Awesome channel! Brings back good memories of my time as a Turbofan Test Engineer for Lockheed and Rolls-Royce from 2004-2012. We had serval proprietary protocols that we needed to troubleshoot, but didn't have documentation for. So, I spent several months using Wireshark and creating custom dissectors for it, and eventually built some tools to help us solve many issues within minutes that used to take us days or weeks to narrow down and resolve. Keep up the great work!

Such an important skill for any kind of troubleshooting, hacking, or just understanding what the heck is going on!

Ooo, I try not to nitpick, but sometimes I can't help myself. At 5:06 where you talked about DHCP only working on the ... (pause)... "local subnet". The term you wanted is more like "layer II broadcast domain". Subnets are a layer-III concept and there can be multiple concurrent subnets on top of the same layer-II network. DHCP works across layer-II (to/from MAC address) and indeed there should only be one on the same layer-II broadcast domain. DHCP actually CAN traverse to other layer-II LANS (usually VLANs) and offer additional subnets on those VLANs by way of a "DHCP-relay" server, but that's another story :) Keep up the good work and great job making yout mitmrouter scripts public.

I have used wireshark many times for debugging, 99% of the video was stuff I already knew. But holy crap, right click and "Apply as Filter" - how on earth did I miss that? I wasted so much time digging through documentation to find out how to express those filters manually... thank you so much! It's also super helpful that you show how you mess up by filtering on the wrong thing, and then correct it; I probably would've made the same mistake.

You are correct. Private IP addresses are non-routable. I liked the information at the end. I would like to know how you transitioned that into the hardware side of things. I’d like to see some of the other tools you have for hardware capture and debugging, jtag, or if you have bus pirate…etc. Thanks. Your videos are great. Keep up the good work.

Exactly what I was looking for! More of these for beginners getting into IoT Hacking please 🙏🏼

Also, visit Edit- > Preferences -> Layout form and select a pane where 2 and 3 located at the same bottom level. This way you screen space is used much more efficiently and you can make more long list of packets to be shown.

I appreciated this video. Gave me a fundamental understanding of network packets, and how to interpret them in Wireshark. I already had some very very basic knowledge of SYN and SYN/ACK protocol, but this was a really nice breakdown.

Matt, your channel is outstanding.

just found ur channel, going to binge everything u posted ty

Great stuff man, really like that way you broke down the packets.

I swear man make a course for beginners and I will be the first to buy it!!! Awesome content!

Matt, as usual, great content and very fluid with discovery step by step. It is always amazing to see the IP addresses going to servers in different countries. Have you noticed any trends on different devices going to the same IP? Who knows? Maybe a shark, ring camera, and Bluetooth scale are all pinging the same server! 😅 Thank you again for sharing your skills!

I never read your videos comments, so this comment might be old to you... I'm subed to Henry Rollins and saw a notification with your channel pic, in my subed channels and thought "Rollins published a video!", clicked and thought, "damn, Matt looks so much like young Henry Rollins". Great video btw!

Fun fact, even though it is a Chinese domain, looks like it is hosted in the the Alibaba Cloud data center in San Jose, CA.

Dude, you are legend.

DHCP is broadcast on the local subnet. The DHCP server doesn't need to reside on that subnet however. I believe a BOOTP relay agent can take the DHCP request and forward that on to the IP of the DHCP server,. Then the offer, request and acknowledgement takee place as normal.

Currently studying for my CCNA so I love watch real-life examples of network protocols in action. Are there any other certifications you recommend?

Than you for your work. Keep going. We need that.

excellent content and explanations.

This video is really good. Well explained as on uni networking course

You could place on screen some packets diagrams. For some people it’s more understandable

You mentioned ICMP response in case on TCP connection rejection. But you skipped to say the same for UDP connection as well. In both cases it's true if connection attempt is performed in LAN, without routing and when traffic is not firewalled.

Hi Matt, can you do a video on decoding the TLS data when you have the server certificate and private key (or when the device accepted a self signed certificate)? Thanks!

awesome video!!! thank you so much

very valuable - thank you!

I need to get me some of those sin packets

You are best 👍

I know this video just dropped, but had a question for you Matt. I bought a sus single-key programmable Chinese macro keyboard and I’d like to make sure that it’s not sending any data back or doing anything nefarious. Is Wireshark the best way to monitor the USB keyboard?

Super interesting.

Can you please assess the security of the enterprise grade solutions like ZKTeco or Hikvison brand they are well-known but it may have a backdoor or a loop hole.

First comment 💬 First Like 👍🏻 Great video, Matt! Maybe you could show us also how to MITM with wireshark and how to prevent this?

Please Do Not Throw Sausage Pizza Away... All People Seem To Need Data Processing. and Lyin little chick (LLC) works at MAC donalds. those were some mnemonic devices our instructor told us to help remember the way data flowed through the layers of the OSI Model.

that's not a chinese server. it's owned by Alibaba (US) Technology Co., Ltd. but it's located in san jose, california. edit: i think in a slightly different way it would still be valid to call it a chinese server...

+

0:34 What other video shows how to hook that up ? You have 60 videos by now. Edit: Found it ( kzbin.info/www/bejne/oWKWZZ1vepqikKc ) By the way, nice video 😊

I bailed out because of all the adverts. This is making YT unwatchable. Sorry 👎👎👎

Spent way too much time on DHCP and don't even understand it lol. Look at the info field. DHCP Discover -> Offer -> Request -> ACK is the normal process for how DHCP works. Spend more time on the point of the video instead of things you don't actually understand.