Packet Tuesdays

Episode 2: EDNS 0 Packetcapture
Episode 1: DNS and Punycode Packetcapture
Episode 0: Introduction

Join me each Tuesday as I dissect a network packet. Each packet will be examined byte by byte (sometimes bit by bit) to demonstrate interesting network protocol features, an attack, or some curiosity I came across as I traveled the packet world of modern networks.

It will be a fun, family-safe, and hopefully educational journey into the world of packets. These videos are very much inspired by SEC 503, Intrusion Detection in Depth, a class I am teaching for SANS.

The videos assume a reasonable understanding of network protocols like TCP, IPv4/6, DNS, and HTTP. Each video will include a packet capture for you to follow along. I assume that you will sometimes pause the video to follow along. Have Wireshark and tcpdump ready and some of the relevant protocol headers (see, for example, the SANS TCP/IP cheatsheet).

How can you help make this better?

You may contact me at

Johannes B. Ullrich, Ph.D.
Dean of Research
SANS Technology Institute