1 00:00:00,720 --> 00:00:05,960 So let's have a look at some of the package in detail and we'll analyze them with Wireshark. 2 00:00:07,050 --> 00:00:13,020 So for this, I want you to open up the terminal screen and we'll first check the mode of the Wi-Fi 3 00:00:13,020 --> 00:00:13,620 adapter. 4 00:00:13,620 --> 00:00:16,560 And sure enough, it is on monitor mode. 5 00:00:17,850 --> 00:00:20,760 Now, let's run Wireshark with route privileges. 6 00:00:26,030 --> 00:00:32,450 Now, before capturing any traffic, we need to select a network interface on this list, so let's select 7 00:00:32,450 --> 00:00:37,160 W Land Zero Mod and click on the capture button. 8 00:00:38,840 --> 00:00:39,110 All right. 9 00:00:39,110 --> 00:00:41,600 So now Wireshark is listening to network traffic. 10 00:00:42,170 --> 00:00:47,120 As you can see, there are lots of beacon frames, probe requests and probe responses between the different 11 00:00:47,120 --> 00:00:48,670 sources and destinations. 12 00:00:50,390 --> 00:00:55,610 So we'll stop the capturing and we'll look at the details of the packets. 13 00:00:57,370 --> 00:01:05,770 So in this section, there's time, source, destination, protocol length and detailed information 14 00:01:05,770 --> 00:01:06,520 about the packet. 15 00:01:07,930 --> 00:01:12,400 In the middle of the screen here, there's detailed information for a specific package. 16 00:01:14,840 --> 00:01:16,850 Details about frame and header. 17 00:01:18,000 --> 00:01:24,420 As you can see, this is a response packet, the frame control field contains the destination address 18 00:01:24,900 --> 00:01:27,810 as well as the transmitter address of this packet. 19 00:01:29,780 --> 00:01:33,410 And we can see the side and the wireless management feel. 20 00:01:35,370 --> 00:01:40,380 We can customize the appearance of the results and the preferences under the edit tab. 21 00:01:42,810 --> 00:01:47,760 And you can add a new field if you want to, and that will display in the columns. 22 00:01:52,810 --> 00:01:55,000 So here you can select the type of field. 23 00:01:56,330 --> 00:01:59,480 And I want to add frequency and channel information. 24 00:02:03,080 --> 00:02:05,300 And there's a column that we added. 25 00:02:06,590 --> 00:02:12,500 Now, this is one of the most important and widely used features of Wireshark, we can filter the scan 26 00:02:12,500 --> 00:02:17,540 results, otherwise it's really kind of difficult to find the package that we want to view easily. 27 00:02:18,800 --> 00:02:26,060 For example, when we want to list the packets related to specific access point, we can use this filter 28 00:02:26,060 --> 00:02:29,120 just by giving the asset side name the access point. 29 00:02:31,490 --> 00:02:32,450 Click on this button. 30 00:02:34,110 --> 00:02:40,990 Now, all the packets of belong to this access point called Hacker Academy are here. 31 00:02:41,190 --> 00:02:45,900 In addition, we can also filter by selecting any parameters. 32 00:02:50,830 --> 00:02:53,440 So select any information there, right, click on it. 33 00:02:58,390 --> 00:03:01,270 And I can quick apply his filter and select. 34 00:03:02,970 --> 00:03:05,370 All right, so I filtered the management packets. 35 00:03:08,890 --> 00:03:11,050 Now, let's display only beacon frames. 36 00:03:18,440 --> 00:03:25,430 If you want to, you can select two filters and you can always do this with the and the selected option. 37 00:03:31,140 --> 00:03:35,100 As you can see, it's added to this line with the end parameter. 38 00:03:37,910 --> 00:03:44,810 All right, so now I'm listing beacon frames, sending broadcast signals, I'll add another filter to 39 00:03:44,810 --> 00:03:48,110 display packets related to Packer Academy. 40 00:03:51,760 --> 00:03:54,520 So Wireshark has many different filters. 41 00:03:55,750 --> 00:04:02,860 According to the result that you want to see, you can find the most suitable filter even on the Internet. 42 00:04:05,310 --> 00:04:12,180 I'd also like to show you some of the control management and data packets that I mentioned in the previous 43 00:04:12,180 --> 00:04:12,630 lecture. 44 00:04:14,320 --> 00:04:23,620 For example, we can see the request to send packets using subtype number 27 aunts and CTS are controlled 45 00:04:23,620 --> 00:04:27,730 packets and they're the optional mechanisms to reduce frame collisions. 46 00:04:29,100 --> 00:04:32,280 A certain type number of CTS packets 28. 47 00:04:33,450 --> 00:04:39,810 So let's change the filter with this number, and there's only one CTS packet here. 48 00:04:41,920 --> 00:04:44,830 Cool, so let's have a look at the other types of packets now. 49 00:04:46,260 --> 00:04:49,830 You might not be able to see all packet types in your scan result. 50 00:04:50,840 --> 00:04:58,070 So to analyze packet types, let's download the sample captures just right from the Internet. 51 00:05:01,430 --> 00:05:04,070 Just type Wireshark sample captures. 52 00:05:07,030 --> 00:05:09,850 And click on Wireshark website. 53 00:05:12,340 --> 00:05:16,880 And there are lots of different examples of sample captures on this list. 54 00:05:19,190 --> 00:05:21,110 So for now, let's find the Wi-Fi capturers. 55 00:05:24,920 --> 00:05:27,590 And select one of the captured files here. 56 00:05:29,690 --> 00:05:33,320 All right, so good, Wireshark, and we'll close this Skåne. 57 00:05:36,580 --> 00:05:38,800 Open up the downloaded captcha file. 58 00:05:41,930 --> 00:05:44,710 All right, so let's have a look at the package in this file. 59 00:05:46,080 --> 00:05:52,770 And there are some authentication packets here, and these are the details of this packet. 60 00:05:58,000 --> 00:06:00,700 And as you see, the subtype number is 11. 61 00:06:01,710 --> 00:06:05,340 So we can use this filter to see only the authentication packet. 62 00:06:06,790 --> 00:06:10,720 You can also see the details about the package by double clicking on it. 63 00:06:13,000 --> 00:06:18,370 So finally, let's let's have a look at the data packet with subtype 32. 64 00:06:25,150 --> 00:06:31,420 I look in the middle part, we can see the transmitted data in encrypted form in the data section.