Chris, you are just awesome! Do you have whole your courses available somewhere? Like you mentioned you run a few days classes. I am very keen to watch those recorded - something like what INE (and others) does.
Hello Alexander - very happy to hear that the videos are helping you. I have an on-demand training available on Udemy. TCP/IP Deep Dive with Wireshark - bit.ly/udemywireshark Check it out! It's got a ton of hands-on labs, assignments, and ways to practice on your own. I hope you like it.
I hope you know you're awesome !! The best thing is how you put 'air' into explanations and let the audience take notice of subtle things, ruminate, analyze and really understand. You have covered so many topics in this single session and made sure that everyone remembers/ retains 90% of those (I'm an app-guy and others would retain more than me). Amazing stuff !!
such a fantastic teacher and such insights into the TCP packets. I watched a 5 hour course on Wireshark from another teacher and watching this video I realized I am finally learning what the 3 way handshake is. This teacher should educate all network administrators and cyber security personnel.
oh gosh this is wonderful. clear out many things. working in ISP receiving client complaints how their replication cant be done cause they cant see full throughput. i wish i can send them this video to learn how network work and before blaming their ISP they need to check wats going on with their application.
Superb explanation ! Thank You Chris. As a TAC Escalation engineer I find this very useful. Will help a lot of folks who want to understand how TCP works.
You are one hell of a expert Sir! I learned what I could not understand even in my years of networking career and in college degree. Thanks very much, appreciated!!!!!!
Im not a native english and im not even so good in english but all these hard stuff with your teaching style, is so understandable. Thanks and i wish best for you.
Fantastic Chris! Your wait for the packet from layer 7 (1:12:00) was hilarious! You have actually inspired me to learn more on TCP. Thanks for the video.
Your courses on plural sight are the best. I've done other tutors' courses on plural sight and linked in learning which left me a bit confused since they hit the surface without much explanation. I just finished your "foundational TCP analysis with wireshark" course which is clear and the orderly step by step layout makes it easy to understand. Great job👌👌
I guess you don't know how Noble work you are doing .... I really appreciate the effort you put in to learn weeds of TCP and importantly sharing your knowledge..... God Bless .Keep going
this was a brilliant hands-on example Chris. In additional to clearly explain how TCP works and why handshakes are always so important, you have humoursly also explained why application guys and network guys keep bickering over latency issues. I am from application team and this video has enhanced my troubleshooting skills. Thank you so much for posting this!
Hi Chris, great intro into TCP, I'll recommend it to anyone who asks me about TCP beginner talks ;-) But I think there's a small error at 1:01:17 - missing SACK options does not mean there are no fast retransmissions possible. The triple dup ack mechanism works without SACK, but it may lead to full retransmits from the gap. There are three flavors of retransmissions: time out based, fast retransmission triggered by triple duplicate ack, and SACK (which in turn doesn't even need a triple duplicate ack to signal loss)
Thanks for the comment Jasper - I hadn't seen a stack not have the option but still do fast retrans yet. But hey if it's out there I want to be correct about it!
Chris Super explanation of TCP. More window Size to you..... I have seen lot of videos for tcp but this one contains all of it most the part i would recommend everyone to watch this video instead of shuffling through the youtube bits and bytes of other tcp video
Excellently explained, I know nothing about this but after 1h17mins I can start to see a little of what it’s all about looking forward to the rest of the series
First I thought "Over an hour, that's long...". Now I think "Could have been longer!!!" :-) :-) :-) Awesome presentation. Motivates to dig in! Many thanks!!! :-)
Im in the first few hours of learning to how to become a pen tester. If im honsest, this tcp thing looks relatively easy. I'm mostly worried about the command's i have to remember. A whole new language. Including phyton. But this is super interesting. Do you have tips and tricks, I've get what ipv4/ipv6, subnetting what a /20 a /24 network is. And how and why it's different, and what routing is, what a gre and ipsec tunnels is. What an handshake is, and what the window sizes and the multiplier is, The package size. I'm curious how to continue. Looking forward to learn way more about networking, testing kali, linux, understanding and writing code, discovering that I don't understand anything of this. And learning to understand. Love this journey so far... Thank you for this video and the collaborations you did with david bombal, and many others... Cheers!
Thank you Chris for this video, you're a great teacher. Your explanation of waiting on Layer 7 traffic to fall down to Layer 4 on the server side was hilarious. 😂
Hi Chris, thanks foe the nice and informative video, watched it couple of times and using it as a reference. I have a question which I couldn't find any answer for that. What does "windows scaling factor -1 [unknown] means and is it a problem ? Thanks in advance.
Hi Chris, nowadays i am watching lot of videos on wireshark. but your approach of understanding is unique. I really appreciate if you could please assist me on below. I was reported issue, where application team was facing duplicate transaction issue. and i was contacted to see if network is causing any issue. 4 servers are involved in this and i have taken wireshark capture on all 4 servers. but it is using SSL protocol which is encrypted. so as per my thinking i think we cannot come to know if duplication is happening by looking to TCP\IP packet only. could you please suggest me if it is possible.
Hi Chris, Great content and excellent way of teaching the basic stuff. Liked it alot, i have a question if anyone can help me out here. 1. There is URG flag in TCP control bits and we see urgent pointer in Wireshark captures, whats the major difference in both, or in other words what is the significance of both. Really appreciate if you can help me with this question...
Sure I would be happy to help you with that one. So TCP doesn't know anything about when data from an application "starts" or "ends". It's just a stream of data, and TCP's job is reliably getting it from one endpoint to another. When the URG flag is used in conjunction with the Urgent pointer, this is a way for TCP to know that a certain byte (or bytes) of data are important and need to be urgently processed upon arrival. It's a similar idea to the PSH bit. But with that bit the whole segment is considered important and immediately sent to the application upon receipt. The Urgent flag just allows us to point to a specific data point within the segment that is important. In practice, you don't see this terribly often. But I'm sure it's out there lurking around somewhere.
@@ChrisGreer thanks a tonn for this valuable input and clearing my confusion on this. I am already following your wireshark series since recently started analysing packets. But let me tell you this, you rock man exceptional content and i have also asked my colleagues to watch your all videos to learn more. If there is any other platform where you are uploading such content do let me know. I would love to follow those for more learning.
@@niketrami5827 Thanks for the awesome feedback Niket! And yes, I do have my content out on Pluralsight as well. There you can take some of my complete Wireshark courses. In fact, they have a deal running through today for 40% (December 4th). It's the only time in the year they do that kind of discount, so go get it! bit.ly/blackwireshark
STRAIGHT FACTS at 21:30 - 21:40. I am nothing special when it comes to network security but EVERYONE in my workplace wants the scripts I made for automating network packet inspection and other tasks. One day I caved and said fine use this, 45 minutes later. I get a teams message "hey can you explain your script? i don't understand what it's looking for, how is that relevant?" All i wrote was "I don't have the time to explain it." It's like those people who get stuck on the "how to get started in (insert topic) videos" and tutorial videos. At some point you have to become curious yourself and dive headfirst.
@@ChrisGreer Thanks for the response, you have amazing straight to the point content. I've recently been trying to make a department switch and your videos on TCP have helped me out substantially.
@1:10:54 you said after http get from client . server sent ACK only acknwldg previous sent data but not sending any other data, that is perfectly fine. But i have one doubt. you said if that ack is not received to client then it will re-transmit. i think client will not re-transmit. TCP-keep alive message should go in that case.
Hi Chris!! Excelent explanation!! I'm super noob in this sftuffs but i can learn many tips! I like your way to explain teacher 😆😆 very funny!! Pd: Sorry about mi poor english! Regards from Argentina 😉👏
I entitle my delta column with a Δ . Like the greek delta Δ. Yay unicode! But if that's too uppercase for you then δ also will work. I just figured out in the midst of a 35 hour long packathon of looking at frames, with my vision going blurry and my mind actually starting to think Cisco is a real company I'll be able to make out Δ and what it stands for a little easier.
[placeholder for screenshot URL that is coming up] About half an hour later I came up with a much better approach it seems. Just take the nerd fonts I already use for powerline, airline, sofaline, toiletline, lineline and use some of its extra icons and then install it as a font in Wireshakr. The delta is just much crispier. Oh and while I was at it I pulled a clock and replace time title with that too. I am currently brainstorming with chatgpt as to how source and destination can be represented by the icons. Otherwise great conversation, dude! I'm a red teamer and the way you talk about TCP signifies that you have such extreme levels of expertise that you are like fluent in it. I'm probably gonna pull out my fountain pen anda take some notes tbh ans so far that's only been reserved for MIT OpenCourseWare stuff (like csail from original HP recording). I just learned more about TCP in three bours binge-watching your videos than in the last like 10 years I think.
Hello @Chris thanks for posting this great presentation, I learn something new and very interesting with each of your talks. Would you be able to point me to where I can learn to build profiles? I am basically used to using tcpdump in Linux but will be great to use wireshark as another tool to analyze the packets, and I believe that having the filters, colors and profiles set for each situation will optimize troubleshooting a lot and make it easier for other teams and management to have a better view and at least a bit of understanding on what they are seeing. Thank you very much in advance.
what is the relation between window size and mss? i.e. if we have a window size of 65535 and a capacity of 1460mss, does it mean we can receive almost 45 tcp segments with 1460 bytes in payload each in a row?
@Chris i have one quick question what is idle or best time format setting you suggested or best to use in packet analysis. since beginning or capture or previous capture or displayed options. can you please give a detailed analysis on this
Hey Chris, great video. In your last case study a router diminished the MMS which caused latency on the network. To realize that you did a scan on the server side. Is there a way to spot this kind of problems when you only got a client scan?
Hello Xtra999. In this case, not really - I needed to see how the SYN was leaving the server and how it was arriving at the client. I suppose you could infer that it was an MSS problem by the TCP behavior, but that is something you probably would need experience in looking for. Thanks for the comment.
@@ChrisGreer These videos helped me get an offer at Facebook. They are simply invaluable. I'm sure the real courses are even better! Thanks again for all of the help :)
@Chris you are amazing man! from your body language I feel you dive inside the wire a swift through these packet! I love it. quick question, minute 48:53 can you please show me the math behind how TTL 111 translate to 17 routers (n00be asking)
Thanks for the feedback! Yeah so most devices start with IP TTL's of 64, 128, or 255. So when I see 111, it likely started at 128 and traveled through 17 routing devices along its way to me.
@@453nabeel Yes sir! of course. I do have more training - remote, onsite, or on-demand. If you are interested in more please shoot me an email at packetpioneer@gmail.com or contact me through my website - www.packetpioneer.com. I'm happy to work with you to help you meet your Wireshark goals.
Chris, you are just awesome! Do you have whole your courses available somewhere? Like you mentioned you run a few days classes. I am very keen to watch those recorded - something like what INE (and others) does.
Hello Alexander - very happy to hear that the videos are helping you. I have an on-demand training available on Udemy. TCP/IP Deep Dive with Wireshark - bit.ly/udemywireshark Check it out! It's got a ton of hands-on labs, assignments, and ways to practice on your own. I hope you like it.
He repeats the questions! Good form sir, good form.
I keep coming back to this video from time to time and I always find something that I missed the last time. Thank you, Chris.
Thanks for the comment Yash! I'm glad to hear that the video is helping you. Stay tuned on my Intro to Wireshark course for more TCP stuff.
Whole world need trainers and teachers like you. You are awesome
Stellar public speaking and instruction. Glad I found this channel.
Glad you found it!
I hope you know you're awesome !! The best thing is how you put 'air' into explanations and let the audience take notice of subtle things, ruminate, analyze and really understand. You have covered so many topics in this single session and made sure that everyone remembers/ retains 90% of those (I'm an app-guy and others would retain more than me). Amazing stuff !!
thanks for the comment Partha! I appreciate it. Make sure to check out my new Wireshark Masterclass too - ruclips.net/video/OU-A2EmVrKQ/видео.html
@@ChrisGreer Thanks for that link. I wouldn't miss it for anything.
such a fantastic teacher and such insights into the TCP packets. I watched a 5 hour course on Wireshark from another teacher and watching this video I realized I am finally learning what the 3 way handshake is. This teacher should educate all network administrators and cyber security personnel.
Thanks for the comment! Glad the video helped.
oh gosh this is wonderful. clear out many things. working in ISP receiving client complaints how their replication cant be done cause they cant see full throughput. i wish i can send them this video to learn how network work and before blaming their ISP they need to check wats going on with their application.
Great to hear you enjoyed the video! Yes please send it to whoever may benefit. Yeah I bet you get blamed for quite a bit that is not your fault!
Superb explanation !
Thank You Chris.
As a TAC Escalation engineer I find this very useful. Will help a lot of folks who want to understand how TCP works.
You are one hell of a expert Sir!
I learned what I could not understand even in my years of networking career and in college degree.
Thanks very much, appreciated!!!!!!
Im not a native english and im not even so good in english but all these hard stuff with your teaching style, is so understandable. Thanks and i wish best for you.
Thank you!
Why is that only 1.5K likes for this video. It should be in Millions!! ...and he repeats the questions clearly to answer..
Thanks for the comment Arun!
Stopped and liked the video because it has been one of the best and informative video of how TCP works in Wireshark.
Thanks for the comment and for watching Manuel! Glad it helped you. Hope you like the rest of the content on the channel too.
What awesome video, 10 years as network guy and now I'll make sure that I'll understand TCP, Thanks @ChrisGreer
Best to your TCP journey!
Why is that only this much likes and comments for this video.
It should be in Millions/Billion.
Lots of Love from India....Ur awesome!😍
Fantastic Chris!
Your wait for the packet from layer 7 (1:12:00) was hilarious!
You have actually inspired me to learn more on TCP.
Thanks for the video.
I have learned so much from this video in just one hour. 'Explain me like I'm five' at its best. Thank you so much.
That is how I have to learn everything - like I am five! 😜
Your courses on plural sight are the best. I've done other tutors' courses on plural sight and linked in learning which left me a bit confused since they hit the surface without much explanation. I just finished your "foundational TCP analysis with wireshark" course which is clear and the orderly step by step layout makes it easy to understand. Great job👌👌
Thank you so much for taking the time to comment and give feedback. I really appreciate it.
I guess you don't know how Noble work you are doing .... I really appreciate the effort you put in to learn weeds of TCP and importantly sharing your knowledge..... God Bless .Keep going
Thank you so much for the comment. I appreciate it!
this was a brilliant hands-on example Chris. In additional to clearly explain how TCP works and why handshakes are always so important, you have humoursly also explained why application guys and network guys keep bickering over latency issues. I am from application team and this video has enhanced my troubleshooting skills. Thank you so much for posting this!
Thanks for the comment! I really appreciate the feedback.
I feel as if I hit the motherlode of TCP and Wireshark knowledge with this presentation. Thanks, Chris!
James Boelter thanks for the comment!
Hi Chris, great intro into TCP, I'll recommend it to anyone who asks me about TCP beginner talks ;-)
But I think there's a small error at 1:01:17 - missing SACK options does not mean there are no fast retransmissions possible. The triple dup ack mechanism works without SACK, but it may lead to full retransmits from the gap. There are three flavors of retransmissions: time out based, fast retransmission triggered by triple duplicate ack, and SACK (which in turn doesn't even need a triple duplicate ack to signal loss)
Thanks for the comment Jasper - I hadn't seen a stack not have the option but still do fast retrans yet. But hey if it's out there I want to be correct about it!
This was SUCH a good video! I think your teaching style is excellent. Thank you for making this available.
Thank you for the comment Tristan!
This material should be required for every new engineer coming into the field
Chris Super explanation of TCP. More window Size to you..... I have seen lot of videos for tcp but this one contains all of it most the part i would recommend everyone to watch this video instead of shuffling through the youtube bits and bytes of other tcp video
David Bombal just sent me here. I thought I knew TCP/IP, apparently nope. Good content Chris.
Awesome Andy! Great to have you on the channel. Thank you for stopping by.
Chris, I have learned a lot from you in this video that I have not learned in last 10 years. thanks
Excellently explained, I know nothing about this but after 1h17mins I can start to see a little of what it’s all about looking forward to the rest of the series
Nice presentation,I like the way your are explaining things in a simple way & Very informative video.Thank you so much
Typical great presentation from Chris. The guy is a consummate professional.
First I thought "Over an hour, that's long...". Now I think "Could have been longer!!!" :-) :-) :-) Awesome presentation. Motivates to dig in! Many thanks!!! :-)
Thanks for the comment Francisco! I appreciate it.
Hats off Chris.. Thanks lot for this wonderful presentation.
Great, Thanks for sharing Chris... Love your enthusiasm, and the your joy of teaching the subject. Good Job!
Thanks for the comment Michael!
I love this video, I wish I had it during my Computer and Network Security course last semester. Thanks for sharing.
Im in the first few hours of learning to how to become a pen tester. If im honsest, this tcp thing looks relatively easy. I'm mostly worried about the command's i have to remember. A whole new language. Including phyton. But this is super interesting. Do you have tips and tricks, I've get what ipv4/ipv6, subnetting what a /20 a /24 network is. And how and why it's different, and what routing is, what a gre and ipsec tunnels is. What an handshake is, and what the window sizes and the multiplier is, The package size. I'm curious how to continue. Looking forward to learn way more about networking, testing kali, linux, understanding and writing code, discovering that I don't understand anything of this. And learning to understand. Love this journey so far... Thank you for this video and the collaborations you did with david bombal, and many others... Cheers!
You inspired me to learn more in depth TCP/IP
Man Chris, you just nail it with expressions, easier to remember, thanks a lot!
Thanks for the comment!
Thank you Chris for this video, you're a great teacher. Your explanation of waiting on Layer 7 traffic to fall down to Layer 4 on the server side was hilarious. 😂
Thank you! I'm really glad you liked it! Please feel free to share...
Nice. Also, dropping a link to pcaps you're using so we can follow by step-to-step in a video description would've been super cool.
How can someone not love this guy!
This is one of the best talks on networking I've seen.
If you have part 2 available, it would be awesome to see it.
Thank you for sharing.
Thank you for the comment Pablo - I will post round two soon!
Can't go to next video, without liking it; Good video Chris, thanks for this basic TCP stuff; lets jump to your next session. Thank you.
Thanks so much Chris for sharing your expertise.
Glad it was helpful!
Hi Chris, thanks foe the nice and informative video, watched it couple of times and using it as a reference.
I have a question which I couldn't find any answer for that.
What does "windows scaling factor -1 [unknown] means and is it a problem ?
Thanks in advance.
Hi Chris - Thank you for such an awesome video. Informative, Easy to understand and remember.
Thank you for the kind feedback Vishal!
Chris, eres el mejor. Apenas empiezo y entendí !!! gracias
Excellent method of teaching
Thank you for the comment!
What a lecture! Simply Amazing
Thanks for the good vibes!
This presentation is awesome. I wished you could teach me that in my class lecture
Super explanation. Thank you Chris!
Glad it was helpful! Thank you!
Bravo .. buddy you nailed it ... content to your style of explaining.. loved it all..... :)
Thanks for the comment Sandeep! Glad the video helps.
Just bought your Udemy course Chris. Would you recommend for a network engineer to try work through that Stevens book TCP/IP Illustrated vol 1? Thanks
What a great speaker!
Very knowledgeable..Appreciate in sharing the knowledge
Glad you like it!
Absolutely fantastic explanation. Thank you!
Chris could you explain the difficulties of on-board airline WiFi? What is 802.11ac at 700mph?
Terrific presentation! Very insightful
Fantastic teacher awesome session. Thanks.
Thank you!
extremely helpful videos, love your passion for packets!
Glad you like them!
He is Very good instructor !!!
Thanks for the comment @imran! Glad it helped you.
@@ChrisGreer clarity in explaning concept was too good. Have a great day !!
Hi Chris,
nowadays i am watching lot of videos on wireshark. but your approach of understanding is unique. I really appreciate if you could please assist me on below.
I was reported issue, where application team was facing duplicate transaction issue. and i was contacted to see if network is causing any issue. 4 servers are involved in this and i have taken wireshark capture on all 4 servers. but it is using SSL protocol which is encrypted. so as per my thinking i think we cannot come to know if duplication is happening by looking to TCP\IP packet only. could you please suggest me if it is possible.
Hi Chris,
Great content and excellent way of teaching the basic stuff. Liked it alot, i have a question if anyone can help me out here.
1. There is URG flag in TCP control bits and we see urgent pointer in Wireshark captures, whats the major difference in both, or in other words what is the significance of both.
Really appreciate if you can help me with this question...
Sure I would be happy to help you with that one. So TCP doesn't know anything about when data from an application "starts" or "ends". It's just a stream of data, and TCP's job is reliably getting it from one endpoint to another. When the URG flag is used in conjunction with the Urgent pointer, this is a way for TCP to know that a certain byte (or bytes) of data are important and need to be urgently processed upon arrival. It's a similar idea to the PSH bit. But with that bit the whole segment is considered important and immediately sent to the application upon receipt. The Urgent flag just allows us to point to a specific data point within the segment that is important. In practice, you don't see this terribly often. But I'm sure it's out there lurking around somewhere.
@@ChrisGreer thanks a tonn for this valuable input and clearing my confusion on this. I am already following your wireshark series since recently started analysing packets. But let me tell you this, you rock man exceptional content and i have also asked my colleagues to watch your all videos to learn more. If there is any other platform where you are uploading such content do let me know. I would love to follow those for more learning.
@@niketrami5827 Thanks for the awesome feedback Niket! And yes, I do have my content out on Pluralsight as well. There you can take some of my complete Wireshark courses. In fact, they have a deal running through today for 40% (December 4th). It's the only time in the year they do that kind of discount, so go get it! bit.ly/blackwireshark
STRAIGHT FACTS at 21:30 - 21:40. I am nothing special when it comes to network security but EVERYONE in my workplace wants the scripts I made for automating network packet inspection and other tasks. One day I caved and said fine use this, 45 minutes later. I get a teams message "hey can you explain your script? i don't understand what it's looking for, how is that relevant?" All i wrote was "I don't have the time to explain it." It's like those people who get stuck on the "how to get started in (insert topic) videos" and tutorial videos. At some point you have to become curious yourself and dive headfirst.
I hear you.... Definitely true.
@@ChrisGreer Thanks for the response, you have amazing straight to the point content. I've recently been trying to make a department switch and your videos on TCP have helped me out substantially.
It starts at 3:58 if you don't want to listen to the introduction
THANK YOU
Chris, fantastic presentation . I really learned a lot .
Glad it was helpful!
Very good explanation Sir
Thanks Parvesh! I appreciate the comment.
Very good video.
Thanx Mr Chris.
you nailed it. Is there any book that can team me more about the TCP ? ( I am going to have a look at the RFC) Thank you again.
I really like TCP/IP Illustrated by Fall/Stevens.
I found the it and I am going through it. Thank you Chris.
It was an incredible session Chris, thank you for the great explanations and good humour.
Glad you enjoyed it!
Awesome Chris, can you do a modbus analysis? It would be great
Great speech! Enjoyable even for a begineer like me
Chris. Thank You for this.
My pleasure!
Impressive style & content. Thanks so much for sharing this
@1:10:54 you said after http get from client . server sent ACK only acknwldg previous sent data but not sending any other data, that is perfectly fine. But i have one doubt. you said if that ack is not received to client then it will re-transmit. i think client will not re-transmit. TCP-keep alive message should go in that case.
Thanks for such helpful videos. You are awesome!
thanks chris... well explained ....
Glad it was helpful!
Hi Chris!! Excelent explanation!! I'm super noob in this sftuffs but i can learn many tips! I like your way to explain teacher 😆😆 very funny!!
Pd: Sorry about mi poor english!
Regards from Argentina 😉👏
I'm glad you liked it!
Hi Chris, Very informative video on TCP. Learned a lot. Thank you very much.
Great Samir, Thanks for watching and for the comment. I'll post round 2 soon.
I entitle my delta column with a Δ . Like the greek delta Δ. Yay unicode!
But if that's too uppercase for you then δ also will work. I just figured out in the midst of a 35 hour long packathon of looking at frames, with my vision going blurry and my mind actually starting to think Cisco is a real company I'll be able to make out Δ and what it stands for a little easier.
[placeholder for screenshot URL that is coming up]
About half an hour later I came up with a much better approach it seems. Just take the nerd fonts I already use for powerline, airline, sofaline, toiletline, lineline and use some of its extra icons and then install it as a font in Wireshakr. The delta is just much crispier. Oh and while I was at it I pulled a clock and replace time title with that too. I am currently brainstorming with chatgpt as to how source and destination can be represented by the icons.
Otherwise great conversation, dude! I'm a red teamer and the way you talk about TCP signifies that you have such extreme levels of expertise that you are like fluent in it. I'm probably gonna pull out my fountain pen anda take some notes tbh ans so far that's only been reserved for MIT OpenCourseWare stuff (like csail from original HP recording).
I just learned more about TCP in three bours binge-watching your videos than in the last like 10 years I think.
Hello @Chris thanks for posting this great presentation, I learn something new and very interesting with each of your talks. Would you be able to point me to where I can learn to build profiles? I am basically used to using tcpdump in Linux but will be great to use wireshark as another tool to analyze the packets, and I believe that having the filters, colors and profiles set for each situation will optimize troubleshooting a lot and make it easier for other teams and management to have a better view and at least a bit of understanding on what they are seeing. Thank you very much in advance.
Brilliant video. Please post the next part as well.
what is the relation between window size and mss? i.e. if we have a window size of 65535 and a capacity of 1460mss, does it mean we can receive almost 45 tcp segments with 1460 bytes in payload each in a row?
Thanks for the help.
@Chris i have one quick question what is idle or best time format setting you suggested or best to use in packet analysis. since beginning or capture or previous capture or displayed options. can you please give a detailed analysis on this
This is a great question - I will shoot a video to cover it.
@@ChrisGreer 🙏 thank you my friend .you are amazing person..,
@@ChrisGreer please touch how to switch between local timezone to UTC or other in that video too
This is fantastic stuff. Very helpful. Thank you!
Hey Chris, great video. In your last case study a router diminished the MMS which caused latency on the network. To realize that you did a scan on the server side. Is there a way to spot this kind of problems when you only got a client scan?
Hello Xtra999. In this case, not really - I needed to see how the SYN was leaving the server and how it was arriving at the client. I suppose you could infer that it was an MSS problem by the TCP behavior, but that is something you probably would need experience in looking for. Thanks for the comment.
Finally a good video
Thanks for the comment sir!
@@ChrisGreer These videos helped me get an offer at Facebook. They are simply invaluable. I'm sure the real courses are even better! Thanks again for all of the help :)
Informative and brought in a very nice way. I'm excited to see part 2. Are you gonna share that second part here on RUclips as well?
Chris you are awesome. Can you please upload the packet capture?
It's great presentation..I appreciate it..
Had a question can window scale be -1.
Oops I got the ans....thanks..
_Are the packing peanuts for the structure and throughput?_
Superb video
It is I, I am the TCP goblin! *Sage nod, hands on hips triumphantly*
@Chris you are amazing man! from your body language I feel you dive inside the wire a swift through these packet! I love it. quick question, minute 48:53 can you please show me the math behind how TTL 111 translate to 17 routers (n00be asking)
ahhh 128 -111
Thanks for the feedback! Yeah so most devices start with IP TTL's of 64, 128, or 255. So when I see 111, it likely started at 128 and traveled through 17 routing devices along its way to me.
I cannot thank you more!
really nice conference! very helpful
Glad it was helpful!
Amazing Chris. This is brilliant. Really Geek stuff
Thanks Nabeel - I try by best to geek-out but still not be boring!
@@ChrisGreer Sir is it possible we could have more from you about traces , case studies etc. Do u have any training course ?
@@453nabeel Yes sir! of course. I do have more training - remote, onsite, or on-demand. If you are interested in more please shoot me an email at packetpioneer@gmail.com or contact me through my website - www.packetpioneer.com. I'm happy to work with you to help you meet your Wireshark goals.
06:53 | 17:55 TCP Handshake
Is TCP good for people looking to get into security jobs?
YES!! I actually want to put out a TCP Analysis for Cyber Security Professionals. Would that help you?
@@ChrisGreer please have you put out the analysis for cyber security professionals, if you have kindly drop the link here
There are subjects that students enjoy reading, and there are subjects they love by way they are taught. I'm sure you fall in second half