Welcome to Jeremy’s IT Lab. This is a free, complete course for the CCNA. If you like these videos, please subscribe to follow along with the series. Also, please like and leave a comment, and share the video to help spread this free series of videos. Thanks for your help. In this video we’ll take a look at Wireshark. I have shown you Wireshark a couple times in the course, but today I’ll spend a little bit more time on it. Although there is a lot you can learn about Wireshark, it’s quite easy to get started using it. Network engineers use it as a tool in their job all the time, and it’s also a fantastic study tool. Using Packet Tracer’s ‘simulation’ mode you can analyze packets to some extent, but not at the same level as Wireshark. Packet Tracer is a network simulator, but Wireshark lets you capture and analyze real network traffic. Up here you can see the packets as they are sent or received by the network interface you are capturing traffic from, and if you click on a packet you can see more details down here. Note that this kind of software is called ‘packet capture’ software. Packet is just a general term we use, it doesn’t mean it only captures the Layer 3 PDU. As you can see here, the entire frame is indeed captured. To download Wireshark, go to wireshark.org. It’s totally free, so you really should get it. At the end of this demonstration I’ll give you a few basic tasks to try out in Wireshark, so you’ll need to download it if you want to do them. Usually in my lab videos I give a shoutout to Boson NetSim, Boson’s amazing network simulator with a ton of guided practice labs. Since I’m not doing a regular configuration lab this time, I decided to let you know about Boson’s CCNA courseware, which they released recently. Basically, this is Boson’s complete course for the CCNA. What do you get in the courseware? You get the curriculum, which is the main CCNA course in PDF format. You get a PDF lab guide, and on top of that a lab pack you can do in NetSim. These are not the labs included in NetSim for CCNA, these are completely new and unique labs made for the courseware. Here’s the table of contents for the curriculum, covering everything you need to know for the CCNA. I always recommend using multiple resources to study for the exam, and I think Boson’s courseware is a great option. I didn’t use their courseware for the previous edition of the CCNA, but I did use their CCNP courseware to study for my exams and it was excellent. If you want to get Boson’s courseware, follow the link in the video description. You can download a sample from their website. Okay, back to Wireshark. First up I’m just going to show you a brief video of me using Wireshark to capture traffic being sent and received by the network interface of my PC. When the capture starts you’ll see there’s already a lot of network traffic going through the interface. Then I open a YouTube page and start watching a video, and you’ll see some more traffic. Okay, let’s just watch the video, it’s about 45 seconds long, and then I’ll walk through an actual analysis of some of the traffic. Okay, so that was a lot of traffic that went passing by. Let’s analyze some of it. Notice that in Wireshark you are able to filter output. There are many ways you can do so. This video isn’t about how to master Wireshark, so I won’t cover anything like that. Just notice that I filtered by the TCP port number. If you do want to learn more about Wireshark, David Bombal has a fantastic course on Udemy, and also a free Wireshark and ethical hacking course here on YouTube, check them out if you’re curious. Okay, notice the first message here, under ‘protocol’ you can see that TCP is the Layer 4 protocol being used. Under ‘info’ you can see the source and destination ports. From 62652 to 443 in the first message, and reversed in the second message, which is the reply. What is 62652? It’s the random source port my PC selected from the ephemeral port range. How about 443? That’s HTTPS, Hypertext Transfer Protocol Secure, it’s used to access webpages. Look here, do you recognize this series of messages? SYN, SYN-ACK, followed by ACK. That’s the TCP 3-way handshake. So, in these first three messages my PC and the remote server established a TCP connection. You can also see the sequence number, acknowledgment number, and window length. Remember that I said the initial sequence number is randomly selected? You might be thinking it’s a big coincidence that 0 was randomly selected as the sequence number. In Wireshark it is displayed as 0 here to make it easier to look at and understand, but that’s not the actual sequence number. When we look further at the details of the segment you’ll see the real sequence number. So, sequence number 0 is acknowledged with 1, there’s the forward acknowledgment I told you about. Then my PC sends sequence number 1. Once again, these aren’t the real sequence numbers, Wireshark just displays them like this to make it easier to look at and analyze the data exchange. Then there is the actual exchange of data here. Notice that most of these display SSL in the protocol column. SSL is what gives the security to HTTPS, Hypertext Transfer Protocol Secure. TCP is still being used, but Wireshark displays SSL in the column here. Finally, you can see the exchange of FINs and ACKs to terminate the connection at the end. You probably noticed that the flags are a little different than I introduced in the lecture, there is an extra ACK in the first and third messages. There are some nuances to the connection termination process which you don’t need to worry about at the CCNA level. I recommend just remembering the basic FIN, ACK, FIN, ACK sequence. Now let’s briefly look inside one of those segments. This is the very first SYN message at the beginning of the three-way handshake. First up, notice that the segment is of course encapsulated in an Ethernet frame and IP packet. We’re just looking deeper than we did before, but don’t forget about Layers 2 and 3. Okay, I want to point out the sequence number here. Notice that ‘0’ is the relative sequence number. Wireshark does this to make it easier to analyze the traffic. Below you can see the real sequence number. As you can probably imagine, it is much harder to analyze when using sequence and acknowledgment numbers like 1 billion 224 million 315 thousand 781. Okay, there are just a couple other things I wanted to point out. Because this is a SYN message, under the ‘flags’ section you can see that the SYN bit is set, it’s 1. All of the other flags are not set, they are 0. Finally, you can see the TCP window size down here. Okay, before wrapping up this brief demonstration let’s look at a UDP segment. First up, notice that this is a DNS, Domain Name System, message. This is from my PC to a DNS server. So, what will the destination port be? As you can see here, my PC selected a random source port from the ephemeral range, and used 53 as the destination port, because that’s the port number DNS uses. Within the segment you can indeed see that a DNS message is encapsulated inside. This is a DNS query message, you’ll learn more about DNS later in the course. That’s all I wanted to point out about UDP, as you already know it’s much simpler than TCP. Finally, here’s a little bit of homework for you to get familiar with Wireshark. You don’t have to do this, of course, but it won’t take too much time. First, download Wireshark from wireshark.org. Then use it to capture network traffic sent and received by your PC. Visit some websites while Wireshark is running. Then stop the Wireshark capture. Check out the packet captures, and find a TCP three-way handshake, a TCP connection establishment. Then find a TCP four-way handshake, a TCP connection termination. Again, if you really want to learn how to use Wireshark I recommend checking out David Bombal’s free videos on YouTube or getting his Wireshark course on Udemy. I’m no Wireshark expert myself, David Bombal is much more knowledgeable about it than I am. Okay, that’s all for the video, I hope it was interesting to look inside some packet captures and see some of the things we studied in the lecture video. Before finishing today’s video I want to thank my JCNP-level channel members. To join, please click the ‘Join’ button under the video. Thank you to Benjamin, Deepak, Tshepiso, Justin, Loki, TheGunguy, Nil, Alex, Prakaash, Nasir, Erlison, Apogee, Wasseem, Marko, Florian, Daming, Kone, Joshua, Jhilmar, Samil, Ed, Value, John, Funnydart, Scott, Hassan, Gerrard, Joyce, Marek, Velvijaykum, C Mohd, Johan, Mark, Yousif, Sidi, Boson Software, Charlesetta, Devin, Lito, Yonatan, and Vance. Sorry if I pronounced your name incorrectly, but thank you so much for your support. One of you is still displaying as Channel failed to load, if this is you please let me know and I’ll see if YouTube can fix it. This is the list of JCNP-level members at the time of recording by the way, September 29th 2020, if you signed up recently and your name isn’t on here don’t worry, you’ll be in future videos. Thank you for watching. Please subscribe to the channel, like the video, leave a comment, and share the video with anyone else studying for the CCNA. If you want to leave a tip, check the links in the description. I'm also a Brave verified publisher and accept BAT, or Basic Attention Token, tips via the Brave browser. That's all for now.