(Poodle hums) - It's good to read. See, this is good to read. - I'm really happy to announce that I'm going to be giving away my Wireshark Packet Analysis
and Ethical Hacking course. From today, I'm gonna be uploading videos on YouTube for free. So if you can't afford to buy my course, this is your opportunity
to get my course for free. I'm gonna show you practically how to capture packets off of the network, how to capture passwords, how to capture voice calls and replay them and a whole bunch of other things. This is a very practical
Wireshark analysis course. Rather than just showing you
the menus within Wireshark or all the options within Wireshark, which can be very boring and very tedious, I'm gonna show you practically
how to capture packets off the wire and then do things. So to make it more fun, we're going to do some ethical hacking. Rather than just learning
Wireshark by going through menus, we're going to have a bit of fun by capturing packets of the wire. Now you don't have to bold the
same networks as I'm bolding. What I'm gonna do is
give you the PCAP files so that you can download them and follow along if you want to. So use the links below
the videos in this course. Download the PCAP files. Open them up in Wireshark, and then you'll see
exactly what I'm seeing when I'm doing the captures. Now I'm gonna be uploading
at least one Wireshark video per week to YouTube. If you can't wait, so you
want the course right away, use the links below this
video to buy the course. You can either get the course
from various platforms, such as Davidbombal.com, or if you wanna support
both me and Network Chuck, then use the link below to join thisisIT. If you join thisisIT, you support us to create more free content. So it'd be great if you can do that. Okay, so with that being
said, let's get started, and I'm gonna show you how to
practically capture packets, interrogate them, and in this video, I'm gonna show you how
to replay voice calls just to show you what's possible. (upbeat electronic music) Now in this video, I'm gonna show you some of the things that you
can do with Wireshark. Don't worry if you don't
understand what I'm doing in this video. It's just to try and inspire
you and get you started with what's possible and what you'll be able to
do by the end of this course. By the end of this course, you'll be able to capture voice packets and replay voice conversations, you'll be able to capture routing updates, so routing updates from protocols, such as OSPF, EIGRP and others, and then see what's
going on in the network. You'll be able to
troubleshoot network issues by using Wireshark. I've made this course
as practical as I can. Make sure that you download the attached Wireshark PCAP files so
that can do things yourself and try things yourself. But without further ado, let me show you some of the
options available in Wireshark and hopefully inspire
you so that you can see what you can accomplish by
learning how to use Wireshark. Let's get started. Okay, so let's have a
look at this practically. Here's an example. I'm using GNS3 to run a
virtual infrastructure. I've got two PCs, PC1 and PC2. These are Windows computers. So here's PC2. Here's PC1. They're Windows 10 computers, and I'm running IP phones
on these computers. So what I'm gonna do is
capture traffic on this link. So right click, Start capture. GNS3 makes it really easy to
capture packets using Wireshark because GNS3 has Wireshark
integrated with it. So I can specify that I wanna
capture ethernet traffic on this link, and click OK. Wireshark starts automatically, and as you can see here, I'm seeing a bunch of
protocols like STP, DTP. So that spanning-tree. This is Dynamic Trunking Protocol. This is EIGRP, which
is a routing protocol. But what I could do is filter for SKINNY. Skinny Client Control Protocol, or SCCP, is the communication protocol, once again, used between
the phones and the router. So notice Skinny Client Control Protocol. You can see it's a TCP protocol. This is a message from
the router to a phone. So the source port is 2000,
going to a random port number. He has an example from
the phone to the router. So notice source port is this. Destination port is 2000. Okay, but that's probably not what you're interested in seeing. You're probably interested
in seeing UDP traffic. Now here we see some other
traffic, some Dropbox traffic. That's not really what I'm interested in. I'm interested in seeing
telephony traffic. Now, when I go to Telephony,
VoIP Calls in Wireshark, at the moment, I don't
see any voice calls. But when I make a call from
one phone to the other, so let's make a call from 1001. (dial tone) Just make that a bit quieter. To 1000. (phone rings) Call is set up. On this side, I can answer the call. And again, I'm gonna get the feedback. (feedback echoes) Hello? This is David Bombal
speaking, a lotta echo. Bit strange that I'm talking to myself. But there you go. Phone call from one
virtual phone to another. Now what I'll do is mute the lines so we don't get all that feedback. But there's a call set up
between the two phones. In Wireshark, Telephany,
VoIP Calls allows me to see that this is an active call. What I'll do now is end the call. So notice the call has ended. And back in Wireshark,
Telephony, VoIP Calls, notice the call is completed. It's a SKINNY call from 1001 to 1000. So Wireshark is picking up that there was a call
taking place on the network. Scrolling down, I see this UDP traffic. I see Media Independent Network Transport. It's got it listed as MiNT,
but this is actually incorrect. This is an incorrect classification. I know this is a call from this IP address to this IP address because VoIP Calls tells me that I can see the IP address
involved in the call. So I've got these two phones
talking to each other. So what I'm gonna do,
and this is the trick. Right click Decode As, and don't use MiNT in this example. We're gonna use RTP. So scrolling right down,
RTP, Realtime Protocol. I wanna decode this
traffic as RTP traffic, and notice the difference. I can see that this is G.711 U-law. G.711 is a codec used for
encoding analog voice. When I'm speaking, this
is an analog waveform. So I'm sending voice into the air, and that's an analog waveform in the air. So in this example, the IP phone, not the iPhone, but the IP
phone is taking my analog voice, which is sent through the air, and encoding it as zeros and ones. And that uses what's called a codec. We have a coder, a decoder, codec. The codec used here is G.711. We have G.711 U-law. Notice the U or A-law. U-law is what's used in the U.S.A. A-law I like to remember is all of us. So that's not entirely true. It's people like me in the U.K. We would generally use
A-law when making calls on a traditional telephony network like through British telecom. But this is IP. These are Cisco IP phones. So they use U-law by default. So, G.711, U-law. There are different codecs,
such as G.729, G.722. There are other codecs,
but in this example, this is the codec that we're using. Now, you may not be interested
in all of that detail, but notice here we've got
Real-time Transport Protocol. We can see the payload. Once again, notice G.711. But probably what you
wanna do is the following. Go to Telephony, go to RTP, RTP Streams, and notice here we can see the source and destination streams. Now in voiceover IP on
Cisco phones, as an example, they are two unidirectional streams for a two-way conversation. So if I'm talking to you
and you're talking to me, there's a unidirectional
stream from me to you and then a different one from you to me, two different streams. And that's why we see
it as two streams here. When troubleshooting
voiceover IP, as an example, you often need to
troubleshoot one-way voice, and the reason it's one-way voice is because there are two
unidirectional streams. If there's a firewall, as an example, blocking your voice getting to me, you'll be able to hear me but
I won't be able to hear you, again, unidirectional. So I'm gonna select those two streams, and I'm gonna click Analyze. So here's the output of that. We can see as an example
forward and reverse calls, and we get information
such as the maximum jitter, which is the variable
delay in a voice call. If your jitter's too high, the voice quality degrades dramatically. A whole bunch of information, but what I wanna do here
is click Play Streams, and now what I'll be able to
do is play the audio stream. And again I'm going to get the feedback. (feedback echoes) Hello, this is David Bombal speaking. A lotta echo. Bit strange that I'm talking to myself. So notice there are two streams here. We've got two separate streams. The blue one is from Phone 2 to Phone 1. The gray one is from Phone 1 to Phone 2, hence getting a lot of replay. What I could do is just
select one of the streams and click Analyze. So what I've got here is one
stream only rather than two. And again, I'm gonna get the feedback. (feedback echoes) Hello, this is David Bombal speaking. So notice I am able to grab
the audio stream off the wire and then replay it. I can replay both streams. It's a bit weird here because
I'm talking to myself. Okay, so that was a quick overview of some of the things that
you can do with Wireshark. I'm now gonna show you
how to install Wireshark, how to get started and how
you can capture traffic off network and troubleshoot, as well as learn about
what's happening on networks. ♪ We both deserve it all ♪ (upbeat electronic music)