TryHackMe | Wireshark: The Basics | Walkthrough

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys welcome back welcome to my Channel today we're going to do War sh the basics learn how learn the basics of sh how to analyze protocols and pcaps so it's part of the CTI pentest plus path hope you guys liked the last video M SPO introduction uh so far we already did the introduction to cyber security pre-security and web fundamentals now we're doing the comp TI pent Test Plus the learning path all the easy paths so let's get right into it so task one introduction just letting you letting you guys um showing you guys how to answer the questions uh I recommend to read through all the tasks so you get a full understanding what it's all about so all right task one introduction already started the tbox virtual machine uh answer questions below which file is used to simulate the screenshots as you read there's two files one is the http1 pcap in GE so copy paste and the second one says which file is used to answer the questions and it says exercise pcap NG G so all right let me uh load this wire shart right here all right so task to to overview okay it talks about why shark is the most potent traffic analyzer tool available in multi-purposes detect and CH detect security investigate and learning protocols all right so you follow along there's a screenshot just talks about the tool bar display filter recent files capture filter and available sniffing interfaces and says loading the pcap files it will tell you the file name the packet list the packet details the file name total number of packets and display packets talks about the coloring packets you go view coloring rules you C customize it and the sharp button and will display the packets it talks about merging the peap files can't really see it's basically probably uh merging two files at once and then view file details it just talks about statistic we're going to use this lot so all right let's get to the answer says use exercise pcap and G file to answer a question so let's not this open exercise okay let's uh make it full screen to make it look better all right let's try again open there you go and says read the capture file comments what is the flag FL so if you go back to let's see where's the comment section okay right here statistic capture file properties so statistics capture file properties and it says read the file comments what is the flag so it's right here you SC down and that's the answer try me L shark [Music] demo next question What's the total number of packets and on the bottom right is 58,60 so 58620 and last question is what's the Sha 256 hash file with the capture file hint file details can help so again statistic capture file properties and it says hash 256 starts with f so copy paste all right let's go task three pack disseration all right talks about pack disseration there's a link that you can and get help talks more about or shirt talk about packet details so the frames so the details and then there's the bites all right so we can close this out so frame one it's number one all right so Source two source Mac layer 2 is the ethernet and layer three the IP is the Internet Protocol layer four is the transmission control and protocol errors it's would in do have any errors to resle so looks like this one doesn't have any but there's a screenshot example then layer five application protocol so this will be in the hypex something like that then application data so answer your questions below use exercise. pcapng file to answer the questions view packet number 38 which markup language is used under the HTTP protocol hit package numbers are shown the left column in the packet list plane so it's talking about this so it's number [Music] 38 all right what is the markup language in the HD protocol so you click there it is I believe is the extendable denable markup [Music] language what is the arrival date of the packet answer format month slate year hint the packet details playing FL and frame section can help so it's the frame let's see right here arrival time May 13 2004 so slash3 2004 next question what is the TTL value the packet details play the IV protocol section get help always remember to hit the hint uh hint boox guys it helps a lot so frame Internet Protocol so TTL I believe is time to live 47 all right this question was the tcv payload size hint dep packet details PL protocol section can help all right protocol section can help TCP maybe [Music] 424 payload right here 424 [Music] points and what is the eag value all right let's look at where's the E tag up here let's go back to the incident protocol nope let's go to the frame does it have it no ethernet right let's try again right [Music] transmission flag maybe it's in the hyper transfer e right here under the HTTP so I'm just going to right click copy value so Pace there you go guys all right task four packet navigation Okay so talks about packet numbers the left column the goto packet the go select go one two talk about finding packets edit find strange download to about Mark packets edit there's the mark section Mark unmark and packet C comments All right you get export file export specific export objects and view which say time display format so you can change format at view all right so this default to UTC talk about expert info all right and this one just more information expert information analyze so the questions let's answer questions below search raw string imp packet details what is the name of the first artist okay let's go over here uh Let's find let's analyze I believe it was flying packet once again okay so r w fine okay so there's artist one artist one and I believe is raw 8173 so Raw 8173 and it says go to packet 12 and read the comments where is the answer hint right click pocket comment menu to view the comments if the comment is too long long you can scroll down follow the rest of the par remember you can use the statistic capture profile properties to view the available comments let go to packet 12 right so you can say go package 12 read the comments right click packet comments this is not the flag so scroll down all right it says go to packet 3 9765 let's copy this look at the packet details plain right click on the jpeg section and Export packet bites this is an alternative way of extracting data from capture file was is the md5 hash value extractor image okay again let's go to packet all right so it talks about jpeg right right here let right click and says show or export to see what show okay let's export I'm going to put uh was it again yeah all right let's so md5 right [Music] see change desktop okay so we're going to md5 [Music] S 3 9765 Yep this is how you crack it so it says there is a DOT text file inside a capture file find a file and read it what's the alien's name okay let's go watch chart again all right let's go to find packet and it says. txt f all right so I get what is the alien's name see can I export this [Music] oh let's see find a file and read it what is the alien's name let's see was this one no all right Mark pocket F packet okay go to packet analyze all right let me see I can analyze this let's see five let's copy this copy value see there's another one [Music] okay does I say packet Master hold this packet Ms see okay the thing all right one more line Tex plain as day yeah I'm try this again [Music] see all right C packet sounds like master I don't know let's see packet Master oh I guess it is all right and it says look at the expert info sessions what is the number of warnings okay expert info let's see analyze okay got it let's go analyze expert and let's see how many what's the number of warnings 16 36 all right guys that was a trick a little bit tricky what el fun Tas five packet filtering talk about packet filtering let's see there's a golden R atud don't want to write queries for basic task you can click it you can filter and copy it apply as filter so number one the destination appli filter what's this conversion filter TCP interesting you could colorize conversion probably can't see it but um it's basically right click coloriz version and you can change whatever color prepare as filter to select okay applies column you can filter column and follow stream follow TCP stream okay okay let's see answer questions below go to packet number before right click on the hyper transfer prot apply as a filter now look at the filter plane what is the filter Curry all right it says go all right go to number [Music] four and see all right let's see right click implies as filter now look at the filter plane what is the filter query I believe it's talking about this cuz P filter yeah display so so the number would be one Z 1,89 1089 or not oh that's interesting let see there not 189 [Music] one9 [Music] 8 that's [Music] interesting [Music] apply as filter let's try this again h see go to packet right click that's what I [Music] did who let's try be [Music] 90 very interesting what is the number of display packets oh wait 1089 duh what is the filter for oh wait HTP that was dumb yeah let's talk about this so go to packet 3379 and follow the stream what is the total number of artists okay so go to packet 337 90 say follow follow Stream So analyze follow okay total artist it looks like six see [Music] nope okay let's see let's try TCP hold on close so again analy follow TCP stream [Music] okay let's see arst oops try again 3790 and then analyze follow create Supply filter okay let's uh analyze follow HT stream let's see once you follow stream creates apply's see see what's to number of artist okay let's see stream all right AR oh okay there's [Music] three and what's the name of the second artist it's right here and that's it guys Tas six conclusion just finished W our basic and pl proceed to the next stream keep learning that's it guys once you finished you can share Twitter Facebook LinkedIn has already share on my link and uh how you like this video guys give a thumbs up hit the Subscribe button H notification button and uh comment on my videos let me know how to improve these um I hope it's helping you to complete all these rooms the learning path and the next one is going to be I believe is Hydra Chas bir sweep the basics I believe was in web fundamentals I'm just going to reset this and as you know guys right now I'm transitioning to it f uh currently I am comti certify because because my current work recognizes the certification I did video on how I pass the A+ the pentest plus and the Security Plus probably in the future I'll do one in uh the cyssa plus and um yeah thanks for watching guys till next time
Info
Channel: PLei
Views: 141
Rating: undefined out of 5
Keywords: TryHackMe, Wireshark
Id: 0NdzETaqCGE
Channel Id: undefined
Length: 35min 36sec (2136 seconds)
Published: Wed Nov 08 2023
Related Videos
TryHackMe | Metasploit: Introduction | Walkthrough
PLei
180
Wireshark Tutorial for Beginners | Network Scanning Made Easy
Anson Alexander
115K
Wireshark Practice - Hands-On
Chris Greer
8.3K
How TCP really works // Three-way handshake // TCP/IP Deep Dive
David Bombal
601K
TryHacKMe | Python Basics | Walkthrough
PLei
84
TryHacKMe | Nmap | Part 2 Walkthrough
PLei
20
How I Use Wireshark
Viatto
90K
TCP Fundamentals Part 1 // TCP/IP Explained with Wireshark
Chris Greer
394K
TryHackMe WIRESHARK Filters Walkthrough
Chris Greer
10K
Wireshark 101: How to Wireshark, Haktip 115
Hak5
169K
TryHackMe | Python For Pentesters | Part 1 Walkthrough
PLei
381
TryHackMe | Active Directory Basics | Walkthrough
PLei
105
TryHackMe | Hydra | Walkthrough
PLei
53
How to troubleshoot a slow network
Ben Piper [cloud, networking] (benpiper.com)
200K
Wireshark: The Basics | tryhackme | SOC Level1 Wireshark: The Basics | tryhackme | SOC Level1
cyber hunt
2.8K
TryHackMe | Passive Reconnaissance | Walkthrough
PLei
136
TryHackMe | Python For Pentesters | Part 2 Walkthrough
PLei
169
TryHackMe | Phishing | Walkthrough
PLei
68
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.