 Hi everyone in this video we will learn about wireshark wireshark is a very useful utility Which helps us to capture all the network packets which are passing through an interface cards on our computer So I'll open a terminal and start fireshark. You can install wireshark using sudo apt install wireshark I have already Installed it. So I'll directly open it using root privilege Let's enter the password Okay, so this is the wireshark interface. So we'll start the packet capturing using this button So let's try to open some website. Let's say csc.itb.ac.in and You can see that there are lots of packets which we can see in wireshark So there are various different IP addresses. Let's first find what is the IP address of csc.itb.ac.in I'll copy this IP address and I'll stop this packet capturing and filter based on the IP address. So I will write ip.addr equal to this So now we can see virtual packets for exchange between my computer and The csc server. So if we have a look at the first three packets, we can identify that this is the three-way handshake so this is the IP address of my router and It sends to the destination one tcp packet the scene packet and the server responds with an acknowledgement for the scene packet and Then my computer again sends the acknowledgement packet to complete the three-way handshake So that's how the communication begins with the csc server and then it sends lots of other packets Let's first see what all are the different fields So this is the time field which shows at what time relative to the beginning of packet capture This transmission took place and it shows the source and destination then which protocol was used So we can see there are two mainly TCP and TLS the TLS stands for transport layer security protocol and Then the length of the packet and then some information So let's try to see some application data packet So this is one application data packet and you can see that because it is a TLS packet There is a secure sockets layer on top of the TCP layer. So here we can go through various headers that are there in this packet So let's open this TCP header. So here it shows us the source port the destination port the sequence number and acknowledgement number and various other things such as checksum Similarly, we can go through other headers such as IP header Ethernet header or the frame header and Here if you see the payload, we cannot make any sense of it because this is encrypted application data So let's try to see if we can Access some unsecure website and if we can make sense of the payload data So what I'll do here is a I'll open HTTP website now most of the website today use HTTPS. So that stands for secure So they will encrypt the packet data before sending it over the network But here I have copied one URL, which is still using HTTP This is the website and if I go to this login page Then here we can see that there is a red line on the log and here it shows us that connection is not secure Because it is using HTTP Oh Let's start the capture and I'll continue without saving and I'll remove this filter also and now if I enter some username password Let's see. I enter username and password as underscore underscore password And if I log in I will just choose don't save So it says username and password do not match. Okay, but we do not care I will stop the capture and Now let's filter based on TCP packets which contains The word username so here it shows me this packet and You can see that we can clearly make sense of all this data because this is not encrypted and If I click here, then it shows me that The username is username and password is underscore underscore password So I can clearly see the password if I just snoop over the network traffic So that is one of the reason why it is suggested to use public Wi-Fi networks cautiously because someone might be snooping on The router and if we happen to visit someone's secure website, then the person can easily know over ID password So that was it for this video. Thanks and have a nice day you