With just 3 packets you can get an overview about your TCP communication.įilter your packet captures to your destination address (for needed filters use my Introduction to Wireshark – Part 2) and start analyzing. Calculated Window Size => The size of data which can be received before it needs to get acknowledged.TTL => Time to live – With that value you can calculate the number of hops between Client and Server.RTT = > Round Trip Time between Client and Server.Now the TCP communication is established and able to exchange dataĭuring the 3-Way-Handshake there is a lot of useful information exchanged between Client and Server.īeside of Source IP, Destination IP, Source Port, Destination Port, Source MAC, Destination MAC you can also get:.The Client acknowledge (ACK) the SYN packet (from the Server).The Server acknowledge (ACK) the SYN packet (from the Client) and send its own SYN packet with its Initial Sequence Number.The Client sends a SYN packet with its Initial Sequence Number to the Server.Here a short recap of how the handshake looks like: The 3-Way-Handshake is the most important step in TCP to establish a communication between client and server. Get first Information from the 3-Way-Handshake Bytes in Flight => Data which has been sent but not yet acknowledgedĪdding those columns helped me to save time in analyzing!Ģ.Delta Time => It shows the delta time to the previous captured packet.Over the time I understood that having more columns available from the beginning it will save time and helps also in troubleshooting.Īs you can see in the screenshot, I’ve added several columns. Wireshark opens your file with the “Default” profile which has the basic columns Packet Number, Time, Source, Destination, Protocol, Length, Info.
0 kommentar(er)
