Packet Tuesdays

Episode 12: DNS Notify Packetcapture
Episode 11: Large ICMP Errors Packetcapture
Episode 10: IPv6 Neighoradvertisements Packetcapture
Episode 9: IPv6 Router Advertisements Packetcapture
Episode 8: NTP Packetcapture
Episode 7: IP Options Packetcapture
Episode 6: TLS Server Hello Packetcapture
Episode 5: FreeBSD Ping Vulnerability Packetcapture
Episode 4: TLS Client Hello Packetcapture
Episode 3: TCP Urgent Flag Packetcapture
Episode 2: EDNS 0 Packetcapture
Episode 1: DNS and Pynycode Packetcapture
Episode 0: Introduction Packetcapture

Join me each Tuesday as I dissect a network packet. Each packet will be examined byte by byte (sometimes bit by bit) to demonstrate interesting network protocol features, an attack, or some curiosity I came across as I traveled the packet world of modern networks.

It will be a fun, family-safe, and hopefully educational journey into the world of packets. These videos are very much inspired by SEC 503, Intrusion Detection in Depth, a class I am teaching for SANS.

The videos assume a reasonable understanding of network protocols like TCP, IPv4/6, DNS, and HTTP. Each video will include a packet capture for you to follow along. I assume that you will sometimes pause the video to follow along. Have Wireshark and tcpdump ready and some of the relevant protocol headers (see, for example, the SANS TCP/IP cheatsheet).

How can you help make this better?

You may contact me at

Johannes B. Ullrich, Ph.D.
Dean of Research
SANS Technology Institute