How to Do TCP Sequence Number Analysis

Подписаться 6 тыс.

Просмотров 48 тыс.

50% 1

But more importantly, WHY you should do TCP sequence number analysis. Well, you know all those black and red packets in Wireshark? Sure, you've seen them, right? Scary, huh? What if someone says there's a problem and you see a bunch of those packets in Wireshark. Is that the problem?
This video will show an example of a scary looking section in a capture and walk through exactly what's going on and if it's a problem or not. If you're going to learn packet analysis, it is key that you understand what sequence numbers are for and be able to follow the action in the capture as it relates to the stream of data being tracked by those sequence numbers. The Wireshark Expert Info is just a guide, you need to be able to determine if it's trustworthy and correct.
More at packetbomb.com/how-to-do-tcp-s...

Наука

Опубликовано:

9 май 2015

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 31

@RobvandenBoogaard 4 года назад

This really helped me with the Wireshark TCP assignment from the Kurose/Ross book. Adding the columns and then seeing the stream, it really clicked and made me understand. Great content, thank you for making this!

@Daniel-ng8fi 3 года назад

5+ years later and this video was incredibly helpful for me, thank you!!!

@mjsmth41 7 лет назад

Thank you for the video. Very helpful! Great tip on adding sequence numbers to the header.

@DJTittles 8 лет назад

Awesome video. I work with a lot of Riverbed products, so I'm constantly having to defend the network. Your delay between packet 356 and 357 is due to the rules of Delayed ACK (200ms timer). Since .141 didn't send a second data packet and .189 couldn't piggyback the ACK packet onto a data packet, the ACK was sent once the timer expired. I guess you can say it's a gift and a curse...

@shashank2791991 8 лет назад

you are the best bro..............i learnt lot of thinks through this video and lot of my quires are resolved thanks once again

@spasticpeach 8 лет назад

THANK YOU!!! fully explained everything!

@DexieTheSheep Год назад

love that intro man

@pratiksurve8073 6 лет назад

Hi, Thanks for the video! Could you please let us know how to add sequence number or ack coloum in wireshark

@manoj15686 2 года назад

Excellent explanation!!

@mkutkarsh 5 лет назад

Awesome video man

@stargategoku 3 года назад

thanks a lot for sharing this video

@toptalkers7980 8 месяцев назад

Could you please confirm why seq no and Ack no stayed at 554 and didn't change with the time?

@certsdontmatter 4 года назад

great video!...do you mind sharing the syntax used to filter delayed b/w packets >200ms?

@PacketBomb 4 года назад

frame.time_delta_displayed >= 0.190

@PacketBomb 4 года назад

Obvs that's for 190ms but you can set it to whatever you'd like

@robbyde2 8 лет назад

Any chance you could include the packet your working on when you do a video so we follow it along at the same time? Also thanks, really appreciate these videos!!!

@PacketBomb 8 лет назад

+robbyde2 I usually post them with the video on my site: packetbomb.com/how-to-do-tcp-sequence-number-analysis/

@rhondastallard4101 7 лет назад

PacketBomb yoy

@maxwellchessdotcom6952 2 года назад

Thank you sir!

@emirh.9376 4 года назад

Great tutorial. What does the filter look like for the greater than 200 millisecond orange color rule you have?

@PacketBomb 4 года назад

I put it a little lower than 200ms. frame.time_delta_displayed >= 0.190

@emirh.9376 4 года назад

@@PacketBomb Great, thank you. I was using tcp.time_delta > 0.2. Why is there a frame.XX filter and tcp.XX filter used to achieve the same thing? Or are they not the same?

@asaf158 7 лет назад

ha ha, love your show!

@maxwellchessdotcom6952 2 года назад

I expect the 4 missing packets are very typical packet collisions. If this is the case, this is as normal as normal can be. With the tens of millions of bits (or more) each second zooming across wires, often in half duplex mode, there are collisions all the time. The carrier sense multiple access technology used to synchronize network transmissions cannot succeed 100% of the time, especially when considering environmental factors such as magnetic and electrical fields, and signal degradation caused by the length of the bus.

@Armurp01 9 лет назад

LOL your intro's are hilarious

@RickHollmer 8 лет назад

I was working on another monitor and was like "IPX. WTF?" And before I went over to hit BACK, I see him sitting in a chair facing the camera. At that point, given he was explaining IPX, I was sure I was about to see a suicide. haha

@Armurp01 8 лет назад

+Rick Hollmer lol