Hello, everybody. And welcome to the episode number 10 of the gossipy course.
Ah, were shark and TCP dump. My name is Alejandro G. Now, and I'll be your instructor for today's session.
Learning objectives is to understand the basic of wire shark TCP dump and understand. How can you actually use ah, wire shot through the terminal or the shell?
So let's get stuttered.
I'm just up in here. Uh, the windows machine we have been using o
um, so, first of all, let me just go really quick again. True. Ah, seeing the difference between a connection between net cat and and
forget Ned Cactus will be playing connections. I mean, no encryption,
and they just fire up here.
Mississippi dumb listener.
finished the connection here.
Okay, so I'm listening,
I like to see the chat going on. And how
and Cat can actually take connections from that. Chet
The X dash, upper x capital X.
As you would like to call it
And if I say I'll encrypt Message. Hi.
You could see Hello. How are you? It will be in plain text. So,
if I actually add encryption
t this with and cast Remember, that was way before we can actually add encryption, which is Couple pays a command real quick here.
Hank, at least in and pour four for four and
so I'm connected here again. I will start the listener hero wins with 4444
I will just Oh, by doing that encryption. Sorry about that.
Ah, And remember, how can you add encryption
simple dash Dash s cell here
they connect. And if I see Hello, how are you?
I don't see the message anymore. I just see gibberish here and non breakable information because at the end, it's all encrypt.
So this is how you can actually use
city dump with several other particles? Don't get me wrong. I just did this. Said you You can recap and see how we actually did this in the last media, but, you know, just to have
they disappeared. I'm sorry about that.
So can you actually leasing wire shock? Yeah. You can actually just just fire up our shuttles. Just minimize this
Let's fire. Ah, well, shock. Shall we?
A shot from the terminal and it will display this. Ah, First of all, we can put two different filters the capture first filter and the display filter. This playful filter will be useful after you captured the packages.
Because at the end, you just went to this place, sir. Tain information.
So if you're not sure what you're looking for or what protocol might be, you know might be the dangerous for you. Maybe capture all the traffic in the in the Internet or in the interface you into capturing this case. It's zero. Ah, but if you're actually you know, it was there was This will create a lot of nice.
So if you're actually sure, Sure.
Ah, What traffic are you looking forward? Maybe a capture. Capture filter with minimize the amount of information you will lock on. Well, you know, maybe make t. C will will be easier to look through to the traced, um, and see if you have something going on there.
for example, a simple a simple but capture for capture filter will be for 80
as I want to capture, you know, And I live the interface here, as I want scratcher only http. Traffic. So I go here. I started up by fast. I haven't go true any, Um webpage. This doesn't display anything.
Ah, but if I hit for some of my windows machine, um
Oh, that you go. You see traffic here, and you know, you can actually see the payload off the packages.
Um, for example, here you can see the payload over here, and you want to go further in the trace. You can actually get a lot of information
from these Says this is way cooler than anticipate. Dump or maybe that cooler, but
or, you know, easy to see Easy to the eye. But at the end, I told you before, as you go further in your penetration testing career, you will see that most of the time you end up using only the terminal. You don't You don't have access to Anna. Graphic user interface.
Ah, yeah. If you If you have access to a graphic user into phrase, graphic up. I'm sorry. Wire shirt. It's a great option for you. Ah, but let's see if we can actually see some. Ah,
as we're not encrypting information, I want to see, Just as we did anticipate dump if we can actually capture, um,
some lucky information for that. I have another beer to machine going on over here. Which is that Debbie And machine? Nothing fancy. Just holding an http. Um, Lucky. And Paige
again, nothing fancy. And if I go here and I put, um I don't know, uh I mean and password.
Oh, maybe at me. And this is a test.
And I love gin physical. Of course we'll fail. Will not look into anything, but the picture will be captured.
Ah, I'm sorry. The package will be captured. Eso Now that I have the credentials, I can, you know, go here on apply as search fields for not this play filter, which is different. Um, and I go here and I put here I want to look for a string
in the packet. A list? No. In the pocket details because that you know, the packet payload and I can just put the world on. This is a test
is if we can find anything.
The password, Which is the feel It's This is a test
and the user is at me. So here we have
the entire thing for item.
keep us word and value this a test.
And for item, you, sir,
the value is at me. Yeah, you can actually do that in wire shark. And as you can see, it's really easy.
And he's really intuitive to to actually do it. Um,
we did nothing fancy here. Would you supply a search filter again? You can't fly. Capture filters, display filters, but you can actually search for packages. And the powerful thing about war shark is you can even, uh, search for the
hex value. Regular expression display future. You know, you can do a lot of stuff here, and you can search into packet details
in the packet list. Remember, you're trying to look for a specific TCP session. You can use the packing list. Are the packet bites whatever works for you.
Ah, as you can imagine, this will also not happen on https. So nothing you can add here. But I told you before, most of the time again, you will. You will be using on the terminal. So for that where Sha're they started through
And it created an application. Or, you know, a command cold
T shark If you have a war shirt than you have instant shark installed. So let me just close here. I don't want to save it.
I want to save it here. And, um, you can actually use T shirt as we did with TCP dump. Uh,
what is it? Is it don't matter the T shirt or T shirt Better in the TCP dumb. I cannot actually say I will be biased because I have been used anticipated on my entire life. But I don't want to say that t shirt is not better. Anticipate. Um, is whatever you prefer,
maybe t c. I'm sorry, T shirt as it comes with worship,
has a better integration with the worship graphic user interface. But I I have to tell you, I have I have never had a problem, actually important. Whatever I capture from T shirt from discipline him too. And then check it out on white truck
as the the end. Just create a pickup file, and that's all. But you know,
Then again, you cannot be that. And, you know, that will be perfectly fine. Whatever works best for you, wherever you like. Better go with that. That thing. I don't have any problem with any of of those commands, so But for their example, let's start the listener with t shirt, shall we?
The shark a simple that dash v so he can see actually see the payload on baggage. The interface will be again Internet, sirrah. Ah, and
the filter. Oh, the capture filter would be dcp port 80.
Okay. We will ignore this
because we're in a test environment. And again, uh, I mean,
and Oh, my God, we have a lot of information here.
just as it's like we have, you know, up in all the flags in the in the wire share a graphic interface user interface, but we already open it here. So, as you can see for a single Auggie. And there's a lot of information,
but guess why. I guess that's what folks you can actually pass this through. Ah, great command or whatever other commanding worst of this for you. Remember that we saw, ah, in the in the war shark That all the data or at least the data that was you don't use, um,
a still of getting information. I mean, useful user
user name and password is located in a field call for item. Well, we can grab that here.
go all the way down.
It's your or the final of packet capture, and I will grab that grab. I didn't I know this not defence's solution for this problem, you can apply a WK or sad or whatever our command works works best for you. Maybe you're not
trying to apply such a simple, um,
search command, but in this case, ah, simple rep works just fine.
So let me just give you here
and it will start, you know, capturing again. The same thing. I didn't change anything from previous command. I just had a grab for item here, and I go to the Web page again and test our men. This is a chest
What did I do wrong?
Why did I do wrong here? Oh, I see. What did I do wrong?
I also mean I also form
No, for item. I'm sorry about that form from the, you know, formed Gilligan Foreign,
and we start capturing in.
don't save. And then we there we have it.
this is another test,
so Yeah, I simple is that we already captured that, Um,
again, This will not happen on https, but did you get the idea? You can actually apply it a lot off. Um,
bash commands. Trude, your T shirt capture. But you could do the same with Mississippi. Dump again. Don't get me wrong. Nothing. None mean tp Tom is not better than anwar shark or T shirt. And the other way around is just
how familiarized are you with their tool and the commands and whatever works best for you, I guess at the end of the magic, is it applying that this play capture on dhe search filters because that will. That's where you can actually find useful information from from the package you capture.
And you know, it may be our applying a sniffer
in your company because you're actually joints. You get someone that is connecting through specific server. Or maybe it's leaking information or classified information that that will come really hand it to you are playing all these filters on in since again assert penetration tester. We will be using
most of the tiny terminal
getting familiar with T shirt participate, and with all the bash commands, you can apply over that
package. Just capture that's perfectly fine. Even even you can actually capture the packages through the terminal. And then I save it to a pickup file because maybe you want to actually search for the strings, are the commands in a more graphic user interface.
And then just open the pickup file over where shock and that's again perfectly fine.
Can you actually plus assessment questions? Can you actually use wire shark without the graphic user interface? Yeah, you can. It's called T shark, and you can actually run execute commands over the over the terminal.
Can you pass washer through a grab command. Yeah, again. Decent T shirt. I know T shirt is not the exact same thing is wired sharks that they're two different tools. But you know the shark, like the non graphic user in Differs based version off our shark.
If that's the case, I mean, if you can actually pass, pass worship through to a rep command, which will raise it. Yes, True. True. Using the shark.
Can you look for specific strings? Maybe pas work doesn't and use her Name's Yeah, you can definitely you can. And other useful strings you may like.
Ah, be some in this media with self Several techniques to capture traffics executed commands in both Mississippi dump and T shirt to check the traffic in terminal ah, supplements materials you can use. Actually, you can go to the network plus guys from the camp here
certificate certification house
And you can also go to any book or reference in the CIA and a certification from the Cisco folks. So in any other material with teacher teacher CASS, I'm sorry. Wash our cars a webpage where you can find a lot of man's a lot of filters and actually a simple Google search.
At the end of the day, guys go will be your best friend in your penetration testing career.
And actually, when you would you go through the Mississippi Ah, exam and love you will see that only Google can save you. There's no there's no actually reference that I can tell you right now that will contain everything. There's no book they will contain and everything.
Only Google you have to. You will have to go stuff that you will not see in this course
you will not see in any other course. Because at the end, that's what contestants all about imagination.
Ah, looking forward in the next video, we'll cover some basic knowledge of burps it. That's it for today, folks. Thank you for watching, and I hope to see you soon.