WEBVTT 00:02.520 --> 00:11.130 In this video we are going to learn about the Wireshark profiles how to create a delete and configure 00:11.130 --> 00:12.300 the profiles. 00:12.330 --> 00:18.720 Wireshark profiles help us to optimize the performance of Wireshark. 00:18.870 --> 00:19.350 All right. 00:19.350 --> 00:22.260 So what is the Wireshark profile? 00:22.290 --> 00:26.560 A profile saves the settings and configurations. 00:26.670 --> 00:32.970 Changes that you make to Wireshark are saved into the profile. 00:33.000 --> 00:36.810 It depends on the profile that you are using. 00:36.960 --> 00:42.060 Every change that you make is saved into the default profile. 00:42.060 --> 00:49.470 By default, when you install the Wireshark, Wireshark creates a default profile for you. 00:49.560 --> 00:55.680 Every change or setting that you make gets written into the default profile. 00:55.830 --> 01:04.470 For example, let me increase the font size here, and I also want to hide the, let's say, destination 01:04.470 --> 01:04.860 column. 01:04.860 --> 01:07.620 So right click and click on the destination. 01:07.620 --> 01:10.500 As you can see, the destination column has been hidden. 01:10.530 --> 01:14.280 Now let me close the Wireshark and restart it. 01:15.170 --> 01:22.000 As you can see, guys, all the changes that I made before closing the Wireshark are intact. 01:22.010 --> 01:26.750 Font size has been maintained and destination column is also hidden. 01:26.780 --> 01:32.180 Now your question might be why we need profiles, right? 01:32.210 --> 01:41.150 Wireshark is used for multiple tasks like capturing packets, detecting and analyzing different types 01:41.150 --> 01:43.340 of packets and threats. 01:43.340 --> 01:44.370 ATC Right. 01:44.390 --> 01:54.530 So to get the different tasks done quickly and efficiently, then we have to configure and modify Wireshark 01:54.530 --> 01:57.590 differently according to the given task. 01:57.830 --> 02:07.040 Now it is a time consuming process when you have to configure and reconfigure Wireshark for every different 02:07.070 --> 02:07.580 task. 02:08.120 --> 02:08.630 Right? 02:08.630 --> 02:12.500 So this is what the Wireshark profiles solve. 02:12.710 --> 02:21.230 So instead of configuring and reconfiguring Wireshark for different tasks, we can create profiles. 02:21.260 --> 02:27.680 Once you create profiles, then you can switch between them with a single click. 02:27.710 --> 02:32.390 Wireshark allows us to create multiple profiles. 02:32.420 --> 02:37.320 Each profile can have different settings and configurations. 02:37.340 --> 02:42.090 We can configure each profile according to the given task. 02:42.140 --> 02:52.040 For example, we can create one profile just for capturing packets and another profile for analyzing 02:52.040 --> 03:01.040 packets, and third profile for, let's say, detecting WiFi attacks and another profile for analyzing 03:01.310 --> 03:02.660 HTTP traffic. 03:02.760 --> 03:08.840 ATC right now let's do it practically to understand its real power. 03:08.870 --> 03:12.770 On your bottom, right click on profile. 03:12.800 --> 03:20.600 It displays all the profiles default and the profiles that you have created. 03:20.630 --> 03:22.760 These are the default profiles. 03:22.880 --> 03:28.340 Wireshark automatically creates these profiles when you install it. 03:28.460 --> 03:28.940 Right. 03:28.940 --> 03:31.370 And this is the default profile. 03:31.490 --> 03:32.060 Default. 03:32.330 --> 03:37.190 It is currently in use as indicated by this article. 03:37.220 --> 03:43.760 All the changes that you make are saved to this default profile. 03:43.790 --> 03:48.500 Now we can switch between these available profiles. 03:48.560 --> 03:50.780 So let me click on, let's say, Bluetooth. 03:50.900 --> 03:52.220 As you can see, guys. 03:53.380 --> 04:00.130 Each profile has a different appearance and configurations right now. 04:00.160 --> 04:03.390 Let's create our own profile. 04:03.400 --> 04:08.600 So go to the edit, click on Configuration Profiles. 04:08.620 --> 04:15.280 Another way to access Configuration Profiles is right click on a profile. 04:15.340 --> 04:17.860 Click on Manage Profiles. 04:18.070 --> 04:23.950 Now to demonstrate the profiles I'm going to create to profiles. 04:24.040 --> 04:31.030 One for capturing packets and another for analyzing DHCP packages. 04:31.240 --> 04:36.470 So to create a new profile, click on plus a button. 04:36.490 --> 04:40.270 Now give your profile a name. 04:40.300 --> 04:43.930 I'm going to start with creating a capture profile. 04:43.930 --> 04:49.600 So capture profile you can give any name to your profile. 04:49.630 --> 04:51.040 Now hit enter. 04:51.190 --> 04:52.090 Now click on. 04:52.090 --> 04:52.850 Okay. 04:52.870 --> 04:54.850 Again, click on Profile. 04:54.970 --> 05:02.440 As you can see, guys, the capture profile has been created and it is currently in use. 05:02.590 --> 05:06.910 All the profiles that you create appear here. 05:06.940 --> 05:10.090 Now let's configure this capture profile. 05:10.150 --> 05:14.830 First thing that I'm going to do is increase the font size. 05:16.080 --> 05:22.020 When you are capturing packets, we don't need these two panels. 05:22.020 --> 05:25.320 Write packet details and packet bytes. 05:25.320 --> 05:28.470 They unnecessarily occupy the space. 05:28.710 --> 05:30.100 So go to The View. 05:30.120 --> 05:32.010 Click on packet details again. 05:32.010 --> 05:34.190 We will click on packet bytes. 05:34.200 --> 05:39.340 Now we can easily, you know, monitor the packets that Wireshark captures. 05:39.360 --> 05:44.610 Now let's create a profile for analyzing TCP packets. 05:44.610 --> 05:46.380 So right click on a profile. 05:46.440 --> 05:50.700 Click on Manage Profile again, click on Plus Button. 05:50.910 --> 05:59.520 Now give your profile a new name, TCP IP Analysis Press enter, click on. 05:59.520 --> 06:05.040 Okay, now let me pull up the packet bytes and packet details. 06:06.730 --> 06:13.030 As you can see, DHCP profile has been created and it is currently in use. 06:13.060 --> 06:22.660 Now let's configure this DCP analysis profile and I'm going to look at some DCP packets now, expand 06:22.660 --> 06:24.700 the DCP values. 06:24.700 --> 06:32.200 And here I want to add a few fields from TCP IP into these columns. 06:32.200 --> 06:35.770 But so I'm going to add a sequence number field. 06:35.770 --> 06:39.760 So right click on it, click on Apply S column. 06:39.790 --> 06:43.810 As you can see, sequence number field has been added. 06:43.810 --> 06:50.440 I'm also going to add acknowledgement number field right click click on Apply S column. 06:50.650 --> 06:55.930 And another field that I would like to add is Windows. 06:56.860 --> 06:58.780 Apply as a column. 06:58.960 --> 07:06.730 As you can see, all the three fields have been added sequence number, acknowledgment number and receive 07:06.730 --> 07:07.630 window. 07:07.660 --> 07:14.680 It is a neat and basic profile for analyzing the TCP traffic. 07:15.010 --> 07:24.390 Now that I have created this TCP analysis profile, I can switch between all these available profiles. 07:24.400 --> 07:30.670 When I want to capture packets, then I can switch to capture the profile, right? 07:30.670 --> 07:40.480 And when I want to analyze TCP traffic, then I can easily switch to TCP analysis profile. 07:40.660 --> 07:45.270 And in this way, you can create as many profiles as you like. 07:45.520 --> 07:47.650 There is no limit to it. 07:47.680 --> 07:53.530 Now we are going to learn how to save or export the profiles. 07:53.680 --> 07:59.020 Wireshark allows us to export the existing profiles. 07:59.050 --> 08:07.810 Once you export a profile, then you can use that profile on other systems as well, right? 08:07.840 --> 08:16.360 Another advantage of exporting a profile is that if you delete a profile from here, then you can import 08:16.360 --> 08:18.340 the saved profile. 08:18.400 --> 08:18.900 Right. 08:18.910 --> 08:22.000 So how to export a profile? 08:22.030 --> 08:26.020 Click on the profile that you want to export. 08:26.020 --> 08:28.120 Then click on export. 08:28.210 --> 08:31.540 Click on one selected personal profile. 08:31.570 --> 08:34.540 Then give your profile a name. 08:35.760 --> 08:37.500 Now click on Save. 08:37.650 --> 08:42.330 As you can see, profile has been exported or saved. 08:42.420 --> 08:47.150 Wireshark saves profiles in dot zip format. 08:47.160 --> 08:49.380 Now how to remove a profile. 08:49.380 --> 08:51.090 It is easy as well. 08:51.120 --> 08:58.530 Click on the profile that you want to remove, then click on minus button and click on okay. 08:58.560 --> 09:00.450 Now let me click on profile. 09:00.450 --> 09:06.810 As you can see guys, the DHCP analysis profile is no longer appearing here. 09:06.810 --> 09:12.540 Right now let's import a profile to import profile. 09:12.990 --> 09:14.430 Click on import. 09:14.430 --> 09:19.920 Either you can import from a zip file or from a directory. 09:19.920 --> 09:26.550 I have a profile in the dot zip format, so I'm going to click on from zip file. 09:26.580 --> 09:30.030 Now click on the profile DHCP analysis. 09:30.030 --> 09:33.540 As you can see, guys, profile has been imported. 09:33.540 --> 09:37.470 Now to use it, click on it, click on. 09:37.470 --> 09:38.160 Okay. 09:38.190 --> 09:42.720 As you can see, guys, the TCP analysis profile is back. 09:42.720 --> 09:47.070 It has been successfully imported and applied.