WEBVTT

00:00.480 --> 00:04.080
Wireshark is an overwhelming tool, right?

00:04.200 --> 00:10.890
So in this video, we are going to understand its overwhelming interface.

00:11.070 --> 00:16.290
What all these different components and sections mean.

00:16.710 --> 00:19.980
So go to the we will give you a menu.

00:20.130 --> 00:27.460
Lets you decide the components that you want to appear in your display area.

00:27.480 --> 00:32.790
As you can see, White Shark has pre-selected some of the components for us.

00:33.150 --> 00:39.000
First three selected components are main toolbar, filter, toolbar and status bar.

00:39.210 --> 00:41.190
This is the main toolbar.

00:41.580 --> 00:49.560
It contains the functions that you are going to use or access on a regular basis.

00:49.680 --> 00:52.320
Then we have Filter Toolbar.

00:52.350 --> 00:54.390
This is the filter bar.

00:54.480 --> 00:59.400
Filter bar allows us to right the filter.

00:59.820 --> 01:06.750
Filters are used for filtering or removing the unnecessary traffic.

01:07.050 --> 01:14.760
For now, you don't have to worry about filters because we have a dedicated section for filters.

01:15.030 --> 01:25.110
Just remember that if you want to filter the traffic, then you can write and apply your filters here

01:25.110 --> 01:26.250
in the filter.

01:26.280 --> 01:30.670
But then we have a status bar at the bottom.

01:30.690 --> 01:32.460
This is the status bar.

01:32.550 --> 01:39.930
It gives you a summary of captured and lost packets on your bottom.

01:40.200 --> 01:43.650
Right click on profile profile menu.

01:43.770 --> 01:53.040
Displays all the profiles, including the default profiles and the profiles that you have created.

01:53.220 --> 01:57.450
We will get back to profiles in a separate video.

01:57.780 --> 02:00.720
Now from your bottom left.

02:00.930 --> 02:07.710
You can access properties of the file that you have opened in the white shark.

02:07.740 --> 02:10.980
So click on the button, open the captured file properties.

02:11.250 --> 02:15.810
So at the top, we have a destination where a file has been saved.

02:16.170 --> 02:23.190
Then file size, hash values extension used for saving the file.

02:23.370 --> 02:28.920
And down here, we have all other relevant details about the file.

02:29.070 --> 02:32.190
Now we can copy properties of the file.

02:32.220 --> 02:35.760
All you have to do is click on the button at the bottom.

02:35.790 --> 02:37.590
Copied to clipboard.

02:37.620 --> 02:42.180
Now you can paste the copied details into each file.

02:42.540 --> 02:44.550
Now click on Close.

02:44.910 --> 02:48.810
Next component that we have is Bucket List.

02:49.290 --> 02:54.210
This section or panel is called Bucket List.

02:54.490 --> 02:58.980
Bucket List displays the captured packets.

02:59.250 --> 03:08.910
Every packet that Wireshark captures is displayed or listed here in the packet list section.

03:09.120 --> 03:09.510
Right.

03:09.810 --> 03:11.910
Then we have packet details.

03:12.450 --> 03:16.290
This section in the middle is packet details.

03:16.500 --> 03:16.860
Right.

03:17.100 --> 03:19.770
Packet details, as the name suggests.

03:20.040 --> 03:27.480
It displays a detailed information about the selected packet packet list.

03:27.720 --> 03:34.410
Section only gives you a brief summary of each packet in the list.

03:34.710 --> 03:44.910
So if you want to analyse packets in detail, all you have to do is click on the packet that you want

03:45.030 --> 03:46.080
to analyse.

03:46.260 --> 03:49.680
Okay, I'm going to click on packet number food now down here.

03:49.920 --> 03:59.820
Packet details section is displaying all the available information for the selected packet in detail.

04:00.270 --> 04:10.080
In other words, packet details basically displays all the encapsulated protocols in the selected packet.

04:10.290 --> 04:10.720
Right.

04:10.920 --> 04:18.180
So to analyse any packet in detail, click on the packet that you want to analyse.

04:18.360 --> 04:25.750
Then in the packet details section, you can analyze the selected packet in detail.

04:25.800 --> 04:33.770
As you can see, as I am clicking on different packets, information keeps changing in the packet detailed

04:33.810 --> 04:34.390
section.

04:34.440 --> 04:36.000
Then we have packet bytes.

04:36.360 --> 04:39.600
This is the packet byte section at the bottom.

04:39.990 --> 04:50.940
Packet bytes displays contents of the selected packet in its a raw form of binary or hexadecimal.

04:51.210 --> 04:53.910
Hexadecimal is the default format.

04:54.120 --> 04:56.530
So let me select, let's say packet number five.

04:56.550 --> 04:59.880
Now packet bytes is displaying.

05:00.050 --> 05:08.330
All the information or content which is inside the selected packet in hexadecimal.

05:08.600 --> 05:14.240
Like I said earlier, it displays content in its original form.

05:14.570 --> 05:25.070
So if a packet contains an encrypted or data in plaintext, then it displays the unencrypted data as

05:25.070 --> 05:25.730
it is.

05:26.000 --> 05:27.660
Let's take an example.

05:27.680 --> 05:36.680
As you can see in the packet, a number five, we have a domain name, beacon dot LGBT two dot com.

05:36.770 --> 05:38.480
Right, which is an encrypted.

05:38.750 --> 05:48.020
And on the right side of packet about section, we can see the domain name beacon dot dot com.

05:48.030 --> 05:48.440
Right.

05:48.680 --> 05:56.360
So an encrypted data is always displayed on the right side in the packet about a section.

05:56.360 --> 05:59.450
Information is not organized right.

05:59.660 --> 06:04.760
It is hard to find or read a specific information.

06:05.030 --> 06:14.090
So if you want to check a specific information or value in hexadecimal, then it is actually easy.

06:14.300 --> 06:22.760
So let me expand the user datagram protocol header and I'm going to click on the source board field.

06:23.240 --> 06:32.060
Now packet byte section is highlighting the selected information, which in my case is source board

06:32.270 --> 06:32.930
53.

06:32.930 --> 06:35.450
It is two bytes number.

06:35.630 --> 06:44.360
So if you convert this highlighted hexadecimal number 0035 into decimal, then you will get a 53.

06:44.720 --> 06:45.050
Okay.

06:45.050 --> 06:47.180
Now let me click on a length again.

06:47.180 --> 06:54.020
If you convert the highlighted hexadecimal number into decimal, then you are going to get 70.

06:54.290 --> 07:02.480
So whatever field you click on the packet, a detailed section packet about will automatically highlight

07:02.570 --> 07:08.960
the selected field or value in the field in hexadecimal or a binary.

07:09.230 --> 07:13.460
Now let's change the hexadecimal to binary.

07:13.790 --> 07:16.640
So right click on the blank space.

07:16.790 --> 07:19.490
Click on as base as you can see.

07:19.490 --> 07:23.150
Now we have information in binary, right?

07:23.540 --> 07:31.580
I am going to revert back to the default hexadecimal format because it is a little more readable then

07:31.580 --> 07:32.450
the binary.

07:32.450 --> 07:32.840
Right.

07:33.140 --> 07:36.710
So right click again show bytes as hexadecimal.