easy to see and read). Great info! Thanks, brother!
It's definitely on my radar. It's just that setting up the environment is tough. I think I would use the PCAPS from Malwarebytes. Thanks for the suggestion, I will take it into account for sure!
Hi Anson, I'm routing UDP telemetry data from a drone to my external IP, then using router port forwarding to route to my PC, which I've assigned a fixed IP. It's not working, I downloaded Wireshark yesterday and tried to debug. I see a bunch of UDP transmissions, but my phone is connected so it might be just my phone. I was overwhelmed by all the data in Wireshark. Still trying to figure out where the problem is.
Yup I found this out while looking through the video as well. The statement "generally to see secure traffic you need to look on port 80" is incorrect under conventional networking standards. Here's a clarification: - **Port 80** is traditionally used for **HTTP** traffic, which is **not secure**. HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the World Wide Web, and when it's used without SSL/TLS, the data is sent in plaintext. This can be easily intercepted and read by third parties. - **Port 443** is used for **HTTPS** traffic, which is **secure**. HTTPS (HTTP Secure) encrypts the data sent and received with SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols, providing confidentiality, integrity, and authentication. This is why when you access a website with HTTPS, your browser shows a lock icon, indicating that the connection is secure. To see secure traffic using a network protocol analyzer like Wireshark, you would typically filter for traffic on port 443, not port 80. Filtering traffic on port 443 allows you to see encrypted HTTPS communication. However, without the appropriate decryption keys, you would not be able to see the plaintext of the encrypted traffic; you would only see that the data is being encrypted and transferred securely. There might be some confusion or a misunderstanding in the way the statement was made. If the intent was to demonstrate or inspect HTTPS traffic specifically, then the correct port to focus on would be 443, not 80. It's possible that the context in which this statement was made was misunderstood, or there was a communication error in the tutorial. Always remember, for secure web traffic, look towards port 443 for HTTPS.
Thanks and good question. Wireshark doesn't introduce any security concerns that aren't already there. An insecure network is an insecure network regardless of whether or not you're using Wireshark. If anything, you could use it to do a manual security scan on an insecure network. If you bring in network security guys to do almost anything, Wireshark is one of the first software applications they're going to open up.
hey, what to do after you want to finish monitoring the network? after checking the network with wireshark, many sites refuse to give me access to browse, which didn't happen before
Sir on switch ...switch does not allow to capture other devices one to one conversations ,it only allows traffic between your pc and pc devjces broadcast mcast ARP stp traffic only ...not other pc to pc communications
You can get an inexpensive "managed" switch (eg: TP-Link TL-105E) which can be configured for various special functions. One function is "Port Mirroring", which configures a port to duplicate the traffic on another port. So you can interpose this switch in a leg of the existing network, and you can attach your PC/Mac to the mirror port. You can then use WireShark to "snoop" on the ongoing traffic on the original network.
Hello, can you show or tell me how and where to install the master key on mac, where the protocols are stored, it's clear on windows, but for mac I can't find the answer, please help
Captured an IP private IP that wasn't listed in clients for my router utilizing my wifi and i was trying to figure out why this IP was receiving massive amounts of packets. I then tried blocking all tcp and udp packets and for some reason one of the computers in my house that had a different private ip no longer had internet connection. Why would a device have two private IPs?
I'm having a very hard time finding HTTP protocols, and when I expand on the HTTP stream, the website where I am at does not show up. I have turned on all the dissectors and nothing, it usually takes a long while for me to get a HTTP protocol packet, but it does not show the actual website I am visiting.
Most modern webpages use HTTPS rather than HTTP. HTTPS is an encrypted version of HTTP which offers more security and privacy compared to HTTP which is just plaintext. That's why you're not seeing much HTTP traffic.
I have a Programmable Logic Control that sends out packets but wireshark cant see the data as it sends to the pc. Filtering use TCP.port == 1234 no data on this port coming for the PLC. have if i use labview and build out a TCP send protocol it see it and the data I am sending out. I can filter IP or Port works fine?
Whitelisting IP addresses and within your browser is probably the easiest way but if someone is intent and knows what they're doing then they can spoof it and potentially still gain access. If you want to get more complicated there are plenty of programs available for IP traffic monitoring where you can set alerts, rules, and notification preferences.
I downloaded Wireshark selected my Ethernet connection and then typed http into the search bar and it doesn't filter out http protocol it just caries on dumping everything. Anyone any suggestions as to what is wrong ?
![Intercept Images from a Security Camera Using Wireshark [Tutorial]](http://i.ytimg.com/vi/va1wUSPGgSU/mqdefault.jpg)
You've got an absolutely amazing ability to explain things quickly and clearly. I tend to get bored and distracted when I visit RUclipsr videos explaining topics like these so I quickly jump to something else. People can talk so slow and repeat themselves so many times, I get antsy to hear what's next. I'm learning a lot from your video. I just downloaded Wireshark yesterday. I graduated over 30 years ago with a BSEE and haven't written ANY code for well over 20 years. I've been able to pick up enough to start troubleshooting the massive data consumption issue I'm having on my plan. Consumption has more than doubled in one month with only 2 of us in our home. I can now identify which device is consuming the largest amount of data at any given time. WOO HOO!! Still waiting for Comcast to call me after multiple calls and Agent Chats. I hope to figure out my issue myself with help from providers like you! THANK YOU!!
@@yeayea8334 it's meant for beginners
Studying at university and this video is a job well done!
Lot of time saved.
A very good starting point.
Also appreciate the part where you go a little further like the security key to decrypt what's in encrypted protocols.
I'll for sure check your other videos.
Continue your great work.
CORRECTION: At 11:45 HTTPS traffic goes on port 443, not 80. The correct filter is: "tcp.port==443". Port 80 is usually HTTP traffic. Sorry, had a lot going on in this one!
You were looking at compressed (gzip) data. That's why it looks like encrypted data.
@@BettyDuBois This clarified my confusion. I was wondering why the HTTP packets were encrypted. I was starting to doubt my knowledge of computer networking, haha
Yea I was waiting to hear 443 . But thanks .
😅
It is always possible to not know or forget something. Don't worry, you're doing a good job!
Where was this when I was in university, that actually sums up more than I learned on how to use wireshark in my first semester.
Nice someone that actually makes it work in the real world for IOT and such, not just big url talk. Thanks
Thanks for this tutorial. I'm new to using Wireshark
Anson, outstanding fast simple straight forward. Thanks
Seriously the most useful video on this thanks
I have been watching videos on the topic of Wireshark. Your video blew all of those videos out of the water! Your step-by-step examples and tips were so helpful! I also really like how your video was straight to the point! THANK YOU!!
Nice
Thanks much for clear teaching and nice graphics. Just studying my ham radio UDP multicasting network with WSJT-X, JTAlert, Log4OM, and Grid Tracker. This is getting deep!
Very helpful and great video! I would also like to watch more videos about wireshark, to learn more. Excellent work!
Amazing video. Very clear and to the point! Subscribed!
One single video explained all my questions about Wireshark. Thanks.
Thank you so much for this video. I'm trying to switch careers and have decided to focus on Cybersecurity. Currently taking the Google Cybersecurity Cert course. Hopefully everything goes well.
I am impressed by the easy way this boy giving the information you really make me eager to learn how this Wireshark works.
Thanks! Hope you enjoy WS!
Thank you for this tutorial. I am starting my new career in Cybersecurity and really appreciate the Malware-Traffic-Analysis suggestion. The class I'm taking just started discussing tools and I find Wireshark a bit overwhelming and intimidating, hence my search to your video. I believe this will assist greatly in gaining a greater understanding and competency with Wireshark! Subscribed!! :)
Subscribed half way through your video. I love the pacing you have in your content as well as the use and instructions. I encourage you to please continue posting things as I will certainly watch every one of them and apply them to my career.
Excellent presentation
Outstanding overview.
Fed with a fire hose, but valuable.
Kudos for an excellent presentation.
you killed this and saved me so many headaches. thank you
Do mor of Wireshark presentation you best teacher as I have seen it!
So helpful for a newbie like myself. Totally able to comprehend your whole video. Thank you.
@AnsonAlexander I appreciate this. I was going to do this but I love your delivery and your examples appreciate your detail.
I love this video and the resources you've provided. I have been studying and getting into cybersecurity and am grateful for your informational video. Subscribed!
That's awesome to hear, I'm glad to be able to help. Good luck with the degree and thanks for the sub!
great video, really helped me grasp the basics of wireshark
wow, u made me understand what i was struggling with thanks alot
You're welcome. I really tried to make this video in a way that would change peoples' understanding of Wireshark.
Excellent presentation
Thanks!
Great update video.
Thanks! It was long overdue...
Im In information tech doing my Bach, Wireshark is something i learning right now.
Very Well Explained and Easy to understand
Thanks, I'm glad you found it helpful!
very good video .Thank You.
Thank you
Loved your educational content and quality 😊.
To enable Packet Diagrams on Windows Wireshark version, go to Edit > Preferences > Appearance > Layout, and under Pane 3, choose Packet Diagram
Thanks for the tip!
This is fricken good bud! I just found your you tube page. I need wireshark for CCTV testing and troubleshooting.
Thank you brother, you seem like a good man.
Haha, thanks... and you're welcome!
Excellent video. Content is great, your explanations are crystal clear, and made even clearer by the excellent production values (use of zoom, annotation, etc., making everything VISIBLE, easy to see and read).
Great info! Thanks, brother!
What a great video and explanation man! Good job!
Thank you for the Knowledge!! Great videos
You're welcome, glad to help!
Thanks!
You're welcome!
Excellent, Anson. Deserves both thumbs up and "Subscribed." joe.
Excellent tutorial. Thank you.
Awsome😊😊
Excellent video. Thank you, brother.
nice job my friend, greats from Morocco
EASY TUTORIAL TO FOLLOW.
Step by step clear explanation
NOT CLICK BAIT!
Thanks
Subbed.
from what Im seeing on the internet port 80 is used for regular http communication but port 443 is used for secure https communication
Yeah… check comments
Outstanding and thanks for sharing the knowledge!!
best one very concise and save alot of time
Great Video👍
Thank You, awesome Wireshark details.
really helpful , very consise and amazing pacing, thank you :)
Hey Alex, would you consider doing some contents on how to detect malware or spywares utilizing Wireshark?!
It's definitely on my radar. It's just that setting up the environment is tough. I think I would use the PCAPS from Malwarebytes. Thanks for the suggestion, I will take it into account for sure!
Thanks for the great explanation.
more of this please
Extremely helpful thanks
thanks for well explaining
gudluck for yours new project
This is a great video
Thanks - sorry again about the port mix up.
Really useful. Thanks!
Thank you sir!
You are welcome!
I'm a complete noob at this. Just installed it and have no idea what to do..hopefully your video helps
It definitely should - one of my main goals was showing people what to look for. Good luck!
Hi Anson, I'm routing UDP telemetry data from a drone to my external IP, then using router port forwarding to route to my PC, which I've assigned a fixed IP. It's not working, I downloaded Wireshark yesterday and tried to debug. I see a bunch of UDP transmissions, but my phone is connected so it might be just my phone. I was overwhelmed by all the data in Wireshark. Still trying to figure out where the problem is.
Díky!
You’re welcome and thank you!!
Thanks !!!
Welcome!
You are very helpful thank you
thanks man
Welcome!
Thanks for sharing.
Quick question, can you use Wireshark to only monitor activities on your personal computer or laptop?
Port 80 is unencrypted traffic via http and 443 is encrypted traffic via https, I think you mistakenly said port 80 for secure traffic.
Yup I found this out while looking through the video as well.
The statement "generally to see secure traffic you need to look on port 80" is incorrect under conventional networking standards. Here's a clarification:
- **Port 80** is traditionally used for **HTTP** traffic, which is **not secure**. HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the World Wide Web, and when it's used without SSL/TLS, the data is sent in plaintext. This can be easily intercepted and read by third parties.
- **Port 443** is used for **HTTPS** traffic, which is **secure**. HTTPS (HTTP Secure) encrypts the data sent and received with SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols, providing confidentiality, integrity, and authentication. This is why when you access a website with HTTPS, your browser shows a lock icon, indicating that the connection is secure.
To see secure traffic using a network protocol analyzer like Wireshark, you would typically filter for traffic on port 443, not port 80. Filtering traffic on port 443 allows you to see encrypted HTTPS communication. However, without the appropriate decryption keys, you would not be able to see the plaintext of the encrypted traffic; you would only see that the data is being encrypted and transferred securely.
There might be some confusion or a misunderstanding in the way the statement was made. If the intent was to demonstrate or inspect HTTPS traffic specifically, then the correct port to focus on would be 443, not 80. It's possible that the context in which this statement was made was misunderstood, or there was a communication error in the tutorial. Always remember, for secure web traffic, look towards port 443 for HTTPS.
Thanks bruh!
Nice vid.
superb
Thanks 🤗
Good explanation about wireshark but is wireshark safe to use?
Thanks and good question. Wireshark doesn't introduce any security concerns that aren't already there. An insecure network is an insecure network regardless of whether or not you're using Wireshark. If anything, you could use it to do a manual security scan on an insecure network. If you bring in network security guys to do almost anything, Wireshark is one of the first software applications they're going to open up.
excellent intro
Very simplified and detailed.. Do you have tutorials on using splunk
Thank you!!!
Can you use Wireshark to see which cables inside a keystone are potentially faulty?
Do you have more videos on Wireshark?
hey, what to do after you want to finish monitoring the network? after checking the network with wireshark, many sites refuse to give me access to browse, which didn't happen before
Hi anson great video.on malware analysis there arent anymore the answers.
Sir on switch ...switch does not allow to capture other devices one to one conversations ,it only allows traffic between your pc and pc devjces broadcast mcast ARP stp traffic only ...not other pc to pc communications
You can get an inexpensive "managed" switch (eg: TP-Link TL-105E) which can be configured for various special functions. One function is "Port Mirroring", which configures a port to duplicate the traffic on another port. So you can interpose this switch in a leg of the existing network, and you can attach your PC/Mac to the mirror port. You can then use WireShark to "snoop" on the ongoing traffic on the original network.
Oh man. You're probably not going to see any encrypted traffic on port 80, since it's just plain HTTP. Port 443 is encrypted HTTP (SSL).
Yeah... (check pinned comment)
Hello, can you show or tell me how and where to install the master key on mac, where the protocols are stored, it's clear on windows, but for mac I can't find the answer, please help
is it possible to capture the request made by Internet Download Manager with wireshark? i cant find out how
Captured an IP private IP that wasn't listed in clients for my router utilizing my wifi and i was trying to figure out why this IP was receiving massive amounts of packets. I then tried blocking all tcp and udp packets and for some reason one of the computers in my house that had a different private ip no longer had internet connection. Why would a device have two private IPs?
Extremely helpful video but side note he looks alot like nadeshot!
I'm having a very hard time finding HTTP protocols, and when I expand on the HTTP stream, the website where I am at does not show up. I have turned on all the dissectors and nothing, it usually takes a long while for me to get a HTTP protocol packet, but it does not show the actual website I am visiting.
Most modern webpages use HTTPS rather than HTTP. HTTPS is an encrypted version of HTTP which offers more security and privacy compared to HTTP which is just plaintext. That's why you're not seeing much HTTP traffic.
I have a Programmable Logic Control that sends out packets but wireshark cant see the data as it sends to the pc. Filtering use TCP.port == 1234 no data on this port coming for the PLC. have if i use labview and build out a TCP send protocol it see it and the data I am sending out. I can filter IP or Port works fine?
so can't you do this stuff 12:20 just by right clicking a inspecting
How did you add the website?
Do I understand correctly that Wireshark doesn't have the capability to inspect COM ports, for example on a Win10 machine ?
Can't you just use PuTTY for that?
how to find timestamp in wireshark packets?
"Wire-shark is one of the most powerful tools for both Mac and Windows"
Linux and BSDs: Am I a joke to you?
Jokes aside, it's a good video tho
how would you tract a browser hijacker?
grt
How to protect the network away from people using supper tools like Kaili and White-shark around you?
Whitelisting IP addresses and within your browser is probably the easiest way but if someone is intent and knows what they're doing then they can spoof it and potentially still gain access. If you want to get more complicated there are plenty of programs available for IP traffic monitoring where you can set alerts, rules, and notification preferences.
Port 80 for encrypted traffic?
See pinned comment.
how do you load websites
I downloaded Wireshark selected my Ethernet connection and then typed http into the search bar and it doesn't filter out http protocol it just caries on dumping everything.
Anyone any suggestions as to what is wrong ?
Did you press enter after typing http ?
@@JJFlores197 It has now cleared itself. I gave up for the day and next day when I started the PC Wireshark ran OK !
Speed at 0.95
Smart…
Except isn't port 80 unencrypted and 443 encrypted TLS 🤔🤷🏼♂️
What Am I missing anyone?
Thanks