Talk:Packet Captures

From Network Security Wiki
Jump to navigation Jump to search

Wanted[edit]

  • Site to Site VPN without Delete in Phase 2


PCAPs[edit]

  • L2TP Packet
  • Active FTP
  • Passive FTP
  • TCP Handshake

Wireshark Notes[edit]

TCP Trace

Coversation -> TCP

Delta time

[]  = not in capture; informational data

rough RTT = delta bw Syn & Syn/Ack

seq no + TCP Data size =  Next Seq no

Tcp Trace = flat part = wait time; no data transfered 

In case of delay, take capture on server also & compare both.
If same delay in server cap also, then server is cause of delay
or if not, may be network is the issue.

Syn Port no tell the destination service being used
Syn has 1 Byte number = Phantom byte

In TCP silence means NO.
No negative ACK

1518 = Ethernet max frame size
1514 = in wireshark
4 bytes = CRC removed