Another great episode, I really appreciate the history-tidbits about implementations :) Maybe a bit too laborious, but I'd love to see an episode about BGP, possibly including some explanation of BGP-highjacking which was very "popular" a few years ago.
At 8:49, wireshark shows us value of hex 2 for do not fragment flag while the true value is 4. I think it does because of only 3 bits available for flags and it assumes DF bit is second and gives it value 2 even though it is the 3rd bit in high order nibble.
Correct. the fragment flags (Evil Bit, Do Not Fragment, and More Fragment) are interpreted separately by Wireshark. so MF=1, DF=2, and Evil=4. While the bit values at ip[6] are one-off. (Evil=8, DF=4, MF=2 and the highest offest bit =1)
Thanks ! High density of information about the TLS client hello packet packed into this video.
Glad it was helpful!
Great content! Thank you for sharing these videos with us.
Another great episode, I really appreciate the history-tidbits about implementations :) Maybe a bit too laborious, but I'd love to see an episode about BGP, possibly including some explanation of BGP-highjacking which was very "popular" a few years ago.
Have to see if i can do something about BGP. A bit a big topic.
Loved the video, keep them coming!!!
At 8:49, wireshark shows us value of hex 2 for do not fragment flag while the true value is 4. I think it does because of only 3 bits available for flags and it assumes DF bit is second and gives it value 2 even though it is the 3rd bit in high order nibble.
Correct. the fragment flags (Evil Bit, Do Not Fragment, and More Fragment) are interpreted separately by Wireshark. so MF=1, DF=2, and Evil=4. While the bit values at ip[6] are one-off. (Evil=8, DF=4, MF=2 and the highest offest bit =1)