Back

The Packet Highway

Every piece of data your computer sends is chopped into packets — little cars carrying a slice of cargo across the network. Watch them drive, crash, and get re-sent, then dissect them like you would in Wireshark.

1 · WATCHEach car below is one packet driving between Your PC and the Internet. Top lanes go out, bottom lanes come back.
2 · DISSECTClick any car (or any row in the capture table) to open it up, layer by layer — exactly like Wireshark's packet details pane.
3 · BREAK ITCrank the packet loss slider, then run ping 8.8.8.8 in the terminal at the bottom. Watch your pings literally go up in flames.
Live traffic — interface eth0t = 0.0s
DISPLAY FILTER: Just like Wireshark display filters: they change what you see, not what's on the wire. Note how tcp also matches HTTP and TLS cars — those ride inside TCP. DNS rides on UDP.
0
Packets captured
0
Delivered
0
🔥 Lost
0
TCP Retransmissions

The capture — Wireshark's two panes

Left: the packet list — one row per car, newest at the bottom. Right: the packet details — the selected packet opened up layer by layer (Ethernet → IP → TCP/UDP/ICMP → application). Click around!

Packet list
No.TimeSourceDestinationProtoLenInfo
Packet details
Click a car on the highway — or a row in the packet list — to dissect it here. 🔬

Who's on the road?

Each protocol gets its own vehicle. The metaphors aren't just cute — they match how the protocols actually behave.

Road incidents

On the highwayIn real networking
🔥 Car catches fire & veers offPacket loss. Congested routers drop packets when their queues overflow; Wi-Fi interference and faulty cables kill them too. The packet is simply gone — nobody sends an apology note. Cause of ~every "why is it slow" ticket.
🚗 New car with a RETX badgeTCP retransmission. The sender never got an ACK back, so after a timeout it sends the segment again. This is why TCP is "reliable" — and why Wireshark paints these rows black/red under Bad TCP. Watch: a burning TCP car is always followed by a RETX car. A burning UDP bike is just… gone.
🚙🚙🚙 Three-sedan convoy
SYN → SYN-ACK → ACK		The TCP three-way handshake. Before any real data moves, both sides agree to talk: "wanna talk?" (SYN), "sure, you?" (SYN-ACK), "yep!" (ACK). Every web page, every SSH session starts with this exact convoy.
🛣️ Car stopped mid-highway,
police car drives back		TTL expired (run traceroute in the terminal). Every IP packet has a Time-To-Live counter; each router decreases it by 1 and discards the packet at 0, sending back an ICMP "Time Exceeded". Traceroute maps the route by sending packets with TTL 1, 2, 3…
Wireshark cheat-sheet: this page is Wireshark's layout. The packet list above = Wireshark's top pane. The packet details tree = the middle pane. The display filter chips = the green filter bar (tcp, dns, icmp…). In real Wireshark you'd start a capture on an interface (like eth0 or Wi-Fi), generate some traffic, then filter the noise away. Try it after playing here — it'll feel familiar.

The network toolbox

A little terminal wired straight into the highway: every command sends real cars up there. Crank packet loss and watch ping time out while ssh shrugs it off — that's UDP/ICMP vs TCP in one experiment.

student@packet-highway: ~
student@ph:~$
TRY: