Thank you for everything, David. After two years in college I was just hired last week as a remote Web and Mobile App Designer and Developer. Because I am also OSCP certified, it drastically raised my salary and the fun level of my position. And a lot of your courses are to thank for this; college is just for the paper or "degrees"."
Legit TCP flows or hacking attacks? Can Wireshark help us to decode the flows and see if the traffic is malicious? // WIRESHARK FILE // Download here: www.dropbox.com/s/pvytdvkvxl8b41n/SYNScan_GeoIP_ChrisGreer.pcapng.zip?dl=0 // MAXMIND // How to: wiki.wireshark.org/HowToUseGeoIP Maxmind: www.maxmind.com/en/home // MY STUFF // www.amazon.com/shop/davidbombal // SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal TH-cam: th-cam.com/users/davidbombal //CHRIS GREER // Udemy course: davidbombal.wiki/chriswireshark LinkedIn: www.linkedin.com/in/cgreer/ TH-cam: th-cam.com/users/ChrisGreer Twitter: twitter.com/packetpioneer // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
I like when you ask questions David. It's often something I'm wanting to ask, or sometimes something I should be asking but didnt even ask in my mind. Thanks again!
In response to the question, I'd prefer if you wrote/noted the questions for later and just let the person talk because you never know what cool lessons/tips/stories you missed out on because their flow/train of thought was stopped. Just pick up at the end LOVE the content! This has me busy and working towards real goals out of deep pit of depression I've been in for years, thank you David :)
Solid content. Knowing what normal/innocuous traffic patterns look like helps you identify the suspicious traffic patterns. Chris's focus on TTL, window size, and sequence numbers is a really great example of how a seasoned analyst approaches pcap.
I came across to this demo, it was really helpful for me to learn about Maxmind and integrated to my Wireshark. Thanks to you and your host for put time on making this video.
Something to note: Industrial control system protocols commonly utilize 20 byte header lengths. It's done for efficiency. But arguably they don't generally run on TCP port 80.... and hopefully not over the internet. Great video guys
For me I prefer if u r asking question around because it gives us more information and it can help us understand topic better from other point of view. And I see that you have really good questions from student point of view David.
As always, Thank you David! If you can please do a walkthrough series on Kali Linux Tools, that would be awesome. There was a video where you showed us how to use Wifite properly, how to configure it and also how to troubleshoot common problems (which i think is a phenomenon! No-one bothers itself to explain how to solve those problems, but you did make a separate video just to show us how to fix problems we all have encountered while working with that tool). Sience many people want to learn ethical hacking and this channel is by far my favorite resource, making a series of videos explaining each and every tool that is shipped with Kali has a really good potential. Also, the way you explain things is absolutely incredible and makes difficult things to be super easy to grasp. Thats the main reason why im asking you for this! Ive got nothing more to say and im really looking forward to see those videos!
Questions. Always ask, even if is a "dumb" one. The answer is what matters and what is needed. Great video (even the first 5 min are good enough) Thanks again David Bombal.
Another awesome video!!! Thank you guys for showing us how to read and interpret the packet capture in wireshark!!! I have a new and easier understanding of what I am looking at! Supurb explanation! Now I have a new toy through GOIP!! I would love to see NMAP in action in wireshark! Thanks David and Chris! Cheers!
I can't tell if that's just David's personality, but I notice he's one of those people that talk over you in a Convo lol ... Chris can't get out a full sentence before David interrupts him ..either way both of these guys are brilliant as well as the video ...love it !
Hi! Great video! I was blown away over this! But it might be just me that is a complete noob. I just find a TCP-handshake file with 15 packets in the WireShark-link above? Should it not be the complete file from the attack Chris is using in the video?
Very interesting. I have done a lot of statistical analysis in other domains. Would love to see more statistical analysis examples in Wireshark. And how to export data, filtered or not filtered, to a statistical analysis package.
I can imagine a lot more utility then just for attacks. Makes me think of EtherPeek IP Maps, the old sniffer pro ip matrix or Skitter application that is or used to be available via CAIDA - pretty cool. Did not know that feature set was available for Wireshark
Hey Chris. In this video, you mention a low number in a suspicious 34000 range. Is this number randomly chosen by the server, browser, or person initiating the packet? and what if this number was in the high number range?
If the TTL number is close, would it not mean that the source is from the same location? Perhaps the hops were changed up a bit such as sent through various VPNs?
so, if UDP is connection-less, but QUIC is happening over UDP, AND has a connection ID and session ID (TLS), are we now to consider UDP in some cases connection oriented, or just consider QUIC connection oriented? I hope my question makes sense to others.
Please try again using this link: davidbombal.wiki/tcphackers1 - NOTE please that your browser may cache the incorrect link so you may need to use a private / incognito window or different browser if it doesn't work for you
Hi, David and Chris, I'm having a hard time making it work on my Windows version of Wireshark. I downloaded it for MMDB but it was formatted in tar.gz not .mmdb. So I formatted it to .mmdb, point it to my path folder, restarted Wireshark but no luck. Is there something I'm missing?
There was a problem with the download link. Please try downloading again using the Dropbox link in the video description. It is a zip file that you need to download
Hello David, Seems the pcap file that was uploaded to Dropbox only showing 15 packets. I not applied any filters. Could you please check and assist on this.
I have a question, I'm a beginner, And I do not understand where should I start, from where should I study? I don't understand anything..... Love❤️ from india 🇮🇳
Thank you for everything, David. After two years in college I was just hired last week as a remote Web and Mobile App Designer and Developer. Because I am also OSCP certified, it drastically raised my salary and the fun level of my position. And a lot of your courses are to thank for this; college is just for the paper or "degrees"."
That is awesome! Congratulations!!!
These are blessing comments! David is my IT hero and my life is changing as well.
I say David is making art, and we cant thank him enough!
Legit TCP flows or hacking attacks? Can Wireshark help us to decode the flows and see if the traffic is malicious?
// WIRESHARK FILE //
Download here: www.dropbox.com/s/pvytdvkvxl8b41n/SYNScan_GeoIP_ChrisGreer.pcapng.zip?dl=0
// MAXMIND //
How to: wiki.wireshark.org/HowToUseGeoIP
Maxmind: www.maxmind.com/en/home
// MY STUFF //
www.amazon.com/shop/davidbombal
// SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
TH-cam: th-cam.com/users/davidbombal
//CHRIS GREER //
Udemy course: davidbombal.wiki/chriswireshark
LinkedIn: www.linkedin.com/in/cgreer/
TH-cam: th-cam.com/users/ChrisGreer
Twitter: twitter.com/packetpioneer
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
I like when you ask questions David. It's often something I'm wanting to ask, or sometimes something I should be asking but didnt even ask in my mind. Thanks again!
In response to the question, I'd prefer if you wrote/noted the questions for later and just let the person talk because you never know what cool lessons/tips/stories you missed out on because their flow/train of thought was stopped.
Just pick up at the end
LOVE the content! This has me busy and working towards real goals out of deep pit of depression I've been in for years, thank you David :)
Thank you guys for collaborating. Chris Greer is amazing. Strange that I never came across him before. Thanks again!
Solid content. Knowing what normal/innocuous traffic patterns look like helps you identify the suspicious traffic patterns.
Chris's focus on TTL, window size, and sequence numbers is a really great example of how a seasoned analyst approaches pcap.
I came across to this demo, it was really helpful for me to learn about Maxmind and integrated to my Wireshark. Thanks to you and your host for put time on making this video.
Something to note: Industrial control system protocols commonly utilize 20 byte header lengths. It's done for efficiency. But arguably they don't generally run on TCP port 80.... and hopefully not over the internet.
Great video guys
Like BACnet?
please don't let down those long video version i've enjoyed them a lot and waiting for more ( TCP/IP, scapy, Linux ...) 🔥🔥
David, every video you make is non trivial and some kind of fantastic. Thanks Chris for sharing knowledge!
For me I prefer if u r asking question around because it gives us more information and it can help us understand topic better from other point of view. And I see that you have really good questions from student point of view David.
As always, Thank you David!
If you can please do a walkthrough series on Kali Linux Tools, that would be awesome.
There was a video where you showed us how to use Wifite properly, how to configure it and also how to troubleshoot common problems (which i think is a phenomenon! No-one bothers itself to explain how to solve those problems, but you did make a separate video just to show us how to fix problems we all have encountered while working with that tool).
Sience many people want to learn ethical hacking and this channel is by far my favorite resource, making a series of videos explaining each and every tool that is shipped with Kali has a really good potential.
Also, the way you explain things is absolutely incredible and makes difficult things to be super easy to grasp. Thats the main reason why im asking you for this!
Ive got nothing more to say and im really looking forward to see those videos!
Thank you. Great suggestion 😄
Fantastic content once again, proving that you are a top-tier content creator for IT. Thank you and thank you Chris Greer!!
Thank you, David, and in this video Chris too. Your content is great, and I been following you for a while....Keep it up and keep it coming :)
David this was fantastic! I enjoyed that a lot. Keep bringing the excellent content. I really appreciate you!
Questions. Always ask, even if is a "dumb" one. The answer is what matters and what is needed.
Great video (even the first 5 min are good enough)
Thanks again David Bombal.
Thank you. I'll do that 😄
Grazie David per i contenuti che divulghi....io sono Italiano e ti seguo da un po...mi hai aperto un mondo....😊
Another awesome video!!! Thank you guys for showing us how to read and interpret the packet capture in wireshark!!! I have a new and easier understanding of what I am looking at! Supurb explanation! Now I have a new toy through GOIP!! I would love to see NMAP in action in wireshark! Thanks David and Chris! Cheers!
I can't tell if that's just David's personality, but I notice he's one of those people that talk over you in a Convo lol ... Chris can't get out a full sentence before David interrupts him ..either way both of these guys are brilliant as well as the video ...love it !
Such pleasure its real chrismus to have u here guys its so instructive God bless u
Thank you Majid!
This is great. I love it when you ask lots of questions. I am usually asking the same ones in my head. Perfect!
Thanks David after 6 months moving in US I got job RTP because I am also CCNA certified.
Huge congratulations Patrick! Well done!
Love these videos! Could watch for hours
Great video. Great Collaboration. I would really enjoy the nmap analysis.
Thank you David and Chris for this amazing video. Very useful content.
Thanks, David and Chris! Amazing content that helps us a lot in our everyday work!
Bunch of questions is great david thank you
Love your videos since day one I have learnt alot from you continue doing this great work 💪
Great vid - lekker man!
Love the Blue Hat training vids - greatly appreciated!
Happy to hear that :)
wow this is so interesting to watch and learn from the pros. thanks david for this video.
Thank you so much David.. I'm a big fan of yours..
Happy merry Christmas 🎄..
Nice conversation both of you chris and DB❤️❤️❤️ are marvelous stuff giving persons
Thank you. Lots of fun talking with Chris about Wireshark 😄
Hi! Great video! I was blown away over this!
But it might be just me that is a complete noob. I just find a TCP-handshake file with 15 packets in the WireShark-link above? Should it not be the complete file from the attack Chris is using in the video?
Thanks. Please try this link: davidbombal.wiki/tcphackers1 - looks like I made a mistake :(
@@davidbombal Hm. It looks like this link is directing to the same file as the other link??
Same File , Just 15 packets.
Very interesting. I have done a lot of statistical analysis in other domains. Would love to see more statistical analysis examples in Wireshark. And how to export data, filtered or not filtered, to a statistical analysis package.
Very good work mate! helped a lot with a uni assignment!
Excited next video with how nmap scan
Q: Can we get copies of the wireshark profiles used?
Love You David Bombal
Thank you!
I can imagine a lot more utility then just for attacks. Makes me think of EtherPeek IP Maps, the old sniffer pro ip matrix or Skitter application that is or used to be available via CAIDA - pretty cool. Did not know that feature set was available for Wireshark
David and chris are the best
Thank you!
Amazing analysis, thanks 👍
This is GOLD! Thank you!
Hey Chris. In this video, you mention a low number in a suspicious 34000 range. Is this number randomly chosen by the server, browser, or person initiating the packet? and what if this number was in the high number range?
thank you David for this I learned a lot ..want some more videos like this
Congrats sir we ill reach soon 1million best wishes master. ❤️❤️❤️❤️❤️❤️❤️
Thank you!
Really interesting stuff ☺️
Thank you!
keep on asking questions david, we all have the same questions!
Great stuff and I vote for nmap
If the TTL number is close, would it not mean that the source is from the same location? Perhaps the hops were changed up a bit such as sent through various VPNs?
You the best david keep 🔥❤
Sometimes David asks very basic questions but I guess it doesn't hurt
Ask away David, most cases what I was thinking thx
What a great video, very nice 👍🏻
Thank you very much!
more Chris. more Chris. more Chris.
Do you have a podcast by chance? I enjoy hearing you talk about anything computers related.
Great Video Sir David ....
Glad you liked it!
so, if UDP is connection-less, but QUIC is happening over UDP, AND has a connection ID and session ID (TLS), are we now to consider UDP in some cases connection oriented, or just consider QUIC connection oriented? I hope my question makes sense to others.
From my understanding, quic is a protocol with connection oriented properties running over udp. UDP itself is not connection oriented
The trace file in the download link only contains the TCP Handshake with 15 packets. Is the trace file used in this video available to download?
Please try again using this link: davidbombal.wiki/tcphackers1 - NOTE please that your browser may cache the incorrect link so you may need to use a private / incognito window or different browser if it doesn't work for you
Great Content
Thank you!
Thanks for video :) very informative.
Glad it was helpful!
One more question for Chris what's u re idealy profile in whshark in order to get a max of infos when we try to track the wierd packets thx
I'll ask Chris to cover Wireshark profiles in another video 😄
@@davidbombal GOd bless u David and have wonderful Christmas with all u re be loved ones
Ok thats great guys, so how do we block it!??
Hi, David and Chris, I'm having a hard time making it work on my Windows version of Wireshark. I downloaded it for MMDB but it was formatted in tar.gz not .mmdb. So I formatted it to .mmdb, point it to my path folder, restarted Wireshark but no luck. Is there something I'm missing?
There was a problem with the download link. Please try downloading again using the Dropbox link in the video description. It is a zip file that you need to download
Hi
Big fan of you and your videos
Thank you so much 😀
what a video!!
Go for nmap for the next video
How do you stop the traffic once you notice this is not normal traffic. Or it's not real time analysis
Hello David I have a problem with Kali Linux in VMBox. When I use firefox, my CPU is 100% overloaded . What can I do against it?
Hello David,
Seems the pcap file that was uploaded to Dropbox only showing 15 packets. I not applied any filters. Could you please
check and assist on this.
Please try this link: davidbombal.wiki/tcphackers1
@@davidbombal Same 15 Packets only. 😢
@@davidbombalOnly 15 packets in the PCAP file
Can you share the link to PCAP file please. The one shared only has the Videos but not PCAP
Thanks. I've fixed the link. Please download again. davidbombal.wiki/tcphackers1
Wonderful!
Great. Thank you guru.
Cheers Mate.
Mannnn, this is just cool
Imagine heart and comment from Devid Sir
You got it! Now what?
@@davidbombal now I am Gonna Fall in love for You
I havnt watched the whole video. But yes, ASK AWAY!!!
LOTS OF QUESTIONS
3:50 now give compare very popular website are they 1 second part.
Print ("hello David")
Hello!
Love from 🇧🇩
Thank you and welcome!
First sir. Good evening ❤️❤️❤️❤️❤️
Good evening! And thank you for your support!
@@davidbombal always you are my inspiration, role model,my Master 😘😘😘😘
Can I use witeshark on the new M1 MacBook?
yes
@@gabethedog4043 thanks bro.
Sir I'm your Big fan
Thank you!
Sir how to hack any Android phone by sending image file. It's possible
Is it possible?
Yes
No it's not possible since we can't have a backdoor like processing the payload as a backdoor when the img is opened if I'm not wrong!
@@shlokjhunjhunwala7082 but how
@@hack4peace but how
David sir, I like that..
Really happy to hear that
how to stop my terminal from saving history in kali linux 2021.4
Nice video
Thank you very much!
Yeh, ask questions
Thanks. I'll do that 😄
I think machine learning algorithms can detect those types of patterns and malicious traffic in real time
Cheers! P;S. Keep on asking questions.. d ; } #DavidBombal
Nmap
Keep going
Thank you!
you the best
phone verification not working on discord
thx u.
informative
Glad you enjoyed the video 😄
I have a question,
I'm a beginner, And I do not understand where should I start, from where should I study? I don't understand anything.....
Love❤️ from india 🇮🇳
Network+ or CCNA are a great way to start learning basics. Watch this video for more tips: th-cam.com/video/SFbV7sTSAlA/w-d-xo.html
@@davidbombal ohh men, thanks a lot, I didn't think you would reply to my comment ,Thanks sir, ♥️♥️
Greetings from Russia! You put us on the map! LOL
I want question ans conversion
Sir
Love from India
Iam a CCNP student
Should I learn python for future
Good
Thank you Fahad!