How to Use the TCP Completeness Value in Wireshark
Рет қаралды 12,113
Күн бұрын
@majiddehbi9186 Жыл бұрын
Hi Chris Just to share with u. I passed my CCNA. Your lessons were very helpful.
@ChrisGreer Жыл бұрын
Congrats!!
@mohammadalmaazi Жыл бұрын
Chris , you are amazing . I wish I will have enough time so I will never miss any single moment of all your videos . I feel that I need to watch them and re-watch many time as they very useful and rich of details . Thanks a lot
@rajesh_shrestha Жыл бұрын
I have watched your almost all the videos, and now i have learned so much from it. using it for troubleshooting my clients network issues some are solved and some not, but honestly i have learnet so much thanks to you. always waiting for the new informative video to come out. this one is great too thank you so much for sharing.
@marktuggle5609 Жыл бұрын
Good video, I just got into learning Wireshark about a week ago and I am learning quite a bit from these videos. Got a long way to go, but these little tips and tricks really help out!
@vq8gef32 Жыл бұрын
Thanks again. I am watching all your series.
@ChrisGreer Жыл бұрын
Thanks! Enjoy!
@x0rZ15t Жыл бұрын
Yet another insightful video, thank you so much for sharing the knowledge with the community! 🙏
@ChrisGreer Жыл бұрын
Thanks for the comment!
@johnhupperts Жыл бұрын
Hey Chris, could you do a video on SSH packets and talk about tunneling and how it's different than TLS/SSL?
@AshfiyaFatima851 Жыл бұрын
Hi Chris, Thanks for this lecture, It was very Nice, I just have a query for you, If in case in Wireshark it is showing Incomplete with Data(15), So i understood it is because it is missing FIN that's why it is giving incomplete, So basically what could be the reason for this issue? I mean why FIN got missed? where we can check, any idea, Thanks in advance
@adedejiemmanuel1 Жыл бұрын
Thank you.
@aamisomnath Жыл бұрын
Helpful information 🙂
@ירוןגולן-ב8צ Жыл бұрын
Hey ! Thank for your videos! help me alot.
@ChrisGreer Жыл бұрын
Glad you like them! Ok
@joerockhead7246 Жыл бұрын
thanks, Chris. This was great.
@ChrisGreer Жыл бұрын
Glad you enjoyed it!
@tranxn7971 Жыл бұрын
Thanks Chris for this tip ! Is this new from version 4.x ?
@zorroazul20 2 ай бұрын
Hello Chris I have a question, I have client that send a frame with conversation completeness: Complete , with data (47) but in the server received conversation completeness: Incomplete, established (7) it means without data, right? Do you have any idea? There are a firewall in the middle. THANKS I appreciate your videos
@MohamedAhmed-vw5bc Жыл бұрын
Hi @chris, nice video as usual. I'm planning to attend sharkfest US, so are you participating by giving some lectures? I hope so. I'm a big fan of you.
@kristianfo Жыл бұрын
Hello Chris, it was great. I've seen you've added TCP Completennes Value into Columns, but me does not have this Type of predefined value to add into Appearance-Columns. I have the latest release of WireShark. // I'm new on this your YT channel, have you mentioned in past also other additional values as 'Expert Info Severity' or what/how to add 'FW-1 monitor if/direction' for CheckPoint admins... That would be great. Thank you, double when you will mention it...
@everest1632 Жыл бұрын
Hi chris, syn,syn-ack,ack, client hellow ,ack and (fin-ack from both end) tcp completeness data 31 is it normal, i mean y server is not sending server hellow and TLS whole process after client hellow
@SnortDefence Жыл бұрын
Hi Chris in wireshark statistic field we have packet length and service response time ..can you do vlog on this option to deep dive and use case
@ChrisGreer Жыл бұрын
Great suggestion!
@vijay85cisco Жыл бұрын
hi chris i asking help to educate us about decrypting the SSL TLS connection applications... for example let say client will be browser and sending connection to the server application which protected by TLS.. i have private key on my hand of my applications which could be different types format. not aware about how to import those different format of private keys in wireshark and decrypt it for troubleshooting purpose..
@ChrisGreer Жыл бұрын
Modern TLS uses a different key pair for every connection. So even if you have a private key from an older conversation, it won't (typically) be able to decrypt. You would have to store the session keys. kzbin.info/www/bejne/a6LIlKyQfbFgfbc
@syedalizainnaqvi9450 Жыл бұрын
hi Chris. I have a question. I have a pcap and it was captured from running a malware sample. can we find the hash or the data of the sample from the traffic or which packet is from which sample?
@ChrisGreer Жыл бұрын
Hey there is a whole lot to it. So you have traffic captured from running malware. That will give you conversations, protocols, and other IoC's about how the malware works. But the corrupted file that infected the machine, or the code that was embedded in an application may not show up in the traffic for us to extract a hash. It also is difficult to tell which packets came from the malware vs the system. I would start by looking for any conversations/dns calls/http requests/country codes that are not normal behaviors.
@erkansapmaz376 Жыл бұрын
Hi Chris, "Conversation completeness: Incomplete, DATA (15)" message is in the TCP field. Where should I look for the problem? Please help me out.
@ChrisGreer Жыл бұрын
Hey! This means that you captured the handshake and some data, but you missed the FIN or RST packets that shut the connection down. No problems, just an indicator that you stopped capturing before the shutdown happened.
@jackkk88888 Жыл бұрын
Hi Chris, A pcap TCP stream of FTP data channel has syn, syn ack, ack, data, and proper connection termination with fin ack from both sides. Conversation completeness shows incomplete (30). Why? Wireshark version 3.6.5
@ChrisGreer Жыл бұрын
any way that we missed the SYN?
@jackkk88888 Жыл бұрын
@@ChrisGreer followed the TCP stream, SYN is there, TCP three ways handshake looks good.
@eadell Жыл бұрын
@@jackkk88888 Please upload your capture on cloudshark or open a bug at wireshark and I'll check it
@VishwadeepShinde Жыл бұрын
❤️
@bergerMeister949 Жыл бұрын
Combine this field with the new display filter math capabilities in Wireshark 4.0 (discussed at 8:23 in Chris' interview with Gerald Combs kzbin.info/www/bejne/hWbXiGqJnbOfoc0 ), and you can do a quick assessment on a variety of network problems and network attacks.
@Rogerson112 Жыл бұрын
So how we can describe your job. You're network administrator or network analyst or maybe something else?
@ChrisGreer Жыл бұрын
That's a great question! I am a network analyst more than anything. I don't administrate or engineer any specific networks because I am a consultant. Mostly I get called on issues that involve the transport layer, which is why you see so much TCP related content on my channel!
@Rogerson112 Жыл бұрын
@@ChrisGreer Thanks buddy! God bless you
AnythingAlexia
Рет қаралды 22 МЛН
Chris Greer
Рет қаралды 46 М.