Wireshark 101: TCP Streams and Objects, HakTip 120

Рет қаралды 56,457

Hak5

Күн бұрын

Пікірлер: 36

@hak5 10 жыл бұрын

@EricOliver 10 жыл бұрын

Have you checked out steelcentral software from riverbed? Pretty neat tool to display aspects of a packet capture with a graphical interface.

@ernststavroblofeld1961 10 жыл бұрын

And who was now behind "refinery dot something?" 1:15

@JesseDahirKanehl 10 жыл бұрын

I just used this to get a bunch of points for a hacking competition. Thanks Shannon!

@ShannonMorse 10 жыл бұрын

woohoo! Glad it helped :)

10 жыл бұрын

them high pitched tones its does my head in!

@thedailygrind1324 4 жыл бұрын

Thank you so much for the video, This really helped me out in a final project I was working on.

@shalabhgoel433 5 жыл бұрын

Thanks for the video. Nicely explained

@CarsAndGadgetsAu 10 жыл бұрын

Ahh... My favorite tech tips show by my favorite hosts :-) I learned about about da packets today.

@playerone2424 10 жыл бұрын

CISCO classes brush over Wireshark so this series is an awesome supplement to the training! Also, keep the glasses Shannon. ;)

@ShannonMorse 10 жыл бұрын

My glasses are a slightly different prescription than my contacts, so they totally throw me off! But sometimes, my eyes need the rest from contacts. :P

@elmasalangy3247 6 жыл бұрын

@7:44 your reactions is so amazing i love it Shannon :D :D :D

@petegeorgopoulos1088 9 жыл бұрын

hey. first off thank you for the info. you cleared up a Lott for me. the only question i have is, what would be the best way to view packet info without having to save then open each. is there a preview feature, or maybe a viewer program?

@anonymous-tx5lm 10 жыл бұрын

good program, Ive been using this for years.

@fahadmalik6330 6 жыл бұрын

i want to analyze the youtube video through wireshark. i need a video link or any reference video from which i can get the information that how to read all the KPI's during the video playback. e.g. analyzing the poor quality result of youtube video and its reason, analyzing the data transfer during video, time to display the 1st picture. Plzzzz Help me

@killaurnext 9 жыл бұрын

10/10.....the video was cool too

@evolve101 10 жыл бұрын

;) Also learned something new. Had no idea you could save images from wireshark. etc etc. Nice vid. thnx

@Hoverbot1TV 10 жыл бұрын

Hak5 should do a gamergate episode.

@cjcanton9121 5 жыл бұрын

I've been working with Wireshark since 2014 and I never imagined there would be a hot girl teaching me about it

@chrisanders666 10 жыл бұрын

can you do a Wireshark HakTip explaining switched networks.. and how that does not work.

@ShannonMorse 10 жыл бұрын

Ahh, switches. Switches and hubs make networks act weird. Yes! That would be a good subject to define. Thanks!

@chrisanders666 10 жыл бұрын

Shannon Morse Sweet!! I love this series by the way.. I actually took a Wireshark Course with one of the (many) developers teaching it. Your teaching methods and subjects you choose to cover really help connect the dots. My biggest confusion was switched networks and hubs.. even after knowing what they did I got a wee bit confused when using Wireshark. Thank you, Shannon!

@skjalglandsem7440 9 жыл бұрын

+Shannon Morse Eh, just how do switches and hubs (they are not used anymore by the way) make networks weird? They are the very definition of networks - can you show me a network without a switch?

@chrisanders666 9 жыл бұрын

+Skjalg Landsem How are hubs not used anymore if I have one right in front of me.. Hubs just distribute all traffic to connected devices. Switches are port specific. If you have switches VLAN'd out things get weird. That's what I was talking about.

@skjalglandsem7440 9 жыл бұрын

If you have a "true" hub in front of you - hang on to it! You can't buy them anymore and the highest throughput you can get from the old 3Com hubs is 10Mb I believe. I'll get back to you on how switched networks work. Are you interested in switching in general or just VLAN propagation over a switched/routed network?

@notfak 10 жыл бұрын

HOTTTTTT

@pocodedo 9 жыл бұрын

@1:40 you selected packet 1382 and follow tcp stream.@2:13 you say tcp.stream eq 105 means packet 105 - but you selected packet 1382. What? 105 means the one-hundred-fifth occurrence of a tcp stream in this capture. Teaching the wrong thing is not better than teaching nothing at all. And this is not free since we have to sit through all the ads.

@lolo2lolo491 4 жыл бұрын

i thought this was about decoding tcp stream ?

@THE16THPHANTOM 8 жыл бұрын

it was weird hearing OSI pronounced O S I. we just pronounce it ozi, ozi model.

@hak5 8 жыл бұрын

Really? Weird! I was taught in school it was pronounced O S I. I guess everyone pronounces things differently. - Shannon

@symonxd 3 жыл бұрын

BOOBA (oh dang this vid from 2014 wow)

@Mac-ew1gv 5 жыл бұрын

I would love to take more lessons in wireshark with her lol

@pocodedo 9 жыл бұрын

@2:03 tcp stream is a byte stream not a packet stream - that would be closer to a udp stream. How can you teach somebody to use a tool with the wrong fundamentals.

@skjalglandsem7440 9 жыл бұрын

+pocodedo A TCP stream is the collection of all segments belonging to a unique "pair of IP addresses and port numbers". If you get the entire stream it always begins with empty data parts of the segments with only the SYN, SYN-ACK and finally ACK bit set (3-way handshake) in the TCP flags. TCP streams will eventually end in a FIN, FIN-ACK, ACK or a plain RST.Given a large enough trace file that unique combination of IP addresses and port numbers will be reused - Wireshark detects this and warns you.Btw: it is not wise to choose a TCP segment from early in the trace file to showcase TCP streams. The earlier in the trace file, the less chance of the stream having the 3-way handshake in it.