Hands-On Cybersecurity and Ethical Hacking – Full Course

In this course, you will learn the fundamentals of cyber security and ethical hacking using Kali Linux, and you'll learn how to protect systems from vulnerabilities. This beginner-friendly,

vulnerabilities. This beginner-friendly, practical, and hands-on course from Sunny covers essential techniques, tools, and ethical considerations. This

course covers key topics like penetration testing, network security, and how to determine system vulnerabilities. Hello and welcome to

vulnerabilities. Hello and welcome to this course where you are going to learn handson cyber security and ethical hacking from scratch. This course is

suitable for beginners who have no prior knowledge of ethical hacking. Everything

will be taught from level zero. By the

end of this course, you will be very comfortable with Linux command line, various attacking tools, wireless security, defensive tools, end mapap,

wire sharkark and many more tools. My

name is Sanim Malu. I am a cyber security consultant and reverse engineer. I will be your instructor for

engineer. I will be your instructor for this course. Now, let me quickly walk

this course. Now, let me quickly walk you through the course curriculum and what you will learn in this course. We

will start with the fundamentals of Kali Linux such as copying, removing, renaming files, how to navigate your file system efficiently. Then we will

move to Linux administration where you will learn the pseudo command, root user, how to create, remove, install and

uninstall applications and more. Once

fundamentals are done, we will move on to wireless security where you are going to learn how to perform Wi-Fi penetration testing and defend against

Wi-Fi attacks. Then we will move to the

Wi-Fi attacks. Then we will move to the Wireshark which is one of the most important tools in cyber security and learn how to use it. We will also cover

N map and many more tools. Now let's

dive into the practicals. We are going to use Kali Linux operating system. If

you don't have Kali Linux installed, I have a separate video on my channel for Kali Linux installation. So check that out first. Now let's dive into the

out first. Now let's dive into the practicals. Before we dive into the

practicals. Before we dive into the practicals, let me briefly explain what Kali Linux is. Kali Linux is an

operating system that is specifically built for penetration testing and cyber security tasks. It is widely used for

security tasks. It is widely used for ethical hacking and cyber security tasks such as penetration testing, security research, computer forensic and reverse

engineering. It has more than 300

engineering. It has more than 300 pre-installed hacking and forensic tools. Before we start using all the

tools. Before we start using all the fancy tools, we need to learn the fundamentals of its command line. Now

let's dive into the practicals. If you

have not installed Kali Linux yet, I have covered the installation process in a separate video on my channel. Please

watch that video first. If you want to learn beyond the basics, I have an advanced cyber security course on Udemy.

Feel free to check it out. The link is in the description. Now, first thing that we need to do is open the terminal.

There are multiple ways to open the terminal. The easiest among all is press

terminal. The easiest among all is press control + alt + t together and it should open up the terminal. This is the

terminal. Or you can click on the

terminal. Or you can click on the applications icon or menu and in the search box type terminal. Click on

terminal emulator. Or you can directly click on the terminals icon at the taskbar. Here it is. Click on it and it

taskbar. Here it is. Click on it and it will definitely open up the terminal.

Now before executing any commands I'm going to change the font size. As you

can see the fonts are barely visible. So

go to the file, click on preferences, click on appearance tab and click on on the change button and click on up arrow

to increase the font size. I'm going to set it to 13. 13 works for me. Click on

okay. Click on okay. As you can see now we have a much more readable font size.

When we open the terminal we are presented with these two names separated by this symbol. Now this symbol can be

anything. It is just a separator which

anything. It is just a separator which separates these two names. Now name on your left side is the user name who is

currently logged in. So type who am I command press enter. Who am I command displays the currently logged in user.

So the current logged in user is Dimalu.

It means Dimalu is using the system name on your right side is the host name or your system name. Type host name

command. It displays the host name.

command. It displays the host name.

Press enter. Now type clear. Clear

command. As the name suggests, it clears the the terminal. Press enter. Now, next

command that uh I'm going to type is date. D date prints the current date and

date. D date prints the current date and time. Press enter. As you can see, this

time. Press enter. As you can see, this is the current date. I'm recording this video on this date. Now, type PWD. PWD

stands for present working directory. It

displays your present working directory where you are in your file system. Press

enter. As you can see, my current working directory is Dimalu. Dimalu is

the home directory for the user Dimalu.

And we also have this dollar sign symbol, right? It also has a meaning.

symbol, right? It also has a meaning.

The dollar sign essentially represents the regular or normal users. In Linux,

there are two types of users. Root user

and regular users. The dollar sign represents the regular users. For now,

you don't have to worry about users. We

will get back to users in a dedicated section. The currently logged in user

section. The currently logged in user which is Dimalu is also a regular user.

Now, before wrapping up this video, let me execute history command. The history

command displays all the commands that you have executed previously. Press

enter. As you can see, this is the list of commands that have been executed on this freshly installed Kali Linux machine. LS is an essential Linux

machine. LS is an essential Linux command. LS stands for list or listing.

command. LS stands for list or listing.

As the name suggests, it is used to list or display files and directories. You

can view or check the contents of a specific directory or multiple directories with ls command. Now let's

dive into the practicals. So type ls, press enter. By default, the ls command

press enter. By default, the ls command displays all the files and directories in your current working directory. So

these are the files and directories in my current working directory which is home. And here we have two colors,

home. And here we have two colors, right? the blue color and white color.

right? the blue color and white color.

The blue color represents directories and the white color represents files.

The white color essentially represents all file types whether it is sh file or txt file, mp4 files, PDF files. All file

types are represented by the white color in Kali Linux. Now the default ls command does not display the hidden

files and directories. So if you want to list hidden content then type ls space- a parameter allows us to display or list

all the files and directories including the hidden files and directories. Press

enter. As you can see guys, we have files and directories that have dot at the beginning. The files and directories

the beginning. The files and directories that have dot at the beginning, they are the hidden ones. Now let me execute ls again. As you can see, the default ls

again. As you can see, the default ls command displays contents of current working directory. Now I only want to

working directory. Now I only want to list contents of a specific directory.

Let's say I only want to see what is inside the desktop directory. Then type

ls. Now specify name of the directory whose content you want to check desktop.

So this time I am telling ls command that only list contents of this specified directory. It will display

specified directory. It will display what is inside this specified directory uh desktop. Press enter. As you can see

uh desktop. Press enter. As you can see this time it is only uh listing contents of the desktop. Similarly, we can list

contents of multiple directories as well. Just separate the directories with

well. Just separate the directories with a space. Let's say etc. And this time ls

a space. Let's say etc. And this time ls command is going to list contents of desktop and the etc directory. Press

enter. As you can see this is this is the contents of desktop and this is the contents of etc directory. In this way

you can basically uh list contents of as many directories as you like. Just

separate those directories with a space like this. This time it is going to list

like this. This time it is going to list contents of these three specified directories. Press enter. As you can see

directories. Press enter. As you can see guys, now the default ls command as you can see only displays the file and

directory names. Right? However,

directory names. Right? However,

sometimes we want more details such as file size, last modified date, etc. So, type ls space-l

stands for long listing. It gives us a detailed information about the files and directories. Press enter. And first

directories. Press enter. And first

field from the right displays the directory or file name. Then we have this date and time. Right now this date

and time automatically get updated when you modify a file or directory. In the

context of a file when you modify or edit a file then this date and time get updated automatically. And in the

updated automatically. And in the context of a directory when you add a new directory or file to a directory

then this date and time get updated. Or

if you modify a file within a directory then the date and time of that particular directory also get updated.

Now next field that we have is this. It

displays the file size in bytes which is not very readable to us. So if you want a more readable format for displaying

file and directory size then ls - l and hyphen hyphen h stands for human readable. Press enter. As you can see

readable. Press enter. As you can see now we have file size in kilobytes, megabytes and gigabytes. iPhone h

essentially displays file size in kilobytes, gigabytes and megabytes.

And you don't have to you know write the hyphen H parameter separately. You can

simply combine it with hyphen L or other parameters. Press enter. As you can see

parameters. Press enter. As you can see it is producing the same result. CD

stands for change directory. It is a simple command. As the name tells you cd

simple command. As the name tells you cd allows us to navigate in our file system. So if you want to change

system. So if you want to change directory or location then we have to use the cd command. So open your

terminal. Let me type ls and execute pwd

terminal. Let me type ls and execute pwd as well. Now my current working

as well. Now my current working directory is home. I'm in my home directory. Right now let's say I want to

directory. Right now let's say I want to switch or change my directory from current working directory to desktop.

Then type cd space. Now specify the exact directory name where you want to switch desktop. Press enter. pwd. As you

switch desktop. Press enter. pwd. As you

can see guys, my current working directory has been changed to the desktop.

Now if you want to go one directory back, then type cd space two dots. It

takes us one directory back in our file system. Press enter. pwd as you can see.

system. Press enter. pwd as you can see.

Similarly, you can go multiple directories back with cd command. Type

cd space two dots forward slash two dots again. It will take us two directories

again. It will take us two directories back. Press enter. pwd as you can see.

back. Press enter. pwd as you can see.

And you can go as many directories back as you like with cd command. Just

separate two dots with forward slash.

Then it takes us that many directories back. Now what happens if you don't

back. Now what happens if you don't specify any directory name to the to the cd command right? My current working

directory is desktop. Now if I type only cd command and don't provide any directory name then the cd command by

default redirects us to the home directory. So press enter pwd. As you

directory. So press enter pwd. As you

can see the current working directory has been changed from desktop to home.

Sometimes we unintentionally or mistakenly execute the cd command which eventually redirects us to the home

directory. So if you want to go to your

directory. So if you want to go to your previous working directory then type cd space and hyphen. It will take me to my

previous working directory which was desktop. So press enter. As you can see

desktop. So press enter. As you can see guys, my directory has been changed to my previous working directory uh which

is desktop. In this video, we will learn

is desktop. In this video, we will learn how to create and modify text files using the nano text editor. Nano is a

terminal based text editor that allows us to create, open and modify text files directly within the terminal. It is an

easy to use and lightweight tool that offers features such as syntax highlighting, line numbering, search and replace, copy, cut and paste among

others. In this video, we will cover the

others. In this video, we will cover the fundamentals of Nano. Now, Nano is one tool that you will be using on a daily

basis. Now, let's jump into the

basis. Now, let's jump into the practicals. type nano

practicals. type nano and press enter. We are inside the nano text editor. Now nano is absolutely

text editor. Now nano is absolutely ready to take the inputs. So let me type a few random text lines. Let's say this

is a line number one. Now press enter for a new line. This is a new line.

Press enter again.

third line and at the bottom these are the options that we can use with the nano. First

option that we have is controll G.

Control + G is for help. It displays the documentation for nano in detail. So

press control + G together. And uh here we have the the detailed information about the nano. Here we have the description for Nano, what it is and

what it does. Now press the down arrow key to scroll through the entire documentation here. These are the options that we can

here. These are the options that we can use with Nano. So guys feel free to go through this uh this uh lengthy

documentation. Now to exit out of this

documentation. Now to exit out of this documentation, press Q. Then we have control O. Control O is for write out.

control O. Control O is for write out.

Write out simply means saving the content to a file. I have not saved these lines into a file yet. So to save

press control + O. Now here as you can see file name to write. Specify the file name where you want to save this

content. Let me give let's say file name

content. Let me give let's say file name dummy. txt. Remember guys, by default

dummy. txt. Remember guys, by default the nano saves the file in your current working directory. My current working

working directory. My current working directory is desktop. So this dummy.txt file will be saved in in my desktop. Now

press enter. As you can see root four lines at the top. Here we have the dummy.txt file where the content has

been saved. Now to exit out of nano

been saved. Now to exit out of nano press control + x. Let me ls to check whether the file has been created or

not. As you can see guys dummy.xt file

not. As you can see guys dummy.xt file

has been created. Now I want to edit or modify this dummy.xt file using nano.

Type nano dummy.xt.

Provide the file name. Press enter. Now

we have opened the dummy. TXT file

successfully. Now we can you know modify this file however we like. So guys

that's how you can create, save and modify contents of text files using nano text editor. Now before wrapping up this

text editor. Now before wrapping up this video, let me show you one uh trick that you can use for saving time. We can

create the file at the beginning when we start nano. All you need to do is type

start nano. All you need to do is type nano and specify the file name new file.txt.

file.txt.

Remember the way nano works if the file name that you specify if it already exists then it will open uh the existing

file and if the file does not exist then nano will create the file. Press enter.

As you can see, new file.ext has been created. Now we can write

created. Now we can write content to it. Press enter. For new

line, press Ctrl O for saving the contents to the file. Press Ctrl + X to

exit out of nano ls. As you can see, new file uh txt has been created. In this

video, we will take a look at the cat command. I can assure you that you will

command. I can assure you that you will be using it on a daily basis. It is

among the core commands of Linux. So,

what does the cat command do? The cat

command is a versatile multi-purpose command that can be used for a variety of tasks such as creating text files,

viewing the content of files, appending text to existing files, etc. The CAT stands for concatenation. This is the first video on the CAT command. In this

video, we will learn how to view the contents of a file and print line numbers as well. Now let's jump into the

practicals. Let me ls I have these two

practicals. Let me ls I have these two files in my desktop and I want to view contents of uh let's say this dummy.txt

file. So type cat and space. Now specify

file. So type cat and space. Now specify

the file name whose content you want to view or print. I'm going to go with dummy.txt.

dummy.txt.

So I'm telling cat that display or print the contents of this specified file. Let

me press enter. As you can see guys, this is the contents of this dummy. TXT

file. Now one thing that is missing is is the line numbers. CAD command does allow us to print line numbers as well

which is a very convenient feature. So

type cat, let's say dummy.xt txt and space hyphen n. It prints the line numbers. As you can see guys, now we

numbers. As you can see guys, now we have a very well formatted output and we have six line numbers, right? This is

because these two are the blank lines.

Blank lines also get counted. The get

command also allows us to view contents of multiple files. All you have to do is tell the cat command those file names.

Let's say cat space dummy.xt.

Now space d1.txt.

So you have to separate the file names with a space. And this time cat command is going to print contents of dummy.xt

file and d1.txt file. Let me press enter. As you can see

file. Let me press enter. As you can see guys, this is the contents of first file and this is the uh this is the contents

of D1 txt file. In this way, you can view contents of as many files as you like. Just separate file names with a

like. Just separate file names with a space then it will print contents of all the specified files. Now I'm going to

print contents of a file which is uh located in another directory right the d1 and dummy.txt these files are in my current working directory. I want to

print contents of a file which is inside etc directory. The file name is passd.

etc directory. The file name is passd.

Now the passd file stores user account details. All the user accounts details

details. All the user accounts details are stored inside this passd file. Press

enter. As you can see guys, these are the user accounts in my Linux system. I

will get back to this past WD file in a dedicated video. We will continue where

dedicated video. We will continue where we left off in the previous video. In

this video, we will learn how to create files and append contents to existing files using the catch command. We will

also learn how to concatenate multiple files into one. Now let's jump into the practicals to create a file using cat.

Type cat. Now type the greater than symbol and specify the file name that you want to create. Let me create dummy.txt.

dummy.txt.

Press enter. As you can notice, we have this uh cursor. It is essentially waiting for us to input something. Let

me input a few random text line. This is

a text line. Press enter for a new line.

text line. Press enter for a new line.

Line number two.

Now to exit out of the cat, press control + C. Let me ls. As you can see, the file has been created. Let's check

its contents.

And these are the exact lines that we wrote uh inside the the dummy. TXT file.

The cat command works pretty much like the output redirection operator. It

overrides the contents of existing file.

The way the cat command works, if the file doesn't exist, then it creates that file first and writes content to it. And

if the file already exists, then it removes contents of that existing file and only keep or save the new content

that you write to it. For example, I already have this file called dummy.txt.

So if I write contents to this dummy.txt file then cat will remove the contents of

this existing file and only keep the new content that you write to it. So let me write let's say

this is a dummy file dummy file. Press

enter. Let me exit out of the cat ls and let's check its contents. As you can see the existing content has been overritten

or removed. It only kept the new

or removed. It only kept the new content. So if you want to keep the

content. So if you want to keep the existing content and append new content at the end then we have to use two greater than signs like this. Now

specify the file name dummy.xt txt press enter line number two press enter line three.

Now what the catch command will do is it will keep the existing content and the new content will be appended at the end

of the file because we are using two greater than signs. Let me exit out of the cat lsc dummy.xt txt. As you can see, the

lsc dummy.xt txt. As you can see, the existing content is still there and new content has been appended at the end of the file. So guys, that's how you can

the file. So guys, that's how you can avoid content overwriting.

Now let's learn how to concatenate multiple files into one. Let me change my directory to to desktop where I already have the multiple uh files.

I have these two files. Let me first check their contents.

This is the contents of D1.txt and uh this is the contents of dummy.txt. I want to merge contents of

dummy.txt. I want to merge contents of both of these files into one which is very easy. Type get and specify the file

very easy. Type get and specify the file name. So let's say dy d1 txt.

name. So let's say dy d1 txt.

Now write the greater than sign. Then

specify the file name where you want to merge the contents. So what the get command is going to do? It will take the

contents of the files that you specify before the greater than sign then merge contents of these two files into this

specified file merged dot txt. Press

enter. ls the file merged txt has been created as you can see. Let me get out its contents. And this is the contents

its contents. And this is the contents of contents of merge. .txt file.

Remember when you merge the contents with cat it doesn't remove or alter the contents of the files. It only takes the

contents of those files then save that into the file where you merge it. In

this video we will learn how to create directories or folders in Linux.

Basically folders are called directories in Linux. Now let's jump into the

in Linux. Now let's jump into the practicals.

Type make diir. Make dir is short for make directory. Now you have to specify

make directory. Now you have to specify the directory name that you want to create. Let me create let's say dummy.

create. Let me create let's say dummy.

So I am basically telling the make directory command to create this dummy directory. That's as simple as that.

directory. That's as simple as that.

Press enter. ls. As you can see, dummy directory has been created. Now, let's

create multiple directories with a single make diir command. Type make diir

d1 space d2. This time make diir command will create these two directories. Just

separate the directory names with a space. Let me press enter. LS. As you

space. Let me press enter. LS. As you

can see, D2 and D1 directories have been created. And now what I want is is to

created. And now what I want is is to create a directory within a directory. I

want to create a tree of directories.

For example, I want to create a directory called Sunny. And inside sunny I want to create subdirectory called dim

timalu. So type uh make diir

timalu. So type uh make diir sun sunny / dimallu. Press enter. And we

have an error. Can't create directory because if you want to create a directory within a directory then we have to specify hyphen p option. P

stands for parent. It creates a directory within a directory. So if I press enter this time ls as you can see the sunny directory has been created.

Let's check its contents.

As you can see inside the sunny we have the dimallu directory. So guys that's it for this quick video. Thank you very much for watching. Welcome back

everyone. This is the first practical video on the grip command. In this

video, we will learn what grip is and the fundamentals of grip. Grip stands

for global regular expression print.

Now, what does the grip do? The grip

command is heavily used for searching text or text patterns in files. Let's

say you have a large text file and you want to know if a particular word exists within the file or how many times it is

there in the file then the grip command solves this problem very efficiently and easily. It makes searching through files

easily. It makes searching through files very easy. Use cases of grip command are

very easy. Use cases of grip command are vast. It can be used for formatting

vast. It can be used for formatting output, searching patterns and analyzing logs efficiently. Now let's jump into

logs efficiently. Now let's jump into the practicals. Let me switch my

the practicals. Let me switch my directory to the desktop. Now we are going to need a file to work with where

we can perform the grip searches. So

what I'm going to do is redirect the manual page of user add command uh to a file. This is the documentation for user

file. This is the documentation for user ad. I'm going to redirect or save it

ad. I'm going to redirect or save it into a file. Press Q to exit out of the documentation. Now type man user add.

documentation. Now type man user add.

Type output redirection operator.

Specify the file name where you want to save the manual page. Out. TXT. Press

enter. ls. The file has been created.

Let me quickly check its contents with hyphen n option press enter. As you can see in this file we have almost 500

lines. These are enough lines to

lines. These are enough lines to demonstrate the grip command efficiently. Now back to the grip. So

efficiently. Now back to the grip. So

type grip. First thing that I'm going to do is check the available options that we can use with grip. So help option is going to display all the available

options that can be used with grip.

Press enter. So these are the options that we can use with the grip command.

So feel free to go through all these options. Grip is actually a very

options. Grip is actually a very advanced command. So type uh grip space.

advanced command. So type uh grip space.

Now grip needs minimum two options. the

search term what you want to search for and the file name where you want to search. So provide the search term or

search. So provide the search term or pattern. I'm going to search for the

pattern. I'm going to search for the word user.

Write the search term within quotes space. Now specify the file name where

space. Now specify the file name where you want to search out txt. So I am basically telling the grip command

search for the word user in this specified file out dot txt. Press enter.

As you can see guys, grip has printed all the lines that contain the searched term user. Right? The searched term or

term user. Right? The searched term or match is being highlighted with the red color. So by default it is going to

color. So by default it is going to print all the lines that contain the searched term. Now one thing which is

searched term. Now one thing which is missing here is the line numbers. I

exactly don't know in which lines the grip has found the match. So to print the line numbers we have to use hyphen n

option. So type grip n and search term

option. So type grip n and search term is again going to be user file name out.txt. So this time grip is going to

out.txt. So this time grip is going to print the lines wherever it finds the word user. If I hit enter, as you can

word user. If I hit enter, as you can see on the on the left side, it is exactly telling us the line numbers

wherever it found the match. Now the

search that I conducted was in this file out.xt which is in my current working

out.xt which is in my current working directory. Now we can also search in a

directory. Now we can also search in a file which is located in another directory.

I'm going to search for the word dimallu in the file which is located inside etc directory

pass wd. So what basically is going to

pass wd. So what basically is going to happen this time grip command is going to search for the word dimallu in this

specified location. location is ATC

specified location. location is ATC directory. Inside ATC directory, we have

directory. Inside ATC directory, we have a file called pass WD. Now, pass WD file essentially stores information of all the user accounts on your system. So, it

will check whether the user account demalu exists or not. I will get back to pass WD file in a dedicated video. So,

press enter. As you can see, it did find the word dimalu or user account dimalu in this uh pass wd file. It means the

user account dimalu does exist. Now what

happens if uh the grip does not find the match or you provide a pattern that doesn't exist?

In that case, grip doesn't provide any output. So that's pretty much it for

output. So that's pretty much it for this video, guys. Thank you very much for watching. In this video, we will

for watching. In this video, we will explore the WC command. It is a simple and useful tool. WC stands for word

count. As the name suggests, WC counts

count. As the name suggests, WC counts the total number of words, lines, and characters in a given file. Now, let's

jump into the practicals. I have this file called out.txt.

I want to count or check how many words, characters and lines are in this particular file. So type wc space. Now

particular file. So type wc space. Now

specify the file name where you want to perform counting in out.txt.

Now press enter. As you can see, we have some interesting details. First field

from the right displays the file name.

Then next field displays the total characters and this field displays the total words and first field from the

left displays the total lines. Now I

only want to print the total number of words. So type wc

words. So type wc and hyphen w only prints the total words. As you can see the total words in

words. As you can see the total words in the file out.xt txtr 200831.

Similarly, you can print only lines WCL.

And if you want to print the total letters or characters, then specify hyphen C. C counts how many characters

hyphen C. C counts how many characters are in the specified file. As you can see, now let me demonstrate the WC with a real world example. Let's say I want

to check how many user accounts are on my system. Then WC - L etc pass WD.

my system. Then WC - L etc pass WD.

Now it will count how many lines are in the pass WD file. Press enter. As you

can see there are total 59 lines which means there are total 59 user accounts in my system. So that's it for WC command guys. Thank you very much for

command guys. Thank you very much for watching. In this video, we are going to

watching. In this video, we are going to learn about output redirection. Output

redirection is a fundamental concept in the Linux command line that allows us to control the output of a command or

program. In simple terms, it means

program. In simple terms, it means taking the output of a command and redirecting or saving it to a file. When

you execute a command in the terminal, by default, the output of that command is typically displayed in the terminal.

However, with output redirection, you can save the output to a file. There are

many situations where you might need to save the output of a command to a file instead of displaying it in the terminal

such as analyzing the output later filtering or processing the output with other tools etc. So let me practically

demonstrate what I just explained. Let

me execute uh the ls command. This is

the output of ls command right now.

Output redirection allows us to redirect or save output that a command produces to a file. This is exactly what I'm

going to do. I will take this output of ls command then redirect or save it to a file. The syntax is very simple. Type

file. The syntax is very simple. Type

the command whose output you want to redirect. I'm going to go with the ls

redirect. I'm going to go with the ls command. Now type the greater than sign.

command. Now type the greater than sign.

The greater than symbol is also known as the the output redirection operator. Now

specify the file name where you want to save the output. out txt. Now the way output redirection works. If the file

name that you specify does not exist, then it will create the file first then redirect output to it. And if the file

already exists then it will redirect or save the output to the existing file.

Let me hit enter. And this time we did not get any output. This is because by default Linux sends output of a command

to the terminal. However, this time we used the output redirection operator. So

the output was sent to this out. txt

file not to the terminal. Now let me ls.

As you can see the outtxt file has been created. Now let's check its contents.

created. Now let's check its contents.

Get out.xt.

As you can see guys inside out.xt file

we have this content. This is the output of this ls command. This is exactly what

we redirected to this out. txt file.

This is as simple as that. Now let's do a few more examples. Let me execute a date command. This is the output of date

date command. This is the output of date command. Now let's uh redirect uh the

command. Now let's uh redirect uh the output of date command to a file. Type

date output redirection operator date.txt.

date.txt.

This time output redirection operator is going to take output of date command then redirect it to this date. TXT file.

Let me hit enter. ls the date dot txt file has been created. Let's get out its contents.

As you can see guys inside uh date txt file. We have the output of date

file. We have the output of date command. So similarly you can redirect

command. So similarly you can redirect output of any command uh to a file using the output redirection operator. Now you

have to be a bit careful when redirecting output of a command to a file because the output redirection

operator overrides or removes the contents of an existing file. For

example, this date txt file already has uh some content. Right? Now if you redirect output of another command to

this date txt file then it will remove or override the existing content and only keep the new content. Let me

actually show you what I mean this time.

What I'm going to do is redirect the output of uh ls command to the date txt file. Now the date txt file already

file. Now the date txt file already exists right? It has already some

exists right? It has already some contents inside it. Now this time the output redirection operator is going to

redirect the output of this ls command to the date. TXT command and only keep the new content or output of this ls

command. Let me press enter. Let's check

command. Let me press enter. Let's check

the contents of date command. As you can see guys, the old or existing content has been removed. We only have the new

content that we redirected it with the most recent command which is ls. Now if

you want to maintain or keep the existing content of a file then we have to use the two output redirection operators. So let me redirect output of

operators. So let me redirect output of date command. This time use two output

date command. This time use two output redirection operators like this date.

TXT. Now when you use two output redirection operators, the output gets appended at the end of the file. So what

it is going to do? It will take the output of date command then append or add it at the end of this specified

file. Press enter. Let's get out

file. Press enter. Let's get out contents of date dot txt file. As you

can see guys, this is the existing content. It is still there. It has not

content. It is still there. It has not been overritten. And the output of the

been overritten. And the output of the previous command date has been appended at the end. That's how guys you can use the output redirection operator and

avoid content overwriting.

In this video we are going to cover pipes also known as piping. Piping is an essential part of the Linux command

line. So what exactly is piping? In

line. So what exactly is piping? In

simpler terms, piping is the process of sending the output of one command to another. Piping combines two or more

another. Piping combines two or more commands by sharing data between them.

This is done using the pipe character between the two commands. Now why do we need to send output of one command to

another or share data between them?

Well, sometimes we have to use multiple commands or tools to complete complex tasks. So when you use different

tasks. So when you use different commands separately to get a single task done, it is a timeconsuming process,

right? So why not combine multiple

right? So why not combine multiple commands together instead of executing them separately? This is exactly what

them separately? This is exactly what piping solves. Piping allows us to

piping solves. Piping allows us to combine or connect multiple commands by sharing data or output between them. So

instead of using multiple commands separately, we can combine them using piping. When one command sends its

piping. When one command sends its output to another command, the receiving command processes that output as its

input. This essentially means that the

input. This essentially means that the output of one command becomes the input for the next command or the receiving

command. Now let's jump into the

command. Now let's jump into the practicals. Here I have this out txt

practicals. Here I have this out txt file. Let me get out its contents. This

file. Let me get out its contents. This

is the output of this uh get command.

Right now piping allows us to pipe or send output of one command to another.

This is exactly what I'm going to do. I

will send this output of get command to the grip command. Grip command will further process this output. Let me type the complete command. So type get

out.txt.

out.txt.

Now type the pipe character. This is the pipe character. This pipe character is

pipe character. This pipe character is typically above the enter key. Now, let

me type the grip command. I'm going to search for the word user and let me open uh another terminal.

I'm going to need it for a smooth explanation. Now, let me get out the

explanation. Now, let me get out the contents of out txt file. Now, let me break down this this entire command. Now

the way it is going to work since we are using piping the pipe character the Linux is going to send the output of

this cat command to the grip command.

This is the output of uh cat command.

Right? Linux will send this output to the grip command. Now grip command will receive this output then search for the

word user in this output or in these text lines. If it finds the word user in

text lines. If it finds the word user in any of these lines then those lines will be uh printed or displayed. Now if you

notice here I have not specified any file name. The grip command needs

file name. The grip command needs minimum two options. the search term what you want to search. I have

specified the search term but I have not specified the file name where I want to search for this specified word user.

This is because the grip is going to search for this word in this output that it receives from this command through

piping. Let me press enter. As you can

piping. Let me press enter. As you can see guys, it has printed all the lines that that contain the searched term

user. So that's how the piping works. So

user. So that's how the piping works. So

guys, the output of one command becomes input to another command or the command that is receiving it. Remember most

Linux commands are designed to receive the output through piping. So the output of get command became input to the grip

command and grip command searched for the word user in the output that it received. This is as simple as that. Now

received. This is as simple as that. Now

let's do a few more examples. Let me

change my directory to home.

Let me execute ls command. Now I want to check whether the directory desktop exists or not. Obviously it does exist.

We all can see it. It is right there.

However, if there are let's say hundreds of files and directories, then it becomes a bit hard to locate a specific

file or directory. But with piping, we can easily solve such problems. All we have to do is send this output of ls

command to the grip command, then search for the for the whatever file or directory you want. So let me type ls

space type the pipe character. I'm going

to search type grip. I'm going to search for the word desktop. So what basically is going to happen the Linux will send

output of ls command. Let me close this terminal. This is not required. I'm

terminal. This is not required. I'm

going to open a new terminal.

Now what basically is going to happen the Linux will send the output of this command which is this to grip command.

Then grip command will search for the word desktop in this output and if it finds uh image then it will list that

line. Press enter. As you can see guys

line. Press enter. As you can see guys it did find the word desktop. So the

directory desktop does exist. So that's

how guys the piping works. You can

literally take output of any command then pipe that to another command.

Copying files is a common task that you have to perform on a regular basis.

Right? The command for copying files and directories is cp. CP stands for copy and it can copy both files and directories. Now let's jump into the

directories. Now let's jump into the practicals. I'm going to start with

practicals. I'm going to start with copying files and later we will copy directories as well. Let me execute ls.

I'm going to use these files to demonstrate the cp command. So type cp.

cp stands for copy. Now cp command needs minimum two options. the file name that you want to copy and the destination

directory where you want to copy it. So

I'm going to start with copying this dummy.txt file. So specify the name of

dummy.txt file. So specify the name of the file that you want to copy dummy.txt space. Now specify the destination

space. Now specify the destination directory where you want to copy it. Uh

I'm going to copy uh it in my current working directory. So specify a

working directory. So specify a different name. Let's say dummy cp.txt.

different name. Let's say dummy cp.txt.

Now the copy command is going to take this dummy. TXT file and create its copy

this dummy. TXT file and create its copy under this new name dummy cp.txt.

Let me press enter. LS. As you can see guys, we have successfully copied dummy.

TXT file. Here is the copy of dummy.txt txt file under this new name dummy cp.txt. Similarly, we can copy files to

cp.txt. Similarly, we can copy files to a specific location or different directory. What I'm going to do is uh I

directory. What I'm going to do is uh I will copy this dummy.txt file to the downloads. Let me open a new tab. Change

downloads. Let me open a new tab. Change

my directory to the downloads ls. As you

can see, the downloads directory is currently empty. So, let's copy

currently empty. So, let's copy dummy.txt txt to the to the downloads.

Type dummy.txt.

Now provide the full path to downloads or wherever you want to copy it. Type

homeward slash username which is demalu formeward slash downloads. Now this time the copy

downloads. Now this time the copy command will take uh the dummy.txt txt file and copy it to the specified

location uh which is downloads. Let me

press enter. Now let me ls here. As you

can see the dummy txt file has been copied to the downloads.

So that's how guys you can uh copy files uh with cp command. We can also give a different name while copying.

type forward slash let's say dummy cp.txt.

cp.txt.

This time the the cp command is going to copy this file to the downloads directory under this new name dumcp.txt.

Press enter.

As you can see we have the file dumcp.txt.

dumcp.txt.

Now let's copy directories ls. I have

this demo directory. I'm going to create a copy of this demo directory. Type uh

cp space demo. Now specify the name of the directory demo 12. So copy command is going to

demo 12. So copy command is going to take this demo directory and create its copy under this new name dem 2. Let me

press enter. As you can see, we have an error. R not specified. If you want to

error. R not specified. If you want to copy directories, we need to specify hyphen r parameter. By default, copy

command expects us to copy files. So if

you want to copy directories, then we need to use the hyphen r parameter. So

type hyphen r. This time the copy command is going to take this directory.

then creates its copy under this new name dem12 in my current working directory. Let me hit enter. ls. As you

directory. Let me hit enter. ls. As you

can see guys, we have successfully created copy of demo directory under this new name. Now let's copy demo

directory to another directory. I'm

going to copy it to the downloads cpr demo. Now provide the path where you

demo. Now provide the path where you want to copy it. Home. Type the

username.

Downloads. This time copy command is going to take this demo directory and copy it to the specified destination which is downloads. Let me hit enter.

Let me ls here. As you can see guys, the demo directory has been created. Right

now let's copy multiple files or directories with a uh single cp command.

What I'm going to do is I will copy dam 2 and app do c file uh to the downloads

directory. So type cp ap c space. Now

directory. So type cp ap c space. Now

provide name of the file or directory that you want to copy. Let's say dam 2.

Now provide the destination path home demalu sorry.

Now since we are copying a directory along with file we need to provide hyphen r par parameter.

Now the way this command is going to work copy command will copy these two specified file and directory to the

downloads directory. You can copy any

downloads directory. You can copy any number of files or directories. Just

separate them with a space like this.

Now press enter. Let me go to the downloads ls. As you can see guys, here we have

ls. As you can see guys, here we have app dot C file and dem directory. That's

how you can copy multiple files and directories with cp command. Just

separate the files with a space. In this

video, we will learn how to delete files and directories using the rm command.

The rm command is short for remove. It

is used to delete or remove files and directories. It is a straightforward

directories. It is a straightforward command with a simple syntax. Now, let's

jump into the practicals. I'm going to demonstrate the rm command using uh these dummy files and directories. So

type rm. RM stands for remove space. Now

we need to tell the rm command the file name that you want to remove. We are

going to start with removing files.

Later we will remove directories as well. So rm space. Now specify the file

well. So rm space. Now specify the file name that you want to remove. I'm going

to remove this dummy.xt file which is in my current working directory. So type

dummy txt. So rm command is going to remove this specified file dummy. TXT.

Press enter. ls. As you can see guys, the file has been removed. Similarly, we

can remove multiple files with a single rm command. Type rm space. Specify the

rm command. Type rm space. Specify the

file names. Let's say app dot c space.

We need to separate uh files with a space appcp.txt and this time rm command is going to

remove these two specified files. Press

enter. ls. As you can see guys, both the specified files have been removed. And

uh this way you can remove as many files as you like. just separate those files with a space. Now, let's remove files

that are stored in a different directory. I'm going to remove uh files

directory. I'm going to remove uh files in my downloads directory.

Let me change my directory to the downloads. Here I have all these uh

downloads. Here I have all these uh dummy files. So, let me go back to my

dummy files. So, let me go back to my current working directory which is desktop. So type rm space. Now we need

desktop. So type rm space. Now we need to provide the full path to the file or directory that you want to remove. So

home type the username. Now downloads.

Now inside downloads I have this file called dummy.txt.

called dummy.txt.

So after the destination directory forward slash then type the name of the file that you want to remove dummy.xt.

So, rm command is going to remove this dummy.txt file which is stored in the downloads directory. Press enter. Let me

downloads directory. Press enter. Let me

go back to downloads.

ls. As you can see guys, the file dummy.xt has been removed. Now let's

dummy.xt has been removed. Now let's

remove directories. ls. I'm going to start with removing demo directory. So,

rm demo. Press enter. As you can see, it is a directory. Just like the the cp command, we need to specify hyphen r

parameter when removing directories. So,

type rm - r. Provide the name of the directory that you want to remove. Press

enter. ls. As you can ls, as you can see guys, the directory demo has been removed. Similarly, we can remove uh

removed. Similarly, we can remove uh directories that are stored in a different location or directory. The

syntax is same. Type rm - r. Provide the

path to the directory that you want to remove. Downloads. In downloads, I have

remove. Downloads. In downloads, I have directory called demo. So, let me type the name of the directory. This time rm command is going to remove the demo

directory which is inside the the downloads directory. Hit enter. Let me

downloads directory. Hit enter. Let me

ls. As you can see guys, the demo directory has been removed. Now let's

discuss some of the options that can be used with the rm command. Now one of the most commonly used options with rm

command is hyphen f. F stands for force.

It basically forcefully removes the files and directories. Now what happens is that there are certain files that you

can't remove with the simple rm command.

We need to provide hyphen f to remove specific files or directories. Now files

that are right protected can't be removed with simple rm command. Now,

right protected files are those that can't be modified or edited. Let me

create one such file.

I'm going to make this demo.txt file as write only. So, type ch mode. You don't

write only. So, type ch mode. You don't

have to worry about the ch mode command.

We will get back to it in a dedicated section. For now, I just want to create

section. For now, I just want to create a write protected file just to demonstrate rm command. ch mode user I'm

going to take away right permission on demo txt file press enter now as you can see guys in the desktop we have this

lock sign it means that this is a right protected file and it can't be modified or edited let me ls now let me try to

remove it uh with default rm command demo txt press enter as you can see Guys, we have this prompt remove

protected regular empty file demo.txt.

Now here we have to uh specify n for no.

If you don't want to remove then type n.

And if you want to remove then type yes or y. Y stands for yes. Now I don't want

or y. Y stands for yes. Now I don't want to remove uh this demo.ext file yet. So

I'm going to specify n. Press enter. Now

if you want to bypass this prompt then we have to use hyphen f parameter. So

type rm - f specify the file name and uh press enter. As you can see guys this

press enter. As you can see guys this time the rm command did not display this uh

prompt remove protected regular file. it

directly removed the file. So hyphen f parameter essentially bypasses uh this prompt and forcefully removes the files

or directories. And if you have let's

or directories. And if you have let's say a write protected directory then you have to specify hyphen r parameter like

this hyphen rf then specify the right protected directory. Let's say we have a

protected directory. Let's say we have a right protected directory demo. Then

this command is going to remove this write protected directory and bypass the prompt that uh rm command typically

displays when removing write protected files or directories. So that's it for rm command guys. Thank you very much for watching. Welcome back everyone. In this

watching. Welcome back everyone. In this

section, we will discuss two important aspects of Linux. User management and performing administrative tasks. This is

one of the most important sections in this course. Before we dive into root

this course. Before we dive into root user, sudo command and other advanced topics in upcoming videos. It is

essential to understand user types.

Linux users have different levels of access and permissions based on their type. Therefore, understanding users and

type. Therefore, understanding users and their types is important. In this video, we will explore the different types of users in Linux. So, what is a computer

user? First, a computer user is

user? First, a computer user is essentially someone who interacts with a computer system and uses its resources

to perform tasks. These tasks include accessing files, running programs, and utilizing all the other features the system offers. In short, anyone who uses

system offers. In short, anyone who uses a computer for various activities is considered a computer user. Now, Linux

is a multi-user operating system. Now,

what does multi-user mean? A multi-user

operating system allows multiple users to access and use a system simultaneously. This means several user

simultaneously. This means several user accounts can be logged in at the same time. In a multi-user environment, we

time. In a multi-user environment, we can create separate or multiple user accounts. Each user has their own

accounts. Each user has their own account with a unique username and password. This allows users to log in

password. This allows users to log in with their login credentials and access their own files and resources without interfering with each other. Remember,

each user in a multi-user operating system has their own files. By default,

one user can't access files of other users on the system. Linux automatically

manages the resources and security of each user account. Linux, Mac OS, and Windows are all multi-user operating systems. You can create multiple user

accounts in each of these systems. In the upcoming videos, you will learn how to create and manage multiple user accounts on Linux practically. Now,

there are three types of users in Linux.

Not only in Linux, but in Windows as well. There are three main types of

well. There are three main types of users. Regular users, root user and

users. Regular users, root user and system users. Let's start with regular

system users. Let's start with regular users. Regular users in Linux are also

users. Regular users in Linux are also known as normal users, standard users or non-admin users. Regular users have

non-admin users. Regular users have limited system access. They can perform basic standard tasks such as browsing the internet, storing and accessing

their data, playing media, and creating files etc. However, a regular user can't perform any administrative tasks such as

installing, uninstalling applications, modifying system settings, accessing or deleting configuration files, and managing system directories and tools.

In short, regular users don't have ability or permission to utilize and access files and tools that are specifically designed for performing

administrative tasks. Now, let's address

administrative tasks. Now, let's address the real question. Why regular user accounts exist? What problems do they

accounts exist? What problems do they solve? As we discussed earlier, regular

solve? As we discussed earlier, regular user accounts have limited privileges or access to a system. Uh this allows users

to utilize and access the system without being able to modify system files or other protected administrative files and

tools. This limited access helps

tools. This limited access helps maintain system security. Organizations,

schools and universities commonly use regular user accounts for this very reason. Let's take an organization as an

reason. Let's take an organization as an example. Organizations and corporations

example. Organizations and corporations often have multiple employees who typically use the same computer system,

right? To ensure security and privacy,

right? To ensure security and privacy, each user is assigned a unique username and password. Users log in using their

and password. Users log in using their credentials. Each user's files are

credentials. Each user's files are stored separately and one user can't access the files of another user without proper authorization.

Regular user accounts as we have discussed have limited privileges. This

means they can't damage or access system files nor can they perform administrative tasks. By using regular

administrative tasks. By using regular user accounts, users can benefit from all the essential functionality the system offers without risking accidental

or intentional harm to the system through administrative access. They can

create their own files, perform office work, but can't access administrative tools. This restriction on accessing

tools. This restriction on accessing only their own files inherently makes regular user accounts more secure.

Windows is also a multi-user operating system. You may be familiar with guest

system. You may be familiar with guest accounts. The guest account in Windows

accounts. The guest account in Windows is also a regular user account with limited system access. The second type of user is the root user also known as

administrative user. Root will be

administrative user. Root will be covered in the next video because it deserves a dedicated video. Now let's

discuss system users. System users in Linux as well as in Windows. A system

user refers to a user account created for computer system or an application to execute specific tasks or functions.

System users are created during the installation of operating system and applications. Some applications use a

applications. Some applications use a dedicated system user account to carry out their operations. System users

typically run in the background. They

are not directly relevant to your day-to-day tasks. We don't interact with

day-to-day tasks. We don't interact with them directly, but they are used by specific applications to carry out their operations in the background. These

tasks include running demons or services in the background. Specific applications

such as antivirus software also use dedicated system account to scan the system. System users don't have a login

system. System users don't have a login shell meaning they can't log into the system directly. In this video we will

system directly. In this video we will learn about the root user. Root is the most important user on a Linux system.

In the previous video we discussed that regular users can't perform administrative tasks. However, someone

administrative tasks. However, someone eventually needs to perform administrative tasks. Right? And that is

administrative tasks. Right? And that is where the root user comes in. The root

is a special user account on Linux. It

is essentially the admin or administrative user account on the Linux system. All administrative tasks are

system. All administrative tasks are performed by the root user account. The

root user is also known as the super user. The root user has complete control

user. The root user has complete control over the system. It can perform any operation on a system such as installing

or uninstalling applications, accessing, deleting and modifying any system and configuration files. In short, the root

configuration files. In short, the root user controls and accesses everything.

The root user account is created automatically during the installation of Linux. Each Linux system has the root

Linux. Each Linux system has the root user by default. In the upcoming video, we will be putting theory into practice.

Finally, we will put everything we have learned in the last two videos into practice. In this video, we will learn

practice. In this video, we will learn about the pseudo command and how to use it to perform administrative tasks. We

will also cover how sudo is related to the root user as well as who is allowed to use the sudo command. This video is

going to be very important and probably one of the longest videos in the entire course. So make sure to watch the

course. So make sure to watch the complete video and don't skip anything.

Let's dive into the practicals. In the

previous two videos, we learned that a regular user can't perform administrative tasks. Right? Now, let's

administrative tasks. Right? Now, let's

actually verify if it is true or not.

Now, how can you tell whether you are logged in as a regular user or the root user? Well, a regular user is denoted by

user? Well, a regular user is denoted by the dollar sign. As you can see, it means that the currently logged in user Dimalu is a regular user and the root

user is denoted or represented by the pound symbol. We will get back to it

pound symbol. We will get back to it later. Now, what I'm going to do is I

later. Now, what I'm going to do is I will try to install an application which is uh an administrative task. So, type

app install WC.

Don't worry about the apt command. We

will get back to it in a dedicated section. Apt is basically used for

section. Apt is basically used for installing or uninstalling applications.

Now let me press enter and see what happens. As you can see guys, we have

happens. As you can see guys, we have two errors. The first error says

two errors. The first error says permission denied. It means that the

permission denied. It means that the currently logged in user Dimalu does not have permission to execute this command.

And second error says that are you root.

It means that you need to be the root user to execute this command. Only root

user is allowed to execute this command.

Now there are two primary ways to perform administrative tasks on a Linux system. Either you need to log in as the

system. Either you need to log in as the root user or you can use the pseudo command to perform administrative tasks.

Now logging in as root user is not recommended especially for beginners because it can be very dangerous. The

major problem with logging in as the root user is that the root user executes commands without alerting you or giving

any warnings. No matter how dangerous

any warnings. No matter how dangerous the command is, you are not warned before making system changes or

executing commands. This means that you

executing commands. This means that you will not have any opportunity to review the changes before they are implemented

which can lead to serious problems. For example, you could accidentally delete essential system files rendering your

system unusable or unstable. For these

reasons, it is considered dangerous to log in as root or operate your system as root. Even experienced users avoid

root. Even experienced users avoid logging in as root unless it is absolutely necessary. So what is the

absolutely necessary. So what is the safe way to perform administrative tasks? To safely perform administrative

tasks? To safely perform administrative tasks, we can use the pseudo command.

Pseudo command allows regular users to run commands with the same power or privileges as the root user. This means

you don't need to log in as the root user to perform administrative tasks.

You can simply use the sudo command. The

term sudo stands for super user do where su stands for super user and do stands for perform or execute. Remember the

root user is also known as the super user.

Now let's see how we can use the pseudo command to perform administrative tasks.

The syntax is simple. Just type the pseudo command before the command that you want to execute. Now I'm going to

execute the same apt install WC command.

App install WC. Press enter. Type your password.

WC. Press enter. Type your password.

Press enter. As you can see guys, now the command is working. Apt is asking me whether I want to continue the

installation or not. Type Y. Y is for yes, N is for no. I'm going to type Y to proceed with installation. Press enter.

Now app is going to download the required files for WC then install it automatically.

The installation is complete. And now

let me verify the installation. Type WC.

Press enter. As you can see guys, WC is up and running. So guys, that's how you can basically use the pseudo command to perform administrative tasks. Just type

the pseudo command before the actual command that you want to execute. Now

let me execute another command that needs pseudo privileges. There is a command called fd disk which is used for managing partitions.

Press enter. As you can see, permission denied. Now I'm going to type sudo then

denied. Now I'm going to type sudo then f disk - l. Press enter. As you can see guys,

- l. Press enter. As you can see guys, now the command has been executed successfully. So guys, if you encounter

successfully. So guys, if you encounter errors like this permission denied, then just write the pseudo command before the

actual command, then the command will be executed. This is as easy as that. And

executed. This is as easy as that. And

there is another tool called airmon ng.

If I press enter, as you can see, run it as root. It means it also needs the

as root. It means it also needs the pseudo privileges. If I type pseudo,

pseudo privileges. If I type pseudo, press enter. Now as you can see this

press enter. Now as you can see this command has been executed successfully.

So guys whenever you want to perform administrative tasks or encounter errors like run it as root or

permission denied then just write the pseudo command before the actual command then everything will be fine.

Now let's address a very important question. who can access or use the sudo

question. who can access or use the sudo command. Remember, not every regular

command. Remember, not every regular user can use the sudo command. Only

users who have been granted pseudo privileges or permission to use the sudo command can use or access it. By

default, only one regular user account has permission to use the sudo command.

The user account that you create or set up during installation is allowed to use the pseudo command. When you install Ubuntu, Kali Linux or any Linux based

operating system, you have to set up a user account and password for that account during the installation. Right?

The user account that you set up during installation is automatically given permission to use the pseudo command.

Only that particular user can use the pseudo command. Any user accounts that

pseudo command. Any user accounts that you create after the installation can't access the pseudo command. They have

limited access to the system and can't perform administrative tasks or use the pseudo command. Now, how do you know

pseudo command. Now, how do you know whether a user account can access or have permission to use the pseudo

command? It is simple. We need to use

command? It is simple. We need to use the ID command to verify that. Now, type

ID space. Now, specify the username that you want to check sudo permissions for.

I'm going to check whether the dimallu user has permission to use sudo or not.

Type username. Press enter. Here we have a lot of information. We will dissect this information in a dedicated section.

For now, here you only need to see if the sudo is mentioned here or not. Here

we have groups. So groups equal to and here it is sudo. As you can see guys, sudo is here. It means the user Dimalu

is part of the pseudo group. So the

demalu user has permission to access the sudo command. Now I have another user

sudo command. Now I have another user account on my system which is guest and let me press enter to see if it has

access to the sudo command or not. Press

enter. As you can see guys, this is a regular user account that I created after installing the Kali Linux. And

here uh we don't have sudo mentioned anywhere. It means that the guest user

anywhere. It means that the guest user does not have access to the pseudo. It

can't use or access the pseudo command.

Again guys, I'm wrapping up this video with the note that only the user account that you create or set up during the installation has the access to the sudo

command. user accounts that you add

command. user accounts that you add after uh installation don't have permission to use the pseudo command. In

this video, we are going to look at the IP adder command. This is a very important command for administrators and you will be using it a lot. So, what is

it? The IP adder command is used to

it? The IP adder command is used to display information about the network interfaces such as Ethernet or wireless

network adapter on your computer. It

provides network details like IP address assigned to each interface, network masks, MAC address and other network related details. By using this command,

related details. By using this command, you can easily check and manage your network settings. Now let's jump into

network settings. Now let's jump into the practicals. Type IP

the practicals. Type IP sorry IP space adder space show. Now the

IP adder command with show parameter displays all the installed network interfaces on your system. So press

enter. As you can see guys, these are the installed network interfaces along with their configurations. The first

interface that we have is the LO. LO

stands for loop back. It is up and running. The loop back is also known as

running. The loop back is also known as the local host. This is the address for the loop back. Now loop back is not a

physical network interface, right? It is

a virtual interface. You can't use the loop back for connecting to a network.

The loop back points to your own system.

It can't communicate with external networks. The loop back is not that

networks. The loop back is not that important for now. I will get back to loop back when we will set up the Apache web server. Now the most important part

web server. Now the most important part for us is this ETH0.

The Ethernet network interface is represented by the ETH0 in Kali Linux.

I'm connected to my network using Ethernet. So under the Ethernet I have

Ethernet. So under the Ethernet I have all the network configuration details.

As you can see this is the IP V4 address. Inet essentially means IP

address. Inet essentially means IP address. BRT is short for broadcast

address. BRT is short for broadcast address. This is the broadcast address.

address. This is the broadcast address.

And here we have the MAC address. The

MAC address is known by different names such as ether link or hardware address. So this is the

MAC address. And down here we have the

MAC address. And down here we have the IPv6 address as well. Now here we don't have the details for wireless card or

wireless interface. Right? This is

wireless interface. Right? This is

because a virtual machine can't access the built-in wireless card because it is already being used by your main

operating system or your host operating system. But if you connect an external

system. But if you connect an external wireless card then that will be listed here. A wireless card is represented by

here. A wireless card is represented by WLAN zero. So if or when you connect an

WLAN zero. So if or when you connect an external card then IP adder command will

display that card as well under the name WLAN0. You will see something like WLAN0

WLAN0. You will see something like WLAN0 in this list of interfaces. Now the show parameter is not

mandatory if you only want to list the installed network interfaces. So just

type IP adder IP space add header then it will uh print all the network interfaces along with their configuration details and instead of

using adder we can use its shortand which is a. So IP space a press enter as you can see it is producing the same

result as the last command which was this. So IP A is the shortand for adder.

this. So IP A is the shortand for adder.

In this video we will finally learn how to install packages or applications from the terminal. It is actually easy. Type

the terminal. It is actually easy. Type

sudo. Now before actually installing a new application, we should always run the apt update command. It will update

your local repositories which will help the package manager to download the latest possible version of the application that you are downloading as

we discussed in the previous video. So

let me quickly run the update command. So type apt update. It

update command. So type apt update. It

will uh update your local database.

Press enter. Let the update command finish. Now the update command is

finish. Now the update command is complete. We are good to go. Now we can

complete. We are good to go. Now we can proceed with installation. So type sudo apt. The apt as we discussed in the

apt. The apt as we discussed in the previous video allows us to install, remove and update packages. So after apt

type install install parameter allows us to specify name of the package or application that you want to install.

I'm going to install let's say WC. So

type the name of the package that you want to install. So this command is going to install the specified package

WC. Remember guys, apt will only be able

WC. Remember guys, apt will only be able to install the specified package if it is available in the repositories. Now

press enter. Provide your password. Let

me scroll up a little. And here these are the dependencies that apt is going to install because WC needs all these

dependencies to function properly. Now

scroll to the bottom here we have this prompt continue. If you want to continue

prompt continue. If you want to continue or proceed with installation then we need to type Y. Y is for yes N is for no. I'm going to proceed with

no. I'm going to proceed with installation. So type Y. Press enter and

installation. So type Y. Press enter and it will take a few seconds or probably a minute to complete the downloading and

installation.

All right, the installation is complete.

Now let's verify whether the WC has has been installed or not. Type WC. Press

enter. As you can see guys, WC is up and running. So installation was successful.

running. So installation was successful.

Similarly, you can install any other package or application that you want.

Let me install another application.

Type sudo. The steps remain same.

Type apt install. After install, specify name of the package that you want to install. I'm going to install htop. HTOP

install. I'm going to install htop. HTOP

is basically a system monitoring tool.

Press enter.

And uh the installation is almost complete. As you can see installation is

complete. As you can see installation is complete. Now type htop to verify its

complete. Now type htop to verify its installation.

Press enter. As you can see guys, this is the the htop. We are inside edtop and at the bottom it is displaying all the

running processes on my system and in the top half it is displaying the system resources being consumed like RAM

processor etc. Now press Q to exit out of the edtop. So guys that's how you can basically install the applications. The

syntax for installing every application is same after install parameter specify name of the package or application that

you want to install and if the specified package is available in the repositories then the package will be installed.

Thank you very much guys. In this video we are going to learn how to remove or uninstall packages uh from terminal. So

type sudo space. The tool for removing packages is

space. The tool for removing packages is apt. The same tool that we used for

apt. The same tool that we used for installing applications. After apt, type

installing applications. After apt, type remove. Now specify a name of the

remove. Now specify a name of the package or application that you want to remove. I'm going to remove WC. So apt

remove. I'm going to remove WC. So apt

is going to remove the specified package WC. Press enter. provide your password

WC. Press enter. provide your password and here as you can see removing the package name we'll see type n if you don't want to continue uninstallation

and if you want to proceed with uninstallation type y press enter and it will uninstall the package as you can

see it has been uninstalled now guys after executing the remove command we need to execute the auto remove command

command and uh let me type apt auto remove. Now what happens is that

auto remove. Now what happens is that the remove command only removes the main executable file. It does not remove the

executable file. It does not remove the dependencies that were installed with a package. It basically removes the

package. It basically removes the dependencies that are no longer required. So press enter. And if I

required. So press enter. And if I scroll up, as you can see guys, it is going to remove all these dependencies

that were installed with WC. Now type Y to proceed with uninstallation.

It will complete the uninstallation. Now

as you can see command has been executed successfully. Now let's uh verify

successfully. Now let's uh verify whether WC is still there or not. So

type WC. As you can see guys, WC is no longer showing up. It has been removed successfully. Similarly, you can remove

successfully. Similarly, you can remove any application or installed package that you want. Just specify name of the

installed package after the remove then it will remove that package. So thank

you very much guys. That's it for this video. In this section we are going to

video. In this section we are going to learn how to use N mapap. N MAP is an extremely important tool in cyber security. Whether you are a network

security. Whether you are a network engineer, cyber security analyst or an ethical hacker, NAP is useful for everyone in general. It is a tool that

should be part of your cyber security skill set. Now, what is N MAP? N MAPAP

skill set. Now, what is N MAP? N MAPAP

is an advanced information gathering tool that hackers and pentesters use to obtain information about the systems

they intend to hack or test. Now what

happens is that before actually hacking a system, attackers need to collect information about their target system.

Hackers search for openings or possible access points for infiltration. N MAP

provides this information quite easily and masterfully. N MAPAP is a port

and masterfully. N MAPAP is a port scanning tool. It scans for open ports,

scanning tool. It scans for open ports, vulnerabilities and various services running on a system. This is the first practical video on N MAP. In this video,

we will learn the fundamentals of N MAPAP scanning and analyze all three states of a port. Now, let's jump into

the practicals. So, open your terminal

the practicals. So, open your terminal and type n map. The first thing that I always like to do when learning a new

tool is check the options that it offers. So, type n mapap two hyphens

offers. So, type n mapap two hyphens help. The help parameter displays all

help. The help parameter displays all the options that can be used with n map.

So, press enter. As you can see, these are the options or available options that can be used with n map. Let me tell you guys, NAPAP is a very advanced tool.

Therefore, it offers all these options.

So, feel free to go through uh this this uh documentation.

Now, type n map space. Now, before

scanning the target network, you should always check whether it is up and running or not because if it is not

running, then it is pointless to scan.

So type hyphen S uppercase P. S stands

for scan. P stands for ping. In the

background, N MAPAP conducts the ping scan to check whether the specified host is up and running or not. Now specify

the name of the host. You can either specify an IP address or a domain name.

I'm going to specify the domain name scanme.nmap.org.

scanme.nmap.org.

Remember guys, you can't randomly scan any website on internet with N MAPAP. It

is illegal. Fortunately, N MAPAP provides this specific server or subdomain that we can use for learning N

MAPAP or practicing N map or if you have your own server or domain then you can specify that as well. Now the way this command is going to work, N map MAPAP

will conduct the ping scan in the background to check whether the provided host is running or not. Press enter. As

you can see one host up. It means the specified host is is up and running. Now

we can proceed further with the scanning. Type n map. Type the name of

scanning. Type n map. Type the name of your target network. scan me dot nm mapap.org.

mapap.org.

Now this is the default n mapap scan without any options. By default n mapap scans the most popular 1,00 ports. If

you don't provide any options like this then n mapap will scan the most popular 1,00 ports. So press enter. It is going

1,00 ports. So press enter. It is going to take uh some time to complete the scan because NAPAP has to go through all

the 1,00 popular port numbers and determine their state whether they are open or filtered. As you can see guys,

the scan is complete. Now let's analyze the result. The first nice thing that

the result. The first nice thing that the N map does is it prints the IP address. As you can see in the brackets,

address. As you can see in the brackets, we have this IPv4 address. This is the IPv4 address of this specified host.

Now, instead of using this domain name, we can directly use this IPv4 address.

So, what I'm going to do is copy this IPv4 address. And here is the IPv6

IPv4 address. And here is the IPv6 address for this domain name. Now let's

analyze the actual result which is this.

So here we have 987 port numbers closed and remaining 13 are either open or filtered. We have three

columns here. Port port column displays

columns here. Port port column displays the port number. State column displays the state of a port. There are two

possible states of a port. Either it can be open or filtered. We'll get back to it in a minute. Then we have service column. It displays the service running

column. It displays the service running on a port. For example, the port number 22. It is open and the service running

22. It is open and the service running on port number uh 22 is SSH. The default

port for SSH is 22. Now what does the open port mean? It means that this port is accepting connections or ready to

accept connections. The SSH essentially

accept connections. The SSH essentially allows us to access servers or computers remotely from anywhere. So if the SSH

port is open, it means you can access uh a server or computer remotely from anywhere. You just need to provide the

anywhere. You just need to provide the correct login credentials. Now what does the open port mean from a hacker's

perspective? Well, if the legitimate

perspective? Well, if the legitimate users can access or log in the SSH, so can hackers. Hackers can basically hack

can hackers. Hackers can basically hack the SSH service by brute forcing its login credentials or if the SSH version

is vulnerable, then they can exploit that particular vulnerability. So an

open port can be vulnerable if it is not properly protected. Then we have port

properly protected. Then we have port number 25 which is filtered. Now what

does the filtered port number mean? It

means it is probably protected by a firewall. Only the authorized person can

firewall. Only the authorized person can access the port number 25 or you can say only the authorized users can connect to

port number 25. We have a plenty of open ports such as FTP. FTP is similar to SSH. The only difference is that SSH is

SSH. The only difference is that SSH is secure. Communication on SSH is

secure. Communication on SSH is encrypted whereas on FTP the communication is carried out in plain

text. So that's it for this video guys.

text. So that's it for this video guys.

Thank you very much for watching and if you have any questions then let me know.

Hello and welcome to this course where you will learn wireless security from scratch. This course is suitable for

scratch. This course is suitable for absolute beginners who want to learn about Wi-Fi attacks and defense. How

attackers hack a Wi-Fi network and how to detect and protect against Wi-Fi attacks. To learn defensive strategy,

attacks. To learn defensive strategy, first we need to understand how a Wi-Fi network is compromised. Then we will be able to develop a good defensive

strategy. By the end of this course, you

strategy. By the end of this course, you will be able to secure your Wi-Fi network from all potential threats. This

is a detailed course where everything will be covered from scratch. You will

be taught how things work behind the scenes or attacks, not just commands.

Now, you need an external wireless card for Wi-Fi penetration testing. These are

the recommended cards suitable for Wi-Fi pentesting that you can consider purchasing. They are all compatible and

purchasing. They are all compatible and supported by Kali Linux. We are going to use Kali Linux for Wi-Fi penetration

testing. Kali Linux has all the tools

testing. Kali Linux has all the tools pre-installed that we need for Wi-Fi penetration testing and security. In

this video, we will learn how to connect your wireless network card to Kali Linux and address the common errors that may

arise initially. Now, let's dive into

arise initially. Now, let's dive into the practicals. Before you plug in or

the practicals. Before you plug in or connect your wireless card, we need to upgrade the system. So type sudo app.

First we need to update the repositories. Now provide your password.

repositories. Now provide your password.

Let the update command. Finish.

Now once the update command completes then we need to execute upgrade command.

So type sudo upgrade. Press enter. Now type Y. Press

upgrade. Press enter. Now type Y. Press

enter. Let the upgrade command. Finish.

It is very important. Now once the upgrade command finishes, now we are good to go. Now plug in or connect your

wireless network adapter to your USB port. To use your wireless card in your

port. To use your wireless card in your Kali Linux virtual machine, go to the devices, click on USB, and your wireless

network cards name should appear in this list. I have an alpha network card that

list. I have an alpha network card that uses an Athereious chipset. As you can see, it is listed here. So, click on

your network card or appropriate network card. I'm going to click on Athere.

card. I'm going to click on Athere.

Now once selected Kali Linux is going to take around 15 to 20 seconds to set up everything when you use your wireless

network card for the first time in Kali Linux. Now wait for uh 15 to 20 seconds.

Linux. Now wait for uh 15 to 20 seconds.

Now to verify whether your card is detected by Kali Linux or not, type IP space a press enter. As you can see

guys, WLAN zero, my wireless card has been detected. W stands for wireless,

been detected. W stands for wireless, LAN stands for local area network and the number zero represents the card number. Each wireless card has a unique

number. Each wireless card has a unique number assigned to it. The first

wireless card that you connect is assigned number zero. If you connect another card, that card will be assigned number one. In case if your card is not

number one. In case if your card is not appearing or Kali Linux has not detected it then disconnect your card then

reconnect again and repeat the same steps. Go to the devices USB click on

steps. Go to the devices USB click on Ethereos or whatever chipset your card is using. Now let me verify again. As

is using. Now let me verify again. As

you can see WLAN zero it has been detected. Once detected, now you can use

detected. Once detected, now you can use your wireless card to connect to a Wi-Fi network. Click on the networks icon.

network. Click on the networks icon.

Click on available networks. Now select

the Wi-Fi network that you want to connect to. As you can see now,

connect to. As you can see now, sometimes you might encounter errors like this.

Can't attach USB device. Failed to

attach the USB device. In case if you do encounter such an error then solution is simple. Disconnect your wireless card

simple. Disconnect your wireless card then reconnect again. Now go to the devices USB. As you can see my network

devices USB. As you can see my network card is already selected. If it is already selected then you don't need to do anything. Just wait for a few seconds

do anything. Just wait for a few seconds and type IP IPA to verify it as you can see. And if

it is not uh selected then select your chipset then it should automatically solve the problem. In case you have a

different network card and Kali Linux is not detecting it, post your questions in the Q&A section. I will definitely answer your queries there. If you have a

network card that I recommended Kali Linux will detect them automatically.

you don't need to install drivers for them if you use Alpha series cards. Now

once uh the wireless card is detected now we are good to go. Now let's talk about the tools that we are going to use for wireless penetration testing. The

tool that we are going to use is air crackng. Now air crackng is not a single

crackng. Now air crackng is not a single tool rather it is a complete suite. It

is collection of many tools. Airng is

the best tool out there for testing wireless security. Each tool within air

wireless security. Each tool within air crackng is designed for specific tasks.

For example, air crack suite has a tool called aerodyump. Aerodyump is used for

called aerodyump. Aerodyump is used for capturing packets. And uh then we have

capturing packets. And uh then we have uh airmon nng which is used for controlling the monitor mode. The air

crackng itself is used for cracking passwords. There are many more tools uh

passwords. There are many more tools uh in the air crack suite that we will explore as we progress through the course. Now we need to verify whether

course. Now we need to verify whether air crackng is detecting the wireless card or not. So type sudo

airmong press enter. Provide your

password. As you can see, Airmon NG has also detected the wireless card. It

means this card is compatible with Airmon NG. Now, we are good to go.

Airmon NG. Now, we are good to go.

Remember guys, you will need to repeat the same steps each time you want to use your wireless adapter in your Kali Linux

virtual machine. Right. After plugging

virtual machine. Right. After plugging

in the card, you need to go to the devices USB, then select uh your wireless card. In this video, we will

wireless card. In this video, we will discuss managed and monitor modes. A

wireless network card can operate in two modes, managed and monitor mode. In

managed mode, also known as normal mode, the wireless network adapter is used for standard tasks such as connecting to

Wi-Fi networks, accessing the internet, and utilizing other network resources.

Monitor mode, on the other hand, is entirely different. It allows us to

entirely different. It allows us to intercept or capture all network traffic being transmitted over a specific Wi-Fi

network or all surrounding wireless networks within its range. Wireless

cards operate in managed mode by default, allowing you to connect to Wi-Fi networks. However, to capture or

Wi-Fi networks. However, to capture or monitor network traffic, we need to switch or change the network card to monitor mode. In monitor mode, a

monitor mode. In monitor mode, a wireless network adapter can capture wireless network traffic within its range. Now, let's discuss the real

range. Now, let's discuss the real question. Why do we need to capture

question. Why do we need to capture wireless network traffic? Well, to hack a Wi-Fi network, certain information is

required. This information can be

required. This information can be obtained by capturing packets and monitor mode allows you to capture those required packets. Specifically, we need

required packets. Specifically, we need the four-way handshake which can be intercepted using monitor mode. However,

it is important to note that this mode is often used for legitimate purposes by network administrators, security professionals, and researchers. They use

it to monitor and analyze wireless network traffic for troubleshooting, security testing and research purposes.

In the next video, we will enable the monitor mode. In this video, we will

monitor mode. In this video, we will finally learn how to enable and disable monitor mode as well as how to restart

the network manager. Now, let's jump into the practicals. First connect or plug in your wireless network card. I

have already plugged in mine. Uh let me verify that. Type ip space a. Press

verify that. Type ip space a. Press

enter. As you can see here it is wln zero. I'm going to put a wl zero into

zero. I'm going to put a wl zero into the monitor mode. So type sudo airmon nng. Airmon nng is part of the

airmon nng. Airmon nng is part of the air crack suite. It is used for controlling the monitor mode including

enabling and disabling it. Now before

enabling the monitor mode, we need to check for processes that might cause problems later. There are certain

problems later. There are certain processes that might put your card back to the managed mode from monitor mode.

So let's check those processes. Pass

check parameter. It will list those processes. Press enter. As you can see,

processes. Press enter. As you can see, found two processes that could cause problems. Now we need to terminate these processes. It is easy. After check type

processes. It is easy. After check type kill, kill parameter is going to kill or terminate those processes. Press enter.

As you can see this process has been terminated. Now we are good to go. Type

terminated. Now we are good to go. Type

sudo demon space type start space. Now

specify the name of your wireless card that you want to put into the monitor mode. For me, it is WLAN0. Now, Airmon

mode. For me, it is WLAN0. Now, Airmon

NG is going to start the monitor mode on this specified wireless card. WLAN 0.

Press enter. As you can see, monitor mode enabled for WLAN 0 on WLAN0 mon. It means that the specified

mon. It means that the specified wireless card WLAN0 has been put into the monitor mode under uh the new name

WLAN0 mon. And if you want to use or access

mon. And if you want to use or access the monitor mode, then we have to use this name WLAN 0 M O N or whatever name

it is after this particular part. Now

let's actually verify whether the card is in monitor mode or not. Type ip space a at the bottom. As you can see wlan

zero mon the card is indeed in the monitor mode. We can also use iw config

monitor mode. We can also use iw config command to verify the monitor mode.

Press enter. As you can see mode monitor. Now once your card is in

monitor. Now once your card is in monitor mode, you can't use it for general purpose like connecting to the Wi-Fi networks. In monitor mode, we can

Wi-Fi networks. In monitor mode, we can capture traffic and monitor all the Wi-Fi networks within your network cards

range. We will do that in the next

range. We will do that in the next video. Now, let's learn how to put your

video. Now, let's learn how to put your card back to the managed mode. At some

point you will need to put your card back to the managed mode right once you are done with uh Wi-Fi pen testing. So

type sudo airmon ng stop. Now type name of your

monitor mode which is w lan 0 m o n for me. Now airmon ng is going to stop the

me. Now airmon ng is going to stop the monitor mode w0 mon. Press enter. As you can see guys,

mon. Press enter. As you can see guys, monitor mode disabled for WLAN0.

And now let me list interfaces IP space A. As you can see guys, the card is back

A. As you can see guys, the card is back to the managed mode. Uh let me actually

type Iw config. Press enter. As you can see mode managed. Now after putting your card back to the managed mode, you

should always restart your network manager. So type sudo system sorry

manager. So type sudo system sorry systemctl space restart type network

manager. Make sure that n is in

manager. Make sure that n is in uppercase and m also must be in uppercase. Now what this command is

uppercase. Now what this command is going to do, it will reset your network configurations, fix common problems and

your card will become ready to be used in managed mode. Press enter. Now

command has been executed successfully.

Now click on your uh network icon. As

you can see guys, now my wireless card is up and running. That's it for this video guys. Thank you very much for

video guys. Thank you very much for watching. In this video, we will learn

watching. In this video, we will learn how to detect or discover Wi-Fi networks within your network adapters range,

explore the fundamentals of Aerodyump NG scan, and save the network traffic to a file. This is definitely going to be an

file. This is definitely going to be an exciting and informative video. So,

let's dive into the practicals. The

first thing that you are going to do is put your wireless network adapter into the monitor mode. I have already enabled

monitor mode. Let me verify that. Type

monitor mode. Let me verify that. Type

IP space A. Press enter. As you can see, WLAN0. My card is already in the monitor

WLAN0. My card is already in the monitor mode. We need the monitor mode for

mode. We need the monitor mode for capturing wireless network traffic and discovering Wi-Fi networks. Once your

card is in monitor mode, we are good to go. Now type sudo

go. Now type sudo aerodyump nng. Aerodyump nng is also

aerodyump nng. Aerodyump nng is also part of the air crack suite. Aerodyump

is a powerful tool used for capturing wireless network traffic. It also

discovers and displays information about the nearby Wi-Fi networks. Now after

aerodyump specify name of your monitor mode which is WL0 mon for me. Now this

particular aerodyump command is going to discover and display information about all the available Wi-Fi networks within

the range of your wireless card. Let me

press enter. As you can see guys, the aerodyump is scanning for the nearby Wi-Fi networks. It scans and lists all

Wi-Fi networks. It scans and lists all the nearby Wi-Fi networks within the range of your wireless card. Now, we

have a lot of information here, right? I

will break down everything. We have two sections here. In the first half, it

sections here. In the first half, it displays all the Wi-Fi networks that it has detected along with their information. In the bottom half, it

information. In the bottom half, it displays the devices that are connected to these Wi-Fi networks. Now, first

thing that we have to understand is what all these columns mean, what information they represent. Now, the first field is

they represent. Now, the first field is BSS ID. BSS ID refers to the MAC

BSS ID. BSS ID refers to the MAC address. Each wireless access point or

address. Each wireless access point or wireless router has a MAC address. For

example, the MAC address for uh the network cyborg is this. Then we have PVR. PVR indicates the signal strength.

PVR. PVR indicates the signal strength.

It basically tells us how close uh we are to a Wi-Fi network. If the PVR value

is around 70 or above 70, then it means the signal strength is weak. If it is below 60, then uh the signal strength is

considered average. And if this value is

considered average. And if this value is below 40 then it means the signal strength is strong. You are close to a Wi-Fi network or you have a very

powerful wireless card. Then we have beacons column. It displays the total

beacons column. It displays the total beacon packets that a Wi-Fi network has transmitted. A Wi-Fi network uses beacon

transmitted. A Wi-Fi network uses beacon packets to announce its presence. On

average, a Wi-Fi network sends around 10 beacon packets per second. In simple

terms, through beacon packets, a Wi-Fi network basically tells the nearby wireless devices, I am available. You

can connect to me if you have the proper authority. Then we have data column. It

authority. Then we have data column. It

displays the number of packets captured by the network card on each listed network. Here remember guys, aerodyump

network. Here remember guys, aerodyump is capturing or listening to the network traffic of each network that it has

detected or listed. Here later in the video I will demonstrate how to save the captured packets. Data field helps us to

captured packets. Data field helps us to understand the amount of data traffic on the network. And next is forward slash

the network. And next is forward slash s. It stands for seconds. It shows the

s. It stands for seconds. It shows the average number of data packets a network has transmitted each second calculated

over the last 10 seconds. And then we have CH. CH stands for channel number.

have CH. CH stands for channel number.

It displays the channel number on which the wireless access point or wireless network is operating. Then we have MB.

MB displays the maximum speed supported by a Wi-Fi network. And next is ENC. ENC

is short for encryption. It indicates

the type of encryption protocol the network uses for encrypting packets. 95%

of networks still use WPA2. Although

WPA3 is available which is updated version of WPA2, it is considered more secure. However, WPA2 remains the most

secure. However, WPA2 remains the most widely used encryption protocol with over 95% of networks still using it.

WPA2 makes sure that data sent or received over a wireless network is encrypted. And next is cipher. Cipher

encrypted. And next is cipher. Cipher

refers to the specific algorithm used for encrypting and decrypting data within the encryption process. CCMP is

specifically used with WPA2. It offers

significantly more security compared to older protocols like WP and TKIP used in

WPA. And next is O A U T. O refers to

WPA. And next is O A U T. O refers to the authentication method used to protect against unauthorized access to

the network. It specifies how devices

the network. It specifies how devices are authenticated before being allowed to connect to the network. PSK stands

for pre-shared key indicating that the Wi-Fi network utilizes a shared password. All users are required to use

password. All users are required to use the common network password to connect to the network. To access the PSK Wi-Fi

network, you will need to enter the correct Wi-Fi password. And the last column is ESS ID. It basically displays

the name of Wi-Fi networks. Here we have two Wi-Fi networks, Cyborg and Sunny.

And in the bottom half a dump displays devices that are connected to these Wi-Fi networks. First column BSS ID it

Wi-Fi networks. First column BSS ID it displays MAC address of the wireless access point or wireless router. And

station column displays MAC address of the device which is connected to a network. For example, this MAC address

network. For example, this MAC address or wireless device is connected to this Wi-Fi network. And if a device is not

Wi-Fi network. And if a device is not connected to any Wi-Fi network, then you will see something like not associated.

Not associated means the wireless device has not connected to any Wi-Fi network.

It is still searching for Wi-Fi networks to connect. Now like I discussed earlier

to connect. Now like I discussed earlier we can save the packets that aerodyump is listening or capturing. Now here the

aerodyump is basically listening to the traffic of all these detected devices.

We can save the traffic that it is capturing to a file. So press control + c to exit out of aerodyump. Okay. So

type aerodyump ng wl0mon then type write. Write parameter allows us to specify the file name where you

want to save the captured packets. Now

you can specify a specific directory where you want to save. If you don't specify any specific directory then it will save the files in your current

working directory. Now provide a file

working directory. Now provide a file name. Let's say captured

name. Let's say captured packets.

Now Airdump is going to monitor the network traffic of all the Wi-Fi networks within its range and then save the traffic into this specified file

captured packets. The files will be

captured packets. The files will be saved in your current working directory.

Let me press enter.

Now let me exit out of uh a dump by pressing control + C. Now type ls. As

you can see, Aerodyump has created these different files. Aerodyump basically

different files. Aerodyump basically saves uh captured packets in different files. We have files with CAP extension

files. We have files with CAP extension CSV net XML ATC. However, only relevant file

for us is this cap. We can open the cap files in Wireshark. Let's actually do that. type wireshark space and then

that. type wireshark space and then specify the file name that you want to open. Now what Wireshark is going to do,

open. Now what Wireshark is going to do, it will open uh this specified file. Let

me press enter.

As you can see guys, inside uh this file we have the packets that the AOD dump captured. So guys, that's how you can

captured. So guys, that's how you can save the captured packets uh to a file.

So that's it for this video guys. Thank

you very much for watching. In this

video we will learn how to scan Wi-Fi networks operating on the 5 GHz frequency band. This is a theoretical

frequency band. This is a theoretical video. Practical aspects will be

video. Practical aspects will be demonstrated in the next video. There

are certain things about 5 GHz networks that we need to understand before diving into the practical aspects. By default,

a dump only scans and list networks in the 2.4 GHz band as we saw in the previous video. Now, what if a network

previous video. Now, what if a network is using only the 5 GHz band? Most

networks use dual bands, but some specifically use only 5 GHz frequency band. To scan the 5 GHz networks, we

band. To scan the 5 GHz networks, we have to use the band option in Aerodyump NG. Remember, this is important to scan

NG. Remember, this is important to scan or discover 5 GHz networks. Your network

card must also support the 5 GHz band.

That's the prerequisite. Now, we need to use the band parameter with a dump to scan for 5 GHz networks. The band option

allows you to specify different bands or a combination of bands that you want to scan. Aerodyump supports two bands 2.4

scan. Aerodyump supports two bands 2.4 GHz and 5 GHz. We can also combine both which enables us to scan for both 2.4

and 5 GHz networks. Now to scan and list 5 GHz networks, we need to use band a parameter with aerodyump. The letter A

represents the 5 GHz band. We will

demonstrate this practically in the next video. There are other options for the

video. There are other options for the band parameter as well. B represents 2.4

GHz band using the old 802.11b standard and G represents the 2.4 GHz band using the 802.11g

standard which is more common. G is also the default mode. If you don't specify any bands, by default, a dump runs with

the G option. And if you want to scan for both bands, you can use band AG option. Remember, specifying multiple

option. Remember, specifying multiple bands can increase workload on your system and potentially slow down scanning. We will continue where we left

scanning. We will continue where we left off in the previous video. So in this video I will demonstrate how to scan for

5 GHz networks practically also how to scan for both 2.4 and 5 GHz networks simultaneously. Now let's dive into the

simultaneously. Now let's dive into the practicals. So type sudo

practicals. So type sudo aerodyump ng space two hyphens type band. The band parameter allows us to

band. The band parameter allows us to specify the frequency band that you want to scan for. I want to scan the 5 GHz

frequency band or Wi-Fi networks. Uh so

type A. As we discussed in the previous video, A represents the 5 GHz frequency band. Now specify name of the monitor

band. Now specify name of the monitor mode which is WLAN 0 mon. Now this

particular aerodyump command is only going to discover and display the 5 GHz Wi-Fi networks or Wi-Fi networks using

the 5 GHz frequency band. Remember guys,

your wireless network adapter must support the 5 GHz band. Then only the Aerodyump will be able to scan and list

the 5 GHz networks. Press enter. As you

can see, Aerodyump has uh detected the 5 GHz network. Uh it is still scanning. If

GHz network. Uh it is still scanning. If

it finds other 5 GHz Wi-Fi networks, then those will be listed as well. Now,

how do you exactly know whether Aerodyump is scanning the 5 GHz networks or frequency band? Well, check out this

particular section CH. It is showing the range of uh channels that it is scanning. The range of 5 GHz channels is

scanning. The range of 5 GHz channels is from 36 to 165. On the other hand, range

of 2.4 GHz channels is from 1 to 14. As

you can tell, it is scanning between 36 to 165. So guys, that's how you can scan

to 165. So guys, that's how you can scan and detect only 5 GHz networks. Now, I

live in a very remote area, that's why I only have uh very few 5 GHz Wi-Fi networks. If you live in a densely

networks. If you live in a densely populated area, then you might see a lot of 5 GHz networks. Now, let's scan the

2.4 GHz networks. I'm going to exit out of a dump by pressing Ctrl + C. Now, by

default, the Aerodyump scans for the 2.4 GHz networks. If you don't specify the

GHz networks. If you don't specify the band parameter, then by default, it is going to scan for 2.4 GHz networks.

However, you can explicitly specify if you want to scan the 2.4 GHz band. So

type band and specify G. G represents

the 2.4 GHz band. Press enter. As you

can see, this time it is only scanning the networks that use 2.4 GHz frequency band. As you can see the channel

band. As you can see the channel section. Now let's scan both 2.4 and 5

section. Now let's scan both 2.4 and 5 GHz bands. To scan both, we need to

GHz bands. To scan both, we need to provide A and G values to the band parameter. As you can see, I have

parameter. As you can see, I have specified A which represents 5 GHz and G which represents the 2.4 GHz frequency

band. Now, this particular command is

band. Now, this particular command is going to scan for both 2.4 and 5 GHz Wi-Fi networks. Remember guys, when you

Wi-Fi networks. Remember guys, when you scan the multiple bands, it also increases the load on your system

resources like RAM and processor. Press

enter. Now check out the channels section. It is scanning the both bands

section. It is scanning the both bands from 1 to 14 and 36 to 165. That's how

guys you can scan a particular band or multiple bands. That's it for this video

multiple bands. That's it for this video guys. Thank you very much for watching.

guys. Thank you very much for watching.

In this video we are going to discuss the four-way handshake. In a wireless network, data is transmitted through the

air using radio waves. Right? Since the

data travels through the air, it is always vulnerable to interception. If

the network is not properly protected, hackers can easily intercept and steal your information by capturing the

unencrypted or unprotected data. This

can lead to compromised devices and stolen personal information across the network. Therefore, we need a mechanism

network. Therefore, we need a mechanism to protect the data. As we have seen in the previous video, data can easily be

intercepted. This is where the four-way

intercepted. This is where the four-way handshake comes in. It refers to the initial exchange of four packets between

a client device like your laptop or phone and a wireless access point you are trying to connect to. As we

discussed in the cryptography section, keys or encryption keys are used to encrypt data, right? So to encrypt

wireless data, we need encryption keys.

The four-way handshake is the process of generating encryption keys. Encryption

keys generated by a successful four-way handshake are also known as session keys. The keys generated during the

keys. The keys generated during the four-way handshake are used to encrypt data between the client device and wireless access point. The four-way

handshake establishes a secure connection between client device and a wireless network so they can communicate

securely over an encrypted channel.

After a successful four-way handshake, the client device and the wireless access point can communicate securely.

This allows the client to access the internet securely. data gets encrypted

internet securely. data gets encrypted and even if attackers intercept this encrypted data they will only see

scrambled or encrypted information not the original data itself. Now to hack a Wi-Fi network we need to capture four-way handshake. Capturing four-way

four-way handshake. Capturing four-way handshake is essential. Four-way

handshake contains all the necessary details to initiate the password cracking process. By capturing we main

cracking process. By capturing we main intercepting a successful four-way handshake. The four-way handshake is

handshake. The four-way handshake is essentially the exchange of four packets between a client device and a wireless

router or wireless access point. We need

to intercept four packets of four-way handshake to initiate the password cracking. The encryption keys used to

cracking. The encryption keys used to encrypt traffic are derived from a combination of Wi-Fi password, SSD, MAC

address of the access point, MAC address of the client and nons values among other elements. All this information is

other elements. All this information is used to generate the encryption keys or session keys. These elements undergo a

session keys. These elements undergo a cryptographic function to generate session keys which encrypt data during the Wi-Fi session. It is important to

note that these elements are not directly combined to generate session or encryption keys. Instead, they go

encryption keys. Instead, they go through four distinct steps within four-way handshake processor. I'm not

going to cover the entire four-way handshake in detail because it requires a separate crash course to fully understand it. To crack Wi-Fi password

understand it. To crack Wi-Fi password and learn the process, you don't need to understand the exact steps. They are not

essential at all. understanding the

concept and its function is sufficient.

This video is going to be very important. In this video, we will

important. In this video, we will capture a four-way handshake. Capturing

a valid four-way handshake is essential for cracking the password. Without a

valid four-way handshake, we can't initiate the password cracking process.

First we need to capture the four-way handshake and save it to a file. Once

captured then this file can be used to launch the password cracking attack.

First thing that we need to do is collect some essential information about the target network. We need certain

information to hack or test a Wi-Fi network such as its MAC address and channel number. So type sudo

channel number. So type sudo aerot dump ng. Now specify name of your monitor mode which is w0 m o n for me.

Now, a dump command is going to discover and display all the available Wi-Fi networks within the range of my wireless

network adapter. Press enter. Now, keep

network adapter. Press enter. Now, keep

scanning until your target network appears in this list. As you can see, my target network has already been

detected, which is this Sunny. I'm going

to test or hack my own Wi-Fi network.

Once your target network gets detected, then you can exit the AO dump. Now I'm

going to note down the MAC address and channel number of my target network in a file. So let me open a new terminal tab

file. So let me open a new terminal tab and I'm going to open nano to note down the details. MAC address

the details. MAC address and channel number.

Let me copy the MAC address. This is the MAC address of my target network which

is Sunny. Let me paste it here.

is Sunny. Let me paste it here.

And the channel number is 9. Now we need to monitor the network traffic of our

target network. So type sudo space

target network. So type sudo space aotump nng space two hyphens bs ID bss

ID refers to the MAC address. Now here

we need to specify the MAC address of your target network. So what I'm going to do is uh copy the MAC address of my

target network and paste it here. Now

type- C hyphen C stands for channel. Now

provide the channel number where your Wi-Fi network is broadcasting on. Mine

is uh on 9 space. Now specify the right parameter.

space. Now specify the right parameter.

Write parameter allows us to save the captured packets into a file. Now

specify name of the file. I'm going to specify handshake.

The aerodyump is going to save the packets that it captures in this uh specified file handshake. The file will be saved in your current working

directory. Now what basically is going

directory. Now what basically is going to happen the aerodyump is going to monitor or capture the network traffic

of this particular Wi-Fi network. Then

the packets that it captures will be saved to this file called handshake. And

of course at the end you have to specify the monitor mode name which is wl0 m o n for me. Now press enter. As you can see

for me. Now press enter. As you can see guys, check out the channel. It is fixed at 9. So it is only capturing all the

at 9. So it is only capturing all the traffic going through this specified Wi-Fi network then saving that to the

specified file which is handshake. Now

the primary target of this video is to capture handshake. Right? So how to

capture handshake. Right? So how to capture the four-way handshake? either a

new device has to connect to the target network or an existing device has to disconnect then reconnect to the

network. So as soon as a new device

network. So as soon as a new device connects or reconnects to the network then the four-way handshake will be captured. Let me demonstrate this. What

captured. Let me demonstrate this. What

I'm going to do is I am already connected to my network, right? Let me

disconnect from the network. Now, as

soon as I reconnect, the four-way handshake will be captured. Let me

reconnect.

Uh, click on connect. As you can see, guys, WPA handshake, the four-way handshake for this Wi-Fi network has

been captured. Now, we don't need to

been captured. Now, we don't need to monitor the network traffic anymore.

Once you capture the four-way handshake, you can exit. Press Ctrl + C to exit out of the AO dump. Now, let me ls. As you

can see guys, we have handshake files with different formats like CSV, net XML

and cap. Now, the file that we need is

and cap. Now, the file that we need is this handshake dot cap. We need this file to initiate the password cracking

process. Before that we have to actually

process. Before that we have to actually verify whether the four-way handshake is valid or not. It can be done using wireshark.

Let me copy the handshake01.cap

file. I'm going to open it in wireshark.

So type wire chart. Paste the file name or type the file name. Press enter.

Now in the filter bar type E A P O L press enter. Now E A P stands for

press enter. Now E A P stands for extensible authentication protocol over LAN. It is a network communication

LAN. It is a network communication protocol used for authenticating network devices. Now here as you can see we have

devices. Now here as you can see we have four packets being exchanged between a wireless device and the Wi-Fi network.

We have exact four packets. It means the four-way handshake was successful because a successful four-way handshake exchanges four packets between a

wireless device and the Wi-Fi network or wireless access point. Now guys, this four-way handshake is extremely important. Four-way handshake is

important. Four-way handshake is required to initiate the password cracking process. Okay. So, keep this

cracking process. Okay. So, keep this handshake.

file safe. We are going to need it later when we will crack the Wi-Fi password.

Now guys, as you can tell, this method of capturing four-way handshake is not very efficient, right? We have to wait someone to connect to the network or uh

someone to disconnect uh from the network then reconnect. It can be timeconsuming.

We will address this problem in the next video. In this video, we will discuss

video. In this video, we will discuss the deauthentication attack which is essential for capturing four-way handshake and launching advanced attacks

like evil twin attacks. Therefore, it is important to understand how it works. In

the previous video, we captured a four-way handshake. Right? To capture

four-way handshake. Right? To capture

four-way handshake, either a new device needs to connect to the network or an existing device needs to disconnect and

then reconnect to the network. Right?

Here we have an obvious problem. Right?

In most cases, people are already connected to the network and new client devices may take a lot of time to

connect. There you have to wait

connect. There you have to wait patiently. Now to address this problem,

patiently. Now to address this problem, we have something called a deauthentication attack. A

deauthentication attack. A deauthentication attack works by disconnecting devices that are already

connected to the network. In simpler

terms, the deauthentication attack kicks off or disconnects devices from the network by sending deauthentication

frames to all devices on the network.

Once you disconnect devices, most devices reconnect automatically, right?

So as soon as client reconnects whether manually or automatically the aerodyump captures four-way handshake

deauthentication frames as we discussed in the fundamentals section are used to disconnect devices from the network. How

a deauthentication attack basically works? The attackers pretend to be the

works? The attackers pretend to be the router or access point by spoofing the router's MAC address and SSID or its

name. They then send the authentication

name. They then send the authentication frames to the devices connected to the network on behalf of the router. The

attacker uses router's MAC address and sends the authentication frames to the connected devices. When client devices

connected devices. When client devices receive deauthentication frames, they assume the frames are sent by the router

or network. They immediately disconnect

or network. They immediately disconnect as soon as they receive the deauthentication frames. And when the

deauthentication frames. And when the user or client device reconnects, the four-way handshake gets captured. There

is no default mechanism to verify whether the frames are coming from a legitimate router or attackers. Only

latest 802.11x standard has automatic protection against deauthentication frames by default. That's how deauthentication

default. That's how deauthentication attack works and is used by hackers.

We will continue where we left off in the previous video. In this video, we will learn how to capture the four-way handshake using the deauthentication

attack and also fix the common errors you may encounter during the deauthentication attack. A

deauthentication attack. A deauthentication attack serves two purposes. One, capturing the four-way

purposes. One, capturing the four-way handshake and two, disrupting the network services. Now, let's dive into

network services. Now, let's dive into the practicals. Make sure that your

the practicals. Make sure that your wireless card is in monitor mode. I have

already enabled monitor mode. Let me

verify that. Type IP space A. Press

enter. As you can see, WL0, my card is already in monitor mode. Once

your card is in monitor mode, we should be good to go. First thing that I'm going to do is collect the MAC address and channel number of my target network.

We are going to need both for launching a deauthentication attack as well as monitoring the traffic of my target network which will help us to capture

the four-way handshake. So type sudo aerodyump sorry a dump ng space. Now

specify name of uh your monitor mode which is wl0mon for me. Press enter. Now

keep scanning until your target network appears in this list. And mine has already been detected. As you can see, my target network is Sunny. Press

control + C to exit out of a dump. I'm

going to note down the MAC address and channel number of my target network. So

let me copy the MAC address and I'm going to open a new terminal tab. type nano and uh I'm going to note

tab. type nano and uh I'm going to note down the details in this uh file. Press

control shift + v to paste and the channel number is uh five.

Now I'm going to monitor the traffic of my target network. So type sudo aerodyump space

type ps ID. Now

copy and paste the MAC address of of your target network. After BSS ID paste the MAC address.

Now type C. C is for channel number. Now

type the channel number of your target network which is five for me. Space. Now

type write. The write parameter as we already discussed in the previous practical video. It allows us to save

practical video. It allows us to save the packets that Aerodyump captures to a file. So specify a file name where you

file. So specify a file name where you want to save the packets. Four-way

handshake. By default this file will be saved in my current working directory.

And the last thing that uh a dump needs is the name of your monitor mode which is WLAN0 mon for me. So this particular aerodyump command is going to monitor

the traffic of this specified Wi-Fi network and the packets that it captures will be saved to this specified file

4-way handshake. Now press enter. As you

4-way handshake. Now press enter. As you

can see, it is capturing the packets and saving them into the specified file.

Now, we need to launch the deauthentication attack. So, keep this

deauthentication attack. So, keep this aodm command running. I'm going to open a new terminal tab. Now, to execute the deauthentication attack effectively, we

need to configure the network card to the channel number where the target network is operating. Sometimes you will encounter errors like WLAN zero mon is

on channel N and AP uses another channel. To fix this problem, we need to

channel. To fix this problem, we need to set the wireless card to the channel number of your target network. So type

uh sudo IW config space. Now specify

name of your uh monitor mode. Then

channel. Now type the channel number where your target network is operating.

For me it is five.

This command is going to configure the wireless card to listen on channel number five or whatever channel number you specify. It will stick to this

you specify. It will stick to this specific channel number and won't hope to others. Now press enter. Provide your

to others. Now press enter. Provide your

password and the command has been executed successfully. Now we are ready

executed successfully. Now we are ready to launch the deauthentication attack.

So type sudo airplayng. Now airplane is also part of the air crack suite. It is

used for uh generating deauthentication packets or frames. Now space two hyphens type de

parameter allows us to generate deauthentication packets. Now you have

deauthentication packets. Now you have to uh tell the o parameter how many deau authentication packets you want to generate. Let's say 100. So the o will

generate. Let's say 100. So the o will generate 100 de authentication packets or whatever number you specify here. Now

type a. A is for access point. Now we

need to specify the MAC address of the access point or target network. And let

me copy the MAC address of my target network and paste it here. Now type WLAN zero. Type the name of your monitor

zero. Type the name of your monitor mode. So that's all the AirPlay NG

mode. So that's all the AirPlay NG command needs. Now let me break down

command needs. Now let me break down this entire command. The AirPlay NG is going to generate 100 deauthentication

packets. Then send those packets to the

packets. Then send those packets to the devices that are connected to this Wi-Fi network or access point. And when the

devices receive the deauthentication packets, they will automatically disconnect. And when they reconnect then

disconnect. And when they reconnect then the aerodyump is going to capture the four-way handshake because we are monitoring the traffic of that network.

Right? Make sure that uh the aerodyump command is running now. Let me press enter. As you can see guys, it is

enter. As you can see guys, it is sending the de authentication packets to this uh Wi-Fi network.

Now as you can see guys, my device has been disconnected. Now what happens if I

been disconnected. Now what happens if I reconnect to my network? Let me switch to Aerodyump. Let me reconnect to my

to Aerodyump. Let me reconnect to my network.

Click on connect. Now it is not able to reconnect because the deauthentication attack is still going on. As you can see, as long as this deauthentication

attack is uh ongoing, devices will not be able to connect or reconnect to the network. Let me attempt to reconnect

network. Let me attempt to reconnect again.

Now the authentication attack will stop uh after sending the 100 packets. As you

can see it has sent the 100 packets. Now

let me attempt to reconnect. Now it

should work.

Click on connect. As you can see guys, it has successfully captured the four-way handshake. So guys, that's how

four-way handshake. So guys, that's how the deauthentication attack works. It

sends the deauthentication packets to the devices connected to your target network and forces them to disconnect.

And when they reconnect, the aerodyump captures the four-way handshake. Now

that we have captured four-way handshake, we don't need to a dump keep running. So I'm going to exit it by

running. So I'm going to exit it by pressing Ctrl + C again. Back to the back to the deauthentication attack. The

number that you specify after de parameter, it will generate and send those many packets. If I specify let's say uh 10,000, then it will generate

10,000 deauthentication packets. Now

there is another way to execute the same deauthentication attack. What you can do

deauthentication attack. What you can do is specify zero -0 then zero. Now what

airplane is going to do the -0 is short for the o parameter and when you provide the value zero then air play nng is

going to send unlimited or infinite deauthentication packets. Let me press

deauthentication packets. Let me press enter. Now it is going to keep sending

enter. Now it is going to keep sending the deauthentication packets unless you stop it manually. Right? So to stop uh this uh deauthentication attack you have

to exit manually. So press Ctrl C to exit out of the airplane ng as I mentioned the -0

is short for the o parameter. You can

also specify a specific number to it.

Let's say five six. It will generate six deauthentication packets this time and it should stop after generating six deauthentication packets as you can see.

So guys that's how you can execute a deau authentication attack. Now let me type ls. As you can see guys the aot

type ls. As you can see guys the aot dump has generated all these files. The

only file that we are going to need is this file with cap extension. We will

need this for cracking the Wi-Fi password or initiating the password cracking process. This is very very

cracking process. This is very very important. So what I'm going to do is

important. So what I'm going to do is copy this file to my desktop. Let me

copy it. Type cp.

And uh now specify the name of the destination directory. Desktop D is in

destination directory. Desktop D is in uppercase. Press enter. Let me change my

uppercase. Press enter. Let me change my directory to desktop ls. As you can see here is the file. We

ls. As you can see here is the file. We

are going to need this file for initiating the password cracking process. So make sure that you keep the

process. So make sure that you keep the four-way handshake file that you captured. In this video we will discuss

captured. In this video we will discuss several topics including what a word list is a dictionary and brute force attacks and how Wi-Fi password cracking

works. Understanding these attacks is

works. Understanding these attacks is essential for both. protecting your

network from such threats and effectively following the practical demonstrations in the next video. In a

dictionary attack, a hacker attempts to crack the password by using a word list.

Now, a word list is essentially a text file that contains thousands or even millions of potential passwords. There

is a very popular word list called royu.txt.

royu.txt.

Rocky.txt word list contains millions of real world passwords. The passwords

stored in the royu.txt come from multiple sources such as most commonly used passwords, weak passwords

chosen by users, and passwords that were leaked online after a security breach.

These passwords are still in use today.

Most importantly, rocket.txt txt is not a list of random guesses but the actual passwords used in the real world.

Similarly, all other word lists also use common passwords or those leaked after a breach. Let's briefly discuss how word

breach. Let's briefly discuss how word lists are used to crack Wi-Fi passwords.

The tool used for cracking Wi-Fi passwords is air crackng. Air crack uses a word list to crack the wireless

network key or password. First, we need to capture a valid four-way handshake.

Once the handshake is captured, a crack ng uses a word list to perform a dictionary attack. When a tool uses a

dictionary attack. When a tool uses a word list to crack a password, it is called a dictionary attack. The way ear

crackng works is it reads passwords from a word list then hashes each password using the same algorithm as the WPA2

protocol. These hashed passwords are

protocol. These hashed passwords are compared to the captured four-way handshake. If a match is found, the

handshake. If a match is found, the password is cracked. Remember in a dictionary attack the password can only

be cracked if it is present in the word list. If the correct password is not

list. If the correct password is not there, the attack will fail. This is a very basic overview of how it all actually works. But it is enough for you

actually works. But it is enough for you to understand how the cracking works.

Explaining everything in detail would require a crash course in cryptography which is beyond the scope of this course. Now let's discuss a brute force

course. Now let's discuss a brute force attack. A brute force attack involves

attack. A brute force attack involves trying every possible combination of characters or numbers for a password.

For example, if a password is eight characters or digits long, a brute force attack would test all possible eight character or digit combinations until

the correct password is found.

Eventually, there will be one correct password among all possible combinations. Airng can perform both

combinations. Airng can perform both brute force and dictionary attacks.

Dictionary and brute force attacks are different. A dictionary attack uses a

different. A dictionary attack uses a pre-made list of common or leaked passwords to guess the correct password.

On the other hand, a brute force attack tries every possible combination of characters until the correct password is found.

In this video, we are finally going to learn how to crack the Wi-Fi password or initiate the password cracking process.

Before we do that, remember that you need a valid four-way handshake file to begin or start the password cracking process. I already have captured a valid

process. I already have captured a valid four-way handshake. If you already have

four-way handshake. If you already have a valid four-way handshake file, then we are good to go. If you don't, you need to capture the four-way handshake first.

It is an essential component required for password cracking. Now let's dive into the practicals. I have saved my four-way handshake file in my desktop.

So I'm going to change my directory to desktop. I recommend you do the same.

desktop. I recommend you do the same.

Switch your directory to where you have the four-way handshake file saved.

LS as you can see here is my four-way handshake file. Now we are good to go.

handshake file. Now we are good to go.

Type sudo air crackng. Air crack ng as the name suggests it is used for cracking passwords or Wi-Fi passwords to

be specific. Now air crack needs minimum

be specific. Now air crack needs minimum two options a valid four-way handshake and a word list. So first parameter that it needs is the four-way handshake. So

specify name of the four-way handshake file. I'm going to copy it and paste it

file. I'm going to copy it and paste it here. And if you have four-way handshake

here. And if you have four-way handshake file stored in another directory, then specify path to that directory. Since I

have four-way handshake file in my current working directory, I only need to specify the file name. Now, second

parameter that it needs is the word list that you want to use for cracking the password. Kali Linux has many built-in

password. Kali Linux has many built-in word lists and one of them is royu.txt.

Rockyu.txt is probably the most popular word list in world. So we have to specify the path to royu.txt. Before we

do that, there are a few things that we need to do. Open a new terminal tab. We

need to change directory to word lists.

So type cd user share. The word lists are stored uh in this directory called word lists. This is the complete path.

word lists. This is the complete path.

Press enter. ls here. As you can see guys, we have royu.txt.g

file. For now, the royu.txt is zipped.

In order to use royu.txt file, first we need to unzip it. Then we will be able to use it with airg or any other Kali

Linux tool. To unzip type sudo

Linux tool. To unzip type sudo gunzip space. Now specify name of the

gunzip space. Now specify name of the rocky.txt.gz

rocky.txt.gz

file.

Now gunip is going to unzip this rocky.ext.gz

rocky.ext.gz

file. Press enter. It will take a few seconds to unzip.

ls. As you can see guys, rocky.ext file

has been unzipped. Now, Roku.ext has

probably more than a million passwords.

What I'm going to do is check how many passwords are stored in this rocky.txt file. So, let me pipe the output of cat

file. So, let me pipe the output of cat command to wc command. So, type pipe character. Now, wc

character. Now, wc l press enter. As you can see guys, the rock.txt txt has over 1 million

passwords. No, no, no, no. Not 1

passwords. No, no, no, no. Not 1

million, rather over 14 million passwords stored inside this royu.xt

file. I can't view the passwords of royu.txt file because if I open uh this file, then the terminal will crash. The

terminal will not be able to handle these many lines. But what I'm going to do is check the let's say first 10

passwords. It is easy. Type cat

passwords. It is easy. Type cat

rocket.txt. Pipe it to head command- n let's say 100. The head command is going to display the first 100 lines or passwords in this file. Press enter. As

you can see guys, these are the passwords in the rocky.txt file. There

are millions of such common passwords.

Now we need to specify path to this rocky.txt file in air crackng. So back

to the airrng. Now after providing the name of four-way handshake file specify w stands for word list. And now you have

to specify path to the word list. So

type forward slash user shareward slash word lists then rocku dot rocku.txt.

rocku.txt.

Let me resize my terminal a bit. Now air

crackng is going to initiate the password cracking process and it will use this uh specified word list. Make

sure that you have provided a valid four-way handshake file and correct path to royu.txt. txt word list. Now press

to royu.txt. txt word list. Now press

enter.

As you can see guys, the air crack has started the cracking process. It is

currently testing around uh 6 550 or 600 passwords per second. But this number can be different and significantly

higher for you if you have a high-end computer.

As you can see guys, key found. This is

what a cracked password looks like. This

is the password of my Wi-Fi network. Now

I can use this password or key to access my Wi-Fi network or access my cracked Wi-Fi network. Remember guys, the

Wi-Fi network. Remember guys, the success of a dictionary attack depends on whether the password is in word list

or not. If the password is in the word

or not. If the password is in the word list, then it will be cracked. If not in the word list, then it won't be cracked.

Now, passwords that contain only numbers are very easy to crack. In fact, a purely numerical password can be cracked

within minutes without any problems. Like this, the numerical passwords are easiest and most vulnerable to cracking.

However, if a password is stronger and includes numbers, letters, special characters, uppercase and lowerase characters, such passwords are very hard

to crack. Often impossible to crack.

to crack. Often impossible to crack.

Even passwords based on common characters can still be vulnerable, but it takes significantly longer time to crack. I know this is very simple. I

crack. I know this is very simple. I

just wanted to show you how to use a word list to crack passwords. We will

use more effective and sophisticated password hacking techniques in the upcoming video. Thank you very much guys

upcoming video. Thank you very much guys for sticking around. In the previous two sections, we have seen how attackers can exploit or hack Wi-Fi networks using

various methods. Right now, in this

various methods. Right now, in this section, I will demonstrate how to detect and protect your network from all possible Wi-Fi attacks. This is the

first video of the section. In this

particular video, we will focus on detecting deauthentication attacks. The

deauthentication attacks are central to both dictionary and able twin attacks.

Right? The able twin attack specifically depends on a successful deauthentication attack to function properly. Without a

successful deauthentication attack, the able twin attack is not impactful at all. Therefore, if we can detect the

all. Therefore, if we can detect the deauthentication attack, it makes safeguarding the network easier. In this

video, we will learn how to detect deauthentication attacks using Wireshark. Now, let's jump into the practicals. I'm going to

execute the deauthentication attack on my own network and then capture packets or deauthentication packets in

Wireshark. Before we do that, we need

Wireshark. Before we do that, we need some network details to launch the deauthentication attack such as the MAC address of the target network and the

channel number where it is broadcasting on. Now, let me scan all Wi-Fi networks

on. Now, let me scan all Wi-Fi networks around me so I can note down the required details to launch the deauthentication attack.

Aerodyump.

Now specify the name of your monitor mode.

As you can see guys, my target network has appeared in this list. This is the network sunny. I want to execute the

network sunny. I want to execute the authentication uh attack on my network.

Now once your target network appears here, press control + C to exit. Now I'm

going to open uh open a new terminal window and note down the details. MAC

address. This is the MAC address of my target network.

Now let me note on the channel number where it is broadcasting on. Channel

number is 11. Now we need the MAC address. If you use the AirPlay NG to

address. If you use the AirPlay NG to execute the authentication attack and if you use MDK4 then you only need channel

number. I'm going to use the MDK4.

number. I'm going to use the MDK4.

So type sudo mdk4 space specify the name of your monitor mode. Now d is for deauthentication

mode. Now d is for deauthentication attack. It launches the deauthentication

attack. It launches the deauthentication attack. Now C is for channel number. You

attack. Now C is for channel number. You

have to specify the the channel number where your target network is broadcasting on. For me it is 11. Now

broadcasting on. For me it is 11. Now

guys, before I execute this attack, I'm going to open my wire shark so we can capture the deauthentication packets.

Later we will analyze those packets to identify the attack.

And uh now in this uh window of interfaces you will see the monitor mode here as you can see WLAN zero mon. So

click on double click on your monitor mode and as you can see wireshark has started capturing the network traffic. Remember

the wireshark is capturing all the network traffic. So count for captured

network traffic. So count for captured packets will easily go in thousands within a few seconds. Now let me execute the deauthentication attack. Let me

press enter.

As you can see, it is sending a plenty of deau authentication packets per second over thousand uh per second on average. Wireshark is capturing

average. Wireshark is capturing everything. So guys, when you put your

everything. So guys, when you put your card into the monitor mode, you will not be able to identify the deauthentication attack because wire sharkark literally

captures all your network traffic. Now

what I'm going to do is stop the capturing packets. Click on the red

capturing packets. Click on the red button and I'm going to stop the de authentication attack as well. So we

literally have uh over 100,000 packets as you can see. Now detecting the deauthentication packets among these thousands of packets is very difficult.

Here we can use something called a filter. We need to use the filter for

filter. We need to use the filter for displaying only the deauthentication

packets. So filter for that is type wan0

packets. So filter for that is type wan0

dot fc dot type underscore then sub type equal to 12. Now in management frames the subtype 12 represents the

deauthentication frames and 11 represents the authentication frames.

Right? We discussed uh this in the fundamentals section. Now press enter.

fundamentals section. Now press enter.

This filter will display only the deauthentication frames or packets. As you can see guys, under the info column, these are all

deauthentication frames. We literally

deauthentication frames. We literally have thousands of deauthentication frames. So it is certainly a

frames. So it is certainly a deauthentication attack, right? Remember

a router or wireless access point never sends this many deauthentication frames.

In case of some maintenance or troubleshooting, it typically sends maybe 50 or something deauthentication frames. But if the count for

frames. But if the count for deauthentication frame is anything above 50, then it certainly is a deauthentication attack. Now click on

deauthentication attack. Now click on any deauthentication packet and at the bottom let me expand the 8011 deau authentication flags. Now here we have a

authentication flags. Now here we have a field called type subtype de authentication in bracket we have a hexad decimal number 0x000000

c. If you convert this hexad decimal

c. If you convert this hexad decimal number into binary sorry decimal you will get 12. Now here we have the transmitter address which is this this

MAC address. Now if I go back to my

MAC address. Now if I go back to my details that I have noted down, as you can see guys, this is the same MAC address. It means the deauthentication

address. It means the deauthentication frames are coming from this MAC address.

This MAC address or device is uh sending the de authentication packets. Now this

is the MAC address of the target router or target network. But here the router did not send these deauthentication

frames, right? It is the attacker who

frames, right? It is the attacker who basically masked or spoofed this MAC address then sent the deauthentication frames on behalf of the network or

target network. So guys that's how you

target network. So guys that's how you can basically detect the deauthentication frames in Wireshark. This is as easy as

that. Now this method of detecting

that. Now this method of detecting deauthentication attack is not very efficient because when you put your card

into the monitor mode and capture packets using Wireshark, the Wireshark essentially captures thousands of packets, right? the account for captured

packets, right? the account for captured packets will easily go in millions and uh at some point Wireshark will eventually crash if you keep capturing

packets for a longer period of time. So

in the next video I will show you an efficient way to detect the authentication attack.

Wireshark is a complicated tool, right?

So in this video I'm going to simplify Wireshark for absolute beginners. So

guys if you are you know someone who is new to Wireshark or struggling with it then trust me by the end of this video

you will be able to use Wireshark efficiently.

Wireshark is a special tool used for monitoring computer networks. Wireshark

helps you to you to see what is happening when your computer sends and receives a data. It monitors or captures

all the network traffic. Wireshark is is of course free and open-source tool.

Wireshark is a must know tool for security analysis. It is often used to

security analysis. It is often used to detect and analyze network security threats such as hacking attempts unauthorized access to sens sensitive

data and it can easily identify attacks or suspicious traffic on your network.

It is a go-to tool for cyber security analysts.

Wireshark can be used to analyze network traffic in real time to identify and resolve network related problems such as

slow performance, dropped packets and other connectivity related issues as well.

Developers can use Wireshark to understand how protocols work and identify issues related to their implementation. These are just you know

implementation. These are just you know the main uses of Wireshark. It is a very vast tool. It can be used for you know

vast tool. It can be used for you know many other things.

Now to download and install Wireshark go to the wireshark.org click on download. Here we have files

for Linux, Mac and Windows. So download

the appropriate file according to your operating system. Here, as you can see,

operating system. Here, as you can see, guys, uh we do not have files for 32-bit systems, right? This is because

systems, right? This is because Wireshark 4.0 or higher versions do not support 32bit systems, right? So, if you

have an older uh computer or 32-bit system, then you have to download this uh this file 3.6.1.

So, click on this down arrow. From here

you can download 32bit file for your operating system. And I'm not going to

operating system. And I'm not going to go through the installation steps because installation process is very simple on all operating systems on

Windows. Make sure that you do not check

Windows. Make sure that you do not check or uncheck anything during the installation. Right? Keep clicking on

installation. Right? Keep clicking on next. Next, then your installation will

next. Next, then your installation will be successful. If you come up with any

be successful. If you come up with any problems dur during the installation or any part of the video then let me know in the comment section and I will

happily answer everything.

All right. So once your installation is complete then open your Wireshark and this is the welcome window of

Wireshark. It displays all the installed

Wireshark. It displays all the installed network interface cards and this list is going to be different for everyone. Most

likely you are not going to see all these you know uh local area connections because they are not real or physical

cards. They are created by my virtual

cards. They are created by my virtual machines. Now there are two inbuilt

machines. Now there are two inbuilt network cards on each system. Ethernet

and wireless card. Ethernet is simply represented by Ethernet on Windows and wireless card is represented by Wi-Fi

and on Linux the wireless card is represented by WLAN0 and Ethernet is represented by ETH0 on most Linux uh

distributions. Now to start capturing

distributions. Now to start capturing packets you have to select one of these physical network cards. Now which one exactly you have to select? Well, it

depends on your connectivity, how you are connected to your uh network or how you are accessing the internet. I'm

connected to my network through Wi-Fi or wireless card. So, I'm going to select

wireless card. So, I'm going to select Wi-Fi. As you can see, it is showing uh

Wi-Fi. As you can see, it is showing uh some spikes, right? These spikes are indicating that there are some, you know, activities going on this

particular interface. We also have

particular interface. We also have spikes on on adapter for loop back traffic interface as well. Well, this is uh the local host. It does not capture

your network's traffic. It only, you know, monitors your uh system traffic.

This is not that important. Again, guys,

I'm going to uh select Wi-Fi to start capturing packets. So, double click on

capturing packets. So, double click on the appropriate interface.

As you can see, Wireshark is capturing packets right at the top. You can see capturing from Wi-Fi. Right now, first thing that I'm going to do is explain

what all these different sections or components mean, what information they represent. So, go to the view. View menu

represent. So, go to the view. View menu

allows us to control uh the components that you want to appear in your display area. As you can see, Wireshark has

area. As you can see, Wireshark has already pre-selected some of the components for us. First three selected components are main toolbar, filter

toolbar, and status bar. This is the main toolbar. It contains the functions

main toolbar. It contains the functions that you are going to use on a regular basis. I will get back to all these

basis. I will get back to all these functions later in the video. Then we

have uh filter bar. This is the filter toolbar. Here you can type your filters.

toolbar. Here you can type your filters.

Filters are basically used to hide unnecessary traffic. I will get back to

unnecessary traffic. I will get back to filters later as well. For now, just uh remember that if you want to type and apply uh the filters, then this is the

place where you can type the filters.

Then we have a status bar at the bottom.

This is the status bar. As you can see, it basically gives you a brief summary of captured or lost packets. Then we

have packet list. This section is called packet list. Packet list displays or

packet list. Packet list displays or contains all the captured packets. Every

single packet that Wireshark captures is going to be displayed or listed here.

And then we have packet details. As you

can see guys, the packet list uh section only gives you a brief overview of each captured packet. Now if you want to

captured packet. Now if you want to analyze packets in detail then you can use packet details section. For example,

I'm going to let me stop the session first. I'm going to click on packet

first. I'm going to click on packet number 139. Now down here packet details

number 139. Now down here packet details section is displaying a detailed information about the selected packet.

As you can see frame number 139. Now

here you can analyze uh the selected packet in detail. Now let me click on different packets. As you can see the

different packets. As you can see the information keeps changing as I click on different packets. Then we have packet

different packets. Then we have packet bytes on your right side. This section

or panel is called packet bytes. It

displays information in its raw or original form. Right? As you can see the

original form. Right? As you can see the default format is hexadimal and you can also change it to to binary. So click on the blank space. Click on as bits. Now

as you can see information is in raw binary. I'm going to revert back to the

binary. I'm going to revert back to the to the hexodimal format because it is a little more presentable than uh than

binary. And if your packet contains uh

binary. And if your packet contains uh plain textual information, then that information will also be displayed here

as it is in its raw form. Now go to the view. Let's say you do not want packet

view. Let's say you do not want packet byes section. Then click on this packet

byes section. Then click on this packet bytes or whatever you want to hide. Now

as you can see it has been completely hidden. So to get it back go to the view

hidden. So to get it back go to the view again click on packet byes. Now it is back here. Now let me walk you through

back here. Now let me walk you through what all these uh columns mean. Right?

So first column that we have is N O. N O

is short for number. It basically

displays the packet number. Each packet

is going to have a unique number. As you

can see the first packet that Wireshark captures uh is automatically assigned uh number one second packet two and so on.

Then second column is time. Time uh time column displays the exact time when a packet was captured. Right? Now the

default format for displaying time is not uh not you know that uh uh presentable right. So let's change it

presentable right. So let's change it first. So go to the view now. Click on

first. So go to the view now. Click on

time display format from from first half select time of the day. Again go to the view time display format from uh lower

half select seconds. Now as you can see we have a much better or presentable format for displaying the timing of

captured packets. Then we have source. A

captured packets. Then we have source. A

source column displays the IP address of sender who has you know sent the packet.

Destination column displays the IP address of uh receiver where the packet has been delivered. So let me select let's say packet number uh 30. Sender of

the packet number 30 is this IP address 192.68 uh 68 and it has delivered this packet to uh this uh device 35

uh 3. Then protocol column displays the

uh 3. Then protocol column displays the packet type whether it is TCP, ICM, ICMP or UDP packet. Length column displays

size of each packet in bytes. Info

column it gives you a brief overview of each captured packet. So that's what all these columns mean. Now let's uh go

through all the uh toolbar functions.

Red button stops the current running session and first button from left starts a new session. So click on it. As

you can see before starting a new session, Wireshark is asking me whether you want to save already captured packets. So I'm going to click on save.

packets. So I'm going to click on save.

Then give it a file name. Let's say

packets. Now you don't have to write any extension after the file name. Remember

Wireshark automatically saves your packets with pcap or pcapng extension.

pcapng is the default extension for saving wireshark files. Click on save.

Now a new session has been started. Then

third button restarts a new session. So

if you want to restart a new session when you already have a session running then click on this button. And here also if you want to save already captured

packets then click on save before continuing. This time I'm going to go

continuing. This time I'm going to go with continue without saving. Then third

fourth button is capture options.

capture options button cannot be accessed when you have a session running. So let me stop the session

running. So let me stop the session first. Now if I click on the capture

first. Now if I click on the capture option button as you can see now it is working. Now capture options uh window

working. Now capture options uh window displays all the network interface cards just like your your welcome window. The

only difference is that it gives you a much better control over interfaces. As

you can see, we have additional options such as promiscuous mode and monitor mode. Okay, I will get back to capture

mode. Okay, I will get back to capture options later. Then we have open a

options later. Then we have open a capture file button. So this button allows you to open a already saved file.

So click on it. Now I'm going to double click on the file that I saved a few seconds ago. So double click on the

seconds ago. So double click on the file. Now continue without saving. Now

file. Now continue without saving. Now

as you can see at the top packets dotpcapng wireshark is reading packets from this particular file. Then next

button that we have is save this capture file. So this button basically gives you

file. So this button basically gives you option to save your packets quickly. So

click on the button write the file name then click on save. It will save the packets. Now another way to save uh

packets. Now another way to save uh packets is go to the file, click on save as. Then next button is close. So close

as. Then next button is close. So close

button takes you back to your welcome window as you can see. So let me start the session again.

Now next button that we have is find. So

click on the button. It basically allows us to search for packets based on different types of values. As you can see, we have a drop-own menu here. So,

click on the down arrow and uh let me start with let's say string. Now, in

this box, type a string or text. Let's

say payload.

Now, let me click on find. As you can see, guys, it is highlighting the package that contains the word payload right here. As you can see, so when you

right here. As you can see, so when you select the string option, whatever you type here, Wireshark is going to search for that particular uh text or string in

each packet. Wherever it finds the word

each packet. Wherever it finds the word payload, then it will highlight those packets. As you can see, for now, it is

packets. As you can see, for now, it is highlighting packet number 55. Now, if I click on find, it is highlighting the next packet that contains the word

payload like this. Then we have hex value option. Let me select it. Now here

value option. Let me select it. Now here

you can search by hexadimal values as well. So let's say 4 a. Now click on

well. So let's say 4 a. Now click on find. As you can see on the packet bytes

find. As you can see on the packet bytes panel 4 a is highlighted. And in the packet list section wire sharkark is highlighting the exact packet that

contains this value. Then we have display filter. We have not covered uh

display filter. We have not covered uh the display filters yet. Right? Once you

you will learn display filters then you will automatically learn to use this feature for now. You don't have to worry about it. Then next two buttons uh that

about it. Then next two buttons uh that we have are right and left arrow. So

right arrow button basically takes you one packet up from your current position. My current uh position is let

position. My current uh position is let me click on it. So if I click on left arrow button, it will take you one packet up and right button it's going to

take me one packet down from my current position. Then we have go to uh

position. Then we have go to uh specified packet. Click on the button

specified packet. Click on the button here in the box. Type the packet number let's say five and click on go to go to packet. Then as you can see it has taken

packet. Then as you can see it has taken me to the packet number five. It is

being highlighted. So whatever number you type in here in this box, wire sharkark will take you to that

particular packet. Then we have uh up

particular packet. Then we have uh up and down arrow keys. The up arrow key is going to take you to the first captured packet in the list. Click on it. As you

can see, it is highlighting the first packet in the list and down arrow key takes you to the last captured packet.

Right. Next button that we have is uh this automatically scroll to the last packet during live capture. So when you enable this button, it will automatically take you to the you know

last packet that Wireshark captures during the live session. As you can see it has uh this light blue background color right it means it is enabled

right. If I click on it now it is

right. If I click on it now it is disabled. It is advised that you know

disabled. It is advised that you know always keep it enabled. Now next button basically enables the packet coloring.

As you can see we have packets with different colors right TCP packets have a different color and ARP packets have a different color. So what uh basically

different color. So what uh basically wireshark does it assigns a unique color to most commonly used protocols or

filters so we can easily identify the packets. Right? So when I'm going to see

packets. Right? So when I'm going to see this light pink color, I can automatically recognize yeah this is a an ARP packet. Now if you want to find

out which color is associated with which filter or protocol, then go to the view, click on coloring tools. Now here you

can basically see which color is associated with which filter or protocol. UDP protocol is going to have

protocol. UDP protocol is going to have this light gray background color. So

feel free to go through the list. You

can even customize these colors. Let's

say for ARP you want a different color.

So click on the AR. Then down here click on background. Then select a color of

on background. Then select a color of your choice. Then click on okay. And

your choice. Then click on okay. And

after that click on okay. Then color

will be changed. In the same way you can change foreground or text color as well.

Select the color, click on okay, then click on okay. Changes will be applied right away. Then next buttons that we

right away. Then next buttons that we have are plus and minus. Plus button

basically is used to increase the font size as you can see and minus button is is for decreasing the font size and

button next to minus button sets the font size to default. If I click on it, as you can see, the font size has been

set to uh the default. Now the last button uh resize or sets the packet columns size to to default. As you can

see my destination column is overlapping the source column. Right now if I click on this uh last button, as you can see the size has been set to to the default.

Now I can see contents of each column easily.

Filters are used to hide or filter out unnecessary traffic. For example, here

unnecessary traffic. For example, here as you can see I have thousands of packets. Right now let's say I only want

packets. Right now let's say I only want to see HTTP packets in my packet list section. All other traffic is irrelevant

section. All other traffic is irrelevant or useless to me. In that case, if I manually try to locate every single HTTP

packet among thousands of packets, then it is going to take a lot of time, right? So to solve this problem, we have

right? So to solve this problem, we have something called filters. Filters allow

us to exactly see what you want to, you know, analyze and see in in your packet list section. For example, I only want

list section. For example, I only want to see HTTP packets. Then all I have to do is type a valid HTTP filter. Then

Wireshark is only going to show all the HTTP packets and other traffic will be hidden. So this is as simple as that. We

hidden. So this is as simple as that. We

have two types of filters in Wireshark.

Display and capture filters. Display

filters are used or applied on already captured traffic. As you can see, I

captured traffic. As you can see, I already have you know captured packets.

Here I can apply the display filters and I will get back to to uh capture filters later. Now let's do some practical

later. Now let's do some practical examples of display filters. Display

filters can be written and applied here in the uh filter uh display filter bar.

So I'm going to start with filtering HTTP traffic. So traffic uh filter for

HTTP traffic. So traffic uh filter for filtering HTTP traffic is just HTTP. So

type HTTP. As you can notice when you type a correct or valid filter, Wireshark automatically changes background color to green. Green

background means a valid filter. Now if

I type something that wireshark does not recognize then background color changes to to pink. So green means valid, pink

means invalid filter. Now how to apply the filter? We have two options. First

the filter? We have two options. First

press enter. Now as you can see filter has been applied under the protocol column. Wireshark is only displaying the

column. Wireshark is only displaying the HTTP traffic because this is exactly what I have told Wireshark only show me

HTTP traffic. Now another way to apply

HTTP traffic. Now another way to apply filters is click on this uh right arrow on your right side. Click on it then filter will be applied. You can clear

filters by clicking on this cross button. Now as you can see we are back

button. Now as you can see we are back to the normal. Now let's uh filter let's say DNS packets. So filter for that is DNS. Hit enter. Now as you can see

DNS. Hit enter. Now as you can see Wireshark is only displaying the DNS packets. Now I want to see let's say TCP

packets. Now I want to see let's say TCP packets only. So filter is TCP. As you

packets only. So filter is TCP. As you

can see it is only showing the TCP traffic. In the same way let let's say I

traffic. In the same way let let's say I want to see UDP packets. So filter for that is UDP. Now let me see whether I

have any ARP packets. So type the ARP, hit enter and yeah this is the ARP filter for filtering ARP packets. In the

same way you can filter all the possible you know network traffic. All you have to do is remember the protocol name then

type that in here in the filter bar. Now

let's filter encrypted or HTTPS traffic.

Your first guess might be HTTPS. Right?

As you can see, this is not a valid filter, right? So to filter secure or

filter, right? So to filter secure or HTTPS traffic then you have to type TLS.

So press enter. As you can see now Wireshark is showing all the encrypted traffic. TLS filter uh makes sense

traffic. TLS filter uh makes sense because uh HTTPS protocol is actually

combination of HTTP and TLS. TLS takes

the HTTP traffic then encrypts it and that makes the HTTPS protocol. Sorry I

forgot to add S. Now till now we have used or filtered one type of traffic only. Right now let's say I want to see

only. Right now let's say I want to see ARP and DNS packets simultaneously. It

can be done through something called operators or operator. So type uh DNS

then write or and ARP or operator is used to combine multiple filters. So

here I am basically telling Wireshark if you find DNS packets or ARP packets then show me all those packets. So if I hit

enter then Wireshark as you can see it is displaying all the DNS and ARP packets. In this way you can combine as

packets. In this way you can combine as many filters as you like. So let me add another filter TLS or ICMP. Okay. So

feel free to add as many filters as you like and or operator can be uh written

with two pipes as well like this UDP.

This is also a valid filter or ARP. See

guys uh the or operator pretty much works uh as it works with you know uh programming languages. So here it can be

programming languages. So here it can be used to combine multiple filters. Now uh

let's use uh not operator. So type not and TCP. Now what does it mean? Not

and TCP. Now what does it mean? Not

operator basically negates the value that you supply to it. Here I'm telling not operator that okay don't show me TCP

packets. Show me everything but not the

packets. Show me everything but not the TCP packets. So if I hit enter, you are

TCP packets. So if I hit enter, you are not going to see any single TCP packets in the list. As you can see

and not operator can be can be written with exclamation symbol as well. So

exclamation TCP. It is also a valid filter. Now let's filter traffic by port

filter. Now let's filter traffic by port numbers. So type uh let's say TCP. I

numbers. So type uh let's say TCP. I

want to filter traffic on port number uh let's say 80. 80 port is for HTTP, right? So if I hit enter, it is not a

right? So if I hit enter, it is not a valid filter. Sorry, I forgot to add

valid filter. Sorry, I forgot to add equal to signs. So port number 80 means it is going to uh list all the HTTP

traffic. Here also you can use or

traffic. Here also you can use or operator or TCP.ORT

EQ means equal to 443. So EQ or equal to sign both are same. So if you hit enter now this time I'm telling wireshark if

you find https or htt http traffic then list all those packets. So 443 port

number is obviously for secure or https traffic. Now let's cover another very

traffic. Now let's cover another very important filter called IP header. IP

adder filter is basically used for filtering traffic by IP addresses. Let's

say you want to check all the packets that a particular IP address has sent or received. So write IP dot adder equal to

received. So write IP dot adder equal to then paste the IP address. Now this

filter is going to only uh uh display the packets that this particular IP address has sent or received. So if I hit enter now as you can see under the

source and destination column right you can use or operator to combine multiple IP addresses. So let's say you want to

IP addresses. So let's say you want to check packets that you know multiple IP addresses have sent or received then use

or operator IP dot adder uh let's say here 79. Now this filter is going to

here 79. Now this filter is going to display all the packets that these two IP addresses have sent or received. In

this way you can combine as many filters as you IP addresses as you like. Now

here also we can use not operator. So if

I type not at the beginning then what I'm telling Wireshark at this time is do not show me packets that this particular

IP address has sent or received. So if I hit enter, you are not going to see this IP address in the packet list as you can

see because we have clearly told Wireshark don't show me packets that have been sent or received by this IP

address. And another important filter

address. And another important filter that I'm going to teach you is contains.

So type TCP. Let's say contains.

Now within the double quotes write YouTube.

Now what this filter is going to do it will check every single packet in the list and see whether the packets contain

the word YouTube. If any packet contains YouTube then that packet will be listed here. If I hit enter and as you can see

here. If I hit enter and as you can see there are no such packets that contain YouTube. Now let's try some let's try

YouTube. Now let's try some let's try the DNS.

DNS Now as you can see we do have DNS packets that contain YouTube. So as you can see youtube.com

so this IP address visited this website YouTube or it basically made DNS queries to youtube.com right

now let's move to the capture filters now capture filters allow you to have control over your traffic what you want

to capture capture filter as the name suggests You can basically tell Wireshark before starting a new session what you want to

capture. Right? By default, Wireshark

capture. Right? By default, Wireshark captures all types of traffic floating on your network now. Let's say you only want to capture HTTP traffic, right? You

don't want to capture any other traffic, just FTP or HTTP. Then you can tell it to Wireshark before starting a new

session. then wireshark will only

session. then wireshark will only capture whatever traffic you tell it uh to capture. So you have to go back to

to capture. So you have to go back to your uh welcome window. Now first thing that you have to do is select the interface where you want to capture the

traffic. Then here as you can see we

traffic. Then here as you can see we have uh the box where you can type the capture filter. capture filters are

capture filter. capture filters are different in terms of uh syntax from display filter. So if I type let's say

display filter. So if I type let's say HTTP then as you can see it is not a valid filter right. So to write a filter

to capture HTTP traffic then we have to write port then port number 80. So port

for HTTP is 80. So this filter is going to capture the HTTP or traffic on uh port 80. Now to start capturing packets,

port 80. Now to start capturing packets, double click on the interface.

Now as you can see guys at the top capturing from Wi-Fi on port number 80.

So it is only going to capture traffic on 80. So let me visit uh let's see this

on 80. So let me visit uh let's see this is an HTTP website. As you can see not secure.

It is capturing HTTP traffic. Now let me visit a website which uses HTTPS let's say YouTube. As you can see it is not

say YouTube. As you can see it is not capturing anything right. So to confirm it further let me apply the TLS filter.

As you can see TLS found nothing because this filter capture filter is only going to capture the HTTP traffic. Now back to

the welcome window again.

Another place where you can type the capture filter uh filters is go to the capture options. Now here select the

capture options. Now here select the interface first then write the filter here. As you can see at the bottom we

here. As you can see at the bottom we have a box. So port number 80. Now let's

say I want to capture FTP traffic. Then

you have to write the port number for FTP which is 21. Here also you can use or operator. So type port now let's say

or operator. So type port now let's say 22. Now this time Wireshark is going to

22. Now this time Wireshark is going to capture both HTTP and sorry SSH and FTP traffic. You can combine as many you

traffic. You can combine as many you know uh filters as you like here. And if

you click on start then it will start capturing traffic.

Now if you want to capture let's say only TCP traffic then you can directly write TCP. TCP and UDP filters are

write TCP. TCP and UDP filters are common for both display and capture filters right let's say UDP.

Now let's say you only want to capture traffic that a particular IP address sends or receives. Uh then write the host filter then paste the IP address.

Now this filter is only going to capture the traffic that this specified IP address sends or receives. So guys that is it for filters. If you want to learn

more about filters, then feel free to check my Udemy course where I have, you know, covered a plenty of advanced filters. That's a

filters. That's a