Wireshark Tutorial For Beginners | How Wireshark Works | Packet Analysis Explained | Simplilearn

Welcome to SimplyLearn's YouTube channel. Imagine this. You open up your laptop, get connected to internet or Wi-Fi, open YouTube, open Google, send a WhatsApp message, log into Instagram. Seems simple, right? Would you believe if I say behind every click there are invisible packets, thousands of invisible packets which are moving across the internet network in real time. All your passwords, all your searches, all your app requests, your device information and all the communications that you made, every single thing travels through networks as packets. Now, here's the interesting part. What if there was a tool powerful enough to actually capture and inspect all this traffic online? Yes, there is one such tool and that tool is called Wireshark. Wireshark is one of the most powerful network analysis tool used by cyber security professionals, ethical hackers, network engineers, security analysts, governments, and even large tech platforms and companies. It allows you to literally look inside network communications. You can see which websites are being accessed, DNS networks, failed connections, suspicious traffic, suspicious activities, malware communication, packet flaw, and much more. Think of Wireshark like an X-ray machine for network traffic. Normally, network communication is invisible. Vireshark makes it completely visible. And that's exactly why this tool is so important in real world environments. For example, if a company's network is suddenly down or slow or if a cyber attack happens or if some sensitive data gets leaked or if servers stop responding or if some suspicious traffic is detected then one of the first tools that experts often use is Wireshark. In fact, many real world cyber security investigations and network troubleshooting operations heavily depend on packet analysis tools like Wireshark. But here's the good news. You do not need to be an expert hacker or networking professional or cyber security engineer to start learning it. In this tutorial, we will learn Vshark completely from a beginner perspective. We will understand what packets are, how internet communication works, how to capture live traffic, how to analyze protocols, and how professionals inspect network activity in real time. And don't worry, we keep everything simple, visual, and beginner friendly. So, if you have ever wanted to understand what actually happens behind the internet, then this tutorial is going to be incredibly exciting for you. That said, if these are the type of videos you'd like to watch, then hit that like and subscribe buttons along with the bell icon to get notified whenever we host. Also, just that you know, if you want to upskill yourself to master ethical hacking and cyber security skills and land in your dream job or grow in your career, then you must explore SimplyLearn's cohort of various cyber security and ethical hacking programs. Simply learn offers a wide variety of masters, certifications and post-graduate programs in collaboration with some of the world's leading universities and certification boards like triple IT Bangalore and easy council and a lot more. Through our courses, you will gain knowledge and work ready expertise in skills like vulnerability assessment, enterprise security, application security, penetration testing and over a dozen others. That's not all. You also get the opportunity to work on multiple projects led by industry experts working in top tier data and product companies and also some academicans from top universities. After completing these courses, thousands of learners have transition into an ethical hacking profile or a cyber security profile as a fresher or moved on to a higher paying job and position. If you are passionate about making your career in this field, then make sure to check out the link in the pin comment and description box below to find an ethical hacking and cyber security program that fits your experience and areas of interest. So, let's get started with our Wireshark tutorial with a small quiz. So, here's your question. What is the primary purpose of Wireshark? Your options are A designing websites, B capturing and analyzing network traffic, C creating databases and last option D which is editing videos. So please do let us know your answers in the comment section below and without further delay over to our training. Now let's get started by downloading the Vireshark application into the local system. Open up any of the browsers. So I'll open up Google and type vshark download. So click on the first link and here you can see all the options on the top like uh download source code and also you have learn guide resources official documentation community members and other certifications as well. You can also open up documentation and go through some details. For now just scroll down and check all the versions available that are compatible with your system. So x64 is my compatible version. You can also go with Mac or Ubuntu. I'll go with Windows and uh donate and support my bank. Just download. So it might take a couple of time to get downloaded. Let's wait for a moment. So it has been successfully downloaded. Now let's proceed and install it. Let me go to the downloads and it's just simple. Just go with the default options next. And you can also go through the license agreement here. And once you are okay and if you find any o agreed option in the end there is no agreed option just click on noted and it should start installing and now click on next and you can go through the components to install you can also add few components if you need or you can also go with the default setup I'll go with the default setup and uh wireshark option in the start menu desktop I don't want anything on desktop uh click on the next option and you can also go with the default directory or if you want to uh you know download this in a specific location you can just browse and select the file you want to download this in and then click on next and do you want to remove any programs so I don't have any of the wireshark programs pre-installed so I can go with the default setting here just install and it might get started shortly yeah it started installing it might take a few seconds to install there you go the installation is successful and here you can See there are a few options. Let us go with uh the default install option anyways. So I agree or let us explore these. So if you want to restrict your app with admin rights, you can click on the first option and you also have some supports for additional monitor with wireless adapters and you can also install NCAP API compatible mode as well. So let's click on all these options even though if you don't use them, we'll keep them for safe safer side. So now it might take a few moments to install again. Once done, we can proceed. It might take a moment and done. There you go. Now you can click on the next option. Then by clicking on finish, the installation procedure is done. I think it is unpacking a couple of files. It's extracting all the files that we have successfully downloaded and installed in the PC. Just a moment. There you go. It's done. Click on next and click on finish and done. So now we have successfully installed Wireshark. Let me go back to the start menu and fire up the Wireshark. So there you go. So this is how the Vireshark interface looks like. We have not started to you know collect all the packets of data streaming which is connected to the internet. It is just plain wireshot interface which is not actively collecting any data as of now. Let me expand that. So there you go. So you can see the Wi-Fi router which we are currently connected to and adapter for lookup and all those things. Let me go back to the Wi-Fi. Yeah, the first one. And here we have LAN connection and adapter for lookup traffic and all those connections. So we are currently collecting data from Wi-Fi and now uh another one is adapter for lookup look back traffic capture. So a few options on the toolbar here the file option. So here we have the save and all those extra options that we go through once we have captured the packet data and all the HTML files you can save that add and edit you can see some preferences and all the other options that you will be going ahead. So we will be exploring preferences in the upcoming section and now getting to you. So most important thing here is the color conversation coloring rules and the other ones. So color and rules we have a wide variety of options for black TCP we have a dedicated color HSR state change and the TCP RST IP v4TL low and expected and hop limit and all those things like each and every kind of activity or each and every kind of uh you know behavior of the network has a dedicated color to it and the best option is you can also go ahead and customize these colors for your own benefit or requirement but now I'm going with the default options and the next one is the go option. Here you can see uh and uh the next one is the capture as well. So here you can see the options which are the sharp fin logo to start and the stop button to capture the packets and you can also go through them from the capture option as well. Now if you go back to the capture option here you can see the start and stop and analyze is the next option. So here we will have the conversation filter. So basically once we start collecting the data you can see how we apply the filter for example from a dedicated uh IPv4 network or IPv6 network DPv7 DCCP you can just specifically mention and consider or customize that as a filter and another type of filter is once you are connected with a wide variety of web pages and wide variety of Wi-Fi options you can select a particular IP address or a particular network or a particular website and select or stream that particular data only or focus on that particular activity itself. So based on the options here provided right so the selected and all those things you can go ahead with that and if you come into statistics the most important one here is the uh conversations remember that I spoke about the specific IP addresses and IPv4 IPv6 TCP UDP filters those you can do on the statistics conversations option over here and apply them as a filter and don't worry about that we'll also create some dedicated filters so here you can see address AB right once we start collecting the data you can see that stream and all the packet information right here. Let me close that. Once we create some filters, we can also provide some dedicated buttons for that. We'll also explore that particular option. And if you go into telephon here, you have a wide variety of options as well. And you can also go into wireless and all the other LAN options and all the tools that you're going getting access to credentials. And if you want to go ahead with some help, you can also go through the the last option which is help and chat window for support. Now let's start with selecting the Wi-Fi network. And shortly it will start collecting the data packets. It should be visible on the screen shortly. Yeah, there you go. Now the Bioshock has successfully started to collect the uh packets of data or uh the information is being exchanged with uh my system and the Wi-Fi network. Currently it is collecting about 6970 packets. If you look at the bottom right corner, you can see the packet count. And here on the left hand side window you can see the interface and packet exchange and all the information related to the pages etc. So the TCP layer and the Ethernet layer and everything. And on the right hand side you can see the encrypted data. So all the HTTPS websites that we are connected to right now and the information is being exchanged right. So you can see the information being encrypted. And if you have the encrypted key, you can decrypt this and have the information exchange happening between you and the network opened up for you. For now, let's stop this. And here you can see we have successfully collected about 82 packets and there is 0% drop. So basically 100% of data has been successfully collected. And now upon this we can work together and filter few data packets and work on the website or the link that we want to focus on. So now let us open a couple of uh web pages. So I've opened up Amazon web page, Flipkart, GitHub and we've also opened up Simply Learn's official web page. And here we'll open up some courses related to cyber security and generative AI. And let us also open up a website from simply learn which is skill up. So uh let me type down skill up from simply learn or buy simply learn free courses with certificate. So uh yeah the first link over there click on that and let's also open up some courses from scaleup as well. Now we have opened up all these web pages and bioshack is actively collecting all the data related to all these web pages. So here you can see a wide variety of protocols, source and destination IP addresses, the timestamps and the length of the web page and info related to that particular web page. So anything which is related to TCP protocol, you can just directly filter up using the TCP filter on the top right or the left corner over there. Right? Just you can type down the information and hit that enter button which is on the right top corner and you can also expand that in the TCP expanded version or the stream version to see the encrypted TCP format right here and you can just quickly close that and you can see that TCP.stream equal to zero and on the bottom left corner you can see the transmission protocol as well. Now let's say I want to have some information related to the HTTP. So you can just directly type down HTTP. So you can see anything which is active or anything which is existing you can just see the wireshark tool highlighting it in green color and if it is mistaken in the syntax it will highlight as red color. Now let me choose one of these um uh packets and open up the HTTP stream. So here you can see the HTTP web page and this HTTP web page is really powerful. It can have all the information related to any particular web page like the passwords that you enter which are encrypted. If you have the decryption key, you can also decrypt that and you can understand what are the operations happening across this particular web page. That's one good part about it. And here you can see if I open up the HTTP protocol, you'll have all the information related to this particular web page. And you can also apply a filter al together. Let's say uh I want the information related to all the port HTTP pages. Right? So we have an HTTP port number 80. And then you can just u create a button for this based on this protocol. Whatever the information you have, I want it in one go. I don't have to enter that information every now and then. I just want to create a dedicated button for that. And if I just click on that button, I should get all the information related to that. So I can do that as well. So you can see all the web page information I have it here. So all the uh you know uh details related to your application the passwords that you enter the activity that you do all the images and the videos play on the website are all here present and you can see all that information is encrypted on the right bottom corner and you can decrypt this using the decryption key on specific purposes. So this is really a powerful tool right and now let's try to create a button for this. So just click on that plus icon and label this particular you know uh filter as HTTP data and I can have a comment encrypted information or something like that and then I can just click on okay and your button is ready over there. So let me quickly erase all this information on the filter button and hit on enter so that we get back to the homepage as it was which has all the information which uh which contains the active pages and all that. And if I just click on the HTTP button over there, the filter gets activated and all the web pages are here in one single page. Now let's explore the preferences. So here you can just you know change some layouts. The default layout is the second one which has packet list, packet details and the packet byes. If I want to go ahead with some packet diagrams or the other formats, you can also go ahead with that as well. So if I minimize this window, you can have a better image. So sometimes you might have a better understanding at this particular uh you know interface if you have the packet diagram. If I click on apply you can see how the packet information changes to the packet diagram on the back of this particular window. You can see the Ethernet protocol uh transmission control and all the options. So let's go with the default option that we had in the beginning stage packet bytes and packet details and click on apply. And I have all the default settings back again. And if you're someone who likes the uh different version which we have export before packet diagrams, you can also go ahead with that particular option. Now let's explore some uh pages which have an issue. Uh let's say we want to find out all the pages that are facing some kind of odd behavior than usual, some ransomware behavior or something. You can understand by just looking at the protocol over there which says TCP analysis. tags. So these are the web pages which are you know creating some malicious activity which are you know having some unexpected activity on the page. Let's say you want to also explore some other information. Let's say you want to explore all the pages which are completely inactive. They are nonresponsive. You can also search for those kind of pages as well. So you just need to make some changes to the filter. TCP do flags.reset reset is equals to is equals to 1 and you'll have the list of pages which are completely irresponsive to you disregard of how many kind of clicks or how many enters or how many inputs you give they are completely irresponsive you can also create a button for that and you can also have the information and uh let me label this as non-responsive or TCP flags which are non-responsive and there you go just click on that and you'll have all the uh information of non-responsive data in one single click so we have a dedicated a button for flag pages as well. And Vireshark is really powerful in production level platforms or in real time platforms. In an organizational level, Vireshark is having unlimited access. So if you are someone who wants to explore a wide variety of use cases and live examples, then you can go to this particular web page which says malware bytesanalysis.net. the next option just click on that and this particular web page don't worry I'll link this particular website in the description box below and you can go through hundreds and thousands of live examples and use cases of u vioshark and also go through some GitHub links of this particular web page and go through some live case studies and examples to understand Vshark functionality in a much more advanced level or in production level or in real time level. If I open up uh traffic analysis in a new tab, you can see hundreds and thousands of real-time traffic analysis use cases right here and you can go through any of these and learn the production level use case of Bioshock. And here you have the GitHub link as well and guest blog post as well. So this is the GitHub link and you can go through the projects that we have already have access to on Vshark platform and I'll link that in the description box below as well. And here you have some guest blogs and posts that you can go through which are realtime use cases of all the users. There are unlimited possibilities and options in Bioshock and you can go through any extent in Bioshock. So use wisely. And with that we have reached to the end of this session on Bioshock tutorial for beginners. And with that we have reached to the end of this session on Bioshock tutorial for beginners. Should you need any assistance or any other resources used in this session like the PPT used official documentation, git links or code documentation and others then please do let us know in the comment section below and our team of experts will be happy to assist you at the earliest. And until next time, thanks for watching and stay tuned for more from Simply Learn.