Chris, I think this may be the best material I've ever come across for understanding some of the specific elements of TCP. The time you spent on the receive window confirmed the detail I have in my notes, but the congestion window explanation has always been somewhat elusive online! I have some pretty concise notes, but to see the concepts played out visually in a steady way, and also in context with the capture files, was simply great to watch. Didn't feel like an hour and 20mins. Some great tips too when analysing in Wireshark. Great work - this is how TCP should be taught.

Im 40 years old.. just got interested into this stuff and working on my ccna and i wish you were my teacher..thank you for your great videos

TCP training at its best...

This guy does awesome job at explaining!

These are the best two TCP videos I've seen. Studying for the CCNP ROUTE and chapter one is diving into TCP. This really helped tie things together.

Awesome stuff, both parts. I've worked as an F5 support engineer for a couple years prior to watching this, and I took a ton away from watching these two sessions. Thanks alot man!

Very Well explained case files.. you made me fan of you

Hello Chris, Many thanks for uploading this content. I'm networking core and I'm surely one of those layer 3 heads. I normally joke about doing stuff at layer 3.5 to my application colleagues. Your presentation changed a bit of my perception on troubleshooting with wireshark. I see I still having so much to cover on my studies and I appreciate very much your effort to provide such quality material.

Been looking out for the second part for a while. Thank you, sir. This is very informative and brought in a very good way. You rock!

Hi Chris, you are an excellent presenter, and I learn a lot from your videos. Well done.

Awesome. Very well explained. Great Job, Chris!!

Chris, awesome as always. When I started looking deeper into protocol analysis, of course with your help, I started understanding network and other technologies much better, it all started to make so much more sense. Thank you for those sessions, master! PS please do more, boy do i enjoy those

Chris .... You did mindblowing lecture ... Your selfless thought by sharing what you learned are commendable ....

Chris, As usual this is fantastic Thank you

As a fresher starting as a Support engineer this was amazing session on TCP, hope to see more!

You are the best and no one can beat you... Keep up the good job...

Thanks for the great session.

I had the exact same issue in my network as described in your last packet capture. A packet capture on client side was showing that a 1460 byte packet got lost somewhere on the way. Problem was the network in between was managed by a not so cooperative vendor and the server was in control of a different organisation, so getting a server capture or adjusting mss on a network node in between wasn't an option. What I did to resolve the scenario was to decrease the mtu on the client pc itself so that the MSS would stay low to 1398 bytes, which was the MSS value that was working as I observed on a different application. The application did run this time but we're still seeing some chunks of 1398 byte packet get dropped as well which is retransmitted back to the client after a while (without mss adjustment, the retransmitted Packets are 1398 bytes as well), so slowness in opening the application is still there. Would you have any idea what could be causing this? Thanks so much for the guidance anyway Chris! Priceless lectures!

You are awesome man, learnt so much from this. Great explanation.

This is an awesome talk I am new to wireshark and packets but watching your talk on D.Bombal right before this talk made the topic understandable and approachable.

Great great vedio, this is the best course about the usage for wireshark I have even seen even 4 years pass. Thank you😊

Thank you for the great information.

Excellent video to get interested in the guts of TCP. This has me very interested in testing my network and servers now to see if there are any optimizations or bottlenecks now.

These two videos took my understanding of TCP to a whole new level. Thank you.

65535 - that's how many "aha" moments I got watching your video. Awesome stuff Chris!!

Chris, this is like getting enlightened, thank you

thanks man, real nice tutorial, i love the way you started from scratch and gave a solid base. thanks again

Thank you! This was very very clear an simple, just like it should be :)

Such good stuff!! Thanks Chris. Indebted!

Watched this video for the 7th time and can see this for 7 more time :)

Havent seen such detailed explanation of TCP. This is awesome stuff Chris. Do you write books as well.

What an amazing content this is. You rock Chris.

Great job! Thanks!

Excellent Sir..... Worth 🥰🥰🥰

You're amazing! Thank you for the wonderful content!

Another[part-2] awesome video... Thank you very much; many of the basic concepts are cleared now; Do you have a part 3?

Awesome session. Thanks Chris Greer !!

Chris, well explained as always. Can you please upload the packet capture ?

thank you!

Hi, Chris! Great explanation! Thanks! I just wonder, could you share your traffic dumps so we could repeat all your moves.

real good stuff, I must leave a comment and click a like!

Awesome!

Thanks for these great videos, I'll bet the slow application was a tape drive.

Awesome training! Can I please get these wireshark files as I need to give training in my office!

Hello @all: is there a possibility to get the Trace Files?

Awesome.....

Hello Chris, may I ask for the pcap traces for window size

Hi Chris, Your videos are really helpful and awesome explanations. I really start to enjoy packet analysing. Is there any place I can get different captures with issue description to analyse and later verify my analysed report is correct? thank you for the great videos again

Thanks Chris It's a wonderful explanation 1 doubt: how did you calculate the number of packets that came before ack "referring timestamp 41:00 to 43:00 in this video"?

Hey Chris, Thank you for the informative videos! Quick question.. Do you know what "4 "NOP" in a row, router may have removed some options" warning/error code means? Thank you for any help :)

Love it !!!!!

Great!

Some time passed since this video was published but I`ll try to ask anyway :) First... After many years at IT in different roles (System\Network\Security\Managment) I have to say that this is great and clear explanation of TCP and I learned new stuff. Now the question regarding the last case study about LDAP. Actually what happend is some FW between the Client and the File Server just dropped packets (from server to the client) because their MSS exceeded what it alterded in the original SYN,SYN-ACK,ACK packets exchange? I get it right ?

Great session. can you please do a session on "your way of filters".

Hi Chris, very nice lecture this is becoming my favorite channel of all time :D. I'm a beginner in TCP/IP and the discussion got a little too complex to me at the end so I got lost a bit please clear this up if you can: In the last part 'TCP MSS Problem' if I understand correctly the MSS which was agreed by the server&client during the handshake was reduced mid communication because of some router which was in between them? Did I get that right? And if so, how is that possible, isn't the MSS something which is only agreed upon during the 3 way handshake and then set in stone for the remaining of the connection? How can some intermediary router change that?

Hi Chris, Is there a relation b/w receive window and ACK?

Thank you very nuch

Another banger

Chris, great content as always. I have a scenario where receiver advertised it’s receive window of 211 no window scaling and next packet sender still sends 1460 bytes why would it do that knowing the receiver window size is low. Sender continues to do that why would it do that?

Another fantastic session !! Chris , will there be Sharkfest 2019 session? & most importantly will we be able to hear from you this year ?

Any resources on how to start catching packets (for almost beginners)? Thank you.

You are a god

I will definitely go to next sharkfest. Do you have any session or recommendation on detailed SACK analysis ? I also would like to know if you have anything to figure out mtu issues.

51:30 TCP Timestamps

So if server is only sending mss of 1432 instead of 1460 the remaining 28 packets will go in next round trip. Will client send sack for them?

Do you recommend any authentic book on TCP that should be on our bookshelf and the one that we can consult any time? Please mention. Thanks

Hi Chris, This is really helpful. I got one question. In one capture, I can see MSS is set as 1460 (as per SYN, SYN/ACK) but later I can see TCP segment length (from client)much higher than 1460 (as high as 7K, 14K, 30K etc). How to explain that? The capture is on the client side with iperf. The client and servers are back to back connected.

For case study, MSS problem i was confused with the explaination, since it was saying the outbound router of the client side was replaced and missed the config, but the talking at the end is saying the server is getting 1432 mss advertised by the client, and but the trace we actually referring to the client side capture rigth? So the server side is thinking client is doing 1460, but client side router is only doing 1432, and passed mss size to client, so when server tried 1460, no go, being dropped by client side router.

if the server side bucket is filling up and server side app is the cause how can we say client is hanging us up

Can i get this pcapng file ?

I want to star every s i n g l e Wednesday like 0:06

Thank you for this incredible and very clear explanation Chris, you rock! BTW, at 36:23 Chris has mentioned about Simon's talk about different TCP congestion algorithms, it's available at: kzbin.info/www/bejne/aJTSoo1mbJKMntk

Please please show subtitles in spanish or english I am from Colombia this video is viewing in all world

No part 3? 🥺🥺

I am spending my valentine with TCP

That guy who keep cough should just get out ...