1
00:00:00,210 --> 00:00:07,830
Now that I've got tea shock and pie shock installed I could run tea shock directly and capture packets

2
00:00:08,640 --> 00:00:11,410
but that's not actually what we want to do.

3
00:00:11,550 --> 00:00:16,970
But notice here we are seeing in real time that we are able to capture spending three packets he has

4
00:00:16,980 --> 00:00:25,200
E.I. GOP he has 0 SPF so I am actually capturing packets of the network but what I want to do is capture

5
00:00:25,200 --> 00:00:35,340
packets and write that to a file so I'm gonna write that to this pickup file tea shop one dot pickup.

6
00:00:35,750 --> 00:00:43,300
Now I want to leave this for a while so that packets are captured but to generate additional traffic.

7
00:00:43,510 --> 00:00:54,070
What I can do on my rota for example is paying some addresses so I could ping as an example 1 on 2 1

8
00:00:54,070 --> 00:00:56,870
6 8 and 122.

9
00:00:56,890 --> 00:01:02,560
And what I'll do here is paying the broadcast address 255 and those packets will be captured

10
00:01:05,650 --> 00:01:11,110
I could ping a multicast address as an example and those packets will be captured.

11
00:01:11,110 --> 00:01:22,480
So various packets are being captured by the T shock application on the TPC.

12
00:01:22,840 --> 00:01:30,710
I could as an example reset it was a process to generate some OSP SPF updates but I mean we've captured

13
00:01:30,710 --> 00:01:32,380
about 60 packets already.

14
00:01:32,450 --> 00:01:36,160
So what I'll do is stop that capture.

15
00:01:36,330 --> 00:01:45,110
So now that I've got my T shock P kept a file on my local directory so

16
00:01:49,000 --> 00:01:53,410
notice I've got that file on my boot to host.

17
00:01:53,410 --> 00:01:59,700
Now that I've captured packets of the network I can open that up with PI shock.

18
00:01:59,890 --> 00:02:07,510
Now in the first example I'm going to show you commands directly from within Python 3 and then I'll

19
00:02:07,510 --> 00:02:09,070
create a script.

20
00:02:09,370 --> 00:02:15,220
So for the moment I just want to show you the commands and the first thing I'm going to do is import

21
00:02:15,220 --> 00:02:18,250
pi shock and then I'm going to say cap.

22
00:02:18,250 --> 00:02:19,060
This could be any name.

23
00:02:19,060 --> 00:02:26,660
This is just a variable pi shock file capture and the follow on to capture is t shock.

24
00:02:26,710 --> 00:02:35,470
One dot pickup that's the why shock capture file cap shows me the fall that I'm using and now I can

25
00:02:35,470 --> 00:02:36,790
do all kinds of things.

26
00:02:36,790 --> 00:02:40,270
Now remember this is from within python.

27
00:02:40,270 --> 00:02:45,180
So if I want to look at the first packet there you go.

28
00:02:45,190 --> 00:02:49,180
Notice we captured a spanning tree packet.

29
00:02:49,180 --> 00:02:53,960
Again this is running within Python can see the length of the packet.

30
00:02:53,980 --> 00:02:59,610
I can see the Ethan at header so I'll make this bigger source Mac address.

31
00:02:59,610 --> 00:03:07,020
Destination Mac address I can see that this is a spending tree BPT you I can see who the route is.

32
00:03:07,020 --> 00:03:18,290
Notice there's root identifier priority Mac address so root bridge properties this for delays this hello

33
00:03:18,310 --> 00:03:26,850
Tom is this route bridge system I.D. this bridge parties this so forth and so on I could look at packet

34
00:03:26,910 --> 00:03:37,440
one as an example this is an easy job P packet so layer two Ethernet header source Mac address destination

35
00:03:37,440 --> 00:03:45,450
MAC address this is the multicast Mac address at least two for IP version 4 notice 10 that's the multicast

36
00:03:45,450 --> 00:03:51,940
address used for EAI GOP ether type is IP V for.

37
00:03:52,030 --> 00:03:57,590
So at least three we have an IP header IP version for DCP set to 6.

38
00:03:57,610 --> 00:04:04,730
Very important traffic source IP addresses this protocol number is 88 Yeah GOP.

39
00:04:04,870 --> 00:04:11,740
So notice at the higher layers we have EAI GOP we can see the K values now this output is all over the

40
00:04:11,740 --> 00:04:25,530
place but notice K one K two K three k for k five k 6 we can see software version we can see the autonomous

41
00:04:25,530 --> 00:04:36,280
system number one hundred forever look at packet two we can see that this is a spending tree update

42
00:04:36,280 --> 00:04:45,220
once again suspending three BBB What about CAP three spending tree cap for this is EAI GOP again five

43
00:04:46,380 --> 00:04:57,040
spanning tree six oh SPF so 6 as always P.F. layer 2 header layer 3 had a notice protocol number is

44
00:04:57,070 --> 00:04:58,170
89.

45
00:04:58,270 --> 00:04:59,560
He has 0 SPF.

46
00:04:59,650 --> 00:05:04,990
Now please remember this is running within Python I'm showing you some basics now but later on I'll

47
00:05:04,990 --> 00:05:12,370
show you how to script stuff so as an example if we looked at Packard one and we use the show option

48
00:05:12,400 --> 00:05:18,400
so print and I don't actually need to use print from within python I could just do it this way.

49
00:05:18,400 --> 00:05:24,920
So cap one show and I actually want to do it this way.

50
00:05:25,060 --> 00:05:33,170
Notice here's my job P packet in pretty format so Ethan it header IP header yeah.

51
00:05:33,170 --> 00:05:40,260
GOP let's look at six a six as I was P.F. if I remember correctly.

52
00:05:40,280 --> 00:05:40,820
Yes it is.

53
00:05:40,820 --> 00:05:50,060
So he has SPF output again this is all being used from within python.

54
00:05:50,120 --> 00:05:57,110
I'm running this output in Python now you might say okay but this doesn't really help me notice what

55
00:05:57,110 --> 00:06:00,680
you could do is I could say Okay print

56
00:06:04,530 --> 00:06:10,990
cap one which was your job P if I remember right IP.

57
00:06:11,000 --> 00:06:20,100
Notice this is the IP header or I could say only show me that ya GOP information so once again this

58
00:06:20,100 --> 00:06:24,140
is everything makes some spaces here.

59
00:06:24,320 --> 00:06:28,690
So this is everything notice print cap 1.

60
00:06:28,910 --> 00:06:37,610
This is everything but what I could do is just look at the IP header or just look at the UI GOP header

61
00:06:38,720 --> 00:06:46,540
or taking this a step further look at the Autonomous System number and that should be an S E number.

62
00:06:46,730 --> 00:06:49,010
S number is 100.

63
00:06:49,130 --> 00:06:53,980
So rather than trying to dig through the information this makes it much easier.

64
00:06:54,000 --> 00:07:01,250
There's this application pie shock allows me to look at specific details I could as an example look

65
00:07:01,250 --> 00:07:12,000
at the parameter k 1 What's K one said to its 1 k to set to 0 k 3 set to 1 k for set to 0 5 0 2 6 0.

66
00:07:12,150 --> 00:07:20,120
The moral of the story is I can burrow into the capture and get information and then store that in a

67
00:07:21,080 --> 00:07:32,040
variable so I could say job P E S equals that and let's get rid of the bracket.

68
00:07:32,040 --> 00:07:36,720
So if I just look at the GOP I yes that's what it is.

69
00:07:37,020 --> 00:07:39,720
And then I could do something with that in my programming

70
00:07:42,660 --> 00:07:46,950
command such as D.R. R work here so I could look at a specific package.

71
00:07:46,950 --> 00:07:54,270
Let's look at the GOP one again and I can see all kinds of options available for that packet so I could

72
00:07:54,270 --> 00:08:01,080
as an example print IP and I'm doing that wrong it should be IP like this.

73
00:08:01,210 --> 00:08:05,050
So there's the IP ahead of once again so let's do that deal over again.

74
00:08:05,110 --> 00:08:07,020
So lot of options available.

75
00:08:09,120 --> 00:08:10,590
In this application.

76
00:08:10,590 --> 00:08:17,960
Notice looking at layers we've got an Ethan and layer IP layer and you hide your IP layer we can look

77
00:08:17,960 --> 00:08:24,440
at the Ethan at header so just look at eith these are Ethan at header we can see source Mac address

78
00:08:24,590 --> 00:08:31,760
destination MAC address a lot of options available here okay so that was basic python.

79
00:08:31,770 --> 00:08:33,170
Let's see if we can create a script.

80
00:08:33,180 --> 00:08:43,370
However rather than doing it directly live coding in Python I have seen this error come up now stack

81
00:08:43,370 --> 00:08:46,720
overflow is a great place to go and look for help.

82
00:08:46,730 --> 00:08:54,090
If you're having problems with programming someone else has had this problem as well where this message

83
00:08:54,090 --> 00:09:05,710
displays so notice as an example that having these errors very similar to me over here and the answer

84
00:09:05,710 --> 00:09:12,290
is to grade the versions of of software.

85
00:09:12,430 --> 00:09:16,190
This was actually a bug in one of the versions of software.

86
00:09:16,300 --> 00:09:20,380
I'm not going to worry too much about that because it doesn't really affect what we're doing here.

87
00:09:20,390 --> 00:09:24,790
Something to clear the screen and what I'm going to do now is create a Python script.