1
00:00:00,120 --> 00:00:06,780
In this video I'm going to show you how to use t shock as well as term shock t shock to capture traffic

2
00:00:07,370 --> 00:00:10,220
off the wire and term shock to view.

3
00:00:10,230 --> 00:00:12,470
Why shock captures through a terminal.

4
00:00:12,930 --> 00:00:16,530
Sometimes you don't have access to a gooey interface.

5
00:00:16,530 --> 00:00:22,830
Sometimes you want to be able to capture packets of The Wire using a terminal and T shock is great for

6
00:00:22,830 --> 00:00:24,310
doing that.

7
00:00:24,390 --> 00:00:31,170
As an example you may run a captcha application on a Linux server or linux host which doesn't have a

8
00:00:31,200 --> 00:00:33,640
graphical user interface installed.

9
00:00:33,810 --> 00:00:40,320
You could as an example run it on a Raspberry Pi so capture traffic off the wire using a Raspberry Pi

10
00:00:40,770 --> 00:00:44,120
but do that without a graphical user interface.

11
00:00:44,130 --> 00:00:50,790
So simply using a console capture the traffic and you may want to be able to view those why shock captures

12
00:00:50,850 --> 00:00:52,120
through a console.

13
00:00:52,230 --> 00:00:55,080
So that's what I'm going to demonstrate in this video.

14
00:00:55,080 --> 00:01:03,500
In this June 23 topology I've got an input to host this Ubuntu host does not have a graphical user interface.

15
00:01:03,680 --> 00:01:08,790
So if I type clear all I get is a console connection.

16
00:01:08,910 --> 00:01:16,260
There is no graphical user interface so as an example if I want to view the interfaces on this device

17
00:01:16,290 --> 00:01:19,470
I'm doing that through a C Ally.

18
00:01:19,710 --> 00:01:23,410
I'm not doing it through a graphical user interface.

19
00:01:23,490 --> 00:01:25,080
All I have is a console connection

20
00:01:29,300 --> 00:01:39,600
so as an example I'll edit this file so that the host gets an IP address from a DHB server.

21
00:01:39,600 --> 00:01:46,170
What I'll do is close that console connection down or terminal down stop the boon to client started

22
00:01:46,200 --> 00:01:56,040
up again open up a console notice yet I now have an IP address that has been allocated to me via DCP

23
00:01:56,670 --> 00:02:00,960
the Nat cloud is allocating IP addresses to the boon to client.

24
00:02:00,990 --> 00:02:04,040
This is a bolt in ingenious 3 switch.

25
00:02:04,050 --> 00:02:05,730
This is a Cisco switch.

26
00:02:05,730 --> 00:02:11,260
This is a Cisco router running with ingenious 3.

27
00:02:11,280 --> 00:02:18,210
So the problem here is I can't run a graphical y shock application.

28
00:02:18,310 --> 00:02:24,160
I need to run y Ashok directly through the console

29
00:02:27,620 --> 00:02:32,360
so the first thing I'm going to do is top apt get update to update my boot to references

30
00:02:39,710 --> 00:02:39,920
okay.

31
00:02:39,930 --> 00:02:49,260
Now that my bunch of references have been updated through apt get update what I'm going to do is install

32
00:02:49,530 --> 00:02:55,830
t shock so to do that I type apt get install t shock

33
00:02:59,760 --> 00:03:02,510
say yes to install the application.

34
00:03:02,670 --> 00:03:09,390
So what this is doing is connecting to the Ubuntu cloud and essentially downloading and installing t

35
00:03:09,390 --> 00:03:11,340
shock on this one to client

36
00:03:14,520 --> 00:03:15,470
a modest should.

37
00:03:15,480 --> 00:03:20,730
Non super users be able to capture packets I'm going to say yes but in this example I'm actually logged

38
00:03:20,730 --> 00:03:28,980
in as root so I'm simply going to capture using root so I've now installed t shock I can started by

39
00:03:28,980 --> 00:03:35,950
simply typing teh shock and notice it's capturing packets on ether net zero.

40
00:03:36,000 --> 00:03:39,690
It's essentially capturing packets on this interface.

41
00:03:39,690 --> 00:03:45,340
And what we're seeing at the moment of spending three messages that are sent by the switch.

42
00:03:45,510 --> 00:03:56,880
What I'll do on the router is enable o SPF and we should be able to see 0 SPF updates so we'll get this

43
00:03:56,880 --> 00:04:09,810
device to use DCP and then enable who SPF on all interfaces.

44
00:04:09,880 --> 00:04:12,790
It's now received an IP address through DCP.

45
00:04:12,930 --> 00:04:17,780
Notice we can see information such as spanning tree of messages and so forth.

46
00:04:17,770 --> 00:04:18,720
Now that's not great.

47
00:04:18,730 --> 00:04:27,540
That's just showing me the updates in real time so I can see as an example DTP off the HP request.

48
00:04:27,570 --> 00:04:34,350
So what you may find more useful is to push that to a file so write it to a file.

49
00:04:34,500 --> 00:04:38,910
In this case T shock one dot P cap as an example.

50
00:04:39,450 --> 00:04:44,690
So that's capturing the traffic and dumping it into that file.

51
00:04:45,220 --> 00:04:51,820
So as an example show IPO SPF interface brief we're running 0 SPF on this right now.

52
00:04:51,940 --> 00:05:01,770
Five top clear IPO SPF process and clear all the OSP processes 0 SPF messages will be captured.

53
00:05:01,820 --> 00:05:14,870
Let's enable EAI GOP CIO job P and all enable that on all interfaces hopefully this t shock application

54
00:05:14,870 --> 00:05:26,740
is not capturing messages including spanning tree clearing CTP DTP UI GOP o SPF and so forth so I'll

55
00:05:26,740 --> 00:05:32,590
stop that by pressing control see and notice I now have a T shocked up peak cap file.

56
00:05:32,770 --> 00:05:40,570
Now I want to be able to view that I could copy that to my windows computer as an example or my Mac

57
00:05:40,630 --> 00:05:45,460
or a Linux computer with a gooey and then open that up with wire shock.

58
00:05:45,580 --> 00:05:49,540
But let's review the files directly through this console.