Thank you, Chris! Ever since I watched you on David Bombal's channel, I have become a fan of your teaching style. I am a Systems Engineer and you have greatly helped my understanding of the network side.
Here is an outline detailing each topic and the actions taken in Wireshark from the video: I. FTP Port number: 21 Actions: Filtered for "ftp" to only see FTP payload packets (33 packets) Filtered for "tcp.port==21" to see TCP handshake/overhead packets too (101 packets) Showed login and password in cleartext Showed example of port scan at end of FTP conversation II. SSH Port number: 22 Actions: Filtered for "tcp.port==22" Showed encrypted traffic after initial version request info III. Telnet Port number: 23 Actions: Filtered for "tcp.port==23" Showed cleartext data with ASCII interpretation Used "Follow TCP Stream" to view client-server communication IV. SMTP Port numbers: 25, 587 Actions: Filtered for "tcp.port==25" Showed cleartext and StartTLS encrypted examples V. DNS Port number: 53 Actions: Showed need to use UDP instead of TCP Showed DNS request and response VI. DHCP Port numbers: 67, 68 Actions: Filtered for just "dhcp" Showed discover, offer, request, ack flow VII. TFTP Port number: 69 Actions: Showed read request for file VIII. HTTP Port number: 80 Actions: Filtered for "tcp.port==80" Showed GET request and web server response in cleartext Used "Follow TCP Stream" to view web banner IX. POP3 Port numbers: 110, 995 (TLS) Actions: Filtered for "tcp.port==110" Showed login info in cleartext X. IMAP Port numbers: 143, 993 (TLS) XI. NTP Port number: 123 Actions: Filtered for just "ntp" Showed NTP client-server communication XII. SNMP Port number: 161 (UDP) Actions: Filtered for "udp.port==161" XIII. LDAP Port number: 389 Actions: Filtered for "tcp.port==389" Showed simple LDAP login XIV. HTTPS Port number: 443 Actions: Filtered for "tcp.port==443" Showed initial client hello in cleartext XV. SMB Port number: 445 Actions: Filtered for "tcp.port==445"
This is such a badass channel! Always great explanations and real world examples and with a pcap file attached! Thank you Chris for always providing great FREE training.
Yup so glad David B. Had him on his channel. This channel hits the spot for great breakdowns and easy to digest as far as his topics. This guy was meant to teach.
it's been a week since i'm gathering through your video, those video are so helpful for my understanding of the network. Thank you for the time that you spent creating and editing those video. sincerely
pretty easy, straightforward stuff; learned all this in the 90s and thankfully have retained most of it. Thank you for the review. Memorizing really obscure stuff like HSRP using port udp 1985 was fun too.
Oh heck ya!! This video is an excellent review of ports and protocols as a NOOB, but I’m also going to use it to get more comfortable with Wireshark. Thanks Chris!
Interesting and very clear video. But I wonder why you should have to KNOW all them port numbers. I feel it makes more sense to understand the purpose and global working of the protocol. The details are easy to find. The port number is very useful, of course, but easy to look up. Or do they ask you at exams "What is the port number for FTP?"
Like I said in the video, if you are studying for a cert, this stuff will definitely come up on the test. Also - if you are doing more packet analysis or network enumeration, learning the port numbers will really help speed up your analysis.
@@ChrisGreer I am sure that if I ever do some real work in this field I will pick up the most common port number quickly. Just learning them is pointless. They are after all not like traffic signs where there is no time to ask Google. I prefer to acquire knowledge, not facts. All this assumes that there is no logic in the port numbers used. I am just looking at your excellent videos because I like to know a little more about it.
love the video chris , can I ask if u can do a deepdive into dns so we see the headers and the flags and how they are used in ddos and dns recursive flood , thanks for sharing
Thanks chris again. Amazing explanation. Chris can we bypass HSTS protocol means we can downgrade it to http. I research on it but i can't read any reliable content about it. So chris if you konow any method than please make a videos on it
Today in class we needed to look at a SMTP and a POP3 file in wireshark, and I asked if SMTP can be encrypted. They said no. Argh, so frustrating to hear that it can be, after all.
Hello Mr Chris , am kindly asking where can I get some the trace files you captured for the different kinds of attacks on you device . I would like to go through them for my own understanding.
Hello Ramson - I usually put the pcap I am working with in the description for most of my videos. If I didn’t put it there it is because I couldn’t, or it just was not a good one to share. Thanks for the comment.
Chris, amazing video and also the conversation with David Bombal. I have a workshop coming up that I would love for you to present at in San Juan, Puerto Rico. If interested, please reply and we can discuss. The workshop is in May with the Department of Homeland Security. Thanks
Please help... If DHCP 'gives' a computer an ip address... what does it mean to give an 'address to an address'. This seems like sending a letter to someone's address and contained within the letter is an address?? How can the 'new dhcp address' reach the address if there is no address??
@@ChrisGreer congratulations for 50k subscribers soon you will reach one million subscribers . You are delivering a great content in TH-cam . Once again thank you for all this knowledge.
hello #MRGREER entire video very intriguing, but as a novice who searched TH-cam: How To HTTP CUSTOM Android App, I seen this video. Question: How would the information you provided would help me with #HTTPCustom App ? #ThankYou #ChrisGreer
Can't wait to watch this video in full after work today!! Some of the best cyber security/networking content on TH-cam!
Thanks Caleb!
fuckin epic no intro , no product placements straight dive into topic luv it
Thank you, Chris! Ever since I watched you on David Bombal's channel, I have become a fan of your teaching style. I am a Systems Engineer and you have greatly helped my understanding of the network side.
Same here. I’m learning way more than I was - thank you!
same here!
0:48 FTP
4:25 SSH
5:56 Telnet
9:01 SMTP
12:24 DNS
14:18 DHCP
Here is an outline detailing each topic and the actions taken in Wireshark from the video:
I. FTP
Port number: 21
Actions:
Filtered for "ftp" to only see FTP payload packets (33 packets)
Filtered for "tcp.port==21" to see TCP handshake/overhead packets too (101 packets)
Showed login and password in cleartext
Showed example of port scan at end of FTP conversation
II. SSH
Port number: 22
Actions:
Filtered for "tcp.port==22"
Showed encrypted traffic after initial version request info
III. Telnet
Port number: 23
Actions:
Filtered for "tcp.port==23"
Showed cleartext data with ASCII interpretation
Used "Follow TCP Stream" to view client-server communication
IV. SMTP
Port numbers: 25, 587
Actions:
Filtered for "tcp.port==25"
Showed cleartext and StartTLS encrypted examples
V. DNS
Port number: 53
Actions:
Showed need to use UDP instead of TCP
Showed DNS request and response
VI. DHCP
Port numbers: 67, 68
Actions:
Filtered for just "dhcp"
Showed discover, offer, request, ack flow
VII. TFTP
Port number: 69
Actions:
Showed read request for file
VIII. HTTP
Port number: 80
Actions:
Filtered for "tcp.port==80"
Showed GET request and web server response in cleartext
Used "Follow TCP Stream" to view web banner
IX. POP3
Port numbers: 110, 995 (TLS)
Actions:
Filtered for "tcp.port==110"
Showed login info in cleartext
X. IMAP
Port numbers: 143, 993 (TLS)
XI. NTP
Port number: 123
Actions:
Filtered for just "ntp"
Showed NTP client-server communication
XII. SNMP
Port number: 161 (UDP)
Actions:
Filtered for "udp.port==161"
XIII. LDAP
Port number: 389
Actions:
Filtered for "tcp.port==389"
Showed simple LDAP login
XIV. HTTPS
Port number: 443
Actions:
Filtered for "tcp.port==443"
Showed initial client hello in cleartext
XV. SMB
Port number: 445
Actions:
Filtered for "tcp.port==445"
Not gonna lie. Totally underrated video. Definitely going to recommend this to the study group I'm running.
Keep up the good work
This is such a badass channel! Always great explanations and real world examples and with a pcap file attached! Thank you Chris for always providing great FREE training.
Thanks @NetworkNutt! Really happy you found the channel and I appreciate the comment.
Yup so glad David B. Had him on his channel. This channel hits the spot for great breakdowns and easy to digest as far as his topics. This guy was meant to teach.
Incredible lecture! I’ve been studying this information for months and having trouble retaining it, until now. Thanks!
thank you for your great content. not just explaining but showing examples with wireshark!
Tnx for the lecture. Just stumbled to it and find your style really calm and clear
it's been a week since i'm gathering through your video, those video are so helpful for my understanding of the network. Thank you for the time that you spent creating and editing those video.
sincerely
I love the tests that you gave as you introduced each different protocol -- very entertaining!
pretty easy, straightforward stuff; learned all this in the 90s and thankfully have retained most of it. Thank you for the review. Memorizing really obscure stuff like HSRP using port udp 1985 was fun too.
You are doing a great service teaching us all this in a neat and easy way. Thank you.
You are very welcome
you're are such a great teacher, thanks
I love too watch more but i got to up in the morning to prepare for my ccna which is on the 1/2/2023...man i learn so much from you bro....
I have started in this beautiful world of content on TH-cam, I am new to this and here we go with issues of cybersecurity and ethical hacking
Awesome! Welcome to the dark side. :-) Ok just kidding. Enjoy the content!
Great content, thank you!
Great content - simple to understand, but yet lots of good information !
i owe my life to you Chris you rock
that was realy informative thx dear chris good bless u
Glad it helps!
Sir we need more videos like this
Oh heck ya!! This video is an excellent review of ports and protocols as a NOOB, but I’m also going to use it to get more comfortable with Wireshark. Thanks Chris!
Glad it was helpful! Please keep in touch.
Interesting and very clear video.
But I wonder why you should have to KNOW all them port numbers.
I feel it makes more sense to understand the purpose and global working of the protocol. The details are easy to find.
The port number is very useful, of course, but easy to look up.
Or do they ask you at exams "What is the port number for FTP?"
Like I said in the video, if you are studying for a cert, this stuff will definitely come up on the test. Also - if you are doing more packet analysis or network enumeration, learning the port numbers will really help speed up your analysis.
@@ChrisGreer I am sure that if I ever do some real work in this field I will pick up the most common port number quickly.
Just learning them is pointless.
They are after all not like traffic signs where there is no time to ask Google.
I prefer to acquire knowledge, not facts.
All this assumes that there is no logic in the port numbers used.
I am just looking at your excellent videos because I like to know a little more about it.
Straight to the point - thank you.
Chris, you're the man! Thank you so much for sharing all of you knowledge, I continue to learn so much from you and I am so grateful!
Chris the great.Amazing topics as well, if i buy your course i found all of these?
love the video chris , can I ask if u can do a deepdive into dns so we see the headers and the flags and how they are used in ddos and dns recursive flood , thanks for sharing
Excellent explanation Chris!!
Ohhh man . Didnt know i was getting pop quizzed.
Got most of them right.
Like all of your videos, smooth and pleasant. Thank you Chris.
Amazing content as always, one of the best channels on TH-cam
Thank you!!!
one word enough. perfect
Superb!! Why doesn't the teacher teach me like this 😂
Thnaks Chris you explain very well. Best regards from France
Thanks a 4 sharing this valuable information! Cheers!
DNS : TCP/UDP 53
FTP: TCP 21 for Control Channel, 20 for Data Channel
DHCP: UDP 68 for Client, 68 for Server
HTTP: TCP 80
HTTPS: TCP 443
IMAP: TCP 143, over TLS uses 993
LDAP: UDP 389, LDAPs: TCP 636
NTP: UDP 123
POP3: TCP 110, over TLS uses 995
SMTP: TCP 25
SNMP: UDP 161
SMB: UDP 445
SSH: TCP 22
TELNET: TCP 23
TFTP: UDP 69
this is so interesting! Ishould be coding for my work...instead I'm watching these things called packets fly around. 😲
Thanks for the Wonderful content. May I ask why we use SMB while we have FTP or SFTP, all of them used for transfer file, right?
thank you so much Chris........I'm so happy for the content you've been providing. love from Sierra Leone
Thank you Ray!
Superb content…thank you for this 🙏
Awesome work man. Thank you.👍🙏
Thanks for informative video Chris!
Don't forget snmp runs on 162 as well when utilizing traps
Thanks chris again.
Amazing explanation.
Chris can we bypass HSTS protocol means we can downgrade it to http.
I research on it but i can't read any reliable content about it. So chris if you konow any method than please make a videos on it
Hey! Thanks for the comment. Hmmm… I will need to dig into that and do some testing.
Hi Chris,like from Kyrgyzstan 👍
Wassup!! Thanks for the comment!
TFTP is UDP correct?
This is awesome Chris
Thank you so much Chris.Very informative video!!!Great explanation,love it!!!
Hey Chris, thank you so much for your amazing videos.
Your fans from India 🇮🇳 ♥
I have another question ,please if we tftp uses udp why we see the client makes an ack for the packet ?
Great video. Thanks Chris!
Glad you liked it!
Hey Chris Greer from where u learn this
I started out as a network engineer. I always was amazed at the packet people that were able to fix the stuff that nobody else could. I was hooked!
Chris, another great video! Where could one purchase a packethead T-shirt?
Thanks! You should see links to the merch below the video or on my channel store
Amazing information
Thank you soooooooo muuuuuuccccchhh, I made a protocol post and its on my wall it was sooo much work ToT
You bet! I hope the video helps you remember all this. 👍
Nice and thanks
this was great. subbed
Thanks for the sub!
Thanks Chris.
You are a gift, thank you so much! ❤
Thank you!
awesome work man keep doing these please!! i need the knowledge.
Thanks, will do!
Damm this was fun thank you Chris
thank you so much
Thanks
Quick question:
is it possible that a clients generates 0 length packets with the same sequence and next sequence number?
Yes, if the ack number increases, then it is just acking new data. If the ack number does not increase, it is a duplicate ack.
Today in class we needed to look at a SMTP and a POP3 file in wireshark, and I asked if SMTP can be encrypted. They said no. Argh, so frustrating to hear that it can be, after all.
Hello Mr Chris , am kindly asking where can I get some the trace files you captured for the different kinds of attacks on you device . I would like to go through them for my own understanding.
Hello Ramson - I usually put the pcap I am working with in the description for most of my videos. If I didn’t put it there it is because I couldn’t, or it just was not a good one to share. Thanks for the comment.
You are the best!
Great content
Thank you!
Chris, amazing video and also the conversation with David Bombal. I have a workshop coming up that I would love for you to present at in San Juan, Puerto Rico. If interested, please reply and we can discuss. The workshop is in May with the Department of Homeland Security. Thanks
Hi Vince! Thanks for the comment. Sure let’s chat. I will reach out on LinkedIn.
dns:53, dns over tls:853
Thank you ❤️
You are welcome!
Please help... If DHCP 'gives' a computer an ip address... what does it mean to give an 'address to an address'. This seems like sending a letter to someone's address and contained within the letter is an address?? How can the 'new dhcp address' reach the address if there is no address??
Sir am using andrind phone i don't have laptop, what should i do, please help me out in my career.
Give www.cloudshark.io a try. It is a cloud-based version of Wireshark
You lost me early.
13:55
put translation options in the subtitles please, Chis. thanks
I will look at doing that - thank you for the suggestion!
Waiting for video
Coming soon!
@@ChrisGreer congratulations for 50k subscribers soon you will reach one million subscribers . You are delivering a great content in TH-cam . Once again thank you for all this knowledge.
pickupline nobody gets, I am so nerd, that at the end of my date, I ask my girl for TFTP.
Williams Joseph Lewis Maria Robinson George
Vsftpd 2.3.4 😬 😬
hello #MRGREER
entire video very intriguing, but as a novice who searched TH-cam: How To HTTP CUSTOM Android App, I seen this video.
Question: How would the information you provided would help me with #HTTPCustom App ?
#ThankYou #ChrisGreer