Free Wireshark and Ethical Hacking Course: Video #0

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
(Poodle hums) - It's good to read. See, this is good to read. - I'm really happy to announce that I'm going to be giving away my Wireshark Packet Analysis and Ethical Hacking course. From today, I'm gonna be uploading videos on YouTube for free. So if you can't afford to buy my course, this is your opportunity to get my course for free. I'm gonna show you practically how to capture packets off of the network, how to capture passwords, how to capture voice calls and replay them and a whole bunch of other things. This is a very practical Wireshark analysis course. Rather than just showing you the menus within Wireshark or all the options within Wireshark, which can be very boring and very tedious, I'm gonna show you practically how to capture packets off the wire and then do things. So to make it more fun, we're going to do some ethical hacking. Rather than just learning Wireshark by going through menus, we're going to have a bit of fun by capturing packets of the wire. Now you don't have to bold the same networks as I'm bolding. What I'm gonna do is give you the PCAP files so that you can download them and follow along if you want to. So use the links below the videos in this course. Download the PCAP files. Open them up in Wireshark, and then you'll see exactly what I'm seeing when I'm doing the captures. Now I'm gonna be uploading at least one Wireshark video per week to YouTube. If you can't wait, so you want the course right away, use the links below this video to buy the course. You can either get the course from various platforms, such as Davidbombal.com, or if you wanna support both me and Network Chuck, then use the link below to join thisisIT. If you join thisisIT, you support us to create more free content. So it'd be great if you can do that. Okay, so with that being said, let's get started, and I'm gonna show you how to practically capture packets, interrogate them, and in this video, I'm gonna show you how to replay voice calls just to show you what's possible. (upbeat electronic music) Now in this video, I'm gonna show you some of the things that you can do with Wireshark. Don't worry if you don't understand what I'm doing in this video. It's just to try and inspire you and get you started with what's possible and what you'll be able to do by the end of this course. By the end of this course, you'll be able to capture voice packets and replay voice conversations, you'll be able to capture routing updates, so routing updates from protocols, such as OSPF, EIGRP and others, and then see what's going on in the network. You'll be able to troubleshoot network issues by using Wireshark. I've made this course as practical as I can. Make sure that you download the attached Wireshark PCAP files so that can do things yourself and try things yourself. But without further ado, let me show you some of the options available in Wireshark and hopefully inspire you so that you can see what you can accomplish by learning how to use Wireshark. Let's get started. Okay, so let's have a look at this practically. Here's an example. I'm using GNS3 to run a virtual infrastructure. I've got two PCs, PC1 and PC2. These are Windows computers. So here's PC2. Here's PC1. They're Windows 10 computers, and I'm running IP phones on these computers. So what I'm gonna do is capture traffic on this link. So right click, Start capture. GNS3 makes it really easy to capture packets using Wireshark because GNS3 has Wireshark integrated with it. So I can specify that I wanna capture ethernet traffic on this link, and click OK. Wireshark starts automatically, and as you can see here, I'm seeing a bunch of protocols like STP, DTP. So that spanning-tree. This is Dynamic Trunking Protocol. This is EIGRP, which is a routing protocol. But what I could do is filter for SKINNY. Skinny Client Control Protocol, or SCCP, is the communication protocol, once again, used between the phones and the router. So notice Skinny Client Control Protocol. You can see it's a TCP protocol. This is a message from the router to a phone. So the source port is 2000, going to a random port number. He has an example from the phone to the router. So notice source port is this. Destination port is 2000. Okay, but that's probably not what you're interested in seeing. You're probably interested in seeing UDP traffic. Now here we see some other traffic, some Dropbox traffic. That's not really what I'm interested in. I'm interested in seeing telephony traffic. Now, when I go to Telephony, VoIP Calls in Wireshark, at the moment, I don't see any voice calls. But when I make a call from one phone to the other, so let's make a call from 1001. (dial tone) Just make that a bit quieter. To 1000. (phone rings) Call is set up. On this side, I can answer the call. And again, I'm gonna get the feedback. (feedback echoes) Hello? This is David Bombal speaking, a lotta echo. Bit strange that I'm talking to myself. But there you go. Phone call from one virtual phone to another. Now what I'll do is mute the lines so we don't get all that feedback. But there's a call set up between the two phones. In Wireshark, Telephany, VoIP Calls allows me to see that this is an active call. What I'll do now is end the call. So notice the call has ended. And back in Wireshark, Telephony, VoIP Calls, notice the call is completed. It's a SKINNY call from 1001 to 1000. So Wireshark is picking up that there was a call taking place on the network. Scrolling down, I see this UDP traffic. I see Media Independent Network Transport. It's got it listed as MiNT, but this is actually incorrect. This is an incorrect classification. I know this is a call from this IP address to this IP address because VoIP Calls tells me that I can see the IP address involved in the call. So I've got these two phones talking to each other. So what I'm gonna do, and this is the trick. Right click Decode As, and don't use MiNT in this example. We're gonna use RTP. So scrolling right down, RTP, Realtime Protocol. I wanna decode this traffic as RTP traffic, and notice the difference. I can see that this is G.711 U-law. G.711 is a codec used for encoding analog voice. When I'm speaking, this is an analog waveform. So I'm sending voice into the air, and that's an analog waveform in the air. So in this example, the IP phone, not the iPhone, but the IP phone is taking my analog voice, which is sent through the air, and encoding it as zeros and ones. And that uses what's called a codec. We have a coder, a decoder, codec. The codec used here is G.711. We have G.711 U-law. Notice the U or A-law. U-law is what's used in the U.S.A. A-law I like to remember is all of us. So that's not entirely true. It's people like me in the U.K. We would generally use A-law when making calls on a traditional telephony network like through British telecom. But this is IP. These are Cisco IP phones. So they use U-law by default. So, G.711, U-law. There are different codecs, such as G.729, G.722. There are other codecs, but in this example, this is the codec that we're using. Now, you may not be interested in all of that detail, but notice here we've got Real-time Transport Protocol. We can see the payload. Once again, notice G.711. But probably what you wanna do is the following. Go to Telephony, go to RTP, RTP Streams, and notice here we can see the source and destination streams. Now in voiceover IP on Cisco phones, as an example, they are two unidirectional streams for a two-way conversation. So if I'm talking to you and you're talking to me, there's a unidirectional stream from me to you and then a different one from you to me, two different streams. And that's why we see it as two streams here. When troubleshooting voiceover IP, as an example, you often need to troubleshoot one-way voice, and the reason it's one-way voice is because there are two unidirectional streams. If there's a firewall, as an example, blocking your voice getting to me, you'll be able to hear me but I won't be able to hear you, again, unidirectional. So I'm gonna select those two streams, and I'm gonna click Analyze. So here's the output of that. We can see as an example forward and reverse calls, and we get information such as the maximum jitter, which is the variable delay in a voice call. If your jitter's too high, the voice quality degrades dramatically. A whole bunch of information, but what I wanna do here is click Play Streams, and now what I'll be able to do is play the audio stream. And again I'm going to get the feedback. (feedback echoes) Hello, this is David Bombal speaking. A lotta echo. Bit strange that I'm talking to myself. So notice there are two streams here. We've got two separate streams. The blue one is from Phone 2 to Phone 1. The gray one is from Phone 1 to Phone 2, hence getting a lot of replay. What I could do is just select one of the streams and click Analyze. So what I've got here is one stream only rather than two. And again, I'm gonna get the feedback. (feedback echoes) Hello, this is David Bombal speaking. So notice I am able to grab the audio stream off the wire and then replay it. I can replay both streams. It's a bit weird here because I'm talking to myself. Okay, so that was a quick overview of some of the things that you can do with Wireshark. I'm now gonna show you how to install Wireshark, how to get started and how you can capture traffic off network and troubleshoot, as well as learn about what's happening on networks. ♪ We both deserve it all ♪ (upbeat electronic music)
Info
Channel: David Bombal
Views: 91,224
Rating: 4.9804215 out of 5
Keywords: wireshark, hacking, wireshark tutorial 2020, ethical hacker, ethical hacking, wireshark tutorial for beginners, wireshark download, wireshark 2020, networking, how to hack, wireshark filters, wireshark tutorial, how to use wireshark, gns3 wireshark, http, packets, sniffing, how to, packet analyzer, kali linux, hacker, ethical hacking course, hackers, udemy wireshark, networking tutorial for beginners, packet sniffing, learn hacking, tutorial, kali linux tutorial, hacking course
Id: QXfaGOMT7MY
Channel Id: undefined
Length: 12min 1sec (721 seconds)
Published: Mon Aug 10 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.