The best Wireshark tutorial on the internet, no BS and straight to the point. Thanks Chris!
@Zerback2 жыл бұрын
I can't say thank you enough on how important is for people like me, that is just starting on networking world after working in IT +10 years, seeing you and David doing what you do! Thank you !
@ChrisGreer2 жыл бұрын
Thanks! I appreciate the comment.
@felix57292 жыл бұрын
Great explanation. First English speaking KZbinr I have followed.
@dmitrysimbirtsev66853 жыл бұрын
Chris keep on going the way you are! Thanks a lot for your great stuff.
@ChrisGreer3 жыл бұрын
Thanks, will do!
@fthdex2 жыл бұрын
Currently, I am writing some TCP/IP test cases with raw sockets and your analysis help me a lot to figure out the concept. Thanks for the simplified explanations and good quality videos!
@ChrisGreer2 жыл бұрын
Doing my best to keep the content relevant and interesting. Thank you!
@victormarquim2 жыл бұрын
Thank you for this great video! Made it so much easier to understand this topic, which felt really confusing to me at first as newcomer in the field.
@teddybean99486 ай бұрын
10 out of 10 rating from me. Best explanation ever.
@ShadyNetworker3 жыл бұрын
Amazing video again, thanks for putting these out!
@ChrisGreer3 жыл бұрын
Glad you like them!
@ShadyNetworker3 жыл бұрын
@@ChrisGreer TCP analysis is deceptively hard, I found. Even something seemingly simple like ACK numbers can throw you for a loop. At least, that the case for me.
@z0nerider2 жыл бұрын
Hay Chris, awesome vids man ! pls keep em comming, dont stop !!!! PCAP of performance / drop issues are a nightmare to troubleshoot but you make it soo easy!!!!
@ChrisGreer2 жыл бұрын
Thank you!
@267praveen2 жыл бұрын
Thanks Chris. I recently came across this series and I am glad for that. Its very helpful to dive into the packet analysis dark world 🌎 !!!
@ChrisGreer2 жыл бұрын
Thanks for the comment!
@IK-iu4rz3 жыл бұрын
Great stuff Chris, Thank you for your time and energy.
@ChrisGreer3 жыл бұрын
Glad you enjoyed it
@DocFortyThree2 жыл бұрын
Thank you, Chris. This was very helpful. Your explanation and walk through made it so much easier.
@batista988542 жыл бұрын
Thanks Chris for all your teachings. Love from India!!
@ChrisGreer2 жыл бұрын
My pleasure! Thanks for the shout out from India.
@manigandansrinivasan51942 жыл бұрын
You are always awesome when explaining difficult topics to make understand easily ... Great mentor ....Keep rocking ...
@ChrisGreer2 жыл бұрын
Thank you for the comment!
@nidhinyou9 ай бұрын
Thanks Chris! enjoying your videos like a beautiful movie..
@mcgirishnetwork3 жыл бұрын
Very useful information for troubleshooting
@ChrisGreer3 жыл бұрын
Glad it was helpful!
@pedrojaviermunozgarcia37217 ай бұрын
Excellent how you break down through thye details!!! Thanks a million man
@ChrisGreer7 ай бұрын
Glad it was helpful!
@juanrebella25892 жыл бұрын
Thanks man, appreciate your work. Greetings from Manchester.
@jjames72063 жыл бұрын
Thanks Chris!!! I am getting know TCP better!
@ChrisGreer3 жыл бұрын
Great to hear!
@asiyaahmad9866 Жыл бұрын
Chris, amazing video. Thanks a lot! The only concern is that the screen is not very clear. Its a blurred view.
@punggukbulan86742 жыл бұрын
Thanks Chris to spread this important knowledge..
@ChrisGreer2 жыл бұрын
Thank you for the comment!
@colinrogers99272 жыл бұрын
Great explanation sir
@ericwf13 жыл бұрын
This is great information Chris! I've learned so much watching your videos. Thanks very much!
@ChrisGreer3 жыл бұрын
My pleasure!
@pradnyasy80823 жыл бұрын
I am a student and your videos are very helpful to me :)
@ChrisGreer3 жыл бұрын
Glad to hear that!
@Casperr1232 жыл бұрын
Great teaching skills Chris, really really great
@ChrisGreer2 жыл бұрын
Thanks Peter! I appreciate the feedback.
@SnortDefence3 жыл бұрын
Good one ..will wait for the video where you show us non relative seq number important and use case
@ChrisGreer3 жыл бұрын
Great suggestion. Short answer? I use non-relative when I'm in a dual side capture analysis scenario and I need to track a packet through a NAT or a Port Translation. Usually those boxes will leave the original raw seq alone.
@TheAychi2 жыл бұрын
Hi Chris thank you for this fantastic analysis again I dont know if my understanding is correct but i think that Since the server sends the packets #14-17 out of orders that were acknowledged by packets #18-20 Maybe The Packet #22 is a response to the packet #9 when the client asked for the gap and since this packet was already sent (the server flaged it with Superious Transmission).
@nailsaggitarius42122 жыл бұрын
Great video but you better to show the flow of sequences with UML diagram. You can do visually any scenario there, which clears things up.
@KADAMORIS3 жыл бұрын
Thank you for all you videos , value contents in the video.
@ChrisGreer3 жыл бұрын
Glad you like them!
@AbhishekYadav-kc1df Жыл бұрын
Awesome explanation !! Thank you so much
@ChrisGreer Жыл бұрын
You are welcome!
@cyber_student3 жыл бұрын
🔥 🔥 🔥. You are the Truth my guy…
@loveplanes8 ай бұрын
Amazing! Thanks for sharing
@mike_on_tech2 жыл бұрын
Incredible teaching. Thanks so much
@ChrisGreer2 жыл бұрын
Thanks for the comment. Very happy to hear it helped.
@Youtuber-bb5bo2 жыл бұрын
Can anyone help me I’m trying to play ps4 vanguard and I have to put a port forwarding but the TCP says : 1935, 3478-3480. What to I do with the 1935?? Where do I put that number ??? Please help
@padmanathanvelusamy85803 жыл бұрын
Thanks for the videos.. Learning a lot with these..
@ChrisGreer3 жыл бұрын
Glad to hear it!
@yasyasmarangoz357726 күн бұрын
Yooooo thanks man 🔥
@georgemilev3244 Жыл бұрын
Awesome stuff!
@PouriyaJamshidi3 жыл бұрын
This was fantastic!
@ChrisGreer3 жыл бұрын
Thanks for watching!
@jparaujobezerra3 жыл бұрын
Learning a lot! great!
@ChrisGreer3 жыл бұрын
Glad to hear that!
@wedarengao85952 жыл бұрын
Thank! 谢谢您!
@arifunal852 жыл бұрын
Chris thank you for crystal clear informations. I am wondering, if videos have sequence numbers, would it be better?
@ChrisGreer2 жыл бұрын
Good suggestion... I will see if I can sort that out.
@haasjenl92473 жыл бұрын
So Chris thanks again for the video! Nice stuff! So maybe i didn't catch this while watching but what was the problem in this trace!!?
@ChrisGreer3 жыл бұрын
Thanks for the comment! So the issue was an MTU problem on the return path from the server. It was sending segments that were too large to fit under the MTU ceiling. From the pcaps we can determine that from the behavior, but we can't tell exactly which box was doing it.
@malkeetkalera75203 жыл бұрын
Thanx for uploading 🙏
@ChrisGreer3 жыл бұрын
You are welcome!
@amansingh_7973 жыл бұрын
any analysis on sftp..ftp tftp ..etc
@majiddehbi91863 жыл бұрын
Hi Chris can as i m preparing my CCNA it s just in time thx
@ChrisGreer3 жыл бұрын
Go get it! You'll pass. Keep up that study and you'll be all good.
@jasonnavarro59713 жыл бұрын
Thank you. 👍
@ChrisGreer3 жыл бұрын
You are welcome!
@socat93113 жыл бұрын
Given your knowledge of packets and protocols, do you ever play with tools like scapy to test things? I think learning to craft packets it's awesome way to learn, so if you ever upload something like that I will double-like it haha
@ChrisGreer3 жыл бұрын
Hey! I haven't used it yet but it is on my punch list since I'm digging much deeper into cybersecurity these days.
@socat93113 жыл бұрын
@@ChrisGreer awesome. love your content mate, I love cybersec and wireshark is a total must for it. Thanks for all the time you invest in this content.
@yunus-gedik2 жыл бұрын
In the first packet (the first SYN), there is an TCP options, the MSS with a value of 1460 bytes. But each TCP packet has a Window size that is greater than the MSS for example 8192 bytes. I'm telling my link partner I can receive 8192 bytes at once but my MSS is smaller. Can you explain this point please?
@ChrisGreer2 жыл бұрын
Hello Yunus - that is a great question. So if you tell me your holding tank is 8192, I can't send you 8192 in one packet because our other buddies along the way will get upset (IP MTU and Link level MTU - usually 1500ish). So I have to cut this baby up into smaller chunks (1460) giving room for the TCP and IP headers before we bump our heads on the MTU. So 8192 will turn into five 1460 byte segments, with a last one of 892 (which will probably have the PSH bit set). It's almost like - let's go get a pizza Yunus. I can eat four slices (all my stomach can handle - 8192) but please put only one on my plate at a time because the plates are so small! Hope that helps.
@redrover06able2 жыл бұрын
How likely the packet is not showing up in wireshark due to tcpdump or packet sniffer is not able to capture all the packets. I normally use the ip packet IP to identify gaps in my cpap. Not sure how accurate it is. Any recommendations?
@walternakatana76033 жыл бұрын
Dear Chris, thank you for your wonderful videos. Just one question, what are some protocols/captures to look for when computers are freezing/hanging when connected to the LAN on the same switch, only one switch in the building with 20+ users.
@ChrisGreer3 жыл бұрын
Hmmm.... great question. I would look for connectivity kind of problems - ARPs, DNS Slow or No Response, TCP SYN Retransmissions, Resets, or maybe even unusual STP activity. That is where I would start at least!
@שלמהאלבה-ב9כ3 жыл бұрын
thank you, very high quality material! quick question - at minute 15:17 - how can You be sure that the server got the 4067 ack? You said that "just by looking at the packet flow we can say that it was indeed spurious". but as I see it, theoretically it's possible that the 4067 ack didn't make it to the server, don't You think?
@ChrisGreer3 жыл бұрын
It's most likely that the spurious retransmission was a result of the triple-double. There were three duplicate ACKS above it. The acks between, the ones you had mentioned, are fired off, and before the network roundtrip time (85mSec) we get the retransmitted data. Also, all symptoms indicate that there was packet loss of large MSS's in the direction from server back to client - not small packets (ACKS) from client to server. So it is pretty safe to assume that the server got those ACKs and was just reacting to the Triple double. This is another reason I really try to get trace files from both sides of the conversation so we can absolutely prove questions like you had. Thanks for the comment and hope that helps!
@שלמהאלבה-ב9כ3 жыл бұрын
@@ChrisGreer that's very helpful, thanks so much!
@supergocho2 жыл бұрын
One question: Where is the ACK for packet 9. I see the ACK for packet 10 but no for packet 9
@mahavirsinghrajpurohit80042 жыл бұрын
Video 2
@ashika28843 жыл бұрын
Sir! Can I use hamming code in wireshark for detecting errors ?
@ChrisGreer3 жыл бұрын
I never have. TCP wouldn't but perhaps at the file level?
@ashika28843 жыл бұрын
@@ChrisGreer Good day Sir! Thanks for replying sir, Means a lot! Yes sir at the file level only, like if any bits changes means how to detect that using hamming code sir ? Actually I am doing project in *tracer & packet capturing using wireshark* when I searching for wireshark videos, I saw yours ( which contains what I need), but I didn't find the solution for my project on how to use hamming in wireshark sir! So I thought to ask you sir!
@LilleFjert3 жыл бұрын
Beeing 4 byte (32 bit) the max sequence number would be 4,294,967,295. Does it simply wrap around?
@ChrisGreer3 жыл бұрын
Hello Eirik, yes that is correct. Sequence number wrapping is what it is called. This is where the timestamps option can come in. If we are moving a ton of data, TCP can use the timestamp to prevent confusion about "which" sequence number it sees in the case of wrapping - a past one or a current one.
@luckymontero35493 жыл бұрын
Hi Chris. thank you for this channel it really help me in my every day work. Just wondering if you can help. When I tried to upload a file in website I'm getting error. Where do I start looking in wireshark? thank you in advance.
@ChrisGreer3 жыл бұрын
Lots of ways you could go with that. Start with filtering on the conversations between client and server, then add in the protocol in use (is it HTTPS? SMB?) Then at the time the error flags look for resets, application hangs, or tcp delays. That is where I would start, but it is hard to say without more detail into the issue.
@luckymontero35493 жыл бұрын
@@ChrisGreer cool.. thanks for giving direction where to start looking. I was able to resolved the issue... Kudos to you!
@navsam75942 жыл бұрын
Hey Chris, I know you are the only one who can help me. I am running an iperf between two sites and the link is 1G. When I run with linux I get 1G either way. As soon as I install windows on it, I get 150Mbps. Not sure why am I experiencing this behavior, can share the PCAPs as well.
@ChrisGreer2 жыл бұрын
Hey - I saw your pcaps you sent over. You need to manually increase the window size on the iPerf test. It is only going to use 264KB as a congestion window by default. Use the -w switch and I would crank it up to 2,000,000 (2MB) in your case due to the latency.
@navsam75942 жыл бұрын
@Chris Greer I tried and it end up in an error message "socket buffer is not set correctly".
@muttabonda36023 жыл бұрын
Please upload tutorial for SSL handshake, i almost tried all the websites but no one explained clearly.
@ChrisGreer3 жыл бұрын
Great idea, I am actually working on a TLS Handshake video!
@muttabonda36023 жыл бұрын
@@ChrisGreer I'm Waiting... :)
@kanakashriyakrishnamoorthy88212 жыл бұрын
I was running wireshark on my Wifi and I observed that for the same source and destination it was sometimes using TCP and sometimes QUIC which is UDP based ? How is it possible ?
@ChrisGreer2 жыл бұрын
Right now since we are in an adoption process with QUIC, most sites support both. So you may see a TCP connection and a QUIC connection until the site goes all QUIC from the get-go. Even then, we'll probably still see TCP hanging around for some time over the web!
@Themrhamoud3 жыл бұрын
You look like an American actor who did venom 2
@ChrisGreer2 жыл бұрын
Thanks! I think?
@usf48862 жыл бұрын
2:18 every byte has a sequence number??????
@ChrisGreer2 жыл бұрын
Yup. RFC793 3.3 -A fundamental notion in the design is that every octet of data sent over a TCP connection has a sequence number.
@zsahe21 Жыл бұрын
!!!!!!
@flinfaraday18212 жыл бұрын
I wonder if TikTokkers appreciates what happens when they send out their trash over the internet :D