Ask Your Question

Packet_vlad's profile - activity

2019-05-18 17:33:23 +0000 received badge  Popular Question (source)
2019-05-16 11:04:02 +0000 edited answer the actual tcp send window is not increased further

It's hard to tell without seeing an actual PCAP, but usually getting stuck on constant (not slowly increasing) Bytes In

2019-05-16 11:03:24 +0000 answered a question the actual tcp send window is not increased further

It's hard to tell without seeing an actual PCAP, but usually getting stuck on constant (not slowly increasing) Bytes In

2019-05-16 11:03:24 +0000 received badge  Rapid Responder (source)
2019-05-16 09:50:06 +0000 commented answer smb or smb2 packets are all parsed to tcp

Can't see the screenshot..

2019-05-15 06:29:52 +0000 edited answer Question about the sequence number and next sequence number

If packet's Sequence Number and Next Sequence Number are equal that means the packet contains no data (TCP segment lengt

2019-05-15 06:26:01 +0000 received badge  Rapid Responder (source)
2019-05-15 06:26:01 +0000 answered a question Question about the sequence number and next sequence number

If packet's Sequence Number and Next Sequence Number are equal that means the packet contains no data (TCP segment lengt

2019-05-10 21:35:47 +0000 received badge  Good Answer (source)
2019-05-10 21:35:47 +0000 received badge  Enlightened (source)
2019-05-10 07:20:05 +0000 commented answer Help analyzing TCP connection sequence

Also you may read TCP/IP Illustrated vol.1 by Stevens, this book is must have for protocol understanding. TCP part of it

2019-05-10 07:15:22 +0000 edited answer Sniffing stealmylogin.com

Try to use host stealmylogin.com as capture filter. It'll resolve the name and filter by corresponding IP. BUT the sit

2019-05-10 07:13:41 +0000 edited answer Sniffing stealmylogin.com

Try to use host stealmylogin.com as capture filter. It'll resolve the name and filter by corresponding IP. BUT the sit

2019-05-10 07:12:20 +0000 answered a question Sniffing stealmylogin.com

Try to use host stealmylogin.com as capture filter. It'll resolve the name and filter by corresponding IP. BUT the sit

2019-05-10 07:12:20 +0000 received badge  Rapid Responder (source)
2019-05-09 10:18:09 +0000 edited answer Wireshark filter src or dest

Try ether host 34-E6-D7-55-24-23 || 34-E6-D7-55-24-34

2019-05-09 10:17:48 +0000 answered a question Wireshark filter src or dest

Try ether host 34-E6-D7-55-24-23 || 34-E6-D7-55-24-34

2019-05-09 10:17:48 +0000 received badge  Rapid Responder (source)
2019-05-09 09:18:17 +0000 commented answer Help analyzing TCP connection sequence

Sake, no, I don't. I just captured Chrome traffic from home to random website, client side, on a notebook itself (PCAP

2019-05-09 09:18:03 +0000 commented answer Help analyzing TCP connection sequence

Sake, no, I don't. I just captured Chrome traffic from home to random website, client side, on a notebook itself (PCAP

2019-05-09 09:17:26 +0000 commented answer Help analyzing TCP connection sequence

Sake, no, I don't. I just captured Chrome traffic from home to random website, client side, on a notebook itself (PCAP

2019-05-09 09:12:39 +0000 commented answer Help analyzing TCP connection sequence

Sake, no, I don't. I just captured Chrome traffic from home to random website, client side, on a notebook itself (PCAP

2019-05-09 09:11:58 +0000 commented answer Help analyzing TCP connection sequence

Sake, no, I don't. I just captured Chrome traffic from home to random website, client side, on a notebook itself (PCAP

2019-05-09 08:52:51 +0000 commented answer Help analyzing TCP connection sequence

My guess is: we observe "simultaneous close" case which means both client and server decided to close a connection at th

2019-05-09 08:47:09 +0000 commented answer Help analyzing TCP connection sequence

My guess is: we observe "simultaneous close" case which means both client and server decided to close a connection at th

2019-05-09 08:44:57 +0000 commented answer Help analyzing TCP connection sequence

My guess is: we observe "simultaneous close" case which means both client and server decided to close a connection at th

2019-05-09 08:43:37 +0000 commented answer Help analyzing TCP connection sequence

My guess is: we observe "simultaneous close" case which means both client and server decided to close a connection at th

2019-05-09 08:41:53 +0000 commented answer Help analyzing TCP connection sequence

My guess is: we observe "simultaneous close" case which means both client and server decided to close a connection at th

2019-05-09 08:41:36 +0000 commented answer Help analyzing TCP connection sequence

My guess is: we observe "simultaneous close" case which means both client and server decided to close a connection at th

2019-05-08 16:20:37 +0000 commented answer Help analyzing TCP connection sequence

Sake: this is very good assumption. Check also Win size in RSTs - it is different (0 and 14336). I cannot understand on

2019-05-08 16:19:13 +0000 commented answer Help analyzing TCP connection sequence

Sake: this is very good assumption. Check also Win size in RSTs - it is different (0 and 14336). I cannot understand on

2019-05-08 16:15:04 +0000 commented answer Help analyzing TCP connection sequence

Sake: this is very good assumption. Check also Win size in RSTs - it is different (0 and 14336). I cannot understand on

2019-05-08 16:12:32 +0000 commented answer Help analyzing TCP connection sequence

Sake: this is very good assumption. Check also Win size in RSTs - it is different (0 and 14336). I cannot understand on

2019-05-08 16:12:24 +0000 commented answer Help analyzing TCP connection sequence

Sake: this is very good assumption. Check also Win size in RSTs - it is different (0 and 14336). I cannot understand on

2019-05-08 16:09:41 +0000 commented answer Help analyzing TCP connection sequence

Sake: this is very good assumption. Check also Win size in RSTs - it is different (0 and 14336). I cannot understand on

2019-05-08 16:09:18 +0000 commented answer Help analyzing TCP connection sequence

Sake: this is very good assumption. Check also Win size in RSTs - it is different (0 and 14336). I cannot understand on

2019-05-08 14:08:02 +0000 commented answer Help analyzing TCP connection sequence

@EricSnijders As for packet #2267: this is an ACK emitted by server for [FIN,ACK] packet #2265. It has ACK# 5733 (FIN h

2019-05-08 14:07:56 +0000 commented answer Help analyzing TCP connection sequence

@EricSnijders As for packet #2267: this is an ACK emitted by server for [FIN,ACK] packet #2265. It has ACK# 5733 (FIN h

2019-05-08 14:07:03 +0000 commented answer Help analyzing TCP connection sequence

@EricSnijders As for packet #2267: this is an ACK emitted by server for [FIN,ACK] packet #2265. It has ACK# 5733 (FIN h

2019-05-08 14:06:43 +0000 commented answer Help analyzing TCP connection sequence

@EricSnijders As for packet #2267: this is an ACK emitted by server for [FIN,ACK] packet #2265 from. It has ACK# 5733 (

2019-05-08 14:06:30 +0000 commented answer Help analyzing TCP connection sequence

@EricSnijders As for packet #2267: this is an ACK emitted by server for [FIN,ACK] packet #2265 from. It has ACK# 5733 (

2019-05-08 14:05:55 +0000 received badge  Rapid Responder
2019-05-08 13:56:38 +0000 commented answer Help analyzing TCP connection sequence

@EricSnijders Ah, ok, thanks for clarification!

2019-05-08 13:50:53 +0000 commented answer Help analyzing TCP connection sequence

RST must have ACK set if it's intended to close an established TCP session. The second endpoint will check this ACK # f

2019-05-08 09:22:46 +0000 commented answer Help analyzing TCP connection sequence

The only thing weird in this case is that 172.24.9.13 does not wait for the ACK to be received, but sends a RST s

2019-05-07 13:46:30 +0000 commented answer What's causing the performance issue with Citrix here?

(!) Please remove and re-do captures filtering out SMB (TCP port 445) because you've exposed seemingly sensitive SMB tra

2019-05-07 13:33:42 +0000 commented answer What's causing the performance issue with Citrix here?

(!) Please remove and re-do captures filtering out SMB port 445 because you've exposed seemingly sensitive SMB traffic i

2019-05-07 13:32:56 +0000 commented answer What's causing the performance issue with Citrix here?

(!) Please remove and re-do captures filtering out SMB port 445 because you've exposed seemingly sensitive SMB traffic i

2019-05-07 13:29:46 +0000 commented answer What's causing the performance issue with Citrix here?

(!) Please remove and re-do captures filtering out SMB because you've exposed seemingly sensitive SMB traffic in there c

2019-05-07 13:29:31 +0000 commented answer What's causing the performance issue with Citrix here?

(!) Please remove and re-do captures filtering out SMB because you've exposed seemingly sensitive SMB traffic in there c