Analyzing the tcpdump data

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
So first thing you probably notice about tcpdump data is that there's a lot of details here. What is all this options sack stuff? We're not going to look at that in this course. I'm going to wave my magic wand to make it go away. I know it's kind of silly to say, but don't panic about the fact that this output probably looks like a big pile of weird. Some parts of it may jump out at you as already saying something, and if not right now, maybe by the end of this video. So there are some things in here you might already recognize. If you're using your own data, you'll see your machine's IP address here. Here's mine. Notice the just as we saw with ping, sometimes it shows up to the left of this little angle bracket and sometimes it shows up to the right. That's because some of these packets are going from our machine to example.net and some of them are coming back. Likewise, here's the IP address for example.net. If you want to check that, you can use the host command to look it up in the DNS. Now let's look at something that differs across these packets. At the end of each record, there's a length field that's telling us how much data was sent in that packet. That's just the payload, the actual HTTP, data as opposed to all the TCP overhead, like addresses, import numbers, and such. So the interesting thing here is that out of all of these packets, only a few of them even have any payload data. For most of them, the length value is 0. This is an important fact about TCP. Even before the client and server get to exchange any real data, they've got some set up to do to bring up the connection. And after they're done with the real data, they have some tear down to do. So looking at the first of these that has any real data, it says length 38, and the only other one has length 321. Well, where did those numbers come from? Well, let's look back at what data we actually sent. Here's our HTTP request, and if you count these newline characters at the end of each line as only one, as the backslash doesn't really count, it's going to come out to exactly 38 bytes. Which means that this record in the tcpdump data exactly represents the transmission of the HTTP request from our client, the example.net server.
Info
Channel: Udacity
Views: 26,743
Rating: undefined out of 5
Keywords:
Id: 7bsQP9sKHrs
Channel Id: undefined
Length: 2min 6sec (126 seconds)
Published: Mon Jun 06 2016
Related Videos
Wireshark Tutorial for Beginners | Network Scanning Made Easy
Anson Alexander
165K
Wireshark Packet Sniffing Usernames, Passwords, and Web Pages
danscourses
2M
Tower Defense: How TCP Packets Work
TheVimeagen
29K
What is a Protocol? (Deepdive)
LiveOverflow
151K
Learn Wireshark in 10 minutes - Wireshark Tutorial for Beginners
Vinsloev Academy
1.2M
How a DNS Server (Domain Name System) works.
PowerCert Animated Videos
4.7M
How to DECRYPT HTTPS Traffic with Wireshark
Chris Greer
352K
Big Tech AI Is A Lie
Tina Huang
38K
Introduction to Packet Analysis - Part 1: Network Protocols
webpwnized
90K
Traceroute Explained | Real World Examples
CertBros
56K
EXPLAINED: TCPDUMP and How to Sniff and Analyse tcp packet (Step-by-step Guide)
XPSTECH
55K
Wireshark Tutorial // Fixing SLOW APPLICATIONS
Chris Greer
41K
Back End Developer Roadmap 2024
freeCodeCamp.org
310K
Netstat Explained | Everything you need to know
CertBros
16K
TCPDump: Set Up and Getting Started - HakTip 142
Hak5
24K
Learn Tcpdump - Tutorial with Examples
Hack eXPlorer
7.2K
TLS Handshake Explained - Computerphile
Computerphile
537K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.