Cybersecurity for Beginners: How to use Wireshark
Vložit
- čas přidán 20. 04. 2024
- Wireshark Tutorial: Learn how to use Wireshark in minutes as a beginner, check DNS requests, see if you are hacked, or applications are spying on you, and what ad trackers a site might have. Try the new Malwarebytes for free: mwb.link/4ay7nag (sponsor)
Buy the best antivirus: thepcsecuritychannel.com/best...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecuritychannel.com/contact - Věda a technologie
Wireshark is one of the most important tool in IT. Mastering this tool is such a great advantage. Thank you!
I have always wanted to learn more about Wireshark but felt imitimidated by it but this video does a good job of breaking down some of the confusion around it. Modern computers are so complicated! I would love to see more videos about Wireshark or of this nature.
Yes, great video. I'm in cybersecurity program in college and so far I'm doing the general studies but I can't wait to get into the cybersecurity stuff like this.
Been using this alongside Portmaster. Makes me giddy to know that my tweaks and mods to minimize telemetry on Windows 10/11 work! :D I'd only see Windows telemetry being blocked by Portmaster when Windows tries to check for updates in the BG.
Portmaster made my windows go in blue screen mode
@@cryptoafc7655 Better bring it up to the Portmaster devs or in their community (can't mention the name here cos YT auto-deletes comments that mention other socials, lol). I haven't encountered that yet, but Portmaster does use a kernel driver so BSODs are possible.
@@KyanoAng3l0 havent encountered bsod aswell, using portmaster for 1 week now
May i know what kind of tweaks mods you do to reduce telemetry. I am interested to know
@@rrakesh6434 winaero tweaker is pretty good for W10/11.
really intersting tutorial, would love to see more wireshak tutorials! :D
Been using Wireshark on personal PC for years. While working it was Network Instruments that was pre-2009. Thanks for the videos.
Very nice to see my machine isn't sending any DNS requests on the background. (excluding of course, whatever other protocols there are. And the software updates from time to time!)
I'm on Linux Mint of course. And I would love a tutorial for other Linux users as I had some trouble with getting it to work (also the starting screen where you select what to capture has many other options, at least fore me. Though thanks to the filters I see there is only 1 wireless connection point!).
And of course would be nice to know what those other protocols are! (even if they can just be ignored)
Thanks for the video. Would love to see more Wireshark instructional videos. You do a great job of simplifying complexity.
Wireshark is such an important tool. I use it all of the time both at work and at home. Such a great tool. Good video for beginners.
Excellent info picked up,through this video. Yea I'd love too see some more videos like this,is good too understand more of what it all means,cheers buddy!
Thanks for breaking down Wireshark. Its still intimidating, but Im getting better at it. Glad I found your channel!
been waiting for a vid like this, ty
I've always liked using Wireshark to monitor connections from other devices a like IoT devices etc. It's super useful for that.
Good video as always.
Indeed
Can you monitor all traffic on your network from just one computer?
Loved the video, simple and powerful! Hope more to come on wireshark
Good video for absolute beginners
Very simple and straight forward tutorial.
Well done. Super easy to understand!
I liked the video, it was very interesting thanks Leo😄❣️
Thanks, this was really informative!
Totally awesome! Thank you for Sharing! 💯✴
1) More content on Wireshark would be great (aka Tutorials).
2) How much does Wireshark cost?
It's free
Open Source and free forever, unlike for example Metasploit, which is partly open and partly with proprietary upgrades.
Thank you for this wonderful tutorial!
Ok so:
1 - How do I know if a DNS is malicious or unwanted
2 - How do I prevent useless or dangerous DNS manually
3 - Am I going to have to do that to each DNS
Use a trusted DNS
u can look at a program called "portmaster", it blocks unsafe dns/ads/telemetry etc system-wide
1. Ask yourself, is it unexpected? Can you think of a reason for it? If not, investigate further and try to locate the source of the traffic by eliminating other noise.
2 and 3. If there is a cryptominer on your system connecting to mining sites, the solution would be to remove the miner, not prevent the "dangerous" DNS. The DNS isn't what is dangerous, no such thing.
use dns over https or tls, like rethink dns, nextdns etc
Good tutorial but I think you miss a important point for some people who can not see any readable DNS query. If DNS query is encrypted(maybe by HTTPS), WireShark can not capture those DNS query in readable string.
great stuff 👍 many useful cases for this tool
last time i used it was to check my dns traffic to make sure it was all configured/encrypted correctly
for a deeper dive, chris greer has some good wireshark content on youtube, explains filters well
Hello Leo, many thanks for a great content as always.
Would you ever consider doing a content on how to use Wireshark for hunting malware?!
I don't know if you do this already but maybe create a 'related series' as an aside to the main thrust of the channel. Anyway those are my thoughts and content like this is very useful for 'dipping' the toe in, which may be useful down the track.
I’m interested in computer science and how they connect with the world. It’s fascinating but intimidating and overwhelming.. I subscribed hoping you’ll put up more content like this. Break it down for us..
Thank You So Much For The Video Sir Please Make More Videos On How To Use Wireshark 💓✨
Yes please, Leo, more videos like this one. Thanks as always.
Great video!
This video seems like it's missing an important part of the usefulness of wireshark. How do I identify what I don't know what I'm looking for? No shit if I connect to youtube I'll see youtube but what about unrecognized connections from potentially malicious software on my PC
You have to look at this differently it’s made for people who never used it before you can’t start somewhere in the middle or very complicated if you are learning something new
You are right it is for network analysis, but he is only showing a small use case of wireshark
Wireshark is an investigative tool, not anti-malware. If you want a quick and easy way to detect malware, this isn't it.
In that scenario you would wanna look for network connections involving unusual ports, so lets say you have a typical Windows home edition PC, but you spot a some random executables (Apps and .exe) successfully connecting via Port 22, Port 3389 BUT you don’t even have Remote Desktop feature because that’s unavailable in Home editions. This is just one example and trust me this can be a rabbit hole of being over suspicions but this is one example of an outbound C&C connection
@@pcsecuritychannel Sounds like an opportuniy for something AI to "sit" on top of wireshark and do this.
Just a note at the beginning you can select multiple network adapters by holding CTRL as well.
This is an awesome video thanks.
Yes, please do more videos to add on this one (advance). Is there anything further to see if the connections are not easily identifiable?
Is there a way to pinpoint a remote connection quickly?
An interesting video subject would be on what to do when you find your computer connecting to places you don't want it to.
would love a more deep dive to understand what other kinds of network requests are being made if a malicious software is installed.
Merci 😊😊😊
Now I know you have a website. =) Glad to know.
Cool. Thanks!
Very good vid.
Please create a video on accessing malicious and phishing domains while using NextDNS. A general review of NextDNS would also be be nice!
Thanks !!!!!!
DNS can be also encrypted using DNS over TLS or DNS over HTTPS. So than you cannot see any DNS requests which was made. ISP also cannot see it 😊
Hi Leo, thank you as always informative. One more thing what does it mean - red SSDP, notify
My old Outpost Firewall used to show me similar information, separated by the apps (or component of the O.S.) which was generating the connection... Is there a tool for this or is there an option available on Wireshark for monitoring this? Or is only doable on firewalls?
That Wallpaper look sick!
Where did you get it? @The Pc Security Channel
enjoyable video ,thank you . one question how do we stop the spyware. a video on how to turn it off, individually would be most welcome . 🙂
I would like to snoop on WiFi traffic to the various WiFi-enabled devices that are proliferating in my house. This is mostly a curiosity, but I expect there will also be surprises, some perhaps concerning. I've been told that I can use Wireshark to do this, but I need to add a separate dedicated WiFi interface on my PC that supports "promiscuous mode". I found some trailing edge WiFi dongles that are supposed to support promiscuous mode, but I also need a compatible driver. This is where I have hit a dead-end, as I have been warned that the drivers for these trailing edge WiFi interfaces often have embedded malware, and I don't have a sacrificial PC available to dedicate to this effort.
Any light you can shed on this in a future video would be of interest to me.
Yes, more vids like this!
What browser are you using?
Good video
This reminds me of back in late 90s early2000s there was a free app (can’t remember name) that backtracked incoming pings.
Does Wireshark show only the activity on the computer it’s downloaded to, or the LAN the computer is part of?
Is Malewarebytes still poot for on the fly? I trust it is still great at scans
Compare it to some really old programs like smsniff, currports, systernals process explorer or the process explorer inside Panda AV that shows which programs connect and where in readable form with a log.
i dont see that much DNS listings on mine, just a couple from kaspersky, maybe it didn't install right?
What to do to get rid of the 12 or so UAC notification whenever we start Wireshark?
You need to do a video, kaspersky vs malwarebytes premium
What about reading the cap file...how can that be done?
hey , I wonder how MacOS handle this? can you do these on MacOS also?
How did you get it in Dark Look/Mode?
Not going to lie if you start using Wireshark and if you have familiarity with osi model like layer with layer 3 routers packets and layer 2 switches frames then it's not bad at all. To read the traffic and knowing udp tcp protocols you're golden. I think I need help with adjusting ethernet adapter into promiscuous mode and the other mode. And what's the functionality.
I am very curious about why there is no option to have a professional packet capturing software like Wireshark for mobile/Android?
Cool!
How about an app for a phone and firewall to block outgoing requests?
is it normal to have remote desktop to be running in the background?
Portmaster and winaero tweaker are my ho to programs for shutting down telemetry.
how would one check a hacked PC on this environment?
can you do us a favor and review costume os like tiny11, Ghost Spectre, windows x lite, from a security prespective many people want to use them.
just give us a genral security test of them please. :(
I'm sure my FBI agent has this task well in hand. For my safety, of course.
this is a tool that is great for checking if your computer has been RATTED right?
how to restart everything it does something watching my pc
I have little snitch. Not as deep as this, but it is powerful
Waiting for eset smart security 17.
This is why you need to be careful if you work from home.Only connect your work laptop to guest wifi
When will you finally release an app showing you who is watching through your eyes?
How to know about suspicious connection
Boot up Win7 with wireshark. Boot up Win11 with wireshark. Now throw away that Win11 installer.
always there is a "tool" to...
Better use Portmaster
Shout out to Safing Portmaster it blocks a lot of this spying
Hello Everyone, From The UK👋
Now if we could just firewall all traffic until I actually open google, or open my video game, then I would be happy
My Gigabyte GA-990FXA-UD5 R5 motherboard connects to the internet in the middle of the night after I turn it off.
If Windows, go into settings and turn off "wake on LAN".
@@zapa1pnt Is disabled. By the way, the motherboard does this without a hard drive attached. It turns itself on in a kind of low-power mode and connects to the Internet.
@@coisasnatv: Well, if you can't find it in the BIOS, you will need to unplug it, after shutdown. 😁✌🖖
@@zapa1pnt I already do. But how many people don't know? How many people are affected by this? Gigabyte is famous for doing this, google the topic and you will see that Gigabyte has been caught with his pants down more than once doing exactly the same thing.
👍
It helped me discover a virus on my mums phone once as the virus attempted to scan the WiFi network my computer and mum's phone were connected to.
just use peerblock
thanks
the biggest question is are wireshark is safe to used it since all virus check website say have something on it?
If you try to download a cracked version of any program it will come up as having a virus because of the software used to crack the program This is piracy and if you want the full version of a paid program then go pay them for it and you don't have false positives for virus alerts. Wireshark is free and used by a lot of people so it is very unlikely to come preloaded with a virus. I've just installed Wireshark and there are NO viruses at all...
So you live in Canary Wharf?
Can you test Firewall of Avast Free? Thanks
I appreciate this video, but this tutorial is a little too basic. would love to see something more in depth in the future.
when ever I see them ads server or address, it will be paste into my "hosts" file
pretty simple idk why people are crying in the comments 😂
"What applications are reaching out and what data is being sent?" -> You only show how to look at DNS requests, this show nothing about what data applications are sending. You only show which DNS queries your PC as a whole is making.
"Maybe you are even hacked and your computer is connecting to attackers" -> By just looking at DNS that shows nothing, maybe they are using IPs instead of domain names. Maybe they use some Amazon or Google endpoint which doesn't make it clear either. Maybe they embedded a Tor tunnel.
Once a domain has been resolved, it wouldn't re-resolve unless you've flushed your DNS cache or forcefully look up the domain again (using nslookup for example).
I would've preferred to see how to isolate traffic from a specific application to see exactly what it does and exactly what data is being sent.
nice
is epic games spyware because when i launch my laptop fans starting turning
Measly content for a tutorial....
loolll I WILL NOT HACK THE WORLD, LEAVE ME ALONE