WEBVTT
00:00:02.940 --> 00:00:13.140
All right, okay, so that's already open. All right, so before that, okay, I want you to
00:00:14.120 --> 00:00:22.440
like have maybe some heads up. Okay, who should have it in their toolbox? I mean,
00:00:22.660 --> 00:00:29.220
who should learn about Wireshark? Who should have a basic understanding for Wireshark?
00:00:29.220 --> 00:00:35.040
Well, from my understanding, from my perspective, the short answer is everybody.
00:00:36.700 --> 00:00:43.300
Doesn't... Sorry? Yes, yes, that's correct. Because it doesn't matter if we are
00:00:43.300 --> 00:00:50.000
coming from the network side. So you can see network operation, or maybe
00:00:50.000 --> 00:00:57.200
entering an even help desk role, like support role. And then, okay, some
00:00:57.200 --> 00:01:02.960
security operations, DevOps. Do you know who are the DevOps engineers?
00:01:05.720 --> 00:01:17.700
Have you even worked with DevOps engineers? No? Okay, so maybe my current role is a
00:01:17.700 --> 00:01:23.020
hardware engineer. I always deal with different operation engineers, including
00:01:23.020 --> 00:01:31.280
DevOps. DevOps is something like, okay, for example, we are using the Azure
00:01:31.280 --> 00:01:36.600
portal, that is a Microsoft portal, for our software development website.
00:01:37.500 --> 00:01:44.800
Okay, so whenever we want to deploy the software development application to
00:01:44.800 --> 00:01:50.700
the website, I mean, to the publish, so we need to deploy the build. We need
00:01:50.700 --> 00:01:55.080
to have some configuration to do the continuous integration, right? So that
00:01:55.080 --> 00:02:00.140
is so-called DevOps. They are the ones who are doing all the configuration in
00:02:00.140 --> 00:02:07.820
the Azure portal, including like the pipeline spill, the continuous
00:02:07.820 --> 00:02:15.180
deployment settings, continuous integration settings, starting from the
00:02:15.180 --> 00:02:20.680
build deployment until the end, deployed to the client machine. That's
00:02:21.200 --> 00:02:29.260
that means all the operation engineers should learn. No matter you are the
00:02:29.260 --> 00:02:33.840
security and the SOC analysis or threat hunter, absolutely workshop is
00:02:33.840 --> 00:02:39.620
something that we want to learn. Okay, so I'm used to be a developer, I'm
00:02:39.620 --> 00:02:44.800
used to be a tester, I'm used to be a network analysis for the NDR's
00:02:44.800 --> 00:02:50.000
product, so I also need to learn about the workshop. So we are developing
00:02:50.000 --> 00:02:53.500
or testing application for the use over the network, so it's very
00:02:53.500 --> 00:02:57.760
important for us to learn the protocol analysis, then doing so with
00:02:57.760 --> 00:03:05.060
workshop. Okay, so this is some main idea and key concept of what is
00:03:05.060 --> 00:03:08.720
workshop or network troubleshooting skill and who should learn it.
00:03:10.860 --> 00:03:19.760
All right, back to the pre lab. So I want you guys to open it. I'm
00:03:19.760 --> 00:03:24.680
entering your desktop now. So I will able to open the pre lab.
00:03:25.700 --> 00:03:33.200
Let me see. Okay, you are there. All right, I want you to spend
00:03:33.200 --> 00:03:42.540
few minutes, just few minutes, okay, maybe five minutes. To go through
00:03:42.540 --> 00:03:52.460
this picket file. Take a look at this first example. So from the title,
00:03:52.600 --> 00:03:57.820
we can see this is pre lab slow network picket file. So that means
00:03:57.820 --> 00:04:03.260
this is a packet file to record some transaction with slow network
00:04:03.260 --> 00:04:08.060
problem. Okay, I'm going to tell you a little bit about the problem,
00:04:08.060 --> 00:04:12.820
but friends, I would like you to take a look at some of this traffic
00:04:12.820 --> 00:04:16.420
place and then just get an overview of what's happening in the
00:04:16.420 --> 00:04:20.340
packet. Okay, so later on we are going to work through what was
00:04:20.340 --> 00:04:26.980
the problem together. Just few minutes, maybe let me check the
00:04:26.980 --> 00:04:36.540
time right now. 9.47 maybe 9.55 then we can discuss together. Okay,
00:04:36.540 --> 00:04:42.200
I will mute the audio right now. So let's take a look and understand and
00:04:42.200 --> 00:04:49.680
then maybe Tanin and Ham, you can try to share your ideas later on and
00:04:49.680 --> 00:04:51.020
then we can discuss together.
