Wireshark 101: Transmission Control Protocol, HakTip 126
ฝัง
- เผยแพร่เมื่อ 9 ก.ค. 2024
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
This week on HakTip, Shannon Morse explains the Transmission Control Protocol (or TCP) within Wireshark.
Today we are breaking down the Transmission Control Protocol or TCP for short, which runs in Layer 4 of the OSI model and runs on top of IP. TCP basically makes sure your data gets to where it's supposed to go in a reliable way. Consider that IP is the pizza, and TCP is the pizza delivery guy (or girl), she ensures your pizza gets to you on time.
Let's check out a TCP Header Packet. The first part will be the Source Port, used to transmit the packet, then you have the Destination Port which is the port to where the packet will be transmitted. Next up is the Sequence Number. This ensures that part of the data stream isn't missing from the whole packet. It identifies the TCP segment. The Acknowledgment Number is the sequence # for the next packet. Flags can include URG, ACH, PSH, RST, SYN, and FIN for type of TCP packet. Window Size is the size of the TCP receiver buffer in bytes. Checksum ensures the contacts are intact and legit. Urgent Pointer is if the URG flag is there, this part will give extra instructions about where the CPU should begin reading data in the packet. And options are extra info.
Let's take a look at a TCP Packet header so we can point these out.
TCP works by transmitting data on ports, which range between 1-65,535. Ports 1-1023 are Standard Ports (like Port 80 for HTTP falls within this category), and ports 1024-65535 are ephemeral ports, which are randomly selected when a device needs to find an open port. Both the destination and the client need to know what port the other is listening on to be able to transmit data between them. Oftentimes, a source port will be chosen at random when TCP sends a packet.
TCP packets start with a handshake that ensures the host and destination are up and ready to communicate, checks the open port, and sends a sequence number so data stays in line. The host will send a SYN packet to the destination, the destination will send a SYN/ACK packet, then the Host will send an ACK packet back. During this handshake, the Sequence Number will go up by one each time.
The TCP Teardown is the last thing that happens between the two devices before their communication is over, and it's signified by a FIN flag. The host sends the destination a FIN/ACK packet, then the destination sends the host an ACK packet, then a FIN/ACK, and the host responds with an ACK. Let's see if we can find a teardown packet header.
Lastly, sometimes a TCP packet will need to send something called a RESET, or RST as it would be called in the Flag section. If a connection is halted all of a sudden by accident, the TCP packet will try to reset with this flag. This will halt all traffic during the sequence and close out the packet.
Let me know what you think. Send me a comment below or email us at tips@hak5.org. And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust.
~-~~-~~~-~~-~
Please watch: "Bash Bunny Primer - Hak5 2225"
• Bash Bunny Primer - Ha...
~-~~-~~~-~~-~
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - วิทยาศาสตร์และเทคโนโลยี
Wire shark has been a required assignment in two of my cyber security classes this last semester.
Ah thanks, really appreciate the competence and straight-forward approach & work w/ wireshark as we're using it on campus. Thanks a lot @Hak5
Wouldn't it be a better analogy to say that IP is the address of your house, and TCP is the delivery guy that delivers the pizza and then reports he delivered at the pizza store?
bruh! pretties can say anything they want. deal with it!
I am not here for learning from video
But video was BEAUTIFUL, GORGEOUS 😍😍😍😍
why I don't have this protocol in my window?
and I'm like Domino's Pizza, if I don't come in 30min, the next one is free ;)
Looks cool,..
i cannot see that option on my wireshark :(
Hi Shannon,
Just read that on IANA that:
System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private
Ports (49152-65535)
Can you comment/confirm on ephemeral ports list, will that include the "user ports" also as 1024 itself is reserved by IANA and it by definition doesn't fall in the 'ephemeral'.
oh by the way the IP (Pizza) and TCP (Delivery boy) is a fantastic explanation.
Delivery Girl sounds better ;)
Mmm pizza...now you got my attention
Correction at 2:15 :: It's not ACH , It's ACK for Acknowledgement
How many packets are on TCP handshake and what are those packets?
3
SYNC, SYNC ACK and ACK
sudo deliver me a pizza!
I think you mean "sudo apt-get me a pizza." :D
+Matthew Bullock sudo apt-get install bagel_bites
sudo !!
I can't focus
so u worked in dominoos , coool
shannon oo la la
cringy but helpful
Shannon you're soooo attractive! HNY!
Mom I found your Daughter in Law..😁😁
You're pretty!!