![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/09\/image-4.png\")
<\/figure>\n\n\n\nHere I simply thought green meant good. No, seriously. I didn’t want to Bing this answer, and my poking around didn’t lead me to the real answer, so when it came time for me to note something….<\/p>\n\n\n\n Yea…<\/p>\n\n\n\n There were a few questions that asked to identify how many TCP conversations contained certain flags or options. I missed quite a few of these, mostly due to how I had interpreted “conversations”.<\/p>\n\n\n\n We looked again at things like Window Scaling, Selective ACK, and Maximum Segment Size, with an interesting question around how communication would suffer if one of those weren’t set.<\/p>\n\n\n\n In some of these cases I wonder what the diagnostic or troubleshooting reason for finding these data point might be (such as locating sequence numbers), but I think the real goal for this early in the workbook is to get comfortable simply “finding information”. Certainly there’s an emphasis on finding and building filters. <\/p>\n\n\n\n The nice thing I’ve noticed with Wireshark is that there’s actually a lot of contextual help if you know where to look. For example:<\/p>\n\n\n\n With the SYN: Set highlighted, you get the filter syntax at the bottom of the window. There’s tons of this sort of help.<\/p>\n\n\n\n These lab questions were definitely harder (for me) than the prior labs, but that’s what it’s all about — pushing myself, learning new things. More tools for the toolkit. <\/p>\n","protected":false},"excerpt":{"rendered":" Lab 4 is complete, and I’d probably give myself a passing grade for this round of questions. The subject this time was TCP SYN analysis. Now, if I were asked […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54],"tags":[14,53],"class_list":["post-247","post","type-post","status-publish","format-standard","hentry","category-learning","tag-learning","tag-wireshark"],"_links":{"self":[{"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/posts\/247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=247"}],"version-history":[{"count":1,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/posts\/247\/revisions"}],"predecessor-version":[{"id":251,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/posts\/247\/revisions\/251"}],"wp:attachment":[{"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/09\/image-5.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/09\/image-6.png\")
<\/figure>\n\n\n\n