1
00:00:00,240 --> 00:00:06,420
So have a look at what you see here, there are a lot of packets of Wireshark captures in seconds.

2
00:00:07,230 --> 00:00:13,000
There are some requests and responses for them, broadcasts and their replies and et cetera, et cetera.

3
00:00:13,380 --> 00:00:18,440
There is an easier way to follow a stream, although this is very entertaining.

4
00:00:18,870 --> 00:00:25,170
The Stream is a collection of packets that form a network conversation from the beginning to the end,

5
00:00:25,920 --> 00:00:27,120
just like your favorite story.

6
00:00:28,220 --> 00:00:35,330
So I'm in college now and I captured the traffic just for a little bit, and while I was capturing,

7
00:00:35,330 --> 00:00:38,420
I visited a Web site to create some HTP traffic.

8
00:00:39,380 --> 00:00:48,230
And here are the results, DNS packets, DSP packets, H.T. packets, etc., so I'll select and HDP

9
00:00:48,230 --> 00:00:50,990
packet and it's the get request.

10
00:00:52,070 --> 00:01:00,260
Right, click, go to follow submenu, and here you see the TCP stream and the HTTP stream options are

11
00:01:00,260 --> 00:01:06,300
both enabled, so that means we can follow either the DCP stream or the HTTP stream.

12
00:01:06,680 --> 00:01:08,960
So let's click HTP stream.

13
00:01:10,940 --> 00:01:19,820
Now, the client packets are red and the server packets are blue, they get request by COLLY 200, OK,

14
00:01:19,820 --> 00:01:22,100
response by Oos VW.

15
00:01:23,180 --> 00:01:31,010
Now this is a return page in HTML format, so you can scroll down and we'll see some of the other requests

16
00:01:31,010 --> 00:01:33,410
and the responses and the same stream.

17
00:01:34,470 --> 00:01:40,380
And perhaps you're beginning to see that when you click on a link and website or visit a website by

18
00:01:40,380 --> 00:01:47,180
typing its URL, there might be several consecutive requests and responses that you don't even realize.

19
00:01:47,700 --> 00:01:52,040
But in actuality, you don't need to know them as the end user.

20
00:01:52,200 --> 00:01:56,220
But we're not your typical end users now, are we?

21
00:01:57,000 --> 00:01:58,640
So let's keep going.

22
00:01:59,750 --> 00:02:06,800
From the combo box at the left hand side of the bottom of the stream window, you can filter the conversation

23
00:02:06,800 --> 00:02:10,270
from one side to another or vice versa.

24
00:02:11,230 --> 00:02:19,420
So at the right hand side, right there is another combo box where you can select the output format.

25
00:02:21,410 --> 00:02:27,350
Now, when you close the stream window and go back to the main window of Wireshark, you can see that

26
00:02:27,350 --> 00:02:29,690
the stream filter is applied right here.

27
00:02:29,690 --> 00:02:33,710
So I'll remove the filter by clicking this cross icon.

28
00:02:34,010 --> 00:02:36,820
Now I see the entire captured traffic again.

29
00:02:37,520 --> 00:02:40,160
That is why filters exist.