Wireshark Lab Part 1

00:00

Hey, everyone, welcome back to the core. So in the last video, we talked about the things we're covering in this course. So again, we got four labs will be doing hands on. We'll start off with lab one here with wire shark.

00:11

Now, as I mentioned before, we're just kind of taking ah, high level over you of wire shark and TCB dumped throughout this course just to get you familiar with some of the commands and filters.

00:20

And we also will have a capstone lab Now with the capsule lab. I will not have a step by step guide. As I mentioned before, we only have those for the hands on. That's what we're doing. The caps Don't you want to do on your own?

00:31

That being said, there are actually instructions with all of those labs inside of the hole Capstone project, so to speak.

00:38

So you will not be left in the dark. You will have some walk through, but we just don't create a separate guide for you, mostly to try to keep it fair for everyone actually get their hands on skills.

00:48

Now if you happen to not be using the cyber lab environment you don't have access to it, then you'll just want to set up wire shocking TCB dump in your own environment. Keeping in mind that any I P addresses were using will likely be different than what you're using. Or at least they should be. Hopefully, but the command should be the same, and you shouldn't have any issues running those commands

01:06

and same thing with the Capstone project. What you want to do as an alternate has basically just practiced wire shark and TCP dump a little more in depth, and I would have signed you probably a good 32 an hour, 30 minutes to an hour long time frame of practicing different commands and wire share. So if you don't have access to the cyber lab environment, that's kind of your homework assignment

01:26

to finish out as a capstone project.

01:27

Basically, just practicing more on wire shark and TCP dump on your own.

01:33

All right. So as I mentioned here, we're gonna be covering wire shark and, of course, we're going to Carver wire Shark TCB dump in most of our labs. But here was specifically using a lab cold wire shark inside the Saberi lab environment So all you have to do everyone should already be loved into the cyber website. If you have access to the cyber lab environment,

01:49

then all you want to do is to search for a wire shark in the search box here

01:53

and we'll go and do that. Now you'll see it's actually gonna be this very toppling right here

01:57

and just go ahead and click on that. Now you're gonna see a launch button right there.

02:01

He's going click on that's gonna ask this one more time. It's gonna make us open and basically in a separate window. So just click on launch item there, and that will actually go ahead and launch the lab. Now it takes a few seconds or so to build it. I'm gonna go ahead and pause the video, and once it pulls it up, I'll go and start the video again.

02:17

All right, so you see, it's pulled the lab environment Forest. Let's go back to our step by step guide here. You noticed that once it pulls up the environment, all we want to do is click next to them. Okay, because we want to close this pop up box here in the background.

02:30

Let's go ahead and click next and then Okay, and that's gonna take us to our boon to desktop screen here.

02:36

Now we get his ex out of these little alerts here. You're welcome to read them if you want to. But again, we have the step by step guide, and that's what you're actually going off for this particular lab.

02:46

You'll also notice that it didn't make its log into the Ubundu. That's something with this particular lab environment that if it's using the ABOU to in most cases we don't have to use the user name or password, so just kind of f y I on that.

02:58

So if we go back to our lab document here, the next step is actually gonna be here in step six. We're gonna be launching a terminal window. So all we have to do to do that, you just click this little black box on the left side here. So this left side menu, sometimes you have to kind of click around in there, doesn't launch right away for some reason,

03:14

and eventually it should launch a terminal for us. There we go.

03:16

You noticed there I had to click a few times to get it going. Hopefully, you won't have to click in a couple of times and it should work for you.

03:22

So you see the terminal window here? Obviously, if you've used Callie Lennox, it looks a little different here in the broom too. But it's all the same process, so to speak.

03:30

So the next thing we're gonna do for Goto our lab document here, we're just gonna type in pseudo wire shark,

03:37

and then it's gonna prompt us for a password. Now, since we didn't log in, you don't know the password, but the password is gonna be the worst student all over case. So that's actual password for the route user inside of this lampoon to environment.

03:51

So let's go ahead and do that. Now we're type in pseudo wire shark to go and launch it.

03:54

So studio space wire shark. Now, of course, we could just click the icon of the left side here, but let's make it a little more difficult and actually use it for the command prompt.

04:03

So it's pseudo wire shocking this press enter, it's gonna prompt you for the password again. That's it. Work, student. All over case, you'll notice it doesn't show anything when I type it. But that's okay. Just type it in. Press, enter. And if where sharks starts to launch into get this air message, you know, you've been successful with entering that particular password.

04:20

All right, so we can ignore this air mass a chewing. You'll see that I've noted that here in step nine of our step by step guide that we can just go ahead and ignore that Louis air message.

04:30

So we're just gonna say okay to that, and then we'll see that wire shark opens in the background here for us.

04:36

All right, so now we've got here and step 10 we got wire. Shark has launched for us. We're gonna go ahead and we could do a couple options Here will step 11. We could either go to the top here and click capture, and then select options or on your keyboard. If you want. You could just hold on the control button and then press the letter K at the same time. And it will launch the window that we would pull up

04:56

the options window. It would launch out for us.

04:59

So I'm gonna do the long way. I'm gonna go ahead and select capture and the options for everyone that wants to follow along here in the gooey. But again, you just you can just do control K. And that will launch the same thing. So capture and then options.

05:12

And if you did control K, you will get the same little pop up here.

05:16

Let's go back to our lab document.

05:19

So we're basically gonna be setting some different filters here in running some scans. So we've got the new papa box opening here and step 12 we're gonna check the Ethernet zero interface. So we're just gonna check the box to the left of that. Make sure that's check. We also want to make sure that it's using promiscuous mode on all interfaces, so that should be checked by default.

05:40

So we just want to make sure that's actually checked as well.

05:43

And you'll see here that I've got that instead 14.

05:46

And now it's Steph, 15. We just want to make sure that the capture filter box is empty. So this one right here, right, people right below the promiscuous mode and I just unchecked impossible. I said that right below that this capture filter box. Just make sure that's empty. And again, it should be by default.

06:02

All right, so step 16 year or next, step under the display options. We just wanted to make sure that all the boxes are checked. Now again, that's another default thing. It should be checked in there by default. And if I quit clicking around there, I'll leave them by default there. So that's what you're should look like as well.

06:20

All right, so our next to pierce the next section down there under the name Resolution area here in step 17.

06:28

So we just want to make sure that we uncheck all of these boxes here under the name resolution.

06:34

All right, so the last step here on this particular window is we're just gonna go ahead and click the start button at the bottom, right?

06:41

So let's go and do that now,

06:44

and I keep on checking the box, So go ahead. Quick to start button at the bottom right there.

06:47

All right, So the next thing we want to do is actually give wire sharks some packet information, or basically run some information so I can capture it. But first, things first before we open a terminal window. Let's go ahead and kind of move this screen down a little bit, so it's easier to see everything as we collect packets. The way we do that is just cover your mouth over top. Here.

07:06

You'll notice that my mouse cursor

07:09

constant kind of changes to be an up and down arrow. Once it does that, go again. Just click there with your left mouse key. Go and click and hold on. Then you're just gonna drag it down. You'll notice when I do that, that right now, since we're not actually running anything, it's not capturing any data for us. You'll notice we have a couple lines there. But

07:26

what we would normally see once we're running our capture

07:30

is that we'll see this will all essentially fill up. Or at least most of it will fill up with the packets and we're capturing.