Interactive protocol dissector — explore TCP handshakes, TLS negotiation, DNS resolution, and UDP datagrams at the byte level with real-time annotations.
Every network packet is an onion of encapsulated layers. Click a layer to see what happens at each level.
Transmission Control Protocol
TCP Three-Way Handshake
Connection-oriented, reliable delivery. Every TCP connection starts with SYN → SYN-ACK → ACK before any data can flow.
TCPConnection Establishment
Client
Browser
192.168.1.42:54321
Server
Web Server
93.184.216.34:443
Packet Anatomy
TCPSYN Packet64 bytes
← Hover over hex bytes or click a field row to see detailed annotations
Sequence Numbers
TCP uses 32-bit sequence numbers to track byte position in the stream. The ISN (Initial Sequence Number) is randomly generated to prevent spoofing and collisions from old connections. Each side independently picks its own ISN during the handshake.
Window Size
The receive window advertises how many bytes the receiver can buffer. This implements flow control — the sender must not have more unacknowledged bytes in flight than the receiver's window allows. Window scaling (RFC 7323) extends this to 1 GiB.
TCP Options
During SYN, endpoints negotiate: MSS (Max Segment Size), Window Scale factor, SACK (Selective ACK) support, and Timestamps. These are TLV-encoded in the options field and can total up to 40 bytes.
Transport Layer Security
TLS 1.3 Handshake
After TCP connects, TLS negotiates encryption. TLS 1.3 reduced the handshake from 2-RTT to 1-RTT (0-RTT with PSK resumption).
TLS 1.3ClientHello512 bytes
← Hover bytes to inspect TLS record fields
TLSField Breakdown
Key Differences: TLS 1.2 vs 1.3
TLS 1.2
TLS 1.3
RTT
2-RTT
1-RTT (0-RTT PSK)
Key Exchange
RSA / DHE / ECDHE
ECDHE only (+ PSK)
Cipher Suites
37 supported
5 supported
Static RSA
yes
removed
Forward Secrecy
Optional
mandatory
Encrypted Handshake
no
after ServerHello
Domain Name System
DNS Resolution
Before TCP/TLS, the browser must resolve the domain name. DNS typically uses UDP:53 (but falls back to TCP for large responses or zone transfers).
DNSUDPA Record Query43 bytes
← Hover bytes to inspect DNS message structure
DNSField Breakdown
Resolution Chain
Browser cache → OS cache → Resolver → Root (.) → TLD (.com) → Authoritative NS → Answer. Each step may involve its own UDP query/response.
Record Types
A (IPv4), AAAA (IPv6), CNAME (alias), MX (mail), NS (nameserver), TXT (arbitrary text, SPF/DKIM), SRV (service discovery), SOA (zone authority).
User Datagram Protocol
UDP — Fire and Forget
Connectionless, no handshake, no guaranteed delivery, no ordering. Just an 8-byte header and your data. Used by DNS, QUIC, gaming, VoIP, video streaming.
UDPUDP Datagram Header8 bytes header
← Only 8 bytes of header — the simplest transport protocol
TCP
UDP
Connection
Handshake required
Connectionless
Header Size
20-60 bytes
8 bytes
Ordering
guaranteed
none
Reliability
Retransmission + ACK
Best-effort
Flow Control
Window-based
none
Use Cases
HTTP, SSH, SMTP
DNS, QUIC, gaming
Datagram Simulation
Click "Send" to fire 8 UDP datagrams. Some may arrive out of order, some may be lost entirely — that's UDP.
SENT ORDER:
RECEIVED ORDER:
Interactive
Packet Builder
Construct a TCP packet interactively. Adjust fields and watch the hex dump update in real time.
TCPLive Packet Preview20 bytes
← Modify fields on the left to see the packet change