1
00:00:00,110 --> 00:00:02,510
So have a look at what you see here.

2
00:00:02,510 --> 00:00:06,620
There are a lot of packets of Wireshark captures in seconds.

3
00:00:06,950 --> 00:00:13,160
There are some requests and responses for them, broadcasts and their replies and etcetera, etcetera.

4
00:00:13,190 --> 00:00:18,590
There is an easier way to follow a stream, although this is very entertaining.

5
00:00:18,620 --> 00:00:25,460
The stream is a collection of packets that form a network conversation from the beginning to the end.

6
00:00:25,640 --> 00:00:27,260
Just like your favorite story.

7
00:00:27,930 --> 00:00:33,480
So I'm in Cali now and I captured the traffic just for a little bit.

8
00:00:33,480 --> 00:00:38,580
And while I was capturing, I visited a website to create some Http traffic.

9
00:00:39,210 --> 00:00:40,830
And here are the results.

10
00:00:40,860 --> 00:00:42,090
DNS Packets.

11
00:00:42,120 --> 00:00:43,500
TCP packets.

12
00:00:43,530 --> 00:00:44,730
Http packets.

13
00:00:44,730 --> 00:00:45,450
Etcetera.

14
00:00:45,720 --> 00:00:51,120
So I'll select an Http packet and it's the get request.

15
00:00:51,900 --> 00:00:55,230
Right click go to follow on the submenu.

16
00:00:55,230 --> 00:01:01,200
And here you see the TCP stream and the Http stream options are both enabled.

17
00:01:01,200 --> 00:01:06,450
So that means we can follow either the TCP stream or the Http stream.

18
00:01:06,450 --> 00:01:09,120
So let's click http stream.

19
00:01:10,830 --> 00:01:15,780
Now the client packets are red and the server packets are blue.

20
00:01:16,170 --> 00:01:19,230
The get request by Carly 200.

21
00:01:19,260 --> 00:01:19,710
Okay.

22
00:01:19,710 --> 00:01:22,170
Response by Owasp BWA.

23
00:01:22,890 --> 00:01:30,900
Now this is a return page in HTML format, so you can scroll down and we'll see some of the other requests

24
00:01:30,900 --> 00:01:33,570
and the responses in the same stream.

25
00:01:34,330 --> 00:01:40,330
And perhaps you're beginning to see that when you click on a link in a website or visit a website by

26
00:01:40,330 --> 00:01:47,400
typing its URL, there might be several consecutive requests and responses that you don't even realize,

27
00:01:47,410 --> 00:01:52,030
but in actuality you don't need to know them as the end user.

28
00:01:52,030 --> 00:01:56,470
But we're not your typical end users now, are we?

29
00:01:56,710 --> 00:01:58,780
So let's keep going.

30
00:01:59,490 --> 00:02:06,690
From the combo box at the left hand side of the bottom of the stream window, you can filter the conversation

31
00:02:06,690 --> 00:02:10,410
from one side to another or vice versa.

32
00:02:11,000 --> 00:02:19,550
So at the right hand side, right there is another combo box where you can select the output format.

33
00:02:21,180 --> 00:02:27,270
Now, when you close the stream window and go back to the main window of Wireshark, you can see that

34
00:02:27,270 --> 00:02:29,610
the stream filter is applied right here.

35
00:02:29,610 --> 00:02:33,820
So I'll remove the filter by clicking this cross icon.

36
00:02:33,840 --> 00:02:37,050
Now I see the entire captured traffic again.

37
00:02:37,230 --> 00:02:40,290
That is why filters exist.