Wiresharking CURL - How a single GET request translates to 10 TCP Packets

Рет қаралды 13,633

Күн бұрын

In this video, I explain how a single GET request is translated to 10 TCP packets. I will run CURL and then look at wireshark, talk through the three way handshake and explain the process.
#wireshark_them_all
🏭 Software Architecture Videos
• Software Architecture
💾 Database Engineering Videos
• Database Engineering
🛰 Network Engineering Videos
• Network Engineering
🏰 Load Balancing and Proxies Videos
• Proxies
🐘 Postgres Videos
• PostgresSQL
🚢Docker
• Docker
🧮 Programming Pattern Videos
• Programming Patterns
🛡 Web Security Videos
• Web Security
🦠 HTTP Videos
• HTTP
🐍 Python Videos
• Python by Example
🔆 Javascript Videos
• Javascript by Example
👾Discord Server / discord
Support me on PayPal
bit.ly/33ENps4
Become a Patreon
/ hnasr
Stay Awesome,
Hussein

Пікірлер: 32

@mynameislyle6917 2 жыл бұрын

This is great. I'm investigating a data breach and the attackers used Curl to upload a reverse shell onto the client's webserver. Watching this video really helped me understand that.

@cazmaj 4 жыл бұрын

Thanks, that was a cool post. Haven't touched wireshark in years! Glad I subscribed :) "The ACK flag is set when the acknowledgment number is valid. It is therefore set on all packets in a TCP flow except for the initial SYN packet, so by the time you are sending FINs, all packets will be ACKs. You don't need to worry abut it. An acknowledgement isn't a one-time thing, subsequent packets will all acknowledge the same data if no more has been received (by the end that sends the ACK). This works in both directions." Second paragraph is quite clear. (Google the quote for the 'network engineering stack' page).

@hnasr 4 жыл бұрын

cazmaj this is gold! Thanks that make sense why we have more ACKS and it doesn’t cost us anything and since we are sending packets anyway might as well resend ACK old one just in case I assume servers will ignore dup ack

@palaniappanrm6277 4 жыл бұрын

I have watched tons of video of yours, but this is my favourite. 👌

@hnasr 4 жыл бұрын

Happy to hear that! weird its one of the most one that I struggled in making haha because I am not well versed in low level networking engineering... I am loving the comments from all network engineers helping contributing .. this is the goal of sharing knowledge

@palaniappanrm6277 4 жыл бұрын

@@hnasr I have sniffed packets and analysed them while doing CCNA courses during college. But I always see only at the HTTP content (GET/POST body), followed a particular TCP connection to get passwords while doing telnet etc. But I never followed a very very simple TCP request and analyse SYN/ACK. That was really interesting 👍

@poke_champ 4 жыл бұрын

can we do a whole series just looking at packet transmissions for different applications

@rishavkumar9981 4 жыл бұрын

Hussein, Peer to peer arcitectures -> webrtc -> a fun grpc over webrtc might be a good topic for you to cover in some upcoming videos.

@jameezybreezy9030 2 жыл бұрын

Not a network engineer, but it seems to me that the ACK at 28 is acknowledging the HTML file at 26. When you hold your mouse at 28, you can see a checkmark ✔️ at packet 26, indicating that it’s answering that packet.

@romantsyupryk3009 4 жыл бұрын

Thanks so much for this video.

@tudorhulban2817 4 жыл бұрын

Could you maybe do a video on what happens during a simple gRPC request? We could put side by side....

@hnasr 4 жыл бұрын

Tudor Hulban that would be fun!

@serhiihorun6298 3 жыл бұрын

Man you’re the best!

@radhianamri8833 4 жыл бұрын

could you do a side by side comparison with other communication protocols as in http1.1, https 1.1, http2 and grpc? cool vid btw :)

@hnasr 4 жыл бұрын

AMAZING IDEA!! I just discussed it on my KZbin Story

@ינוןאלבז-כ1ז 3 жыл бұрын

Thanks 👍

@hnasr 3 жыл бұрын

Thank you for leaving all those great comments ! glad you enjoy the content (L)

@bushrahafeez5563 3 жыл бұрын

Hey can you make a video on using tcpdump to check the handshake and sniffing the packets etc...

@rishavkumar9981 4 жыл бұрын

Hi Hussein, 8th and 9th ACK from client is for 6th, and 7th response from server ([PSH, ACK] and [FIN, ACK]) so what is the issue? Am I missing something?

@hnasr 4 жыл бұрын

So if we go back packet no 23 get acked by packet number 24. Which is the get request and the ack Now server responding with content on packet no 25 and also ACK (that ACK i don’t understand) but someone said in the comment that server always send ACK with every request Server than sends FIN ack on packet 26 Packet 27 The client acks packet no 25 and packet no 28 acks packet 26 (FIN) But then packet no 29 does its own FIN/ACK ? the fin I understand client want to close the connection but why Ack? We just ack the server fin on packet 28 Thats my confusion..

@priyatamsai5151 4 жыл бұрын

@@hnasr yes Hussein, in a tcp conn. It is always recommendeded to send appropriate ACK in all the packets sent after handshake.. From either client or server.. Reason being, u anyway have that field in tcp packet and why not use it.. So that even if earlier ACKed pkts got lost in network, this will take care of it. (I think this concept is called piggybacking)

@hnasr 4 жыл бұрын

Priyatam Sai my god this is awesome!!! Nowww it makes sense!!! Thanks Priyatam .

@shiwang789 4 жыл бұрын

@@hnasr I didn't understand. Why do we need to send packet 28 at all? packet 29 is doing that job. If we go by this then 3-way handshake will also not be 3 steps. It will be like syn, ack, syn-ack, ack.

@shiwang789 4 жыл бұрын

I got the answer for my question. networkengineering.stackexchange.com/questions/38805/why-is-the-last-ack-needed-in-tcp-four-way-termination

@GlenMillard 3 жыл бұрын

Good day Sir - would I be able to send you a professional request on Social Media? Which would be best? Thanks much - Glen

@debugmedia 4 жыл бұрын

❤❤

@mridul1161 4 жыл бұрын

i dont understand how wireshark work its complex

@hnasr 4 жыл бұрын

Quarantine Coder me too for the longest time, recently I had to learn because the new videos I am making on nginx and Treafik require deep understanding of the network layer