TCP Duplicate Acks Explained // How to Troubleshoot Them

Подписаться 132 тыс.

Просмотров 38 тыс.

50% 1

In this video we are going to dive into TCP duplicate ACK analysis. In this hands-on video, make sure to download the pcap below so you can follow along.
---------Download the pcap here----------
packetpioneer.com/wp-content/...
// WIRESHARK TRAINING - Udemy//
▶Getting Started with Wireshark - bit.ly/udemywireshark
// WIRESHARK TRAINING - Pluralsight//
Check out the free 10-day trial of my hands-on courses on Pluralsight:
▶TCP Fundamentals with Wireshark - www.bit.ly/wiresharktcp
▶Identify Cyber Attacks with Wireshark - www.bit.ly/wiresharkhunt
▶TCP Deep Dive with Wireshark - bit.ly/virtualwireshark
//LIVE TRAINING COURSE//
▶TCP/IP Deep Dive Analysis with Wireshark - bit.ly/virtualwireshark
Hope this helps Packet People! Please like, share, subscribe!

Наука

Опубликовано:

11 янв 2022

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 75

@JoshKuo 2 года назад

Chris, thank you for making these videos, you explain complex concepts with such ease!

@ChrisGreer 2 года назад

Glad you like them! Great to see you Josh!

@herculesgixxer 2 года назад

Exactly, with the needed clarity that one needs to learn, when learning

@jasperbongertz4866 2 года назад

Dup ACKs also happen for out-of-order arrivals. It doesn't always have to be packet loss, just segments not arriving when they should have ;)

@ChrisGreer 2 года назад

ooh good point Jasper, I forgot to mention that! Arg... Thanks for the comment tho!

@HuzaifaGujjar 2 года назад

I watch your videos to revise my concepts. Every content produced by you is pure gold.

@ChrisGreer 2 года назад

Thank you!

@dmncstr Год назад

Chris, your videos are really helpful. Excellent explanation.

@zahraadeli8298 2 года назад

Dear Chris, thank you very vey much. You've got no idea how these training enlighten my way to network analysis. I'm a substation protection/control engineer working with IEC61850 trying to find a way to be able to troubleshoot what's going on when I didn't recieve a signal on dcs system. And guess what, with the help of this channel I'm growing more and more everyday. Good luck with what you're doing. You're awesome🙏

@ChrisGreer 2 года назад

Excellent! Nice job! Keep on growing and capturing and learning.

@Practical-IT 2 года назад

I'm enjoying these videos. It's got me diving back into WireShark again with a newfound appreciation after a bit of a hiatus. Thanks!

@ChrisGreer 2 года назад

Awesome! Great to have you back!

@loveplanes 3 месяца назад

Thanks Chris!!!! amazing.. I been in a problem for few days and your help has been amazing.

@geist453 2 года назад

Chris love your content it is so powerful and is super helpful thank you please keep up the good work

@ChrisGreer 2 года назад

Thank you for the comment!

@AssadNiang 2 года назад

Excellent Chris!!! I was seeing the same issue, now I understand Well explained Thank you!!!

@m.adnankhan8245 2 года назад

Thank you so much for your time and for making these videos. Much appreciated Chris.

@ChrisGreer 2 года назад

My pleasure!

@franktoner3649 2 года назад

Chris, thank you for helping me to better understand what I should be looking for in pcap traces

@ChrisGreer 2 года назад

You are welcome!

@tolgayucel1442 2 года назад

Thank you for your videos. When is all about routing protocols there are lots of videos and documents online. On the other hand, if the topic is TCP, most of documents are same and not clear. You really making it simple. Knowing a knowledge does not matter, the most important factor is that you can teach in a simplest way.

@ChrisGreer 2 года назад

Thanks Tolga!

@minghongpi3046 Год назад

Thank you very much, it is the best video to learn wireshark and tcp

@playbassken 2 года назад

Great stuff, Chris. Thank you for this and the excellent explanation.

@ChrisGreer 2 года назад

Glad it was helpful!

@v_luv_nature Месяц назад

Great person and helpful videos i got a confidence on my knowledge after watching this videos.

@TheAddictioneer 2 года назад

Thanks Chris. Your videos are very informative and digestuble. I’d appreciate it if you could make a video about tcp out of order.

@ChrisGreer 2 года назад

That's a great idea. Thank you for the suggestion.

@parkyang7920 2 года назад

Thank you Chris, learned so much from the video, Going to introduce it to the team, Days before, when someone in the team say will engage a network guy to give a wireshark training, all of us raised hands to be attending. indicate this knowledge is so precious. I am working for Microsoft.

@ChrisGreer 2 года назад

Sure please do! reach out at packetpioneer@gmail.com and let's get a training set up for you.

@jakebenstade 2 года назад

Today subscribe this channel and were talking about this topic with my buddy and you made it.... Great job sir.

@ChrisGreer 2 года назад

That is great Jake! Thank you for commenting.

@mnemonicator Год назад

Excellent explanation, thank you Chris.

@ChrisGreer Год назад

Glad it was helpful!

@user-uu2zo2de8y 2 года назад

Thank you Chris. It is so an impressive video.

@ChrisGreer 2 года назад

Glad you enjoyed it!

@ranjanadissanayaka5390 Год назад

great video. Thanks Chris .

@lovenature3658 11 месяцев назад

Great analysis thank chris

@rohmanatasi1771 Год назад

Your explanation is awesome

@ChrisGreer Год назад

Thanks!

@nityanmiyapadavu6646 2 года назад

Awesome..keep up the good work..

@ChrisGreer 2 года назад

Thank you, I will

@Black_Swan68761 2 года назад

Thank you so much for sharing the video. Please make some video on how to find out why the traffic was denied/dropped or at least by the destination ip. I'm new to Wireshark and have no clue to figure that out.

@nicknick8081 10 месяцев назад

great explanation - thank you

@ChrisGreer 10 месяцев назад

Glad it was helpful!

@Kashmiri_Mountain_Explorer 2 года назад

Thanks bro.. keep up the good work..

@ChrisGreer 2 года назад

Thank you too

@waelkaabi2311 11 месяцев назад

Good explanation, thank you Chris. One Question: it is possible to analyze in network traffic (TCP) the latency in Wireshark.

@quocphudang6635 Год назад

Thanks Chris!

@FayOnis 2 года назад

simple and clear as usal

@ChrisGreer 2 года назад

Glad you liked it

@ThePumbaadk 2 года назад

Thanks Chris

@prasadshelar7498 5 месяцев назад

HI chris , can you create some video regarding TCP Half close and tcp half open and live example related it.

@claudiotonelli7709 Год назад

hi Chris compliment for your fantastic videos!! Great!! i have dubt about dup ack: i have printed a document on my network printer that doesn't support sack opt an at a certain point i have an ack from printer an 2 dup ack with no gap in data... how is it possible? thank you very much in advance

@volodymyrverdysh5790 Год назад

Chris, hi! Am i right if I say that Dup ACK packets appears when a receiver misses some continuous interval? For example sender sends packets 1,2,3,4,5. If the receiver receives 1 packet, missed 2 and 3, receives 4 and 5 we may see ACK packet from the receiver where ACK number = 1, left edge = 4, right edge = 5. Right? What might an ACK packet from the receiver look like when the receiver receives packet 1, misses 2, receives 3, misses 4, receives 5?

@christiankhairallah397 10 месяцев назад

Hello what about Duplicate TCP SYN with different initial sequence number how to troubleshoot it ?

@AzherQadirshah 5 месяцев назад

I love you chris

@jagdeepbisht1650 2 года назад

Great video Chris, just one question what does it means when client send syn and receives syn+ack from server and send ack. But server keep sending syn+ack and client keep sending dup ack. Thanks

@ChrisGreer 2 года назад

Sounds like the server is not getting the final ACK, or something about the ACK that the server doesn't like so it is not completing the connection.

@jagdeepbisht1650 2 года назад

@@ChrisGreer thank you very much. I was also suspecting this. Kind of strange problem because at same time ping and trace working fine.

@pepeshopping 2 года назад

L2 issue. Easy to figure out if you were the one that made the mistake to begin with.

@adriangheorghiu8223 6 месяцев назад

What if you get acks one after the other.... with no dup ack

@thameemyousuf8194 2 года назад

Thanks Chris.. its awesome video, but how to troubleshoot this? Is it due to network/server/application issue ? I am currently having an issue where in my capture i can see 9% of the capture having tcpdupack for client1 and 3% for client2 towards same destination server and application port. Both clients are sitting in same switch.

@ChrisGreer 2 года назад

Hello Thameem - duplicate ACKs happen because of packet loss, so we would need to find where the loss is coming from. Look at interface details along the path - do you see any CRC or FCS errors? Discards? These can happen due to congestion, faulty cabling, or interface issues. That is where I would start for troubleshooting the duplicate acks.

@thameemyousuf8194 2 года назад

@@ChrisGreer we found it cleared after changing the cable 👍

@ChrisGreer 2 года назад

@@thameemyousuf8194 awesome! Great job!

@thomasbrix6359 2 года назад

Once every couple of weeks I have intermittent conversations timing out where I see a lot of psh,ack… any ideas how to dig into these (for now I proposed to trace also on the other side… what a wild idea, right;-)

@ChrisGreer 2 года назад

Hi Thomas - as a quick response with absolutely no data to go on - I wouldn't focus on the PSH flags themselves. Usually those just indicate the end of a block of data. Depending on the stack, you might even see them for every segment smaller than the MSS. Intermittent timeout would be more of an RST or long-delay thing. I'd check for issues where connections have several retransmissions then a reset, or several keep alives then a reset. Or even a longer TCP timeout. I'd start there.

@thomasxeon1912 2 года назад

There is a chance where there is IP spoofing attack and duplicate IP address may cause getting dup ack..?

@ChrisGreer 2 года назад

I guess that is possible, but that scenario wouldn't depend on their being a spoofed IP address or not. Duplicate ACK happen when there is loss or out-of-order packets.

@katlinwales4352 2 года назад

This is literally my dad

@hectorcook251 2 года назад

Hello! I want to learn ethical sniffing on HTTPS. I am very new to this. For example if I sit in a coffie shop how do I steal my friend password/username over HTTPS?