[MUSIC] We've been talking about capturing packets on the network interface. I've mentioned it before and now we're gonna just try a little bit, let you see how to do it. Actually that will be one of the assignments too, you can give it a try. So we'll start out by starting the WireShark application, which is gonna be our packet capture tool. So WireShark, I have the icon down here on the bottom. It's this shark fin one. So I'll start that. So network packet protocol analyzer. So if we look at WireShark, let's pull it up a little bit, first thing it does is, right on the front screen, it gives me a list of devices. Interface list here. Let's click on interface list to see the interfaces. Now right here's listing four interfaces. Four different rows in this little window that's popped up. Now each one of these interfaces is a network interface they can capture on Bluetooth, wi-fi, wired ethernet and so on. It's a little bit hard to tell which one's the right one, but I already know that it's the bottom one, mostly because the number of packets. Notice that it's already catching a few packets on that interface and the other ones are basically dead. So I will click that interface. Just like that. Now, notice the start button. When I select start, it will start capturing. So I'll hit start, and WireShark should start capturing packets. Now notice that WireShark is blank at the moment. That's because there are no packets, right now, at this moment. On this interface. There go a few, okay it's noticing a little bit of noise. But what I'll do is, hm I'm curious what those are but I'll look at those later. So right now. I see that they are, one's a ARP. So what I'll do now is I'll force some packets under the interface. What I'll do is I'll start my web browser. So that my web browser can talk to a web server. And then this will record the packets that are transferred back and forth. So let's start my browser. Mozilla Firefox. Okay, now as it's starting, let's just move it outta the way for a second. Yeah, see in the background here, we've got WireShark capturing lots of packets. So I'm gonna tell it to stop, we've captured enough. Click on capture. Stop right here. Okay now it's stopped. So we've already gotten over 3,600 packets just in that short amount of time. Now, notice that what's showing here in the main window, it shows one row for every packet that it captured. And it's just a one row summary, it's not the whole message. We can select each one and look at it in more detail. We'll do that in a second. So first let me sort these according to protocol. There's this column here, protocol, and you can see a lot of these messages RTCP, which is an internet protocol. Also, you've got HTTP. Which is web traffic. So, let's click on protocol and sort according to protocol. Now, DNS domain name service, ARP address resolution protocol and so on. So, lot's of different protocols being used. We're going to go straight to the HTTP messages. So let me just scroll down to HTTP. So if you remember, HTTP is basically world wide web. So let's take a look at the first HTTP message, that's this one right here, so I select it. So I've highlighted that line. And the window below, it gives me more information about that particular packet. Actually if we look all the way to the bottom window down here, you'll see basically Hex. What's called a Hex dump. Hex digits 001907D4 and so on. So it's digits and letters A through F. This is the representation of the message in hexadecimal, so just the bare zeros and ones represented in hexadecimal. It's showing me that, which I'm not too interested in looking at right now, but sometimes you want to look at the bare hex. Now, above that, over in this window, it basically has taken this hexadecimal and broken it down into fields according to the protocol. So, if we look here, notice here in light blue, it says Hypertext Transfer Protocol. So I'll click the plus sign next to that, and what it does is, it says look, I'll scroll down a little bit so we can see. What it does is it realizes that this is an HTTP protocol packet, and so, given that it's in that protocol, it knows the format of the message. So, it knows this first piece of information should be the get, then the next one should be the next header. Next should be the next. So it organizes it in that way so I can read it. So the first one we see here is the get. GetHTTP141. That's just the get requesting the webpage. Get slash, so it's just selecting whatever webpage is available there at the top level directory. And its giving you the protocol number, this is how any kind of a get message starts is with a generic line like that. So it's requesting a website. And that's what happens when you start up a web browser it goes to its default website and that's what its doing. And then you can look at the line below it host/..org, and that's because my default website is /..org. So the first thing it did was it went to /..org, requested the web page. And line after line, if we scroll down a little bit, we can see more headers, user agent, accept. So you can see I'm using Mozilla, you can see what version and so on. You can see all the information inside the packet. So, that is Packet Capture for you. And you can store it and do all kinds of nice things. To look at lots of details about each packet if you're interested in that, thank you. [MUSIC]