SlideShare a Scribd company logo

Analyzing network packets and troubleshooting TCP issues using Wireshark

S
SmrutiRanjanBiswal9

Sniffing/Analyzing network packets Using Wireshark

Software
1 of 21
Download to read offline
Sniffing/Analyzing network packets Using WiresharkSIS USING
History ● Developed by Gerald Combs, in 1990s ● Inititally called Ethereal ● Written in C & C++ Why Wireshark: ➢ Open source ➢ Works on all major OS ➢ Operates in Graphical mode ➢ Easy usage ➢ Display filters Don't forget tshark!
Features: ➢ Capture and analyze ➢ Wireless capture ➢ Display filters ➢ Intelligent scrollbar ➢ Color codes ➢ Customizable view ...and many more we would discuss in a bit.
Basic Layout 3 components: ➢ Packet list ➢ Packet details ➢ Packet bytes Let's launch wireshark, shall we?
Columns No The number of the packet in the capture file. This number won’t change, even if a display filter is used. Time The timestamp of the packet. The presentation format of this timestamp can be changed. Source The address where this packet is coming from. Destination The address where this packet is going to. Protocol The protocol name in a short (perhaps abbreviated) version. Length The length of each packet. The maximum value would depend of the MTU size. Info Additional information about the packet content. irony
Related Packet symbols
Display Filters(a few examples) ● IP address ip.addr eq 192.168.2.1 ● Ethernet Address eth.addr eq 48:ee:0c:d7:c0:3c ● Ethernet source address eth.dst eq 48:ee:0c:d7:c0:3c ● TCP or UDP port is 80 tcp.port == 80 || udp.port == 80 ● Non DNS !(udp.port == 53 || tcp.port = 53) ● Error detection tcp.analysis.flags ● Filtering packets involving any particular website: tcp contains 9gag
Just so we are aware...
Errors to look out for ➔ TCP retransmissions ➔ Out of order ➔ Duplicate Acknowledgements ➔ Zero window
"[TCP Retransmission]" that usually indicates trouble - or at least potential trouble. Cause: If a packet is lost for any reason it is retransmitted by the sender. 1. TCP retransmissions
Causes:  Full Duplex / Half Duplex mismatch (check the configuration of the network card and switch interfaces)  The server transmits data with a high speed (say 1 GBit) and the receiver is connected with a lower speed (say 100 MBit). Drops occur if the receiver is signalling a large TCP window size, found in the TCP header.  Router is pushing the same packet again through a different MAC.  A broken cable offers very poor signal quality.  A wireless network is busy or suffers from interference.
Now what's SACK(SACK_PERM=1)
2. Duplicate Acknowledgements Duplicate ACKs are sent when the receiver sees a gap in the packets it receives. Used by fast retransmission feature to send missing packets soon, not waiting for RTO. Out of order (low number of dup acks) Packet loss on the way (very high number of dup acks)
3. Out of order Incorrect sequence of received packets. Sender never sends packets out of order. They get mixed up on the way. Cause: Multiple paths between Source and destination, or not. It is seen with Dup ACKs or SACKs
seq + Length = next seq
4. Zero window Cause: Too many processes CPU load Think of its implication in UDP connection
Some other terminologies: 1. Delayed Ack: Not all data packets are followed by an ACK. It's cumulative. 2. TCP Keep-Alive: Client confirming if the connection is active. 3. Spurious retransmissions: Same data packet is received more than once. 4. Fast retransmissions: Sender retransmitting the lost packet 5. Time To Live(TTL): Remaining life time for a packet to float in a network before it expires.
Thank you !!!

Recommended

Congestion control avoidance
Congestion control avoidanceCongestion control avoidance
Congestion control avoidanceAnthony-Claret Onwutalobi
 
Tcp congestion avoidance
Tcp congestion avoidanceTcp congestion avoidance
Tcp congestion avoidanceAhmed Kamel Taha
 
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...IEEEGLOBALSOFTSTUDENTPROJECTS
 
Analysis of TCP variants
Analysis of TCP variantsAnalysis of TCP variants
Analysis of TCP variantsInstitute of Technology, Nirma University
 
Connection Establishment & Flow and Congestion Control
Connection Establishment & Flow and Congestion ControlConnection Establishment & Flow and Congestion Control
Connection Establishment & Flow and Congestion ControlAdeel Rasheed
 
Lect9
Lect9Lect9
Lect9Abdo sayed
 
Comparative Analysis of Different TCP Variants in Mobile Ad-Hoc Network
Comparative Analysis of Different TCP Variants in Mobile Ad-Hoc Network Comparative Analysis of Different TCP Variants in Mobile Ad-Hoc Network
Comparative Analysis of Different TCP Variants in Mobile Ad-Hoc Network partha pratim deb
 
Week8 lec1-bscs1
Week8 lec1-bscs1Week8 lec1-bscs1
Week8 lec1-bscs1syedhaiderraza
 

Recommended

Congestion control avoidance
Congestion control avoidanceCongestion control avoidance
Congestion control avoidanceAnthony-Claret Onwutalobi
 
Tcp congestion avoidance
Tcp congestion avoidanceTcp congestion avoidance
Tcp congestion avoidanceAhmed Kamel Taha
 
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...IEEEGLOBALSOFTSTUDENTPROJECTS
 
Analysis of TCP variants
Analysis of TCP variantsAnalysis of TCP variants
Analysis of TCP variantsInstitute of Technology, Nirma University
 
Connection Establishment & Flow and Congestion Control
Connection Establishment & Flow and Congestion ControlConnection Establishment & Flow and Congestion Control
Connection Establishment & Flow and Congestion ControlAdeel Rasheed
 
Lect9
Lect9Lect9
Lect9Abdo sayed
 
Comparative Analysis of Different TCP Variants in Mobile Ad-Hoc Network
Comparative Analysis of Different TCP Variants in Mobile Ad-Hoc Network Comparative Analysis of Different TCP Variants in Mobile Ad-Hoc Network
Comparative Analysis of Different TCP Variants in Mobile Ad-Hoc Network partha pratim deb
 
Week8 lec1-bscs1
Week8 lec1-bscs1Week8 lec1-bscs1
Week8 lec1-bscs1syedhaiderraza
 
Ns3: Newreno vs Vegas vs Veno
Ns3: Newreno vs Vegas vs VenoNs3: Newreno vs Vegas vs Veno
Ns3: Newreno vs Vegas vs VenoTCHAYE Jude
 
Congestion control, slow start, fast retransmit
Congestion control, slow start, fast retransmit Congestion control, slow start, fast retransmit
Congestion control, slow start, fast retransmit rajisri2
 
Adoptive flowcontrol in TCP
Adoptive flowcontrol in TCPAdoptive flowcontrol in TCP
Adoptive flowcontrol in TCPselvakumar_b1985
 
Leaky bucket algorithm
Leaky bucket algorithmLeaky bucket algorithm
Leaky bucket algorithmUmesh Gupta
 
Tcp Reliability Flow Control
Tcp Reliability Flow ControlTcp Reliability Flow Control
Tcp Reliability Flow ControlRam Dutt Shukla
 
Tcp congestion control
Tcp congestion controlTcp congestion control
Tcp congestion controlAbdo sayed
 
Tieu luan qo s
Tieu luan qo sTieu luan qo s
Tieu luan qo sTrường Sơn Trần
 
go back n protocol
go back n protocolgo back n protocol
go back n protocolshivani monga
 
Tcpdump
TcpdumpTcpdump
TcpdumpMohamed Gamel
 
Tcp Immediate Data Transfer
Tcp Immediate Data TransferTcp Immediate Data Transfer
Tcp Immediate Data TransferRam Dutt Shukla
 
Cubic
CubicCubic
Cubicdeawoo Kim
 
Retransmission Tcp
Retransmission TcpRetransmission Tcp
Retransmission TcpRam Dutt Shukla
 
Week5 lec3-bscs1
Week5 lec3-bscs1Week5 lec3-bscs1
Week5 lec3-bscs1syedhaiderraza
 
Tcp congestion avoidance algorithm identification
Tcp congestion avoidance algorithm identificationTcp congestion avoidance algorithm identification
Tcp congestion avoidance algorithm identificationBala Lavanya
 
Go back-n protocol
Go back-n protocolGo back-n protocol
Go back-n protocolSTEFFY D
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
Week8 lec2-bscs1
Week8 lec2-bscs1Week8 lec2-bscs1
Week8 lec2-bscs1syedhaiderraza
 
Congestion control
Congestion controlCongestion control
Congestion controlAbhay Pai
 
HTTP/2 Server Push
HTTP/2 Server PushHTTP/2 Server Push
HTTP/2 Server PushApache Traffic Server
 
Netcat
NetcatNetcat
Netcatpenetration Tester
 
tcp-wireless-tutorial.ppt
tcp-wireless-tutorial.ppttcp-wireless-tutorial.ppt
tcp-wireless-tutorial.pptRadwan Mahmoud
 
F06_Lecture7_etherne..
F06_Lecture7_etherne..F06_Lecture7_etherne..
F06_Lecture7_etherne..webhostingguy
 

More Related Content

What's hot

Ns3: Newreno vs Vegas vs Veno
Ns3: Newreno vs Vegas vs VenoNs3: Newreno vs Vegas vs Veno
Ns3: Newreno vs Vegas vs VenoTCHAYE Jude
 
Congestion control, slow start, fast retransmit
Congestion control, slow start, fast retransmit Congestion control, slow start, fast retransmit
Congestion control, slow start, fast retransmit rajisri2
 
Adoptive flowcontrol in TCP
Adoptive flowcontrol in TCPAdoptive flowcontrol in TCP
Adoptive flowcontrol in TCPselvakumar_b1985
 
Leaky bucket algorithm
Leaky bucket algorithmLeaky bucket algorithm
Leaky bucket algorithmUmesh Gupta
 
Tcp Reliability Flow Control
Tcp Reliability Flow ControlTcp Reliability Flow Control
Tcp Reliability Flow ControlRam Dutt Shukla
 
Tcp congestion control
Tcp congestion controlTcp congestion control
Tcp congestion controlAbdo sayed
 
Tcp Immediate Data Transfer
Tcp Immediate Data TransferTcp Immediate Data Transfer
Tcp Immediate Data TransferRam Dutt Shukla
 
Tcp congestion avoidance algorithm identification
Tcp congestion avoidance algorithm identificationTcp congestion avoidance algorithm identification
Tcp congestion avoidance algorithm identificationBala Lavanya
 
Go back-n protocol
Go back-n protocolGo back-n protocol
Go back-n protocolSTEFFY D
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
Congestion control
Congestion controlCongestion control
Congestion controlAbhay Pai
 

What's hot (20)

Ns3: Newreno vs Vegas vs Veno
Ns3: Newreno vs Vegas vs VenoNs3: Newreno vs Vegas vs Veno
Ns3: Newreno vs Vegas vs Veno
 
Congestion control, slow start, fast retransmit
Congestion control, slow start, fast retransmit Congestion control, slow start, fast retransmit
Congestion control, slow start, fast retransmit
 
Adoptive flowcontrol in TCP
Adoptive flowcontrol in TCPAdoptive flowcontrol in TCP
Adoptive flowcontrol in TCP
 
Leaky bucket algorithm
Leaky bucket algorithmLeaky bucket algorithm
Leaky bucket algorithm
 
Tcp Reliability Flow Control
Tcp Reliability Flow ControlTcp Reliability Flow Control
Tcp Reliability Flow Control
 
Tcp congestion control
Tcp congestion controlTcp congestion control
Tcp congestion control
 
Tieu luan qo s
Tieu luan qo sTieu luan qo s
Tieu luan qo s
 
go back n protocol
go back n protocolgo back n protocol
go back n protocol
 
Tcpdump
TcpdumpTcpdump
Tcpdump
 
Tcp Immediate Data Transfer
Tcp Immediate Data TransferTcp Immediate Data Transfer
Tcp Immediate Data Transfer
 
Cubic
CubicCubic
Cubic
 
Retransmission Tcp
Retransmission TcpRetransmission Tcp
Retransmission Tcp
 
Week5 lec3-bscs1
Week5 lec3-bscs1Week5 lec3-bscs1
Week5 lec3-bscs1
 
Tcp congestion avoidance algorithm identification
Tcp congestion avoidance algorithm identificationTcp congestion avoidance algorithm identification
Tcp congestion avoidance algorithm identification
 
Go back-n protocol
Go back-n protocolGo back-n protocol
Go back-n protocol
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdump
 
Week8 lec2-bscs1
Week8 lec2-bscs1Week8 lec2-bscs1
Week8 lec2-bscs1
 
Congestion control
Congestion controlCongestion control
Congestion control
 
HTTP/2 Server Push
HTTP/2 Server PushHTTP/2 Server Push
HTTP/2 Server Push
 
Netcat
NetcatNetcat
Netcat
 

Similar to Analyzing network packets and troubleshooting TCP issues using Wireshark

tcp-wireless-tutorial.ppt
tcp-wireless-tutorial.ppttcp-wireless-tutorial.ppt
tcp-wireless-tutorial.pptRadwan Mahmoud
 
F06_Lecture7_etherne..
F06_Lecture7_etherne..F06_Lecture7_etherne..
F06_Lecture7_etherne..webhostingguy
 
Computer Networks Module 2.pdf
Computer Networks Module 2.pdfComputer Networks Module 2.pdf
Computer Networks Module 2.pdfShanthalaKV
 
Computer network (11)
Computer network (11)Computer network (11)
Computer network (11)NYversity
 
Chapter 3. sensors in the network domain
Chapter 3. sensors in the network domainChapter 3. sensors in the network domain
Chapter 3. sensors in the network domainPhu Nguyen
 
Physical And Data Link Layers
Physical And Data Link LayersPhysical And Data Link Layers
Physical And Data Link Layerstmavroidis
 
Mobile Transpot Layer
Mobile Transpot LayerMobile Transpot Layer
Mobile Transpot LayerMaulik Patel
 
Troubleshooting TCP/IP
Troubleshooting TCP/IPTroubleshooting TCP/IP
Troubleshooting TCP/IPvijai s
 
High performance browser networking ch1,2,3
High performance browser networking ch1,2,3High performance browser networking ch1,2,3
High performance browser networking ch1,2,3Seung-Bum Lee
 
MODULE II.pdf
MODULE II.pdfMODULE II.pdf
MODULE II.pdfADARSHN40
 
Analytical Research of TCP Variants in Terms of Maximum Throughput
Analytical Research of TCP Variants in Terms of Maximum ThroughputAnalytical Research of TCP Variants in Terms of Maximum Throughput
Analytical Research of TCP Variants in Terms of Maximum ThroughputIJLT EMAS
 

Similar to Analyzing network packets and troubleshooting TCP issues using Wireshark (20)

tcp-wireless-tutorial.ppt
tcp-wireless-tutorial.ppttcp-wireless-tutorial.ppt
tcp-wireless-tutorial.ppt
 
F06_Lecture7_etherne..
F06_Lecture7_etherne..F06_Lecture7_etherne..
F06_Lecture7_etherne..
 
Computer Networks Module 2.pdf
Computer Networks Module 2.pdfComputer Networks Module 2.pdf
Computer Networks Module 2.pdf
 
Mod9
Mod9Mod9
Mod9
 
Computer network (11)
Computer network (11)Computer network (11)
Computer network (11)
 
Chapter 3. sensors in the network domain
Chapter 3. sensors in the network domainChapter 3. sensors in the network domain
Chapter 3. sensors in the network domain
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
 
Physical And Data Link Layers
Physical And Data Link LayersPhysical And Data Link Layers
Physical And Data Link Layers
 
Ba25315321
Ba25315321Ba25315321
Ba25315321
 
Mobile Transpot Layer
Mobile Transpot LayerMobile Transpot Layer
Mobile Transpot Layer
 
Troubleshooting TCP/IP
Troubleshooting TCP/IPTroubleshooting TCP/IP
Troubleshooting TCP/IP
 
Transport layer
Transport layerTransport layer
Transport layer
 
High performance browser networking ch1,2,3
High performance browser networking ch1,2,3High performance browser networking ch1,2,3
High performance browser networking ch1,2,3
 
MODULE II.ppt
MODULE II.pptMODULE II.ppt
MODULE II.ppt
 
MODULE II.pdf
MODULE II.pdfMODULE II.pdf
MODULE II.pdf
 
Lec9
Lec9Lec9
Lec9
 
Analytical Research of TCP Variants in Terms of Maximum Throughput
Analytical Research of TCP Variants in Terms of Maximum ThroughputAnalytical Research of TCP Variants in Terms of Maximum Throughput
Analytical Research of TCP Variants in Terms of Maximum Throughput
 
A Performance Comparison of TCP Protocols
A Performance Comparison of TCP Protocols A Performance Comparison of TCP Protocols
A Performance Comparison of TCP Protocols
 
22 circuits
22 circuits22 circuits
22 circuits
 
Data link layer
Data link layerData link layer
Data link layer
 

Recently uploaded

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 

Recently uploaded (20)

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 

Analyzing network packets and troubleshooting TCP issues using Wireshark

  • 1.
  • 3. History ● Developed by Gerald Combs, in 1990s ● Inititally called Ethereal ● Written in C & C++ Why Wireshark: ➢ Open source ➢ Works on all major OS ➢ Operates in Graphical mode ➢ Easy usage ➢ Display filters Don't forget tshark!
  • 4. Features: ➢ Capture and analyze ➢ Wireless capture ➢ Display filters ➢ Intelligent scrollbar ➢ Color codes ➢ Customizable view ...and many more we would discuss in a bit.
  • 5. Basic Layout 3 components: ➢ Packet list ➢ Packet details ➢ Packet bytes Let's launch wireshark, shall we?
  • 6. Columns No The number of the packet in the capture file. This number won’t change, even if a display filter is used. Time The timestamp of the packet. The presentation format of this timestamp can be changed. Source The address where this packet is coming from. Destination The address where this packet is going to. Protocol The protocol name in a short (perhaps abbreviated) version. Length The length of each packet. The maximum value would depend of the MTU size. Info Additional information about the packet content. irony
  • 8. Display Filters(a few examples) ● IP address ip.addr eq 192.168.2.1 ● Ethernet Address eth.addr eq 48:ee:0c:d7:c0:3c ● Ethernet source address eth.dst eq 48:ee:0c:d7:c0:3c ● TCP or UDP port is 80 tcp.port == 80 || udp.port == 80 ● Non DNS !(udp.port == 53 || tcp.port = 53) ● Error detection tcp.analysis.flags ● Filtering packets involving any particular website: tcp contains 9gag
  • 9. Just so we are aware...
  • 10. Errors to look out for ➔ TCP retransmissions ➔ Out of order ➔ Duplicate Acknowledgements ➔ Zero window
  • 11. "[TCP Retransmission]" that usually indicates trouble - or at least potential trouble. Cause: If a packet is lost for any reason it is retransmitted by the sender. 1. TCP retransmissions
  • 12. Causes:  Full Duplex / Half Duplex mismatch (check the configuration of the network card and switch interfaces)  The server transmits data with a high speed (say 1 GBit) and the receiver is connected with a lower speed (say 100 MBit). Drops occur if the receiver is signalling a large TCP window size, found in the TCP header.  Router is pushing the same packet again through a different MAC.  A broken cable offers very poor signal quality.  A wireless network is busy or suffers from interference.
  • 13.
  • 15.
  • 16. 2. Duplicate Acknowledgements Duplicate ACKs are sent when the receiver sees a gap in the packets it receives. Used by fast retransmission feature to send missing packets soon, not waiting for RTO. Out of order (low number of dup acks) Packet loss on the way (very high number of dup acks)
  • 17. 3. Out of order Incorrect sequence of received packets. Sender never sends packets out of order. They get mixed up on the way. Cause: Multiple paths between Source and destination, or not. It is seen with Dup ACKs or SACKs
  • 18. seq + Length = next seq
  • 19. 4. Zero window Cause: Too many processes CPU load Think of its implication in UDP connection
  • 20. Some other terminologies: 1. Delayed Ack: Not all data packets are followed by an ACK. It's cumulative. 2. TCP Keep-Alive: Client confirming if the connection is active. 3. Spurious retransmissions: Same data packet is received more than once. 4. Fast retransmissions: Sender retransmitting the lost packet 5. Time To Live(TTL): Remaining life time for a packet to float in a network before it expires.