From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Detecting anomalies using the sliding window

Detecting anomalies using the sliding window

From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts

Start my 1-month free trial

Detecting anomalies using the sliding window

- Transmission control protocol is a connection oriented transport layer protocol. It begins with a three-way handshake. Data is then sequenced and acknowledged. And it supports windowing and flow control. Windowing and flow control are achieved by using the field value, window size in the TCP header. Flow control is an end-to-end control method where a host transmits a window size with every acknowledgment indicating how many bites it can accept. So the sender doesn't transmit too much data and overwhelm the host. Let's take a look in Wireshark. I've opened this capture and we're going to do a couple of things so we can see the window. Now, when we go in here and I'll just pull this up. I'm going to drop down the TCP header. And, we're going to scroll down and here we see the window size. To add that as a column value, just simply right click and say apply as a column. I'll pull that up. And, another thing I want to…

Contents