HomeОбразованиеRelated VideosMore From: Dan Morrill

How to read Wireshark Output

1082 ratings | 335311 views
Part of CIS 166 - this is how to read the output from wireshark to learn what issues there are with a network from an information security viewpoint.
Html code for embedding videos on your blog
Text Comments (104)
Senokone (1 month ago)
I wish I had these lessons back when I was in college instead of learning everything myself.
Missis Miggins (1 month ago)
"What is a TWAT?" .....the guy on this video, what a gobshite.
Andy Arrowood (1 month ago)
*Thank you kanye, very cool!*
MultiGladiator (2 months ago)
pcap can also be in non promiscious mode so its only the data flow for your own device - if i learned it right. but since this is wireshark...can i switch it on and off? I never used wireshark i just started learning networking etc
MultiGladiator (2 months ago)
pcap_t *pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) " promisc, when set to true, brings the interface into promiscuous mode (however, even if it is set to false, it is possible under specific cases for the interface to be in promiscuous mode, anyway). " from here https://www.tcpdump.org/pcap.html
Rasila Sangani (3 months ago)
It is a very good video training for wireshark tutorial....Two thumps Up....
Luiz Mel (3 months ago)
nice clip but cant hear shit about what s the students answering ... would be usefull...still tnx
dre 4life (4 months ago)
impressive .if you go black hat ur formidable
ameen m (4 months ago)
can i use wireshark for LTE protocol stacking??reply me plzzz.
ImportanceOfWhatever (6 months ago)
I’m in grad school and I don’t get this much information
Outlaw cho (6 months ago)
I can’t hear the students reply bad sound quality otherwise there’s some good info
insecto (6 months ago)
itd be an honour to have this guy as my teacher
Ahmed Elsayed Amin (7 months ago)
Can't understand the purpose of this program
Naiomi Sweets (7 months ago)
IKR!! I'm taking a Networking class online now and I keep having to watch these videos for clarity. So much more approachable with students. I feel like I'm expected to know a lot of the basics but this is the first and only networking class in my program. Excellent teaching!! I love it!! Where are you teaching?
Jessica Dawn (8 months ago)
Thank you. This guy is a brilliant instructor!!!! Learning so much.
SMS Marketing Machine (8 months ago)
Prak Err (9 months ago)
this guy is pretty interesting !! hmm!
Orkhan Ahmadov (9 months ago)
UDP is User Datagram Protocol :) . SHe answered wrong said universal bla bla protocol
Xander Petty (10 months ago)
Do you offer any online classes? I would to take this course with you.
Anarchon (11 months ago)
Fascinating Please create a Udemy course or whatever online course for this kind of stuff and I will buy the course!
RFF SQUAD (11 months ago)
tetorials complete thaks
FraznoFire (4 months ago)
smul e holy shit learn to spell
Clifford (1 year ago)
Yes, we cannot hear either the classroom Q&A. Sad! Since the lecturer is really competent.
Eddie Goodwin (1 year ago)
I would like to go to his school just so I could hear the dang answers!
RB Games (1 year ago)
Seriously good advice Dan mate, nice one.
Leandro Joo (1 year ago)
Really good professor
Nathaniel Stockwell (1 year ago)
Nice Video Dan! You mentioned that you have been stopped at the border twice now to have your phone copied. Does it bother you? Thanks!
zly (1 year ago)
I'm pretty certain ARP isn't "asking for routes"...
forsure354 (1 year ago)
I wish I could hear the students answers. great video
Jacob Holmes (1 year ago)
The teacher is amazing, but sadly this is wayyyy above me.
Michelle Clarke (1 year ago)
You are really awesome where do you teach
Kalil Olsen (10 months ago)
He teaches at Highline Community College in Des Moines, Washington. He has also written articles for InfoSec Institute.
Tech Enthusiast (1 year ago)
i didnt answer a single question
mike gs (1 year ago)
thanks for video .
TECHNO GUY (1 year ago)
r u using computer or laptop?????
goldfacekiller (1 year ago)
U can sniff passwords and username with wired shark over the wifi right
Paul Koning (5 months ago)
Doubt it, unless the wifi isn't encrypted and the data is being send through an unencrypted protocol. If they use https for example, you won't see shit.
talamhzombie (1 year ago)
This is pretty spot on , but its old, Wireshark got a bit more complex and powerful. I think it would be awesome if you re-did this with the latest version. its particularly good due to it being in an actual teaching enviroment. So much better than dry learning. Thanks for this!
(BC)BodyCount (1 year ago)
what if it doesn't show ur local area and only shows SSH remote capture: ssh
Lucy Lambert (1 year ago)
(BC)BodyCount you might need to re-install winpcap
Tracy Danger (1 year ago)
If there is a password in wireshark that = no password what would that look like in wireshark?
Gregory McCardle (1 year ago)
He's good.
Praveen Rai (1 year ago)
@Dan i have only one query where do you find this information about 15000 arp poison cause router turn in hub mode.i wanna know pls clear my doubt
Trying_to Learn (1 year ago)
Not so great. He asks lots of questions to the audience and the answers are unintelligible.
BITCH STEWIE (2 years ago)
May I have some more, please!
Will Sly (2 years ago)
What class is this? What school do you teach at love the video!!
tidfor pilyatchou (2 years ago)
Nice Dan my respect from algeria
Paragon (2 years ago)
Really informative, realized my computer was unsecured within the network for a long time. Although the only thing worth mining was skype logs. Which is not cool since some chats bound me by NDA. Secured it as soon as I saw.
D (2 years ago)
Great Video! This is a must watch if you are starting out.
Thug Zeno (2 years ago)
with wire shark when i pull ips on my playstation or xbox it wont tell me there name so i end up booting wrong person and feeling bad but i mostly dox than boot
Absolute Music (2 years ago)
I want to take your class how do I refister
Samrat D. Prasad (2 years ago)
please make the videos downlaodable such that we get them with the subtitles ............
HIMEL SARKAR (2 years ago)
VIDEO resolation is not clear .?
Prachi Jain (2 years ago)
this way of teaching won't make anyone sleepy.. :p asking questions every 10 seconds..
Jeffrey Tull (2 years ago)
As a math/science Teacher who has been thrust into technology, I found this video fascinating and easy to follow. I know a lot about technology and education but in a small district I need to learn a lot about network engineering in a short amount of time. I look forward to searching out others. Cheers!
ObamaBinLaden (2 years ago)
is there a way to read traffic from IGMP protocol?
Dan Cockrell (2 years ago)
Can't hear the students.
Rio Secco (2 years ago)
What school do you teach at?
Philip Hugos (2 years ago)
Thank you!
Michael Phillips (2 years ago)
I want to go to school where this guy teaches. I really liked the video and he is very knowledgable
Celso Romero (5 months ago)
Which one?
ALEEF02 (11 months ago)
+Dan Morrill Just did some research, and it seems that a review from http://www.ratemyprofessors.com/ShowRatings.jsp?tid=1564160 on 10/29/2014 has stated that "Administration hired Chinese guy instead of Dan and made huge mistake. Dan was much much better teacher and gave students much much more exactly what you need in real world, not from outdated books in computer science. We miss him in Highline and hope hebeback!!!" Have you found another college or done any online teaching?
ALEEF02 (11 months ago)
+Dan Morrill Amazing video. I'm just going into highschool this year and I've been working with computers ever since I was 6. I mainly use Wireshark to just mess around and see what's going on in my home network. Keep up the good work. Also, what college? If you're still there in roughly 4 years, I might look into going there :)
Johannes Meyer (2 years ago)
+popacap21 Check out Udacity and Coursera. Udemy's also good, but more expensive.
ObamaBinLaden (2 years ago)
+Dan Morrill what a badass.. thx for the vids... im aspiring to be in security.. Just dont have the money for proper schooling atm. So im stuck using Youtube and free It training
FunnyToast (2 years ago)
thanks, now i can go on omegle and tell those nubs where they live
Dan Morrill (2 years ago)
+TheyCallMeToast hahhahahahahhahaha omegle.......
Tonya Gle (2 years ago)
Can't hear your student's answers to your questions
tvalchev (3 years ago)
Essential and very helpful! I liked the interaction between you and the students. No need to hear them talking if I know the answer of the questions you ask. Or if I did not I would do my own research to find out what the protocol is, simple.
inadaizz (3 years ago)
Thanks for upload! .... allllrigght
TheHydrogen4 (3 years ago)
Who is talking and how do I contact him?
Timothy D (3 years ago)
@22:07. DHCP Host Discover and Request packets originate as IP address, don't they?
JUTZZZ (3 years ago)
I have a new name for wireshark! "BOOBYTRAP" lol
JUTZZZ (3 years ago)
Help!!!!!!!!!!!!!!!!??? Between Protocol and Info I can't get Length. I look every where and I still can't find it ggggrrrrr!!!
JUTZZZ (3 years ago)
Thank you!!
Xstepher (3 years ago)
+Juta Kana Go to View>Displayed Columns>Select "Lenght (Packet length (bytes))"
Shoukat Mohammad (3 years ago)
Odin31b (3 years ago)
Would be better without the classroom setting.. We cant hear the classroom questions.
Kevin Parsley (2 months ago)
i completely disagree with xxgamers. the class room is best suited for discussion, a part of learning, but not the best environment for getting the bulk of information -by definition. a repeatable media with clear explanation is best for that -by definition.
XxGamersUnitedxX (2 years ago)
+Voidroamer I find it the best setting. Questions being asked, information being repeated. Great setting for learning :)
Voidroamer (3 years ago)
+Odin31b that, and a classroom setting is about the worst type of setting for learning :(
HoubaBouba (3 years ago)
Hold on, if you wish to see everything on a network, you need a hub, a switch will only show you what is in your own broadcast domain. So, what he said is wrong - you agree? or have I misunderstood? So, Wireshark will only sniff packets from my own NIC's [email protected] if I'm on a router
Kamryn B (3 years ago)
+HoubaBouba Intrusion Detection System
HoubaBouba (3 years ago)
whats IDS?
Kamryn B (3 years ago)
Correct. On a wired network, your switch will only send data to the port where it knows the destination computer is connected. You can ARP poison the router to redirect some or all the traffic to you, but there may be a noticeable performance hit on your network. This is also REALLY easy to catch by IDS.
cand7e7ack (3 years ago)
hey man love this video its more of a scenario than theory. quite made more interested in bits /packet / frame sniffing or whatever. I'm currently studying ccna and might go to the security route any books or videos you could recommend? th
cand7e7ack (3 years ago)
thanks man, awesome. I'm also taking centos/ redhat around this.
En Sabah Nur (3 years ago)
CBT Nuggets have a great set of videos on pretty much everything, and read the security + guide by Darril Gibson. Good foundation for security.
Matt Greenhalgh (3 years ago)
Can't hear the answers. Instructor needs to repeat the answers or it just sounds like a bunch of questions, not a tutorial. The first 6 minute is excruciating.  Gets a little better later.
Kevin Parsley (2 months ago)
you guys know the video is really for benefit of those who were in class, right? everything/one else is secondary. also, it is pretty clear he asking because he expects them to already know it.. prerequisite.
tvalchev (3 years ago)
You are correct,sir, network protocols are pretty basic knowledge. Folks in the background in this particular video do not say anything more important than answering the instructor's questions (eg What is TCP... What is UDP etc...), so it does not really matter what their response is. If you do not know any of the protocols just look it up. At the end of the day the video is how to read the output, and not to teach you how to use the tool entirely.  There are some 1hr+ long videos out there which give you more detailed information (as you probably know). The video is common sense from start to end.
Matt Greenhalgh (3 years ago)
+tvalchev The protocols and other data are part of basic networking knowledge. However, if you need a video to help you use this tool correctly or understand what it means when you see a particular pattern of protocols or successful or failed connections, this video will not help you...For the first 6 minutes, anyway.
tvalchev (3 years ago)
+Matt Greenhalgh If you don't know the answer why do not you research it yourself? How hard is to browse a particular protocol and find out what it is...
Rohun Gilbert (3 years ago)
Yes We couldnt hear the answers and it would be fair if the instructor gives us a link to a video which could be a pre requisite for this one!
Mahmoud Awwad (3 years ago)
How to force the Switch to be hub :S please do a tutorial on that :D
Mahmoud Awwad (3 years ago)
+Paul Budd thank you :D
Paul Budd (3 years ago)
+محمود عواد A good (more expensive) switch has an ability to mirror ports to each other. so in the port web page like and login (yr IP may be different) try to find a dialog where you can mirror ports to one another and mirror them all to yr PC. It will defeat the collision domain protection of the switch and screw your PCs Internet performance until you un-mirror it. People spend more for switches to set up separate collision domains to cut down on network traffic unneeded by a client
Amy Hertel (3 years ago)
I found this video very helpful! Your explanation of individual packets in Wireshark "put together" a lot in my head as I was studying for my Net+. I also enjoyed your discussion of different vulnerabilities you found using the program. A very good way to make networking relevant to the students. I will use this in my classes!
Andrew Coleman (3 years ago)
Instructor needs to get up to speed on a few things before teaching.  Wrong on a few items, but has a good teaching style.
Myke W (3 years ago)
Yep me too.
Drizzt Du Urdon (3 years ago)
not so much a tutorial but an instructor teaching a class...
Michael Tegner (3 years ago)
I found it good but also annoying when you ask a question to the class and we can´t hear the answer..

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.