For a deep dive into the TCP header, go to https://www.cloudshark.org/captures/0012f52602a3. Download and open the packet capture file, HTTP.cap, in Wireshark.

To follow along, select frame five (5) and focus on the packet details pane, as shown in the following screenshot:

Starting from the top, Wireshark lists the contents of this single frame. Each header has a summary, followed by the details of the header. You can expand the header by clicking on the arrow (or caret, >) on the right-hand side to see the details. In frame 5, we can see the following:

• Frame 5: Frame is not a protocol. Frame is a list of values generated by Wireshark that describes information about a single frame. Expand the frame by clicking on the arrow on the right-hand side to see the details, as shown in the following screenshot:

• Ethernet II: The (true) frame header follows the metadata summary and provides information about the source and destination MAC address, as shown in the following screenshot:

• Internet Protocol Version 4: The IP header summary includes the source and destination IP address, followed by the IPv4 field values.
• Transmission Control Protocol: The TCP header lists the summary, including source and destination ports, sequence and acknowledgement numbers, and length (len), followed by the TCP field values

Now that we have covered the details that are found in a single frame, let's examine the TCP header and each of the field values.