Awesome channel! Brings back good memories of my time as a Turbofan Test Engineer for Lockheed and Rolls-Royce from 2004-2012. We had serval proprietary protocols that we needed to troubleshoot, but didn't have documentation for. So, I spent several months using Wireshark and creating custom dissectors for it, and eventually built some tools to help us solve many issues within minutes that used to take us days or weeks to narrow down and resolve. Keep up the great work!
@bordeux2 ай бұрын
and you wrote documentation? Please say yes....
@JarheadCrayonEater2 ай бұрын
@@bordeux, I did, including client and server applications that used the protocols so we could test from either end of the system and find where the failures were.
@JarheadCrayonEater2 ай бұрын
@@bordeux, I even ended up creating an Android client so we could see the data being transmitted, instead of having one person in the control room and another 1/4 miles away on the jet engine. Using that Android app allowed just one person to do both the monitoring and troubleshooting in real-time.
@MalwareCube2 ай бұрын
Such an important skill for any kind of troubleshooting, hacking, or just understanding what the heck is going on!
@pete38972 ай бұрын
Ooo, I try not to nitpick, but sometimes I can't help myself. At 5:06 where you talked about DHCP only working on the ... (pause)... "local subnet". The term you wanted is more like "layer II broadcast domain". Subnets are a layer-III concept and there can be multiple concurrent subnets on top of the same layer-II network. DHCP works across layer-II (to/from MAC address) and indeed there should only be one on the same layer-II broadcast domain. DHCP actually CAN traverse to other layer-II LANS (usually VLANs) and offer additional subnets on those VLANs by way of a "DHCP-relay" server, but that's another story :) Keep up the good work and great job making yout mitmrouter scripts public.
@mattbrwn2 ай бұрын
You are correct. I often mix those layers in my head
@tommyt623Ай бұрын
NOT trying to be that "ACKTYUALLY" guy but Im pretty sure thats conditional. Its the norm but its not absolute. DHCP is first come first serve and competing servers on the same broadcast domain can have completely different scopes ergo subnets of a network. Rig the client with a delay against the 1st server on a subnet and it leases only with the 2nd, etc. DHCP doesnt *always* use the same broadcast domain.
@pete3897Ай бұрын
@@tommyt623 excellent corner-case example @tommyt623! My correction - one should not have multiple DHCP servers on the same layer-II broadcast domain unless the servers are offering differing scopes and you're happy for any clients to get their config somewhat randomly from either scope.
@OhadLutzky2 ай бұрын
I have used wireshark many times for debugging, 99% of the video was stuff I already knew. But holy crap, right click and "Apply as Filter" - how on earth did I miss that? I wasted so much time digging through documentation to find out how to express those filters manually... thank you so much! It's also super helpful that you show how you mess up by filtering on the wrong thing, and then correct it; I probably would've made the same mistake.
@ludosrex2 ай бұрын
You are correct. Private IP addresses are non-routable. I liked the information at the end. I would like to know how you transitioned that into the hardware side of things. I’d like to see some of the other tools you have for hardware capture and debugging, jtag, or if you have bus pirate…etc. Thanks. Your videos are great. Keep up the good work.
@kartikverma37212 ай бұрын
Exactly what I was looking for! More of these for beginners getting into IoT Hacking please 🙏🏼
@oleksii.zagorskyi2 ай бұрын
Also, visit Edit- > Preferences -> Layout form and select a pane where 2 and 3 located at the same bottom level. This way you screen space is used much more efficiently and you can make more long list of packets to be shown.
@HydrantRooster2 ай бұрын
I appreciated this video. Gave me a fundamental understanding of network packets, and how to interpret them in Wireshark. I already had some very very basic knowledge of SYN and SYN/ACK protocol, but this was a really nice breakdown.
@tommyt623Ай бұрын
Matt, your channel is outstanding.
@drdoubleU2 ай бұрын
just found ur channel, going to binge everything u posted ty
@jimmytopete20772 ай бұрын
Great stuff man, really like that way you broke down the packets.
@freechoasАй бұрын
I swear man make a course for beginners and I will be the first to buy it!!! Awesome content!
@wasabinow2 ай бұрын
Matt, as usual, great content and very fluid with discovery step by step. It is always amazing to see the IP addresses going to servers in different countries. Have you noticed any trends on different devices going to the same IP? Who knows? Maybe a shark, ring camera, and Bluetooth scale are all pinging the same server! 😅 Thank you again for sharing your skills!
@PandemoniumMeltDown2 ай бұрын
I never read your videos comments, so this comment might be old to you... I'm subed to Henry Rollins and saw a notification with your channel pic, in my subed channels and thought "Rollins published a video!", clicked and thought, "damn, Matt looks so much like young Henry Rollins". Great video btw!
@XiSparks2 ай бұрын
Fun fact, even though it is a Chinese domain, looks like it is hosted in the the Alibaba Cloud data center in San Jose, CA.
@hic70212 ай бұрын
Dude, you are legend.
@bertblankenstein37382 ай бұрын
DHCP is broadcast on the local subnet. The DHCP server doesn't need to reside on that subnet however. I believe a BOOTP relay agent can take the DHCP request and forward that on to the IP of the DHCP server,. Then the offer, request and acknowledgement takee place as normal.
@dakotaferris48422 ай бұрын
Currently studying for my CCNA so I love watch real-life examples of network protocols in action. Are there any other certifications you recommend?
@toymanek2 ай бұрын
Than you for your work. Keep going. We need that.
@jpphoton27 күн бұрын
excellent content and explanations.
@replikvltyoutube37272 ай бұрын
This video is really good. Well explained as on uni networking course
@Misimpa2 ай бұрын
You could place on screen some packets diagrams. For some people it’s more understandable
@petrus546542 ай бұрын
Wireshark has a cool feature to display the packet diagram. Cf Wireshark documentation section 3.21 "the packet diagram pane".
@Misimpa2 ай бұрын
@@petrus54654 yes, for me it was easier to understand how packets are packed. From actual data to top.
@oleksii.zagorskyi2 ай бұрын
You mentioned ICMP response in case on TCP connection rejection. But you skipped to say the same for UDP connection as well. In both cases it's true if connection attempt is performed in LAN, without routing and when traffic is not firewalled.
@MullerHasse2 ай бұрын
Hi Matt, can you do a video on decoding the TLS data when you have the server certificate and private key (or when the device accepted a self signed certificate)? Thanks!
@maniyaa_Ай бұрын
awesome video!!! thank you so much
@HollyTroll2 ай бұрын
very valuable - thank you!
@gordslater2 ай бұрын
I need to get me some of those sin packets
@tonylinux62652 күн бұрын
You are best 👍
@bmacd11b2 ай бұрын
I know this video just dropped, but had a question for you Matt. I bought a sus single-key programmable Chinese macro keyboard and I’d like to make sure that it’s not sending any data back or doing anything nefarious. Is Wireshark the best way to monitor the USB keyboard?
@Ibrahim-rc8sn2 ай бұрын
Just Open the keyboard
@ЛеонидШкурин-б5т2 ай бұрын
yeah open it and look at the chips inside
@charlesdorval3942 ай бұрын
@@ЛеонидШкурин-б5т then you see a black blob. What information did you get from that exercise? Fuckall.
@mikehensley782 ай бұрын
take pics or video if you see something cool, please.
@Misimpa2 ай бұрын
You must to know fundamentals how keyboard or other device can sand data. If your keyboard have it’s own software it could be bad If your keyboard detects not only as input device it could be bad If your keyboard have some chips not related to the input device it could be bad
@russtuff2 ай бұрын
Super interesting.
@UserforPhone2 ай бұрын
Can you please assess the security of the enterprise grade solutions like ZKTeco or Hikvison brand they are well-known but it may have a backdoor or a loop hole.
@mattbrwn2 ай бұрын
I just found a Hikvison in ewaste :D
@UserforPhone2 ай бұрын
@@mattbrwn this will be grate we will be waiting for the demonstration
@UrbanInsight2 ай бұрын
I'll add possibly going through the process of updating the firmware to an alternative like a custom version of "OpenWrt".
@abo14282 ай бұрын
First comment 💬 First Like 👍🏻 Great video, Matt! Maybe you could show us also how to MITM with wireshark and how to prevent this?
@mikehensley782 ай бұрын
Please Do Not Throw Sausage Pizza Away... All People Seem To Need Data Processing. and Lyin little chick (LLC) works at MAC donalds. those were some mnemonic devices our instructor told us to help remember the way data flowed through the layers of the OSI Model.
@kuraz2 ай бұрын
that's not a chinese server. it's owned by Alibaba (US) Technology Co., Ltd. but it's located in san jose, california. edit: i think in a slightly different way it would still be valid to call it a chinese server...
@Kabodanki2 ай бұрын
They are known to exfiltrate data to china. The US gov does the same data located in europe and hosted by US companies though
@OneIdeaTooManyАй бұрын
Most of the time Alibaba cloud servers are actually in Hong Kong. I'm guessing they probably have edge infrastructure in the US though but I'd almost wager without a doubt the main servers are in Hong Kong. For me, I'm already in Asia so It wouldn't make much sense sending traffic to the US and back.
@FocusAccount-iv5xe2 ай бұрын
+
@LuisYomba2 ай бұрын
0:34 What other video shows how to hook that up ? You have 60 videos by now. Edit: Found it ( kzbin.info/www/bejne/oWKWZZ1vepqikKc ) By the way, nice video 😊
@StarsManny2 ай бұрын
I bailed out because of all the adverts. This is making YT unwatchable. Sorry 👎👎👎
@blazedank10014 күн бұрын
Jailbreak with flex
@GenericUser8332 ай бұрын
Spent way too much time on DHCP and don't even understand it lol. Look at the info field. DHCP Discover -> Offer -> Request -> ACK is the normal process for how DHCP works. Spend more time on the point of the video instead of things you don't actually understand.