Dear Chris, thank you very vey much. You've got no idea how these training enlighten my way to network analysis. I'm a substation protection/control engineer working with IEC61850 trying to find a way to be able to troubleshoot what's going on when I didn't recieve a signal on dcs system. And guess what, with the help of this channel I'm growing more and more everyday. Good luck with what you're doing. You're awesome🙏
Thank you for your videos. When is all about routing protocols there are lots of videos and documents online. On the other hand, if the topic is TCP, most of documents are same and not clear. You really making it simple. Knowing a knowledge does not matter, the most important factor is that you can teach in a simplest way.
Thank you Chris, learned so much from the video, Going to introduce it to the team, Days before, when someone in the team say will engage a network guy to give a wireshark training, all of us raised hands to be attending. indicate this knowledge is so precious. I am working for Microsoft.
Thank you so much for sharing the video. Please make some video on how to find out why the traffic was denied/dropped or at least by the destination ip. I'm new to Wireshark and have no clue to figure that out.
Chris, hi! Am i right if I say that Dup ACK packets appears when a receiver misses some continuous interval? For example sender sends packets 1,2,3,4,5. If the receiver receives 1 packet, missed 2 and 3, receives 4 and 5 we may see ACK packet from the receiver where ACK number = 1, left edge = 4, right edge = 5. Right? What might an ACK packet from the receiver look like when the receiver receives packet 1, misses 2, receives 3, misses 4, receives 5?
hi Chris compliment for your fantastic videos!! Great!! i have dubt about dup ack: i have printed a document on my network printer that doesn't support sack opt an at a certain point i have an ack from printer an 2 dup ack with no gap in data... how is it possible? thank you very much in advance
Great video Chris, just one question what does it means when client send syn and receives syn+ack from server and send ack. But server keep sending syn+ack and client keep sending dup ack. Thanks
Once every couple of weeks I have intermittent conversations timing out where I see a lot of psh,ack… any ideas how to dig into these (for now I proposed to trace also on the other side… what a wild idea, right;-)
Hi Thomas - as a quick response with absolutely no data to go on - I wouldn't focus on the PSH flags themselves. Usually those just indicate the end of a block of data. Depending on the stack, you might even see them for every segment smaller than the MSS. Intermittent timeout would be more of an RST or long-delay thing. I'd check for issues where connections have several retransmissions then a reset, or several keep alives then a reset. Or even a longer TCP timeout. I'd start there.
Thanks Chris.. its awesome video, but how to troubleshoot this? Is it due to network/server/application issue ? I am currently having an issue where in my capture i can see 9% of the capture having tcpdupack for client1 and 3% for client2 towards same destination server and application port. Both clients are sitting in same switch.
Hello Thameem - duplicate ACKs happen because of packet loss, so we would need to find where the loss is coming from. Look at interface details along the path - do you see any CRC or FCS errors? Discards? These can happen due to congestion, faulty cabling, or interface issues. That is where I would start for troubleshooting the duplicate acks.
I guess that is possible, but that scenario wouldn't depend on their being a spoofed IP address or not. Duplicate ACK happen when there is loss or out-of-order packets.
Hello! I want to learn ethical sniffing on HTTPS. I am very new to this. For example if I sit in a coffie shop how do I steal my friend password/username over HTTPS?
I watch your videos to revise my concepts. Every content produced by you is pure gold.
Thank you!
Chris, thank you for making these videos, you explain complex concepts with such ease!
Glad you like them! Great to see you Josh!
Exactly, with the needed clarity that one needs to learn, when learning
Dear Chris, thank you very vey much. You've got no idea how these training enlighten my way to network analysis. I'm a substation protection/control engineer working with IEC61850 trying to find a way to be able to troubleshoot what's going on when I didn't recieve a signal on dcs system.
And guess what, with the help of this channel I'm growing more and more everyday.
Good luck with what you're doing. You're awesome🙏
Excellent! Nice job! Keep on growing and capturing and learning.
Dup ACKs also happen for out-of-order arrivals. It doesn't always have to be packet loss, just segments not arriving when they should have ;)
ooh good point Jasper, I forgot to mention that! Arg... Thanks for the comment tho!
Thank you for your videos. When is all about routing protocols there are lots of videos and documents online. On the other hand, if the topic is TCP, most of documents are same and not clear. You really making it simple. Knowing a knowledge does not matter, the most important factor is that you can teach in a simplest way.
Thanks Tolga!
Thank you Chris, learned so much from the video, Going to introduce it to the team, Days before, when someone in the team say will engage a network guy to give a wireshark training, all of us raised hands to be attending. indicate this knowledge is so precious. I am working for Microsoft.
Sure please do! reach out at packetpioneer@gmail.com and let's get a training set up for you.
I'm enjoying these videos. It's got me diving back into WireShark again with a newfound appreciation after a bit of a hiatus. Thanks!
Awesome! Great to have you back!
Thanks Chris. Your videos are very informative and digestuble. I’d appreciate it if you could make a video about tcp out of order.
That's a great idea. Thank you for the suggestion.
Chris love your content it is so powerful and is super helpful thank you please keep up the good work
Thank you for the comment!
Chris, your videos are really helpful. Excellent explanation.
Great person and helpful videos i got a confidence on my knowledge after watching this videos.
Thanks Chris!!!! amazing.. I been in a problem for few days and your help has been amazing.
Thank you so much for sharing the video. Please make some video on how to find out why the traffic was denied/dropped or at least by the destination ip. I'm new to Wireshark and have no clue to figure that out.
Chris, thank you for helping me to better understand what I should be looking for in pcap traces
You are welcome!
Today subscribe this channel and were talking about this topic with my buddy and you made it.... Great job sir.
That is great Jake! Thank you for commenting.
Excellent Chris!!!
I was seeing the same issue, now I understand
Well explained
Thank you!!!
Thank you very much, it is the best video to learn wireshark and tcp
Good explanation, thank you Chris. One Question: it is possible to analyze in network traffic (TCP) the latency in Wireshark.
Chris, hi!
Am i right if I say that Dup ACK packets appears when a receiver misses some continuous interval? For example sender sends packets 1,2,3,4,5. If the receiver receives 1 packet, missed 2 and 3, receives 4 and 5 we may see ACK packet from the receiver where ACK number = 1, left edge = 4, right edge = 5. Right?
What might an ACK packet from the receiver look like when the receiver receives packet 1, misses 2, receives 3, misses 4, receives 5?
hi Chris compliment for your fantastic videos!! Great!! i have dubt about dup ack: i have printed a document on my network printer that doesn't support sack opt an at a certain point i have an ack from printer an 2 dup ack with no gap in data... how is it possible? thank you very much in advance
Thank you so much for your time and for making these videos. Much appreciated Chris.
My pleasure!
Great stuff, Chris. Thank you for this and the excellent explanation.
Glad it was helpful!
Your explanation is awesome
Thanks!
Excellent explanation, thank you Chris.
Glad it was helpful!
HI chris , can you create some video regarding TCP Half close and tcp half open and live example related it.
great video. Thanks Chris .
Great analysis thank chris
Great video Chris, just one question what does it means when client send syn and receives syn+ack from server and send ack. But server keep sending syn+ack and client keep sending dup ack. Thanks
Sounds like the server is not getting the final ACK, or something about the ACK that the server doesn't like so it is not completing the connection.
@@ChrisGreer thank you very much. I was also suspecting this. Kind of strange problem because at same time ping and trace working fine.
Thank you Chris. It is so an impressive video.
Glad you enjoyed it!
Awesome..keep up the good work..
Thank you, I will
Thanks bro.. keep up the good work..
Thank you too
i hve ZTE MC801A 5G CPE same problem with windows pc if use ethernet.. no problem with wifi..
can you please help me.. how to solve this issue?? 🙏
great explanation - thank you
Glad it was helpful!
Hello what about Duplicate TCP SYN with different initial sequence number how to troubleshoot it ?
Once every couple of weeks I have intermittent conversations timing out where I see a lot of psh,ack… any ideas how to dig into these (for now I proposed to trace also on the other side… what a wild idea, right;-)
Hi Thomas - as a quick response with absolutely no data to go on - I wouldn't focus on the PSH flags themselves. Usually those just indicate the end of a block of data. Depending on the stack, you might even see them for every segment smaller than the MSS.
Intermittent timeout would be more of an RST or long-delay thing. I'd check for issues where connections have several retransmissions then a reset, or several keep alives then a reset. Or even a longer TCP timeout. I'd start there.
Thanks Chris.. its awesome video, but how to troubleshoot this? Is it due to network/server/application issue ? I am currently having an issue where in my capture i can see 9% of the capture having tcpdupack for client1 and 3% for client2 towards same destination server and application port. Both clients are sitting in same switch.
Hello Thameem - duplicate ACKs happen because of packet loss, so we would need to find where the loss is coming from. Look at interface details along the path - do you see any CRC or FCS errors? Discards? These can happen due to congestion, faulty cabling, or interface issues. That is where I would start for troubleshooting the duplicate acks.
@@ChrisGreer we found it cleared after changing the cable 👍
@@thameemyousuf8194 awesome! Great job!
What if you get acks one after the other.... with no dup ack
There is a chance where there is IP spoofing attack and duplicate IP address may cause getting dup ack..?
I guess that is possible, but that scenario wouldn't depend on their being a spoofed IP address or not. Duplicate ACK happen when there is loss or out-of-order packets.
Thanks Chris!
simple and clear as usal
Glad you liked it
Pure Gold
Thanks Chris
L2 issue. Easy to figure out if you were the one that made the mistake to begin with.
Hello! I want to learn ethical sniffing on HTTPS. I am very new to this. For example if I sit in a coffie shop how do I steal my friend password/username over HTTPS?
2:35 ... am i the only one who heard Acknowledgment in my left ear in my headset
Me too mate. I heard it too lol
This is literally my dad
!!!!