1
00:00:00,180 --> 00:00:07,550
So now let's talk about this white shark to a white shark is a packet capture and you can see every

2
00:00:07,560 --> 00:00:11,810
packet going and coming through your computer, right?

3
00:00:11,970 --> 00:00:17,690
If you visit a website and you can contains a lot of packets, it can actually be Penitentes.

4
00:00:18,210 --> 00:00:20,040
You can see those in the shirt.

5
00:00:21,660 --> 00:00:23,930
And this virtual tour is very important.

6
00:00:25,170 --> 00:00:29,680
If any malware is trying to come to any server, you can watch even that also.

7
00:00:30,830 --> 00:00:35,590
So a potential this open your browser and type the word shark.

8
00:00:37,140 --> 00:00:40,620
So that is why your daughter can't download.

9
00:00:44,550 --> 00:00:50,820
So you can see the Windows installer and portable apps I'm going to do this for.

10
00:00:54,150 --> 00:01:01,610
So let me down to this download folder so you can easily install shakin Linux operating systems are

11
00:01:01,710 --> 00:01:04,250
have two types pseudo app and start.

12
00:01:05,190 --> 00:01:07,320
And it was in Florida and Texas.

13
00:01:08,430 --> 00:01:16,480
So one thing you need to notice is in Linux systems, if you run as a normal user, then your adapters

14
00:01:16,620 --> 00:01:19,950
are not that phone with the opposition.

15
00:01:20,130 --> 00:01:25,660
What you want to do is you need to run the circus atmosphere, so you need to type pseudo.

16
00:01:28,050 --> 00:01:30,300
So that's very important to know.

17
00:01:36,800 --> 00:01:46,400
So that's good next and I agree, I know you if you want to teach our kids a command line version of

18
00:01:46,400 --> 00:01:51,620
the workshop and you can take these instructions and click next.

19
00:01:52,900 --> 00:01:56,930
And yes, I want the desktop icon and click on next.

20
00:01:57,530 --> 00:02:01,790
OK, I'm going I'm going to read this default definition for.

21
00:02:04,350 --> 00:02:07,890
And I want to introduce and go and pick up.

22
00:02:10,100 --> 00:02:13,790
So I don't want to introduce you, speak up and install.

23
00:03:20,550 --> 00:03:23,860
So it has asked me to start and speak up.

24
00:03:23,880 --> 00:03:24,220
Yes.

25
00:03:24,450 --> 00:03:29,150
This model captures the are the package and I agree.

26
00:03:31,200 --> 00:03:37,250
And if you aren't going to try and pick up also, then you need to take this option.

27
00:03:37,470 --> 00:03:40,640
So for now, let's just enjoy this one.

28
00:03:45,980 --> 00:03:50,210
And this white shark software is Diffa, clean start in the Caribbean.

29
00:03:50,480 --> 00:03:55,240
If you have colonics in your do in order to do, but we need to introduce Warshak.

30
00:03:58,670 --> 00:04:06,440
So my installation has been completed next, and we can finish three and pick ups installation has been

31
00:04:06,440 --> 00:04:08,750
completed and are still installing.

32
00:04:36,160 --> 00:04:45,370
So my wife, Shaquan Sarrazin, also completely gone next, and we can't finish, OK, now I'm going

33
00:04:45,370 --> 00:04:46,540
to run to this very sharp.

34
00:04:50,610 --> 00:04:58,380
So it's lowering some interfaces and Raptor's mean minimal máxima, this one, so you can see there

35
00:04:58,710 --> 00:05:05,220
are there are plus computer, there is Bluetooth and Landline and it you can see here, there is some

36
00:05:05,220 --> 00:05:06,140
that are going on.

37
00:05:06,830 --> 00:05:08,760
I can see the expression yes.

38
00:05:09,360 --> 00:05:15,050
And some that are going on because it's my life and my wife has been working now.

39
00:05:15,570 --> 00:05:21,480
And even though when you're not browsing the some of the background applications, my use, my Internet,

40
00:05:21,480 --> 00:05:27,540
that's what this Internet data is being used in.

41
00:05:27,540 --> 00:05:32,580
My Net1 has also some spikier and you can see are afraid.

42
00:05:32,850 --> 00:05:36,570
I mean, these on these adapters, there is no Internet.

43
00:05:36,870 --> 00:05:43,140
Of course, young rapper comes into play and I cannot imagine a machine and has this.

44
00:05:43,350 --> 00:05:44,120
We are connected.

45
00:05:44,490 --> 00:05:47,250
So these are somewhat inscrutable.

46
00:05:47,280 --> 00:05:53,280
You know, what I want to do is I want to click on this way and click on this.

47
00:05:55,460 --> 00:06:02,140
So when I double click on this very point, it will start sniffing out, capturing all the packets to

48
00:06:02,180 --> 00:06:09,410
and from a Raptor and this one is the color button, which is in a rectangle and this is stock.

49
00:06:09,420 --> 00:06:13,110
But we can stop capturing the packets using this button.

50
00:06:13,250 --> 00:06:18,360
So if I do this one now, there are no packets being added.

51
00:06:18,410 --> 00:06:20,030
Now I want to start again.

52
00:06:20,030 --> 00:06:21,530
I want to call this bluebottle.

53
00:06:21,770 --> 00:06:28,220
We can start and it will ask what you want to do with these already packets you want to save or continue.

54
00:06:28,760 --> 00:06:30,710
So let me continue without saving.

55
00:06:32,030 --> 00:06:33,880
So now to start from starting.

56
00:06:34,190 --> 00:06:39,260
As you can see, there are so many messages going on, so many packets, and you can restart this and

57
00:06:39,260 --> 00:06:41,050
you can also set the capture options.

58
00:06:41,390 --> 00:06:45,010
You can only set capture options before the capture has been shot.

59
00:06:46,310 --> 00:06:52,740
And there are some fight options you can open in any store to pick a fight.

60
00:06:52,760 --> 00:06:54,920
So the extension should be the pick up.

61
00:06:55,250 --> 00:07:04,340
If you want to sell, though, all this information so you can just navigate through these packets,

62
00:07:04,340 --> 00:07:10,430
find packet, find next, previous and the view you can see you can click on this full screen to get

63
00:07:10,430 --> 00:07:13,220
into the full screen and time display format.

64
00:07:14,960 --> 00:07:18,980
So these are effects, this display.

65
00:07:20,090 --> 00:07:25,180
And you can see here the same options, the same the same old options are there here.

66
00:07:26,300 --> 00:07:30,200
And these are some of the basic settings.

67
00:07:30,950 --> 00:07:32,910
And first, I I'll explain this part.

68
00:07:34,610 --> 00:07:36,110
So let me stop this capture.

69
00:07:37,760 --> 00:07:40,280
So first one is the packet number.

70
00:07:40,280 --> 00:07:49,150
The first packet is captured has given number one and the time from the respect to the letter I'm sorry,

71
00:07:49,160 --> 00:07:53,450
to to time from the first capture and the source IP address and definition I get.

72
00:07:53,720 --> 00:07:55,880
So I'm sending this packet from my computer.

73
00:07:55,880 --> 00:07:58,010
This is my computer's IP address to the nation.

74
00:07:58,010 --> 00:08:06,680
This IP address and the protocol I am using is E.S.P and the length of these packets of terabytes and

75
00:08:06,680 --> 00:08:07,250
information.

76
00:08:07,250 --> 00:08:10,610
As you can see, there are some flags that aren't finished yet.

77
00:08:10,970 --> 00:08:16,190
So finish in the sense I'm going to write that in the reply from the destination.

78
00:08:16,190 --> 00:08:18,920
Write this user for connection termination.

79
00:08:21,640 --> 00:08:30,000
As you can see, if you click on this packet to click on this package, you can see here that the CPPIB

80
00:08:30,010 --> 00:08:37,930
model of this packet, you can see the frame frame options and which type of frame you are using it

81
00:08:38,170 --> 00:08:45,620
Ethernet to an IP version for information and the DCPI information, because we are using that discipled

82
00:08:45,640 --> 00:08:46,150
protocol.

83
00:08:49,310 --> 00:08:51,210
And you can see here support this nation.

84
00:08:54,380 --> 00:09:02,270
So this is the best spot on this nation and this is the PXP and this is a transport security.

85
00:09:02,960 --> 00:09:11,600
So here you can see the respect to hex dump of this packet information, the data, which is I'm going

86
00:09:11,600 --> 00:09:13,120
to send to the nation.

87
00:09:13,670 --> 00:09:14,960
I can see that got spoke to her.

88
00:09:15,000 --> 00:09:23,240
Tromso here, excellent piece of nothing but just not getting the character representation of each character.

89
00:09:23,780 --> 00:09:31,760
Siefert it's not ah, it's just like a ASCII representation of the hex.

90
00:09:32,480 --> 00:09:35,570
So these are the three windows mainly being focused on.

91
00:09:35,960 --> 00:09:38,470
Now let me start a new chapter.

92
00:09:39,170 --> 00:09:39,950
Let's see.

93
00:09:40,820 --> 00:09:52,610
OK, before that, I want to show you how to know on Google plugin and click on this page.

94
00:09:52,850 --> 00:09:54,920
You want to have one dot com.

95
00:09:54,920 --> 00:09:55,460
So that's right.

96
00:09:56,420 --> 00:10:00,620
Now you can enter here the password segment and admin.

97
00:10:01,910 --> 00:10:05,270
So admin, admin password.

98
00:10:08,360 --> 00:10:11,120
So I'm going to enter the admin and the posterous.

99
00:10:11,990 --> 00:10:15,700
So let me start this capture.

100
00:10:15,710 --> 00:10:17,650
I want to continue see.

101
00:10:20,320 --> 00:10:30,700
So want to refresh this page and we want to enter the credentials, Edwin Edwards so quickly, so nothing

102
00:10:30,700 --> 00:10:33,260
happened, not at see an auto shop.

103
00:10:36,360 --> 00:10:44,190
So as you can see, this package is a step backward and it is requesting that BHP deduct that request

104
00:10:44,280 --> 00:10:47,760
and you need to perform the request to get any.

105
00:10:48,900 --> 00:10:49,210
OK.

106
00:10:49,250 --> 00:10:50,970
We will see that in our fundamentals.

107
00:10:52,410 --> 00:10:55,160
This is that BHP is this one.

108
00:10:55,560 --> 00:10:58,230
This is the BHP.

109
00:10:59,280 --> 00:10:59,760
All right.

110
00:11:00,270 --> 00:11:08,250
Now, if you go to decide what extent or whatever, and you can see here that BHP GDP one, not one.

111
00:11:08,250 --> 00:11:14,100
And I'm using this GDP on that one version and this is the playing field calculator.

112
00:11:15,360 --> 00:11:20,840
And here I am telling the host now that is BHP, not one of a dot com.

113
00:11:21,270 --> 00:11:22,580
So this is the hostname.

114
00:11:22,740 --> 00:11:23,850
And I'm asking this.

115
00:11:24,390 --> 00:11:28,460
So that's not BHP webpage and the connection capital.

116
00:11:28,560 --> 00:11:35,190
So after this, getting the webpage, keep the connection alive and every other request parameters and

117
00:11:35,190 --> 00:11:36,960
data see user names.

118
00:11:36,960 --> 00:11:37,860
Mozilla, Firefox.

119
00:11:38,040 --> 00:11:39,720
OK, I'm using the Chrome.

120
00:11:41,120 --> 00:11:49,600
An excerpt I want to accept, the former textile extended, since the brothers accept only like pages,

121
00:11:50,090 --> 00:11:53,710
I'm telling the server to send me the response in the format of.

122
00:11:55,040 --> 00:11:59,000
You can see the excerpt and quoting here, except languages are English.

123
00:11:59,240 --> 00:12:02,010
So I want the English copy of the login page.

124
00:12:03,290 --> 00:12:05,420
This is the Dataquest.

125
00:12:05,660 --> 00:12:09,440
We are requesting the Web server to get me the login page.

126
00:12:09,890 --> 00:12:19,100
So where it is on this one and as you can see here, so we copy this IP address so you can also apply

127
00:12:19,100 --> 00:12:19,870
that is preferred.

128
00:12:20,150 --> 00:12:26,390
So what I did this performance here, there are a lot of traffic going on apart from this, my machine

129
00:12:26,390 --> 00:12:27,280
and my Web server.

130
00:12:27,740 --> 00:12:36,000
There are a lot of traffic going if you want to filter that, that you can set IP that you really are.

131
00:12:36,320 --> 00:12:41,330
So I want to show I want to review all the packets with this IP address.

132
00:12:41,330 --> 00:12:44,600
And there's also this initial, let's say, 176 dot.

133
00:12:45,290 --> 00:12:55,310
Twenty eight dot fifty got one six four if I enter no, only the packets with the other source IP,

134
00:12:55,490 --> 00:12:59,610
the IP as this IP matches, then only that packet will be displayed.

135
00:13:00,170 --> 00:13:03,430
Now the question is going to be the question.

136
00:13:06,230 --> 00:13:15,170
And it has sent me some data and after this acknowledgements, let's see the response, the response

137
00:13:15,170 --> 00:13:18,900
rate is one point one two zero zero two zero zero.

138
00:13:18,920 --> 00:13:21,860
Is that a it means access and it's is OK.

139
00:13:22,460 --> 00:13:24,980
Now, the response I have got is this one.

140
00:13:27,550 --> 00:13:36,420
I got this so all this data is in here and this is my data received from that Web server.

141
00:13:38,370 --> 00:13:39,810
So one more thing.

142
00:13:39,810 --> 00:13:46,890
One more thing I want to show you is here there is a push to push the push to use it, to push some

143
00:13:47,040 --> 00:13:47,700
data.

144
00:13:47,700 --> 00:13:51,840
And other observers wrote, we are OK with that and the that we are.

145
00:13:56,100 --> 00:14:05,420
So if you could get the the these duties are sent to us now, if you scroll down, you can see the post

146
00:14:05,430 --> 00:14:06,250
request here.

147
00:14:07,350 --> 00:14:09,150
So there is a push to go straight.

148
00:14:13,780 --> 00:14:18,160
So here, the post user info that BHP and then

149
00:14:21,040 --> 00:14:28,870
you can see the you can see the admin and the password, your username and password form and got the

150
00:14:28,880 --> 00:14:31,800
data and from, you know, music was to admit.

151
00:14:32,050 --> 00:14:39,070
So this value, this parameter value is uniform and the password is pass.

152
00:14:39,280 --> 00:14:47,810
And these details are sent in a plain text format because the GDP itself is a print protocol that when

153
00:14:47,830 --> 00:14:51,850
it sends the data protection, that's what we have.

154
00:14:51,850 --> 00:14:58,940
So we are clearly seeing this and we know that when we take our paper in the login box, clearly in

155
00:14:58,940 --> 00:14:59,870
the plain text format.

156
00:15:00,130 --> 00:15:04,520
So that is one very big disadvantage of this huge GDP.

157
00:15:04,550 --> 00:15:13,460
That's why I have to this want to show you this that GDP protocol since the data in apprentice format.

158
00:15:13,600 --> 00:15:16,650
So as you can see, my brother, it's harder to articulate.

159
00:15:17,080 --> 00:15:23,020
So why it is not a shot and transitions around this site because it is doing better, because it means

160
00:15:23,020 --> 00:15:30,820
that any attacker can manage them all in my network or any are in the path between me and Sara.

161
00:15:30,820 --> 00:15:38,590
And they can see the data using this version and the attacker can see clearly the username and password.

162
00:15:38,590 --> 00:15:38,890
Right.

163
00:15:40,000 --> 00:15:46,680
So that's why you need to focus on this normal spertus rate.

164
00:15:46,720 --> 00:15:46,930
Not.

165
00:15:48,070 --> 00:15:55,990
And one more thing I want to show you is, uh, if you click on this and click on right.

166
00:15:55,990 --> 00:15:56,560
Click on this.

167
00:15:56,570 --> 00:15:57,300
Follow this.

168
00:15:57,550 --> 00:15:59,380
You know what this is?

169
00:15:59,680 --> 00:16:05,800
It will collect are the packets information with participation and it will arrange a neat format for

170
00:16:05,800 --> 00:16:08,050
us so that we could discuss it with you.

171
00:16:09,790 --> 00:16:12,250
So this is my request.

172
00:16:12,640 --> 00:16:15,250
I'm requesting for that BHP file.

173
00:16:15,520 --> 00:16:18,790
And the response I got is, OK, take this.

174
00:16:21,550 --> 00:16:26,010
OK, next time the questions started out serious, serious foes and logos.

175
00:16:26,440 --> 00:16:31,100
OK, now what we want to do is I want to write and follow a..

176
00:16:31,270 --> 00:16:37,840
You know, as you can see here, we have got the same result as before.

177
00:16:38,080 --> 00:16:46,090
But, you know, in this we have got the response to I mean, in the history of our format to scroll

178
00:16:46,090 --> 00:16:46,420
down.

179
00:16:46,870 --> 00:16:48,430
You can see that requests.

180
00:16:53,430 --> 00:16:56,130
And the software should be the post sequestrate.

181
00:17:04,690 --> 00:17:05,570
Verismo posted.

182
00:17:12,770 --> 00:17:14,300
So I think.

183
00:17:24,190 --> 00:17:27,340
So let me click on this history TV show.

184
00:17:37,160 --> 00:17:42,770
So I think the OK, this is the police request.

185
00:17:44,890 --> 00:17:54,040
As you can see here, it's been used in Mexico and buses and you can also search in this feels for your

186
00:17:54,160 --> 00:18:02,580
enter password, which I find next, and you can see the next segment.

187
00:18:03,700 --> 00:18:09,620
So in this way, you can just use the voucher to sniff the packets.

188
00:18:11,080 --> 00:18:14,270
So this is all about the basics of white shark.

189
00:18:14,320 --> 00:18:17,350
And I want to show you the white shark filters.

190
00:18:17,350 --> 00:18:20,050
Jegede White Shark.

191
00:18:27,180 --> 00:18:33,780
So let me go to this Web site and you cannot remember or the whale shark patrols.

192
00:18:35,400 --> 00:18:37,840
That's what you need to maintain a tee shirt.

193
00:18:38,400 --> 00:18:39,360
So like this one.

194
00:18:44,660 --> 00:18:51,650
So here you see the display filters, and after capturing every package, you can update this display

195
00:18:51,650 --> 00:19:00,170
for us to get to our desired package so you can see the Ethernet filter, abortion filter.

196
00:19:00,200 --> 00:19:07,000
You can also separate IP, the IP, I mean, the IP address.

197
00:19:07,010 --> 00:19:16,040
I just want to set this IP address then the packets with only these destination IP with this IP will

198
00:19:16,040 --> 00:19:17,350
only be viewed.

199
00:19:17,840 --> 00:19:21,080
So we are narrowing down the those with these filters.

200
00:19:21,230 --> 00:19:26,360
As you can see, there are so many filters out here and you can also perform the operations between

201
00:19:26,360 --> 00:19:27,370
these filters.

202
00:19:27,920 --> 00:19:35,510
So if the IP law definition port is equal to this one, our IP sore spot is called that one and you

203
00:19:35,510 --> 00:19:36,620
can apply the filter.

204
00:19:38,000 --> 00:19:41,700
So always keep these cheat sheets in a separate folder.

205
00:19:41,780 --> 00:19:44,570
So whenever you go out and you don't, you can just refer to them.

206
00:19:45,350 --> 00:19:48,820
So that's of what that's all you need to know about this virtual goods.