Reading Protocols
Analyze TCP, HTTP, DNS.
Protocols Layer by Layer
Network traffic is organized in layers. Each packet wraps a higher-layer protocol inside a lower one, like envelopes within envelopes.
Reading traffic means peeling these layers in the right order.
Ethernet -> IP -> TCP -> HTTP
(frame) (pkt) (seg) (data)The TCP Handshake
A TCP connection begins with a three-way handshake: SYN, SYN-ACK, ACK. Seeing it confirms a real connection was established.
A SYN with no SYN-ACK reply often means a closed port or a firewall drop.
Client -> SYN
Server -> SYN, ACK
Client -> ACK (connection up)All lessons in this course
- Capturing Packets
- Reading Protocols
- Detecting Anomalies
- Extracting Artifacts