Thank you! Well, I would say it is more of a journey than a destination, but the start of the journey is learning networking. I think by learning Wireshark for instance, more than anything we are learning all about networks and network protocols.

@LanWanNinja What I meant to ask was, how did you get to the point where you are now? Care to recommend a few books/video series perhaps?

That is a very good question. My path is from years of experience and lots of learning, but that doesn't mean that it has to take that long. Definitely always keep learning, learn something every day, even if it is just for 5 minutes, no zero days. Getting certifications helps with basic ideas and concepts, but they do not give you depth. For someone that already works in IT, I would say to always ask questions about technologies that you do not know, but someone else does, always be curious. I really do think that learning Wireshark is a huge help, and almost a shortcut, to learning networking. It helped me because I could see the packets and their contents, instead of just learning concepts. I have seen so many times over the years that people, myself included, are guessing what is going on over a network in a certain situation and then we take a packet capture and what is really happening is something totally different. As far as videos or books go, I'm not sure that I can think of any right offhand. I wish I could say to watch all of my videos, it's everything that I know. I'm working on getting there, but I'm not there YET. Maybe start with a good Udemy class for CCNA or Network +? The next video I'm working on now between the Wireshark videos is an "Intro to Networking" video, which will be pretty basic, but put some of the concepts like ARP, DNS, and MAC addresses into visual terms. I hope this reply helps some.

Go to Edit and then Preferences, expand appearance and columns or just right click on any column and click column preferences and you will end up in the same place. Time should be there by default, you may have to click the displayed checkbox if it is not. For time delta, click the plus sign at the bottom of the Preferences window to create a new column, and it will add New Column to the bottom under title. Change new column title to Time Delta, or whatever you want to call it. Change Type to "time (format as specified)", change Fields to "frame.time_delta_displayed". Make sure "displayed" is checked for the new column you created, and then click OK. It will add the column to the far right side and you may have to grab and move it to where you want. If for some reason, time is not there, use the plus sign to add another column: title: time Type: time (format as specified) and leave fields blank. The time delta above will show the time since last displayed frame, if you ever want to change to time since last captured frame, you can use "frame.time_delta" For an easier way, look at my Wireshark class 2 - columns and coloring rules, starting at 1:20, adding columns from packet details, lots of good stuff in that video. kzbin.info/www/bejne/nmG7m6uGbLiXpsk

Thanks! That's one vote for I/O graphs then. There really is a LOT that the I/O graphs are good for.

Thanks. Yeah, I do not like any kind of filler either.

Thanks, I appreciate it! I try to make each video a bit better.

🤔

Thank you. I'm really glad you liked them. There are more on the way soon!!

Thanks for watching and for the feedback. That is a great reminder for me to make sure that I define any acronyms and terms I use. Thank you! If there are any videos you would like to see made, just leave me a comment.

@@LanWanNinja no worries at all! That was more a comment on my knowledge level and memory hahah! I don’t want to jump straight into trying to use things like wireshark when I don’t have more of the fundamental skills and knowledge down but it’s great to see how it works and get familiar with it. Thanks that’s great, I will do!

Thanks for watching and I'm glad you liked it. The next video, that I am working on now will take the same basic signs and a few new methods and apply them to finding nmap scans within a larger packet capture. My goal is to make it clear enough so that it can be understood even by people just getting started. Thanks again!

@@LanWanNinja That's a lot of work, we appreciate you much!

Thank you!

Excellent question! If you mean in a packet capture, I would use these filters individually instead of a keyword. Filter: nbns Purpose: See all of the NetBIOS Name Service (nbns) packets, the queries and the responses. Filter: nbns.flags.response == true Purpose: Show only the NetBIOS Name Service (nbns) packets responses. If responder is running on a computer, the source address or addresses that show up when you use this filter, are the computer that is running responder. Filter: nbns.flags.response == false Purpose: This will show all the queries, these are your machines that are using NBNS to resolve names. It is a good security practice to turn this off on PCs unless there is some strange reason that you need PCs to broadcast when they cannot resolve a name through DNS. I think that there is a possibility that this could pick up other packets also, but I am not seeing any others in the pcaps I am looking at now. Let me know if this answered your question. If it did not, I'll be more than happy to answer again.

Thanks, I'm glad they are helping. That's great to hear, it's exactly what I am going for. I really try to make them digestible for beginners and also have good tips and content in there for people who have been doing it for a while too.

It sure seems like it! LOL

Thanks! I'm glad you enjoyed it!!

Hey Charles thank you!! I'm glad you liked them!!

Thanks for watching! Is this a question or a suggestion for another video?

Thanks so much! Soon I hope to add some more links to the website and also start a blog section. I have a lot of daily "tips and tricks" that are not quite enough for a video, but I think would be helpful. Let me know if there are any videos that you would like to see. Thanks again!! The website is www.lanwan.ninja in case anyone else wants to take a look.

Thanks! And I am hoping the same thing!!

Wow, that's awesome! Thank you. And please tell your professor thanks. You may want to take a look at some of my other Wireshark videos too.

@@LanWanNinja Absolutely! :)

Thanks!! Next one coming soon!

Thanks much for watching. More videos are on the way!

Thanks for watching! And stay tuned, the deep dives and more to come soon.

Thank you. And thanks for watching!

Yep, I totally agree. And thanks for watching!

Thanks! I'm really glad you liked it.

Thank you!!

Thanks!! More content is definitely in progress now.

Thanks! I'm glad you found my channel too. Stay tuned for the deep dives in this series. Thanks for watching!

@@LanWanNinja for sure! Def will check it out man

Thanks, I really appreciate it. I completely agree about the "Analyze" section and we will get there in the deep dives. We are gonna need Display Filter Buttons and Display Filter Macros to really make finding this kind of thing easier. Thanks again!

@@LanWanNinja Thank you Sir , like they say two great minds always thinks alike. Keep the videos coming!

Thanks :) ! And don't worry, I will!!

Thanks so much!! I'm glad you subscribed too!

Thanks, I'm glad you really liked it!

Thanks! glad you liked it. I think segmentation and VLAN would be a great video to do after I do the deep dives for this video too.

@@LanWanNinja Yeah, I've been meaning to watch more of your videos. It's been on the back burner for months. I'm not a network engineer, but working at small to mid-sized companies means I get called upon to be the IT guy at times. Usually when something goes catastrophically wrong. So naturally I want to take steps to minimize that. OH! And it's fun!

I hear ya on the "Usually when something goes catastrophically wrong" part. That seems pretty normal. I have fun with it too. I realized today while working on something, that I was just guessing what was going on until I took a packet capture. I found out that it was something TOTALLY different.

Thanks so much! I appreciate it!

Thanks!! Yeah, I can't tell you how many times I have looked at an issue and thought one thing and then the packets said something else. That sounds like that kind of issue.

Thanks!!!

Thank you!! And great to hear on the cert numbers!

That's great to hear! And thanks.

Wow! Thank you so much.

Thank you so much 😀

Thanks! And I may do that.

I'm already working on the next one!

You're welcome 😊

Thanks! There will be more, I had fun creating it.

For context, I was handed a pcap and was asked to find all of the anomalies. But the thing is, lol when you don't know Wireshark everything looks anomalous. I subscribed and I'll stay tuned for the next video!

I think this is a great idea!! I'm working on the next video already, but I think that this may be the one after that. I think if we were just finding individual IOCs, an IDS/IPS would be way more efficient. BUT I think that finding anomalous behavior would be something we could do very well, and I think that is going to make a great video, and I've already been brainstorming on this one, after I saw your comment. Thanks for the kind words.

I am working on this video you requested now. I just started it on Wed 3/12/24, the day after I published my latest video. Thanks so much for your request!! It is going to take a bit to finish, but it is going to be REALLY GOOD!!

@@LanWanNinja Thank you!

I finally finished it. :) kzbin.info/www/bejne/aZOZpXiVm7ublZo

Thank you!! The next video is in progress already. If you have not seen this one from last week yet, it is good too: kzbin.info/www/bejne/qJa5XmltptV9gpY

Thanks! I appreciate it. More to come soon too!!

I'm glad you liked it. My plan is to slowly make them more difficult, I have some ideas that I have been kicking around for the next one

Thanks!! There will be more to come. And even some of my other videos may be helpful.

Thanks! Glad to help!! My pcap analysis #1 video is similar to this one, it digs into a pcap, with other issues. The other ones start out more basic and explain filtering, coloring rules, etc. There is even one on installing Wireshark. More to come soon too.

Thanks Joe. I'll lower the buzzer volume for future videos, wow, it does kinda jump out at you!