0

On my local machine when I connect to a remote linux machine with netcat I can only see 3 related packets(the tcp handshake) in Wireshark.

I'm pretty sure there's more that happens before that(router --> ISP --> remote network) but I can't figure out how to look into the details.

Is it possible to inspect everything that happens before a TCP handshake?

Any resource that would help me better understand how this all works would be greatly appreciated

voyager19
  • 1
  • If you connect to a remote machine using it's IP there is only the TCP handshake. I am not sure what else you expect. – Robert Jul 27 '22 at 20:36
  • Could you elaborate "everything" here? Do you mean layer 2 stuff (ethernet framing)? Do you mean ARP resolving? Do you mean DNS query for domain name -> IP address? – Tero Kilkanen Jul 27 '22 at 20:44
  • 1
    It sounds like you're filtering your capture to just show you the traffic between your host and the remote host. If you want to see additional traffic from your host like ARP, DNS, etc. then you'll need to look at all of the traffic from your host. As far as seeing what your router does, you'd need to be able to inspect traffic from the routers perspective. Once the traffic exits your router toward the destination host on the ISP network, you'll be unable to see that. – joeqwerty Jul 27 '22 at 21:04
  • By "everything" I mean trying to trace my request from where it was originated(my local machine) all the way to the remote server > As far as seeing what your router does, you'd need to be able to inspect traffic from the routers perspective Q > Can I do this from my local machine or is this something that would require additional tools/configuration on the router? > Once the traffic exits your router toward the destination host on the ISP network, you'll be unable to see that. Q > Assuming I had access to the ISP network, how would I be able to do this? – voyager19 Jul 28 '22 at 10:43

0 Answers0