Hands-On Traffic Analysis with Wireshark - Let's practice!
ฝัง
- เผยแพร่เมื่อ 31 ก.ค. 2024
- This was a great room - a bit of a challenge, but we are up for it. Let's take a look at what filters we can use to solve this room quickly.
tryhackme.com/room/wiresharkt...
You can also check out my TryHackMe Wireshark Filters room at:
tryhackme.com/jr/wiresharkfil...
== More On-Demand Training from Chris ==
▶Getting Started with Wireshark - bit.ly/udemywireshark
▶Getting Started with Nmap - bit.ly/udemynmap
== Live Wireshark Training ==
▶TCP/IP Deep Dive Analysis with Wireshark - bit.ly/virtualwireshark
== Private Wireshark Training ==
Let's get in touch - packetpioneer.com/product/pri...
0:00 Intro and Task 1
1:36 Task 2 - Nmap Scans
7:56 Task 3 - ARP Poisoning
15:46Task 4 - DHCP, NetBIOS, Kerberos
23:25 Task 5 - DNS and ICMP
28:23 Task 6 - FTP Analysis
33:18 Task 7 - HTTP Analysis
40:36 Task 8 - Decrypting HTTPS
46:21 Task 9 - Bonus, Cleartext Creds
48:05 Task 10 - Firewall Rules - วิทยาศาสตร์และเทคโนโลยี
We need more content like this
Love these THM video's of yours! Keep up the great job, Chris! 🙏
The password filled in at ~13:43 for "Client986" is not clientnotthere!, but clientnothere! One character difference yet still accepted as a correct answer for the task. Very forgiving :-) Nice video, though!
Hi @ChrisGreer,
I enjoy your videos every time, thanks a lot for your time.
Great stuff Chris👍, keep them coming.👏👏👏👏
Thanks for the guidance I definitely got stuck on a few of the questions. Your video was very informative. Thanks again.
Thank you for taking your time and effort, I really appreciate you share this content. great work 😎
Excellent video by the Master!
Excellent video by the Chris!!!
Hi Chris.
Just FYI, if you are going to make more THM content in the future, you can expand the VM view on THM in the bottoms left corner. It can really help, since most of the time, we don't really need to look at the questions on the left (with the extra space, maybe you can have your cam on at all time). Other than that, great stuff!
WoW! this is awesome vlog series full of information ...wish could have these pcaps
these videos have been helping me along in the soc level 1 thm path. If I could make any comment it would be helpful hearing YOU break down the lesson information instead of skipping to the answer portion of it. I want to understand these protocols, not just- print expression in display filter- copy answer. I have watched your lectures on tcp/ip and other beginer series videos for better understanding, but it feels overwhelming for a newbie.
Great stuff, thanks!
17:39
This man, even raps in his educational videos!
Keep up the content.
That was a great video. Thanks
Thanks Chris
this is gold. great info on how case sensitivity matters. It's a bit advance for me but would have been useful to walk through this prior to sec+
I was going crazy about the number of display packets, I was frantically looking to see where!! thanks for pointing it out. although I am unsure how you knew of duplicates, or was it just a guess and then you confirmed it?
Hey Chris.. do you have any video where you explain all the pre-set filters that you have on wireshark? I saw in some of your videos, folders like nmap, server... and can be interesenting to know which one do you use to analize.
excelent, god protect you. please make more content.
Hi Chris. Can u tell u is there any certificat of Wireshark tjhat we can take ? Thx
Hey mate, was wondering if you could make a video on using Lua to create a script to focus on data of Interests like only HTTP requests rather then looking at a voluminous PCAP. Can be useful for a particular context.
thanks👍👍
Hi Chris. How can i use the wireshark check defined IP use----
Hi Chris thanks for the feedback, you think is better to buy your course from Udemy?
best walkthough guy ever
brilliant
Thanks!
There are any wireshark certificate? I want to take it, plz tell me. Thank mr
What is the command you use with tshark to filter the unique user_agent strings out? I'm assuming its something like tshark user-agent.cap | cut "user_agent" | sort | uniq?
find user-agent and apply as a column
Hello Chris... :) If I want to take the official wireshark certification where can I find it.
At this point there isn’t a certification offered through the Wireshark Foundation… but stay tuned!!
13:26 how did you know there are repated
CHEF CRISP WUZ HERE!
i really loved how you teach wireshark , but your picture covering the most important part of the video!
hopefully you manage it in future videos, maybe resize it? anyway thank you sir :)
Thanks for the feedback - I will def keep that in mind for future videos. It's a balance because I see people drop off when it is just the screen recording. But I can figure that out. Maybe move to the top right during hex analysis.
How did you get "clientnotthere!" When listed in the pcap was "clientnothere!"?
Looks like a minor perception typo error. 😆
@@ChrisGreer haha must be! I thought there might have been some logic to it. But then they have a mistake as they accepted client not there.
Just my luck but for some reason http contains username refuses to display anything
Chris is the shit. Thanks mayne. I still havent had any tcpshow up or http threads. I got to the capture drop down and select it. How do you always have tons of them?? Whats the best filter option to type in? I'm just trying to learn. All I see are just basic neighborhood traffic. Boring shit and nothing special to help me learn. Your videos are th best though
Keep on capturing and you'll find some interesting stuff. On some of my other videos I give you a pcap to follow along. keep watching!
@@ChrisGreer Jesus Christ Chris himself replied.. Appreciate you Mayne. Yeah im in the heart of chicago and just trying to learn everything made my own lab with 3 Macs and a maxed out dell. USB antennas I love Kali and im very impressed with Parrot oS so far. BUT Im just a capable newbie now. not a green newbie who doesn't know anything. I'm getting there. And Im rambling so I'll shut my trap LOL. Thanks homie I'll keep at it
Got Wireshark running now on a Dell and Mac with you videos on two other laptops. Im a nerd
@@ChrisGreer Thanks homie. I love this shit. Broke up with my boring chick cause Id rsther get better at linux while having my dad job as a general contractor. Any questions about building anything fire away! :) I follow you on twitter to get other wireshark and PCAP updates. #nerd
you do need to type. You can copy straight from lab ;)
I enjoy all your work but will you please reduce the size of your pic , Thank you
I'll make sure to do that next time - thanks.
This video is mainly to get the answers, not so much to teach you how to find them. I would look elsewhere if you want to learn how to find the answer(s).
@@wabisabi84 it’s a tough balance to strike as a creator.
Teaching the concepts to find the answers all on your own is the purpose of my channel, so other videos show the overall skill set. I also don’t want this video to be 4 hrs long. It’s an interesting creative/instructive balance.
But hey if you create a long-form “how to” of this video I will absolutely recommend it in the description. 😉
@ChrisGreer
I get what you're saying, and I appreciate the little dig at the end. I'm still learning, but I hope to get good enough to make a video that shows different concepts quickly and get your shout-out in a few years. Looking back at your video, your approach makes sense. This was a vid from a year or so, maybe you found some new concepts to share in your future vids.
@@wabisabi84 I really do appreciate the feedback so please don't get me wrong! And hey, when I started making videos I was very much starting out as well. I mean it, if you ever make even a simple video give me a shout. I would be happy to support you.
@@ChrisGreer Thank you, great chat, I look forward to more of your videos.
Thank you Chris for this amazing content skills
Damn, this was a lot harder to do
Not your fault ,THM have poorly explained rooms. They are like heree you have 5 commands you can use and now for practical part,lets use another 15 you are not familiar with.
Honestly TryHackMe rooms have often poorly instructions what you need to do,because majority of us on thm are novice and need clear instructions. I hope HTB Academy is better in this regard.