This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Interpreting Packets displayed with ip filter set to xyz.com

0

I've set my filter to display packets sent to and from xyz.com and i get a bunch of info with TCP and TLS packets. I'm very very new to networking and basically using wireshark for a project. I'd be grateful if you could throw light on this question.

  1. The TCP and TLS packets being shown on wireshark, are they the ones which are ACTUALLY sent over the internet to the destination ip address or is there much more to it? Also, are TLS packets sent with TCP packets (if tcp packets are sent over the internet as reported on wireshark) over the internet or do they just stop at our routers?

asked 14 Nov '13, 16:58

anony's gravatar image

anony
11112
accept rate: 0%

One Answer:

0

Oh, this really looks like a question from an absolute novice.so this one might be of interest to you

Warriors of the net

Yes

  • IP packets are actually sent to or received from an IP (Internet Protocol) network.
  • The transport layer that is used for most internet traffic (Web HTTP) is called TCP.
  • Ontop of that you see a TLS (SSL Security Layer) which encrypts you application data.

And yes, TLS requires TCP as the transport protocol and those packets -hopefully- don't stop at the (IP)-Routers, otherwise you won't be happy as you don't get anything back in your Firefox ...

answered 14 Nov '13, 23:06

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

edited 15 Nov '13, 01:03