Book Image

Wireshark Revealed: Essential Skills for IT Professionals

By : James H Baxter, Yoram Orzach, Charit Mishra
Book Image

Wireshark Revealed: Essential Skills for IT Professionals

By: James H Baxter, Yoram Orzach, Charit Mishra

Overview of this book

This Learning Path starts off installing Wireshark, before gradually taking you through your first packet capture, identifying and filtering out just the packets of interest, and saving them to a new file for later analysis. You will then discover different ways to create and use capture and display filters. By halfway through the book, you'll be mastering Wireshark features, analyzing different layers of the network protocol, and looking for any anomalies.We then start Ethernet and LAN switching, through IP, and then move on to TCP/UDP with a focus on TCP performance problems. It also focuses on WLAN security. Then, we go through application behavior issues including HTTP, mail, DNS, and other common protocols. This book finishes with a look at network forensics and how to locate security problems that might harm the network.This course provides you with highly practical content explaining Metasploit from the following books: 1) Wireshark Essentials 2) Network Analysis Using Wireshark Cookbook 3) Mastering Wireshark
Table of Contents (5 chapters)

Chapter 9. UDP/TCP Analysis

This chapter contains the following recipes:

  • Configuring TCP and UDP preferences for troubleshooting
  • TCP connection problems
  • TCP retransmissions – where they come from and why
  • Duplicate ACKs and fast retransmissions
  • TCP out-of-order packet events
  • TCP Zero Window, Window Full, Window Change, and other Window indicators
  • TCP resets and why they happen

Introduction

The goal of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) is to pass information between end applications, for example, from a web client to a web server, mail client to a mail server, and so on. This is done by providing identification to end applications and forwarding packets between them. These identifications are called port numbers, and a port number with its IP address is called a socket. In the following diagram you can see what happens when you open a connection from your browser to a web server. The web server listens on port 80 and you will open a connection, for...