TCP Tips and Tricks – What Makes Applications Slow? – Wireshark TCP/IP Analysis

What TCP symptoms can we look for when troubleshooting slow applications? Let’s find out!

Like/Share/Subscribe for more Wireshark content!

————————-FREE ON DEMAND TRAINING ——————————-
Learn some new Wireshark tricks with my hands-on courses on Pluralsight.
Check out the free 10-Day Trial so you can watch them all. Just hit one of the links below.

Getting Started with Wireshark (Intro Course) –
Foundational TCP with Wireshark –
Mastering TCP with Wireshark –
Troubleshooting Slow Networks with Wireshark –
Visualizing Network Traffic with Wireshark –

Network Analysis Fundamentals – Two Days Remote via Zoom.
Check it out here –

————— Trace File Analysis Services//Private Training ———————–
Got packet problems that you need help digging into? Want to schedule a private training for your team?

See also  Fiber Optic Basics for Field Techs
How to Build Healthy Social Relationships for Happy Living? What to read in Affairs Cloud pdf II Score 100℅ in General Awareness


Obed Carrera

Hi Chris, Just one question. If we increase the bandwidth of a dedicate link, the Windows Size initial negotiation could increase?

dominique rossignol

Hi Chris, could you supply a valid link to download the trace files ? Regards

Seriously i cant rave enough about how well you explain this! Thank you!

Russell Teapot

8:48 I heard " will show us Tupacs" …. I was quite confused

William William

Thank you for this very insightful analysis of packet captures!

Bruno Vernay

Great stuff ! You are really a reference. One thing I noticed is that students confuse Wireshark's labels: "TCP Out-Of-Order" or "TCP Retransmission" as TCP properties!
These labels are only Wireshark best guesses, not something written in the Packet itself.

mahesh jadhav

Excellent Explaination of the Transport layer stuff and how it works. It is very usefull to finding out the reason why the network is slow and aslo can provide suggetion to the Developer or the Network Engineer to rectify the issue.

Flow Ryan

Normally I can't watch such long talks that teach stuff this one kept me hooked

The original TCP RFC was in 19*74*. It was in wide use by 1982. From Wikipedia (
"The specification of the resulting protocol, RFC 675 (), was written by Vint Cerf, Yogen Dalal, and Carl Sunshine, and published in December 1974."

"In March 1982, the US Department of Defense declared TCP/IP as the standard for all military computer networking."

Rohith Reddy

Nice explanation –and learn lot of basic troubleshooting on tcp concept

Subham The Musical Guy

Thanks Chris. I have a doubt about TCP OUT of order packets . what is that for?

Your courses should be on something where we could buy just a single course. Plural sight is a overkill 🙂 Great video, the shortcuts especially were so helpful!

Jim Matrix

System Administrations get bashed by management and users when the problem lies with developers and network administrator.

Ed Zielinski

Chris – this was a revelation to me and helped me analyze some very puzzling captures. Thanks for the excellent presentation and for making it available. Your presentation and explanations are extremely lucid, clear and vivid.

Purchased a Wireshark course on Udemy but it is rather high level. These deep dive videos really compliment that course well. Bravo!

Malcolm Swart

Hi Chris. Trying to wrap my head around the TTL part of the video… I have two devices on the same subnet 10.106.63. And the trace is telling me that .48 which is the client has a TTL of 255 but when looking at an ACK of the packet the server part which is .11 its telling me a TTL of 128. Now one device is connected over wifi and the other over a cable… there is a VLAN setup with devices in between that I have no view of… my question is… isn't the client supposed to decrement the 255 value to at least 254 if there is one hop? There is only one set of ports open and I am monitoring on the server side. Thank for your help.

Deepak Jha

When a network capture is analyzed using Wireshark, 39% of the total traffic is RST packets. What could be the reason?

The connection is trying to connect to a TCP port and the port is not open

The connection is trying to connect to a UDP port and the port is not open

The 3 way handshake is unsuccessful and there are multiple retransmissions and failures

The TCP port at the source is a wrong port

Please give me answer in above 4 option

Technology stuff explained in pure conversational language, making us understand the concept underneath and retain for long. Thanks much for creating this wealth of information!

Bert Visscher

37:03 Please try to avoid pauses like this. For a moment I thought that my computer had frozen.

I realize that this is an old video, but I would like to comment on how well I could read things. There were times when I could not read a line in the top pane because the colors of the background and the text clashed.

Thank you but . My understanding at 25:00 is that Wireshark just captures the packets. If they are tcp packet is for dup or missing ….it all coming from client. Wireshark doesn't make requests to server. It simply captures. The size of your laptop you use for your Wireshark will not make dup or missing packets. Maybe I'm wrong but I'm almost sure about this .



Could you please suggest how to identify unicast storm. Not able to find any video

T Srinivas

your Videos/other training material has inspired me to take for exam(WCNA) and I have passed it. I saw this video 3 times for now.. to become good with concepts. Thank you for all your efforts in preparing this video..

James Boelter

This helped me understand Wireshark and packet analysis (for TCP, anyway) better than anything else I've read or watched. Many thanks for providing this!

Leave a Reply

Your email address will not be published. Required fields are marked *