Top 5 Wireshark tricks to troubleshoot SLOW networks
Big thank you to Proton for sponsoring this video. Get Proton VPN using my link: davidbombal.wiki/protonvpn2
// Chris’ SOCIAL //
LinkedIn: / cgreer
KZhead: / chrisgreer
X/Twitter: / packetpioneer
// GitHub Link to lab file //
Packet Pioneer GitHub: github.com/packetpioneer/yout...
// KZhead videos REFERENCE //
Wireshark Tutorial for beginners. Where to start with Wireshark: • Wireshark Tutorial for...
// KZhead PLAYLIST //
Wireshark with Chris Greer: • How TCP really works /...
// David SOCIAL //
Discord: / discord
X: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
KZhead: / @davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Coming up
01:02 - Proton VPN sponsored segment
02:11 - "Packets don't lie" // Chris Greer background
04:43 - Chris Greer KZhead channel and courses
06:26 - Wireshark demo // Downloading Chris's pcap
07:39 - Top 5 things to look for to pinpoint problems in a pcap
07:59 - No.1: Examining the TCP handshake // Setting up in Wireshark
14:32 - No.2: Looking into TCP options
15:31 - History of TCP
16:33 - No.2: Looking into TCP options (continued) // TCP options explained
21:08 - "Practical is key"
21:42 - No.3: Finding slow packets
25:37 - No.4: TCP indicators // "Packets do lie"
34:56 - No.5: Finding root cause
38:58 - Another example of "packets don't lie"
42:05 - Check out Chris Greer's KZhead channel!
42:34 - Conclusion
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended.
Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#wireshark #filters #top5
Big thank you to Proton for sponsoring this video. Get Proton VPN using my link: davidbombal.wiki/protonvpn2 // Chris’ SOCIAL // LinkedIn: www.linkedin.com/in/cgreer/ KZhead: kzhead.info X/Twitter: twitter.com/packetpioneer // GitHub Link to lab file // Packet Pioneer GitHub: github.com/packetpioneer/youtube/blob/main/Lab1-GreerBombal_ItsNotTheNetwork.pcapng // KZhead videos REFERENCE // Wireshark Tutorial for beginners. Where to start with Wireshark: kzhead.info/sun/grlmcZZ9pIiofok/bejne.html // KZhead PLAYLIST // Wireshark with Chris Greer: kzhead.info/sun/pdF_iJWOa2uBa40/bejne.html&pp=iAQB // David SOCIAL // Discord: discord.com/invite/usKSyzb X: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZhead: www.youtube.com/@davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
Old days. Fluke optiview, and iperf.
29:10 I spent a lot of time earlier to understand that why I am getting huge value in segment length column although MTU is set 1500. Thank you Chris for going to different tangents; it helps a lot! Thank you David for bringing such valueable persons on your channel!
Yeah that is a tricky one!
David & Chris you are opening our eyes 👀. Thank you 🙏
Happy to hear that! You're welcome!
Wasn't expecting to watch this end to end, - but damn, enthralled. Love this stuff!
Hey Chris don't listen anybody and give us that details please. Those kind of knowledges are necessary when you try to give a logic to processes. Thank you David, awesome again. Appreciate it.
I ❤ the videos you do with Chris Greer. The info he provides about Wireshark & what you're looking at + for within pcap's is something, I feel, today every network'er should know how to do & what to look for. 👍👍👌
Thanks Chris/David. Chris I love more detail than less detail when explaining different things.
Chris I love your side bars and detailed tangents little buddy absolute gold!
This channel is a goldmine for aspiring networking/cyber security professionals
Great video! If you 're TSing issues regarding Window Size and Packet Loss (to double-check if the TCP window size is not getting slammed on the receiver, and on the very rare occasion vice versa). select under 'Statistics - TCP Stream Graphs - Window Scaling', this a good tool to measure and view the respective Window scaling between C/S and S/C. I think Chris made a video of it years ago! I hope this helps :)
Thanks Chris Greer and David Bombal. Getting in detail is actually good as it further clears the concept of what is behind the stuff you're imparting.
Ironically talking about the slow passage of time between packets, but at the same time this video was over before I knew it! Fantastic explanation as always, and lovely to see you again as a guest, Chris.
Love the details and tangents because it helps me understand more of the big picture. Awesome content and I'm going to get lost in your channel, Chris. Thanks both!
This is very timely, I'm dealing with network issues right now!
I watch lots of your videos David but damn!!... this has been one of my favorites by far. Please we need more content like this 🙏🏼🙏🏼🙏🏼
A very big thank you to both of you. You guys are literally changing the way I look into network issues and I am becoming better and better each day. Keep up the beyond-excellent work.
I ❤ the detailed tangents. In this case (29 min mark), it helped me understand where in the process the capture actually happens and why they show larger than 1500. Keep the details coming.
These are always fascinating and as for the digressions, I'm OK with them because you always come back to the point you digressed from but have also imparted some breadth to the discussion. I could always jump ahead in any case if I found them unhelpful.
I once used the skills Chris taught to analyze an LNK file attack, showed me how beautiful that attack was...
No lies, the detailed tangents really help expand on the why of it for me. Great video guys!
Thanks for the feedback. I love getting to the point, but so much is lost when you do that.
@@ChrisGreer Absolutely! I’ve just started transitioning to an IT based career and earned the A+ certification and working on security+. Every time you expanded upon the point you were making it definitely helped me understand things better. Thanks for your content, and I absolutely subscribed to your channel!
Always enjoy a good detailed tangent.
Great stuff! Really enjoyed Chris' analysis! Keep 'em coming!
Really enjoyed video! Thanks for both of you guys for these informative content.
Chris is a great mentor. His knowledge, personality and demeanor lend himself to being great. Always enjoy his content, thanks for hosting him.
Thanks for the comment! I really enjoy coming on and chatting with david.
Couldn’t have said it better
Thank you for sharing your knowledge and experience.
Thanks to you both for this video!!! Had a problem, which seems to be a very similiar to this and I used your technique to troubleshoot! Thank you very much!! :)
great work David and Chris. I love your contents. I'm someone looking for breakthrough in Wireshark packet analysis. I feel Chris' channel is just the right place for me. Love from Nigeria. Keep up the good work. Thank you so much David. Looking forward to more sessions like this with you and chris
Brilliant. And Chris, you got yourself a new subscriber. Thx for sharing both.
That's cool! Thank you for the tricks!! I will use wireshark to understand in depth of packets!
This is brilliant, I have another bookmarked video! Digressing is fine and works for me, Chris adds value to the subject when he does this. Even in 2024 the basic fundamentals of TCP are essential, just wish I had more time to spend in this area.
I enjoy listening to both you guys
More Chris Greer videos! His content is awesome. Post more on your own channel Chris!
I know… 😆 thanks for calling me out!
Great content, as always David and Chris! I will stay on one point: "...let's buy training instead of a lot of equipment!"
Thank you guys. you made packet analysis interesting. Definitely checking on Chris's channel and learn more about Wireshark.
I love when you have chris on. I bought tye course he did with wireshark and nmap, just havent had time to start it, yet. Busy with ccna study and tls study with Ed Harmoush. When chris goes 'on tangents' it's an excellent learning opportunity. Would gave liked a bit more on the relationship between segment size and window size in tcp. Would also like to see more about QUIC. Thanks.
Great work. Your videos keep me entertained and interested. Thank you again.
Glad to hear it!
I bought this dudes Wireshark course on Udemy; very solid. Would recommend for anyone in IT to take it. Thank you David for having this dude on.
Love youre content David, ure my example of a hero!
On all of the web, you guys are the best!
Like always this content with chris is spot on and awesome. BTW tangents are awesome, they help out a bunch.👍, I wish I could give these videos more than 1 thumbs up LOL
my fav. thanks, david, & chris.
I really enjoy this. Wireshark is such an important tool.
Much appreciations guys! Patiently waiting for that SACK video
This is a great idea.
What a G! Thanks for introducing me to this guy. I've been using WS for years and it's nice to pick up some new tricks.
You're welcome! Chris is the person to follow if you want to learn about Wireshark.
Great to see u guys again
I love chris, hes always trying to just teach us stuff but like actually without peddling shitloads of courses and shit
Hey David and Chris, You both are awesome. Thanks for all these videos. Chris, you are looking cool with your new beard style 😊..
Good to hear an ad for a VPN that's really just about what it's main function is, which is encrypting traffic. You can build one at home with a raspberry pi if you can find one, you just wont have the geolocation hopping. It is just a good first line of defense against attacks, as letting people know your IP can let them possibly wreak havoc on your device.
This is so awesome! @Chris, I support the detailed tangents!
Glad you enjoyed the video!
Great interview and tutorial! Many helpful insights 💎
Glad you enjoyed it!
Brilliant video as usual. David and Chris are so sweet persons and have the ability to pass their knowledge. and that's make the difference!! You can be a great scientist, but if you dont have the ability to spread your knowledge, you cant be a good teacher.
Super valuable video! Thanks!
eagerly waiting for stuff like that from you
Love the detailed tangents. Would like to know what the window size is.
Really fantastic video and good to see Chris x David again. David please invite Neal Bridges again and talk about Cybersecurity and how AI is shifting the paradigms of the Cybersecurity Thanks and Love from Pakistan ❤
Hands on is the Best way to learn, build home labs small or large testing stuff on that and watching what it does is when you can really grasp this stuff.
Thanks Chris and David!!! This seems like a murder mystery thriller movie to me. lol. 🤣🤣🤣
Great content and bravo! And oh your video editing is top top 🔥
Glad you liked it!!
Great video!! I do like when he gets straight to the point though. The tangents throw me off cause I lose focus. When he gets straight to the point I feel like gain so much knowledge and light bulbs start going off. Thanks again for this amazing content!!
That is great feedback, thank you!
If you had mention VirtualBox at the beginning, I wouldn't even need to check the pcap lol Great video guys thx!
David thanks you can improve my education
Chris you look better with the beard :) - thank you David and Chris for this ...
keep it up with the details in wireshark. I need to lean nore :)
Great learning this morning weekend thank you sir for sharing this tutorial video it’s makes me inspired by this video sir 32:41
Good work out of you both 👍👍👍
Thank you!
Thanks Chris
yes please share details and rabbit trails !
"Ya I had 'er, and all I got was.. EVERYTHING!" Low level? Well I did turn on my physical connector's Promiscuous mode! Rocked that Packet Capture all night! After all; "PCAPs or it's fake!".
I really like it, a lot! You know, those detailed tangents. An explanation of how an application works and what you can use it for is nice, but if you skip those tangents, I will not know why everything I see is or behaves just slightly different from what you're explaining. I'd have to look up every single detail that you explain in those tangents. But if you have physical access to the network, can't you then just hook up to the wire that is going into your modem or coming out of your modem to see what packages are sent from the server?
Great video. Thank you.
Glad you liked it!
Watching now!
Enjoyed the content! 😎👊 “it’s always DNS”
I would love to see how to troubleshoot asymmetric routing that is messing up TCP handshakes, using Wireshark
Idea for another video : covering active directory authorizations or AD attacks
Keep on tangenting. Thats what they made 1.5x speed for
Amaizing
It was over 5 minutes and we weren't in a pcap file... 😮😅
Hey David, love your content. But please try to not interrupt your guest when they are talking. Thx in advance.
Chris is Awesome
Agreed!
Thanks
You're welcome!
Hello David, greetings from Chile, a query do you know of any book that you recommend that talks about the study of packages?
Awesome
Best Wireshark Howto EVER. +bonus TCP SYN ACK analysis, hit _that_ spot by bringing out an RFC reference. So dope good content man tangent detail Approved [ACK]. =:r[]
Just do it ❤
I hope you enjoy the video :)
Thank you David and Chris. What about the QUIC protocol, what is your opinion? Should we use it instead of the good old TCP?
It's a good question. Over the web, many services are switching to QUIC under our noses. If it is an internal enterprise application, it may not be worth the switch unless users are widely distributed over unreliable networks. That is where QUIC can outshine TCP. For for general use, TCP is just fine. Most of TCP lives on within QUIC anyway. Thanks for asking!
Thank you Chris, but isn't the QUIC build on top of the UDP? @@ChrisGreer
Hi, Does these same techniques apply to WAN networks?
I am feeling dirty for thinking Chris is incredibly hot. But seriously, these videos are amazing and I cannot wait to learn more. You guys make the dull into the fascinating.
so what was shaping the packet? which virtual setting on the host was responsible for this?
28:50 what usually causes the segmentation or reassembly issues?
There is one thing I want to know more about. Thats VPN traffic and how a server can ses there is VPN traffic and how to hide the VPN traffic from the server. Perhaps hide your VPN traffic as HTTPS traffic?
Can AI disguise as packets? Hmm, that is the future question!
A very good question to ponder on. This will be a possibility in years to come and people will look back on this question with delight.
Lol. Or it was never A.i in the first place. And it WAS ALWAYS PACKETS. A.i = automated packet system . The rest of the hype is Hollywood trained
Even half a year from now is the future.
nice
I want to start into cyber security, from where should i start
how did you get the TCP Segment Length column?
Can you please give me a quick synopsis of why Proton VPN compared to someone like Nord VPN? I know proton is a sponsor, but I believe you can provide some of what I’m asking about. Am I able to get more granular with proton as compared to Nord?
@ChrisGreer Details and circumstances do matter. That's how you will become an expert.
I am a windows user and using wireshark version 4.0.0 . when I jumped to check tcp option from the server side. I could find the field that showed me the SACK is not supported and also the window size. Do I need to update my wireshark ??
Do you have a video on tcpdump?
📝 Summary of Key Points: 📌 The video discusses troubleshooting network performance issues by analyzing packet captures, focusing on factors like TCP handshake, TCP options, time delays, TCP indicators, and root cause analysis. 🧐 Detailed examination of TCP handshake, including TCP options like maximum segment size, selective acknowledgment, and window scale, provides insights into network behavior and performance. 🚀 Analyzing time delays between packets reveals congestion issues, such as TCP zero window, impacting data transfer and causing significant delays in communication. 💡 Additional Insights and Observations: 💬 "Packets don't lie" emphasizes the importance of hands-on packet analysis to understand network issues thoroughly and develop effective troubleshooting skills. 📊 Understanding TCP settings and indicators can help network engineers pinpoint performance bottlenecks and address root causes effectively. 📣 Concluding Remarks: The video highlights the significance of packet analysis in diagnosing network problems, showcasing how TCP settings, delays, and indicators can reveal critical insights for resolving performance issues. By delving into packet captures and interpreting network behavior, professionals can enhance their troubleshooting capabilities and optimize network performance effectively. Generated using TalkBud
Chris got beards now ...... lovely