{"type":"video","version":"1.0","html":"<iframe src=\"https://www.loom.com/embed/5156e05f822c4567a25e2b44f90a42d0\" frameborder=\"0\" width=\"1920\" height=\"1440\" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>","height":1440,"width":1920,"provider_name":"Loom","provider_url":"https://www.loom.com","thumbnail_height":1440,"thumbnail_width":1920,"thumbnail_url":"https://cdn.loom.com/sessions/thumbnails/5156e05f822c4567a25e2b44f90a42d0-c1654e429b6e49af.gif","duration":1148.004,"title":"Wireshark DNS, TCP Handshakes, HTTP Secrets Capture 🔍","description":"In this lab, I walk through downloading and using Wireshark to monitor network packets for troubleshooting and spotting malicious activity. I capture a DNS lookup by running nslookup for google.com, then filtering DNS to show the A record query and reply with the IP match. Next, I show a TCP three way handshake by visiting a site and filtering TCP by the resolved IP to identify SYN, SYN ACK, and ACK. Then I demonstrate how cleartext HTTP can expose posted login credentials by filtering http request method POST and opening the signin page. I also show how to follow a TCP stream, and how to save packets and filters for later analysis."}