TTL value in the SYN packet can give you a big hint. This link details some of the default TTL values across devises/Operating systems. So far I have not come across a TTL of 255. Usually, you will see a TTL of 128 or 64/60. The TTL can have a maximum value of 255 ( 8 bit header). TTL value gets decrement as the packet moves through every intermediary device on its way to its destination. Time-to-live (TTL) refers to the amount of time or “hops” that a packet is set to exist inside a network before it is discarded by a router. There is a lot of interesting and useful information you can learn from just analyzing TCP three-way handshake.
In this post, I will focus on the TCP three-way handshake and share some tips & tricks I use to understand what is happening at the TCP/IP layer using Wireshark. Having a basic knowledge to analyze TCP packets can be a useful skill to have as a performance engineer. There are times when I need to look at the TCP packets to help design a load test script or understand what is happening under the hood.
0 kommentar(er)
