How to Use the TCP Completeness Value in Wireshark

Поделиться
HTML-код
  • Опубликовано: 26 ноя 2024

Комментарии • 39

  • @majiddehbi9186
    @majiddehbi9186 Год назад +8

    Hi Chris Just to share with u. I passed my CCNA. Your lessons were very helpful.

  • @mohammadalmaazi
    @mohammadalmaazi Год назад +1

    Chris , you are amazing . I wish I will have enough time so I will never miss any single moment of all your videos . I feel that I need to watch them and re-watch many time as they very useful and rich of details . Thanks a lot

  • @rajesh_shrestha
    @rajesh_shrestha Год назад

    I have watched your almost all the videos, and now i have learned so much from it. using it for troubleshooting my clients network issues some are solved and some not, but honestly i have learnet so much thanks to you. always waiting for the new informative video to come out.
    this one is great too thank you so much for sharing.

  • @marktuggle5609
    @marktuggle5609 Год назад

    Good video, I just got into learning Wireshark about a week ago and I am learning quite a bit from these videos. Got a long way to go, but these little tips and tricks really help out!

  • @vq8gef32
    @vq8gef32 Год назад

    Thanks again. I am watching all your series.

  • @x0rZ15t
    @x0rZ15t Год назад

    Yet another insightful video, thank you so much for sharing the knowledge with the community! 🙏

  • @johnhupperts
    @johnhupperts Год назад +2

    Hey Chris, could you do a video on SSH packets and talk about tunneling and how it's different than TLS/SSL?

  • @AshfiyaFatima851
    @AshfiyaFatima851 Год назад +1

    Hi Chris, Thanks for this lecture, It was very Nice, I just have a query for you, If in case in Wireshark it is showing Incomplete with Data(15), So i understood it is because it is missing FIN that's why it is giving incomplete, So basically what could be the reason for this issue? I mean why FIN got missed? where we can check, any idea, Thanks in advance

  • @tranxn7971
    @tranxn7971 Год назад

    Thanks Chris for this tip ! Is this new from version 4.x ?

  • @zorroazul20
    @zorroazul20 2 месяца назад

    Hello Chris
    I have a question, I have client that send a frame with conversation completeness: Complete , with data (47) but in the server received conversation completeness: Incomplete, established (7) it means without data, right? Do you have any idea? There are a firewall in the middle.
    THANKS I appreciate your videos

  • @MohamedAhmed-vw5bc
    @MohamedAhmed-vw5bc Год назад

    Hi @chris, nice video as usual.
    I'm planning to attend sharkfest US, so are you participating by giving some lectures? I hope so.
    I'm a big fan of you.

  • @aamisomnath
    @aamisomnath Год назад

    Helpful information 🙂

  • @joerockhead7246
    @joerockhead7246 Год назад

    thanks, Chris. This was great.

  • @ירוןגולן-ב8צ
    @ירוןגולן-ב8צ Год назад

    Hey ! Thank for your videos! help me alot.

  • @kristianfo
    @kristianfo Год назад

    Hello Chris, it was great. I've seen you've added TCP Completennes Value into Columns, but me does not have this Type of predefined value to add into Appearance-Columns. I have the latest release of WireShark. // I'm new on this your YT channel, have you mentioned in past also other additional values as 'Expert Info Severity' or what/how to add 'FW-1 monitor if/direction' for CheckPoint admins... That would be great. Thank you, double when you will mention it...

  • @adedejiemmanuel1
    @adedejiemmanuel1 Год назад

    Thank you.

  • @SnortDefence
    @SnortDefence Год назад

    Hi Chris in wireshark statistic field we have packet length and service response time ..can you do vlog on this option to deep dive and use case

  • @syedalizainnaqvi9450
    @syedalizainnaqvi9450 Год назад

    hi Chris. I have a question. I have a pcap and it was captured from running a malware sample. can we find the hash or the data of the sample from the traffic or which packet is from which sample?

    • @ChrisGreer
      @ChrisGreer  Год назад +2

      Hey there is a whole lot to it. So you have traffic captured from running malware. That will give you conversations, protocols, and other IoC's about how the malware works. But the corrupted file that infected the machine, or the code that was embedded in an application may not show up in the traffic for us to extract a hash. It also is difficult to tell which packets came from the malware vs the system. I would start by looking for any conversations/dns calls/http requests/country codes that are not normal behaviors.

  • @everest1632
    @everest1632 Год назад

    Hi chris, syn,syn-ack,ack, client hellow ,ack and (fin-ack from both end) tcp completeness data 31
    is it normal, i mean y server is not sending server hellow and TLS whole process after client hellow

  • @erkansapmaz376
    @erkansapmaz376 Год назад

    Hi Chris, "Conversation completeness: Incomplete, DATA (15)" message is in the TCP field. Where should I look for the problem? Please help me out.

    • @ChrisGreer
      @ChrisGreer  Год назад +1

      Hey! This means that you captured the handshake and some data, but you missed the FIN or RST packets that shut the connection down. No problems, just an indicator that you stopped capturing before the shutdown happened.

  • @vijay85cisco
    @vijay85cisco Год назад

    hi chris i asking help to educate us about decrypting the SSL TLS connection applications... for example let say client will be browser and sending connection to the server application which protected by TLS.. i have private key on my hand of my applications which could be different types format. not aware about how to import those different format of private keys in wireshark and decrypt it for troubleshooting purpose..

    • @ChrisGreer
      @ChrisGreer  Год назад

      Modern TLS uses a different key pair for every connection. So even if you have a private key from an older conversation, it won't (typically) be able to decrypt. You would have to store the session keys. ruclips.net/video/5qecyZHL-GU/видео.html

  • @bergerMeister949
    @bergerMeister949 Год назад +1

    Combine this field with the new display filter math capabilities in Wireshark 4.0 (discussed at 8:23 in Chris' interview with Gerald Combs ruclips.net/video/O5tW7ShNlkk/видео.html ), and you can do a quick assessment on a variety of network problems and network attacks.

  • @jackkk88888
    @jackkk88888 Год назад

    Hi Chris, A pcap TCP stream of FTP data channel has syn, syn ack, ack, data, and proper connection termination with fin ack from both sides. Conversation completeness shows incomplete (30). Why?
    Wireshark version 3.6.5

    • @ChrisGreer
      @ChrisGreer  Год назад

      any way that we missed the SYN?

    • @jackkk88888
      @jackkk88888 Год назад

      @@ChrisGreer followed the TCP stream, SYN is there, TCP three ways handshake looks good.

    • @eadell
      @eadell Год назад

      @@jackkk88888 Please upload your capture on cloudshark or open a bug at wireshark and I'll check it

  • @VishwadeepShinde
    @VishwadeepShinde Год назад

    ❤️

  • @Rogerson112
    @Rogerson112 Год назад

    So how we can describe your job. You're network administrator or network analyst or maybe something else?

    • @ChrisGreer
      @ChrisGreer  Год назад +3

      That's a great question! I am a network analyst more than anything. I don't administrate or engineer any specific networks because I am a consultant. Mostly I get called on issues that involve the transport layer, which is why you see so much TCP related content on my channel!

    • @Rogerson112
      @Rogerson112 Год назад

      @@ChrisGreer Thanks buddy! God bless you