I have always wanted to learn more about Wireshark but felt imitimidated by it but this video does a good job of breaking down some of the confusion around it. Modern computers are so complicated! I would love to see more videos about Wireshark or of this nature.
Would love more videos like this, I was struggling with learning a lot of protocols for my IT program I am in, and this video was explained perfectly, The examples on screen were very easy to follow, and your approach to explaining how exactly things worked was very easy to follow, need a full series like this, from Zero to Hero! Great job honestly.
Yes, great video. I'm in cybersecurity program in college and so far I'm doing the general studies but I can't wait to get into the cybersecurity stuff like this.
Thank you for a straight up start to this tool. Shows the basics of how to get in there and how it's used by focusing on specific things one might be looking for, strings, ports, specific apps or sites. Great place to start. Thank yoU!
Excellent info picked up,through this video. Yea I'd love too see some more videos like this,is good too understand more of what it all means,cheers buddy!
Good tutorial but I think you miss a important point for some people who can not see any readable DNS query. If DNS query is encrypted(maybe by HTTPS), WireShark can not capture those DNS query in readable string.
I’m interested in computer science and how they connect with the world. It’s fascinating but intimidating and overwhelming.. I subscribed hoping you’ll put up more content like this. Break it down for us..
great stuff 👍 many useful cases for this tool last time i used it was to check my dns traffic to make sure it was all configured/encrypted correctly for a deeper dive, chris greer has some good wireshark content on youtube, explains filters well
This video seems like it's missing an important part of the usefulness of wireshark. How do I identify what I don't know what I'm looking for? No shit if I connect to youtube I'll see youtube but what about unrecognized connections from potentially malicious software on my PC
You have to look at this differently it’s made for people who never used it before you can’t start somewhere in the middle or very complicated if you are learning something new
In that scenario you would wanna look for network connections involving unusual ports, so lets say you have a typical Windows home edition PC, but you spot a some random executables (Apps and .exe) successfully connecting via Port 22, Port 3389 BUT you don’t even have Remote Desktop feature because that’s unavailable in Home editions. This is just one example and trust me this can be a rabbit hole of being over suspicions but this is one example of an outbound C&C connection
I don't know if you do this already but maybe create a 'related series' as an aside to the main thrust of the channel. Anyway those are my thoughts and content like this is very useful for 'dipping' the toe in, which may be useful down the track.
Yes, please do more videos to add on this one (advance). Is there anything further to see if the connections are not easily identifiable? Is there a way to pinpoint a remote connection quickly?
Maybe we would go more in depth on this software sometime? What do the colors mean, if anything? How do you really determine what is and isn't a good IP once you see something you don't recognize? How do VPNs interact with and change the packets you see? Stuff like that. I'm just getting into the whole cybersecurity scene. Although I've been careful since the days of Limewire to never click links, ads, and to distrust anything I see in emails, etc, I haven't ever really been big in actually finding out what goes wrong in the system and network. I visit the same sites that I've always gone to. But I find myself wondering if somehow they are getting in anyway even if I've been careful just by little things I notice happening on my PC once in a while such as the CMD window opening for just a moment and disappearing, a game minimizing to desktop with no input, etc. These coupled with data leaks from big tech leaking email, account info, and so on. It's probably totally benign and I'm being paranoid but you never know.
I would like to snoop on WiFi traffic to the various WiFi-enabled devices that are proliferating in my house. This is mostly a curiosity, but I expect there will also be surprises, some perhaps concerning. I've been told that I can use Wireshark to do this, but I need to add a separate dedicated WiFi interface on my PC that supports "promiscuous mode". I found some trailing edge WiFi dongles that are supposed to support promiscuous mode, but I also need a compatible driver. This is where I have hit a dead-end, as I have been warned that the drivers for these trailing edge WiFi interfaces often have embedded malware, and I don't have a sacrificial PC available to dedicate to this effort. Any light you can shed on this in a future video would be of interest to me.
Not going to lie if you start using Wireshark and if you have familiarity with osi model like layer with layer 3 routers packets and layer 2 switches frames then it's not bad at all. To read the traffic and knowing udp tcp protocols you're golden. I think I need help with adjusting ethernet adapter into promiscuous mode and the other mode. And what's the functionality.
@@zapa1pnt Is disabled. By the way, the motherboard does this without a hard drive attached. It turns itself on in a kind of low-power mode and connects to the Internet.
@@zapa1pnt I already do. But how many people don't know? How many people are affected by this? Gigabyte is famous for doing this, google the topic and you will see that Gigabyte has been caught with his pants down more than once doing exactly the same thing.
I don't know why but my instant reaction to something like this is: How can I trust it? As it could quite easily see current webpages you are on or applications you're typing passwords into, and then hide its ip: protocol transaction with a server... but it's probably fine 👀
Hi, once you see the packets that show the sites you may not want, can you block those or will they just keep communicating each time you go to that site ?
Wireshark has to be a " backdoor" to catch " backdoor entries " too. The ethics of the admin of any empowerment matters as much as the expected service😅!
I see my private IP address sending and receiving HTTP requests from public IP addresses. Is this weird? Why isn't it my public IP address that is handling these requests?
can you do us a favor and review costume os like tiny11, Ghost Spectre, windows x lite, from a security prespective many people want to use them. just give us a genral security test of them please. :(
My old Outpost Firewall used to show me similar information, separated by the apps (or component of the O.S.) which was generating the connection... Is there a tool for this or is there an option available on Wireshark for monitoring this? Or is only doable on firewalls?
To achieve what you were doing with Outpost Firewall-monitoring traffic per application or OS component-you can use Wireshark but with some limitations, as it primarily focuses on packet-level analysis rather than app-based monitoring. However, with the right filters, you can approximate similar functionality by analyzing traffic specific to certain processes or connections. Wireshark allows you to apply **display filters** to identify specific network traffic based on protocols, IP addresses, or ports, which indirectly helps monitor app activity. However, it does not directly show traffic sorted by applications unless you pair it with OS tools to map the process to network traffic. For more straightforward app-based monitoring, a dedicated firewall or monitoring tool like **PRTG Network Monitor** or **SolarWinds Deep Packet Inspection** might be more suitable【7†source】【9†source】. If you want a direct replacement for the Outpost Firewall's style of monitoring, consider using **NetFlow** or **Deep Packet Inspection (DPI)** tools, which can classify traffic by app category and offer more detailed insights into app-level connections【9†source】. If you still prefer Wireshark, combining it with system monitoring tools could provide a similar overview, but it will require manual filtering and linking to specific processes.
If you try to download a cracked version of any program it will come up as having a virus because of the software used to crack the program This is piracy and if you want the full version of a paid program then go pay them for it and you don't have false positives for virus alerts. Wireshark is free and used by a lot of people so it is very unlikely to come preloaded with a virus. I've just installed Wireshark and there are NO viruses at all...
![BLACK BAG - Official Trailer [HD] - Only in Theaters March 14](http://i.ytimg.com/vi/Du0Xp8WX_7I/mqdefault.jpg)
Wireshark is one of the most important tool in IT. Mastering this tool is such a great advantage. Thank you!
I have always wanted to learn more about Wireshark but felt imitimidated by it but this video does a good job of breaking down some of the confusion around it. Modern computers are so complicated! I would love to see more videos about Wireshark or of this nature.
Would love more videos like this, I was struggling with learning a lot of protocols for my IT program I am in, and this video was explained perfectly, The examples on screen were very easy to follow, and your approach to explaining how exactly things worked was very easy to follow, need a full series like this, from Zero to Hero! Great job honestly.
Yes, great video. I'm in cybersecurity program in college and so far I'm doing the general studies but I can't wait to get into the cybersecurity stuff like this.
Going back to school for cyber security and studying for sec+ and cysa+ you have been very helpful
really intersting tutorial, would love to see more wireshak tutorials! :D
Been using Wireshark on personal PC for years. While working it was Network Instruments that was pre-2009. Thanks for the videos.
Wireshark is such an important tool. I use it all of the time both at work and at home. Such a great tool. Good video for beginners.
Thank you for a straight up start to this tool. Shows the basics of how to get in there and how it's used by focusing on specific things one might be looking for, strings, ports, specific apps or sites. Great place to start. Thank yoU!
I've always liked using Wireshark to monitor connections from other devices a like IoT devices etc. It's super useful for that.
Good video as always.
Indeed
Can you monitor all traffic on your network from just one computer?
Thanks for the video. Would love to see more Wireshark instructional videos. You do a great job of simplifying complexity.
hey just wanna tell you that you are a great guy these videos are so easy to understand
Very simple and straight forward tutorial.
Just a note at the beginning you can select multiple network adapters by holding CTRL as well.
Good video for absolute beginners
Excellent info picked up,through this video. Yea I'd love too see some more videos like this,is good too understand more of what it all means,cheers buddy!
Loved the video, simple and powerful! Hope more to come on wireshark
Good tutorial but I think you miss a important point for some people who can not see any readable DNS query. If DNS query is encrypted(maybe by HTTPS), WireShark can not capture those DNS query in readable string.
been waiting for a vid like this, ty
1) More content on Wireshark would be great (aka Tutorials).
2) How much does Wireshark cost?
It's free
Open Source and free forever, unlike for example Metasploit, which is partly open and partly with proprietary upgrades.
I’m interested in computer science and how they connect with the world. It’s fascinating but intimidating and overwhelming.. I subscribed hoping you’ll put up more content like this. Break it down for us..
great stuff 👍 many useful cases for this tool
last time i used it was to check my dns traffic to make sure it was all configured/encrypted correctly
for a deeper dive, chris greer has some good wireshark content on youtube, explains filters well
Thank You So Much For The Video Sir Please Make More Videos On How To Use Wireshark 💓✨
I liked the video, it was very interesting thanks Leo😄❣️
An interesting video subject would be on what to do when you find your computer connecting to places you don't want it to.
Well done. Super easy to understand!
Yes please, Leo, more videos like this one. Thanks as always.
enjoyable video ,thank you . one question how do we stop the spyware. a video on how to turn it off, individually would be most welcome . 🙂
Hello Leo, many thanks for a great content as always.
Would you ever consider doing a content on how to use Wireshark for hunting malware?!
I like the way you explain it and it is really helpful!!! thanks
This video seems like it's missing an important part of the usefulness of wireshark. How do I identify what I don't know what I'm looking for? No shit if I connect to youtube I'll see youtube but what about unrecognized connections from potentially malicious software on my PC
You have to look at this differently it’s made for people who never used it before you can’t start somewhere in the middle or very complicated if you are learning something new
Wireshark is an investigative tool, not anti-malware. If you want a quick and easy way to detect malware, this isn't it.
In that scenario you would wanna look for network connections involving unusual ports, so lets say you have a typical Windows home edition PC, but you spot a some random executables (Apps and .exe) successfully connecting via Port 22, Port 3389 BUT you don’t even have Remote Desktop feature because that’s unavailable in Home editions. This is just one example and trust me this can be a rabbit hole of being over suspicions but this is one example of an outbound C&C connection
@@pcsecuritychannel Sounds like an opportuniy for something AI to "sit" on top of wireshark and do this.
@@pcsecuritychanneldo you recommend any tools for this?
DNS can be also encrypted using DNS over TLS or DNS over HTTPS. So than you cannot see any DNS requests which was made. ISP also cannot see it 😊
Thank you for this wonderful tutorial!
would love a more deep dive to understand what other kinds of network requests are being made if a malicious software is installed.
I don't know if you do this already but maybe create a 'related series' as an aside to the main thrust of the channel. Anyway those are my thoughts and content like this is very useful for 'dipping' the toe in, which may be useful down the track.
Thanks, this was really informative!
Now I know you have a website. =) Glad to know.
Yes, please do more videos to add on this one (advance). Is there anything further to see if the connections are not easily identifiable?
Is there a way to pinpoint a remote connection quickly?
links to amazon popped up when I tested wireshark on my own personal computer.
Shoved the link in a url blocker. No more amazon lol X D
I collected all ad urls and added them to my hosts file. Can now browse anyplace without background ad data exchanges without consent.
Totally awesome! Thank you for Sharing! 💯✴
You need to do a video, kaspersky vs malwarebytes premium
Maybe we would go more in depth on this software sometime? What do the colors mean, if anything? How do you really determine what is and isn't a good IP once you see something you don't recognize? How do VPNs interact with and change the packets you see? Stuff like that.
I'm just getting into the whole cybersecurity scene. Although I've been careful since the days of Limewire to never click links, ads, and to distrust anything I see in emails, etc, I haven't ever really been big in actually finding out what goes wrong in the system and network. I visit the same sites that I've always gone to. But I find myself wondering if somehow they are getting in anyway even if I've been careful just by little things I notice happening on my PC once in a while such as the CMD window opening for just a moment and disappearing, a game minimizing to desktop with no input, etc. These coupled with data leaks from big tech leaking email, account info, and so on.
It's probably totally benign and I'm being paranoid but you never know.
This reminds me of back in late 90s early2000s there was a free app (can’t remember name) that backtracked incoming pings.
I want to see the entire on my network not just for my computer!!!
i love your desktop wallpaper. Please share downloadable link to download the same wallpaper.
I am very curious about why there is no option to have a professional packet capturing software like Wireshark for mobile/Android?
I would like to snoop on WiFi traffic to the various WiFi-enabled devices that are proliferating in my house. This is mostly a curiosity, but I expect there will also be surprises, some perhaps concerning. I've been told that I can use Wireshark to do this, but I need to add a separate dedicated WiFi interface on my PC that supports "promiscuous mode". I found some trailing edge WiFi dongles that are supposed to support promiscuous mode, but I also need a compatible driver. This is where I have hit a dead-end, as I have been warned that the drivers for these trailing edge WiFi interfaces often have embedded malware, and I don't have a sacrificial PC available to dedicate to this effort.
Any light you can shed on this in a future video would be of interest to me.
Merci 😊😊😊
Not going to lie if you start using Wireshark and if you have familiarity with osi model like layer with layer 3 routers packets and layer 2 switches frames then it's not bad at all. To read the traffic and knowing udp tcp protocols you're golden. I think I need help with adjusting ethernet adapter into promiscuous mode and the other mode. And what's the functionality.
The most useful video, thnaks
this is a tool that is great for checking if your computer has been RATTED right?
Portmaster and winaero tweaker are my ho to programs for shutting down telemetry.
My Gigabyte GA-990FXA-UD5 R5 motherboard connects to the internet in the middle of the night after I turn it off.
If Windows, go into settings and turn off "wake on LAN".
@@zapa1pnt Is disabled. By the way, the motherboard does this without a hard drive attached. It turns itself on in a kind of low-power mode and connects to the Internet.
@@coisasnatv: Well, if you can't find it in the BIOS, you will need to unplug it, after shutdown. 😁✌🖖
@@zapa1pnt I already do. But how many people don't know? How many people are affected by this? Gigabyte is famous for doing this, google the topic and you will see that Gigabyte has been caught with his pants down more than once doing exactly the same thing.
I don't know why but my instant reaction to something like this is: How can I trust it?
As it could quite easily see current webpages you are on or applications you're typing passwords into, and then hide its ip: protocol transaction with a server... but it's probably fine 👀
This is an awesome video thanks.
What to do to get rid of the 12 or so UAC notification whenever we start Wireshark?
there should be a function in wireshark make a image of all connection, install software, make image again and compare.
Great video!
Hi, once you see the packets that show the sites you may not want, can you block those or will they just keep communicating each time you go to that site ?
That Wallpaper look sick!
Where did you get it? @The Pc Security Channel
Skoda octavia is not that bad if you are still looking into it =)
i took an entire. class in community college on wireshark, and i was afraid of it after this class. but now. not so much
This is so complex, its like a programming language. I initially thought it was just gonna be a program that detects and blocks everything
Lol
Wireshark has to be a " backdoor" to catch " backdoor entries " too. The ethics of the admin of any empowerment matters as much as the expected service😅!
How about an app for a phone and firewall to block outgoing requests?
What about reading the cap file...how can that be done?
Does Wireshark show only the activity on the computer it’s downloaded to, or the LAN the computer is part of?
What browser are you using?
Hello Everyone, From The UK👋
Yes, more vids like this!
is there a browser that does not make any queries to any links until i actually click on it? it simply puts a place holder, the link...
Cool. Thanks!
i dont see that much DNS listings on mine, just a couple from kaspersky, maybe it didn't install right?
I see my private IP address sending and receiving HTTP requests from public IP addresses. Is this weird? Why isn't it my public IP address that is handling these requests?
can you do us a favor and review costume os like tiny11, Ghost Spectre, windows x lite, from a security prespective many people want to use them.
just give us a genral security test of them please. :(
how would one check a hacked PC on this environment?
How did you get it in Dark Look/Mode?
is it normal to have remote desktop to be running in the background?
Very good vid.
My old Outpost Firewall used to show me similar information, separated by the apps (or component of the O.S.) which was generating the connection... Is there a tool for this or is there an option available on Wireshark for monitoring this? Or is only doable on firewalls?
To achieve what you were doing with Outpost Firewall-monitoring traffic per application or OS component-you can use Wireshark but with some limitations, as it primarily focuses on packet-level analysis rather than app-based monitoring. However, with the right filters, you can approximate similar functionality by analyzing traffic specific to certain processes or connections.
Wireshark allows you to apply **display filters** to identify specific network traffic based on protocols, IP addresses, or ports, which indirectly helps monitor app activity. However, it does not directly show traffic sorted by applications unless you pair it with OS tools to map the process to network traffic. For more straightforward app-based monitoring, a dedicated firewall or monitoring tool like **PRTG Network Monitor** or **SolarWinds Deep Packet Inspection** might be more suitable【7†source】【9†source】.
If you want a direct replacement for the Outpost Firewall's style of monitoring, consider using **NetFlow** or **Deep Packet Inspection (DPI)** tools, which can classify traffic by app category and offer more detailed insights into app-level connections【9†source】.
If you still prefer Wireshark, combining it with system monitoring tools could provide a similar overview, but it will require manual filtering and linking to specific processes.
Is Malewarebytes still poot for on the fly? I trust it is still great at scans
hey , I wonder how MacOS handle this? can you do these on MacOS also?
How to know about suspicious connection
Waiting for eset smart security 17.
I have little snitch. Not as deep as this, but it is powerful
Thanks !!!!!!
Good video
you'll understand wireshark much better if you fully understand the lower layers of the OSI model of networking
This is why you need to be careful if you work from home.Only connect your work laptop to guest wifi
Now if we could just firewall all traffic until I actually open google, or open my video game, then I would be happy
Can you test Firewall of Avast Free? Thanks
how to restart everything it does something watching my pc
Better use Portmaster
Shout out to Safing Portmaster it blocks a lot of this spying
always there is a "tool" to...
Cool!
I'm sure my FBI agent has this task well in hand. For my safety, of course.
the biggest question is are wireshark is safe to used it since all virus check website say have something on it?
If you try to download a cracked version of any program it will come up as having a virus because of the software used to crack the program This is piracy and if you want the full version of a paid program then go pay them for it and you don't have false positives for virus alerts. Wireshark is free and used by a lot of people so it is very unlikely to come preloaded with a virus. I've just installed Wireshark and there are NO viruses at all...
thanks