1
00:00:00,360 --> 00:00:07,250
OK so let's install term shock the first thing I'm gonna do is install a W get.

2
00:00:07,740 --> 00:00:15,620
This is gonna allow me to download an application from GitHub I could use it but I'm simply going to

3
00:00:15,620 --> 00:00:24,770
use w get what I'm gonna do now is use w get and connect it to get up and download term shock.

4
00:00:24,880 --> 00:00:27,250
I'll put the links below this video.

5
00:00:27,250 --> 00:00:33,940
This is essentially a getup page and I'm downloading term shock from GitHub.

6
00:00:34,840 --> 00:00:44,800
So here's the Github page for term shock or terminal UI for t shock and we can see a little bit of information

7
00:00:44,800 --> 00:00:48,740
about the application.

8
00:00:48,740 --> 00:00:55,520
You can also do a clone or download some simply downloading this file from GitHub.

9
00:00:55,730 --> 00:00:59,180
So Alice shows me that I've got the file downloaded.

10
00:00:59,180 --> 00:01:02,150
The next thing I'm going to do is unknown zip.

11
00:01:02,150 --> 00:01:04,160
Or until that file.

12
00:01:04,160 --> 00:01:09,430
So until the file there it is.

13
00:01:09,850 --> 00:01:16,880
I'm going to move to that directory and I see term shock.

14
00:01:16,950 --> 00:01:26,520
So what I'm going to do is install term shock to use a local then and then I'm going to go back to my

15
00:01:26,520 --> 00:01:32,380
home directory so back in my home directory of root I'll clear the screen.

16
00:01:35,140 --> 00:01:41,060
Notice I've got this file which I previously created by capturing traffic of the network.

17
00:01:41,110 --> 00:01:51,310
So what I can do now is type term shock read t shock P kept file something to read my pickup file and

18
00:01:51,310 --> 00:01:58,000
what you can see through a terminal window now is the traffic that's being captured so as an example

19
00:01:58,240 --> 00:02:08,800
I could filter for SPF and apply my filter notice I see my 0 SPF messages so as an example this is the

20
00:02:08,800 --> 00:02:11,890
source mac address of the broader

21
00:02:15,840 --> 00:02:18,960
show interface gigabit 00.

22
00:02:19,230 --> 00:02:26,180
Notice MAC address of router IP address of router.

23
00:02:26,460 --> 00:02:28,530
That's what we see over here.

24
00:02:28,530 --> 00:02:32,990
Destination is 2 2 4 0 0 5 which is the multicast address 4 0 SPF.

25
00:02:32,980 --> 00:02:42,870
There's the layer to MAC address open up the IP header can use my up and down arrow keys use enter to

26
00:02:42,870 --> 00:02:44,570
open this up.

27
00:02:44,580 --> 00:02:46,970
Notice DCP is set to CSX.

28
00:02:46,980 --> 00:02:48,430
Very important traffic.

29
00:02:48,630 --> 00:02:57,550
Scrolling down I can see that the protocol is 89 which is 0 SPF so at least 4 notice we have a wispy

30
00:02:57,550 --> 00:02:57,930
F..

31
00:02:57,930 --> 00:03:02,340
Press enter they press Enter here a version of SPF is version 2.

32
00:03:02,400 --> 00:03:03,900
This is a hollow packet.

33
00:03:03,900 --> 00:03:07,950
Source IP address is this as we saw over here.

34
00:03:08,130 --> 00:03:18,290
IP address of router area is the backbone area so I can see all the traffic that I would normally see

35
00:03:18,680 --> 00:03:25,460
through a graphical user interface directly through a terminal notice once again if I could order.

36
00:03:25,460 --> 00:03:28,650
Here I am in a terminal.

37
00:03:28,680 --> 00:03:31,030
There's no graphical user interface here.

38
00:03:31,130 --> 00:03:39,420
It's a simple terminal but term shock allows me to read why shock captures through a terminal window

39
00:03:40,190 --> 00:03:42,420
or filter for EAI GOP.

40
00:03:42,820 --> 00:03:48,980
Notice there's II GOP messages I can go up and down through my messages.

41
00:03:49,070 --> 00:03:54,800
Use the up and down arrows if I like I can press tab to jump from one window to another so tab takes

42
00:03:54,800 --> 00:04:01,400
me down here tab to the first window second window press Enter to collapse that enter to open it up

43
00:04:02,090 --> 00:04:08,110
I can press forward slash and that'll allow me to change the protocol so to SDP as an example.

44
00:04:09,410 --> 00:04:17,800
Now I can see spending three messages once again clicking you have for like ya GOP Click Apply there's

45
00:04:17,820 --> 00:04:20,050
my GOP messages once again.

46
00:04:20,220 --> 00:04:21,150
Source IP address.

47
00:04:21,150 --> 00:04:30,180
Destination 2 2 4 0 0 10 well-known multicast address for EAI GOP so I'm using my mouse but I could

48
00:04:30,180 --> 00:04:31,490
use a keyboard.

49
00:04:31,890 --> 00:04:37,410
So up and down keys enter key and to key again.

50
00:04:39,260 --> 00:04:41,190
And to key here to see parameters.

51
00:04:41,190 --> 00:04:52,410
Notice they're my k values and to keep to C software version information into up key and to press tab.

52
00:04:52,410 --> 00:04:59,430
And now I can go up and down through the protocols forward slash I could specify let's say SDP again

53
00:05:00,170 --> 00:05:01,170
and click apply.

54
00:05:02,730 --> 00:05:11,210
Here's my spending 3 protocol so I can see the root identifier etc etc. So I'm not going to bore you

55
00:05:11,210 --> 00:05:13,430
through all the options in this application.

56
00:05:13,430 --> 00:05:14,430
Have a look on github.

57
00:05:14,450 --> 00:05:22,500
Lot of good examples and documentation on GitHub but I'm hoping this has shown you a really nice application.

58
00:05:22,580 --> 00:05:30,110
You can run term shock through a console and read tea shock messages tea shock is great because I could

59
00:05:30,110 --> 00:05:36,950
put sniffers in different parts of my network and not have to use a application with a graphical user

60
00:05:36,950 --> 00:05:38,140
interface.

61
00:05:38,150 --> 00:05:43,940
I can also schedule it so I could use cron just to schedule t shock to capture traffic if I wanted to.

62
00:05:44,510 --> 00:05:49,610
There are a lot of options with t shock and term shock is great because it allows you to view the T

63
00:05:49,610 --> 00:05:52,560
shock captures directly through a console.

64
00:05:52,580 --> 00:05:54,230
Okay so I hope you've learned something.

65
00:05:54,260 --> 00:05:55,550
I hope you've enjoyed this video.