Netanalyzer Note ii. Simple protocol analysis

Source: Internet
Author: User
Tags rfc

[Creation time: 2015-08-27-22:15:17]

Netanalyzer

We reviewed the Netanalyzer some of the optional history, in this article, I decided not to introduce Netanalyzer, but first to understand some of the basic knowledge of building netanalyzer, such as the system can be analyzed in some network protocols, understand how they are distributed, field meaning, and so on. On the basis of understanding the agreement, began to introduce some winpcap, in this process, learning to configure the WinPcap development environment, do some simple data collection procedures. The third part mainly introduces some basic grammatical structures of filter expressions. Write down to introduce some of the data structures and programming ideas involved in the development of the netanalzyer process.

Protocols in the Netanalyzer

Here I do not want to talk too much about the architecture of the Protocol, no matter what the OSI seven layer model, and regardless of the TCP/IP four-tier structure, but also a lot of knowledge of these systems, and in a lot of books are introduced. What is said here is that the data that can be parsed in Netanalyzer, and the corresponding explanation and explanation to each data field, and finally only as reference material, convenient netanalyzer follow up development upgrade. Therefore, all data packet analysis data here will be based on the existing data analysis results in Netanalyzer, and the whole analytic hierarchy as a reference for the protocol description.

Take a look at the Netanalyzer data analysis interface before introducing specific protocols

(a) the list of packets obtained above

(b) The lower left corner is the content of the specific protocol analysis and the core area of the software

(c) The bottom right corner is the specific raw data for the packet

The software can collect data from the network card, can also read the cache file to obtain, because some packets are not easy to collect, so you can download here (will not blog file, so give a link to it)

Http://pan.baidu.com/s/1ntxi5dB

1. Frames (frame)

In fact, this is not a network protocol. This is just the basic information used to obtain a data message, which is a data format defined by WinPcap, which is displayed when it is converted to a string. When each packet is captured, the stored data in memory 2.1 shows

Figure 2.1 The original data message

The first field, including the colon, 13,309,501:631,439 is a timestamp-marking method. The timestamp is recorded with ":" As a delimiter, divided into seconds and timed with milliseconds.

Seconds: 32-bit, a UNIX-format accurate to the second time value, used to record the time the packet was captured, recorded by the date of January 1, 1970 from 00:00:00 GMT to capture the packet the number of seconds elapsed;

Millisecond timer: 32 bits, which records the millisecond value of the packet being fetched.

In the field after the timestamp, the enclosed field that uses parentheses is the size of the current fetch data packet. In byte text units. It records the true length of the captured packet, and if the file is not complete, the value may be larger than the value of the previous packet length, and the number of data in the field is 54 bytes.

The data after the first line transmits the data message for the network, in order to facilitate the display in the book, this is shown here in hexadecimal form, in which the header information of the various protocols is recorded and the data content is requested. Figure 2.2 is a summary of the information for the entire data message.

Figure 2.2 The data information to be expressed in frame

2 Ethernet Protocol (Ethernet)

After completing the basic information of the data message, we now begin the real protocol analysis. The first is naturally the link layer of Ethernet. Because most of the network is now built using Ethernet.

The Ethernet was first created by Xerox and was jointly developed by three companies in 1980 Dec, Lntel and Xerox as a standard.   Ethernet is the most widely used LAN, including standard Ethernet (10MBIT/S), Fast Ethernet (100MBIT/S) and 10G (10GBIT/S) Ethernet, using the CSMA/CD access control method, which are all compliant with IEEE802.3. The IEEE 802.3 standard IEEE802.3 Specifies the contents of the wiring, electrical signals, and media access layer protocols that comprise the physical layer. Ethernet is the most common LAN technology in the current application. It largely replaces other LAN standards, such as Token Ring, FDDI, and Arcnet. After the rapid development of 100M Ethernet at the end of the last century, gigabit Ethernet and even 10G Ethernet are expanding the scope of application under the impetus of international organizations and leading enterprises.

The common 802.3 applications are:

10M:10BASE-T (copper UTP Mode)

100M:100BASE-TX (copper UTP Mode)

100BASE-FX (fiber optic cable)

1000M:1000BASE-T (copper UTP Mode)

Ethernet uses passive media to disseminate information on a broadcast basis. It specifies the physical layer and the Data Link layer protocol, which specifies the interface of the physical layer and the data link layer and the interface between the data link layer and the higher level.

(1) Physical layer

The physical layer specifies the basic physical properties of the Ethernet, such as data encoding, markers, and electrical frequency.

(2) Data link layer

The main function of the data link layer is to complete frame sending and frame receiving, including the assembling and decomposing of the frame of user data, monitoring the information monitoring sign of the physical layer at any time, understanding the busy situation of the channel and realizing the management of the data link.

The Ethernet header format, shown in 2.3, has a total of 14 bytes in the header of 112 bits and five fields.

Figure 2.3Ethernet Header Format

Description of the Ethernet frame field

Field

Length (bit)

Description

Destination hardware addresses (Destination MAC address)

48

Hardware address of the next hop host

Source host hardware addresses (source MAC address)

48

Hardware address of the previous hop host

Network Layer protocol type

16

The last layer of protocol type of the sub-assembly

Data fields

Variable

Fcs

16

Frame Check sequence (CRC check)

Table 2-1 eternet Fields

(1) Hardware addresses (MAC address)

The Mac (Medium/media Access Control) address, or MAC address, is used to define the location of the network device, consisting of 48 specific features, 16 binary digits, and 0 to 23 bits is the organization's unique identifier, which is the flag that identifies the LAN node. In the OSI model, the third layer of the network layer is responsible for the IP address, and the second layer of data link is responsible for MAC addresses. Therefore, a network card will have a globally unique fixed MAC address, but can correspond to multiple IP addresses. 24 to 47 bits are assigned by the manufacturer themselves, and the 40th bit is the multicast address flag bit.

(2) Network Layer protocol types (type)

The type used to identify the previous layer of data. As 0x0080 indicates that the last time the network layer protocol is IPV4, and 0x0806 represents the address Resolution Protocol ARP.

(3) data

This field represents the upper-layer protocol header and the data that is being loaded for the current transfer. Its data length is limited to 46-1500 bytes.

(4) FCS

FCS is the last field of 802.3 frames and Ethernet frames, which is used to hold the CRC checksum value of the frame, and station 4 bytes.

The Netanalyzer says

As shown in the raw data effect 2.4 obtained in Netanalyzer, the destination hardware address of this data message (Destination MAC address) can be seen in this data packet: 94-0c-6d-32-40-82, source hardware addresses (sources): 00-24-54-19-4B-2E, type: 0x0800 The book Protocol is IPV4.

Figure 2.4 Eternet Raw data

The results of analysis in Netanalyzer are shown in 2.5.

Figure 2.5 Analysis results of ehternet in Netanalyzer

3 Address Resolution Protocol (ARP)

ARP, the Address Resolution Protocol, realizes its physical address through an IP address. In a TCP/IP network environment, each host is assigned a 32-bit IP address, which is a logical address that identifies the host in the internetwork. In order for the message to be transmitted on the physical network, the physical address of the destination host must be known. There is an address translation problem that transforms the IP address into a physical address. Taking the Ethernet environment as an example, in order to correctly transmit the message to the destination host, the 32-bit IP address of the destination host must be converted to the 48-bit Ethernet address. This requires a set of services at the Interconnect layer to translate the IP address into the corresponding physical address, which is the ARP protocol. Another electronic anti-roll system is also known as ARP.

It is stipulated in the Ethernet protocol that one host in the same LAN must know the MAC address of the target host in order to communicate directly with another host computer. In the TCP/IP protocol stack, the network layer and transport layer only care about the IP address of the target host. This results in the use of the IP protocol in Ethernet, the data link layer of the Ethernet protocol to the upper IP protocol provided by the data, only the destination host IP address. Bits

Therefore, a method is needed to obtain its MAC address based on the IP address of the destination host. This is what the ARP protocol is going to do. Address resolution is the process by which a host translates a destination IP address into a destination MAC address before sending a frame.

ARP header format, 2.6

Figure 2.6 ARP Protocol header

(1) Hardware type (Hardware type)

Different hardware interface types are used for different link layer protocols, so this field is used to indicate the type of hardware interface currently in use, and the value of Ethernet is 1.

(2) protocol type (Protocol type)

For different network layer protocols, this field indicates the type of high-level protocol provided by the sender, such as IP 0x0800.

(3) Hardware length (Hardware Size)

Indicates the address length of the current link-layer protocol type.

(4) protocol length (Protocol Size)

As with the hardware length, this field indicates the address length used by the current network layer protocol.

(5) operation (operation)

The field field is used to indicate the type of action for this message, ARP, if the request is 1, and the response is 2.

(6) Source host hardware address, destination host hardware address

Determines the address used by the source host and destination host to communicate at the link layer.

(7) Source host protocol address, destination host protocol address

Represents the communication address used by the source host and the network layer of the destination host.

The representation in Netanalyzer

Figure 2.7 ARP Raw data

The original data obtained in Netanalyzer is shown in 2.7, the hardware type is 0x0001, Ethernet, protocol type 0x0800 so the network layer protocol is IPV4; hardware length 0x06, Ethernet MAC address station 6 bytes; Protocol length 0x04,ipv4 address station 4 bytes ; Operation: 0x0001 The data message is a request message, followed by some address information.

Analysis of the results of the ARP protocol in Netanalyzer 2.8

Figure 2.8 Analysis results of ARP in Netanalyzer

4 Internet Protocol version fourth (IPV4)

IPV4, the fourth edition of the Internet Protocol (Internet Protocol,ip), is the first agreement to be widely used to form the cornerstone of today's Internet technology. 1981 Jon Postel defined in RFC791 that Ip,ipv4 can run on a wide variety of underlying networks, such as end-to-end serial data links (PPP protocol and SLIP Protocol), satellite links, and so on. Ethernet is the most commonly used in LAN.

The IPV4 header is typically 20 bytes long. In an Ethernet frame, the IPV4 packet header follows the Ethernet frame header, and the protocol type value in the Ethernet frame header is set to 0800. IPV4 offers a variety of options, most of which are rarely used, so that the IPV4 packet header can be extended up to 60 bytes long (always 4 bytes and 4 bytes of expansion).

IPV4 Header Format 2.9 shows

Figure 2.9 IPV4 Header format

(1) versions (version)

Indicates the IP version currently in use, version 4 of the Protocol.

(2) header length (Head lengths)

The IPV4 header uses the option field, so the header length is used to illustrate the offset of the IP header.

(3) Differentiated services

According to the different usage situation, the transmission quality of data transmission is distinguished, and it indicates that the upper layer protocol deals with the quality of service expected by the current datagram, and distributes the datagram according to the importance level. These 8-bit fields are used to assign priority, latency, throughput, and reliability.

(4) Message length (total length)

Specifies the byte length of the entire IP packet, including data and protocol headers. Its maximum value is 65,535 bytes. A typical host can receive a 576-byte datagram.

(5) Identification (identification)

Contains an integer that identifies the current datagram. This field is allocated by the sending side to help the receiving side centralize datagram sharding.

(6) sign (flags)

Consists of 3-bit fields, where the lower two bits (least important) control the Shard. The middle bit (DF) indicates whether the packet can be fragmented. Low (MF) indicates whether the packet is the last shard in a series of shard packets. The third place is the highest bit not used.

(7) Chip offset (Fragment offset)

A 13-bit field that indicates the location of the Shard data associated with the origin of the source datagram, supporting the destination IP to properly reconstruct the source datagram.

(8) Lifetime (Time to live)

is a counter in which each point value in the drop datagram is reduced by 1 to 0. This ensures that the packet has endless loop processes.

(9) Agreement (PROTOCOL)

The type of the previous protocol for IP packet subcontracting, and if 6, the upper layer protocol is TCP

(10) First checksum (header Checksum)

Helps ensure the integrity of IP protocol headers. Because of changes in some protocol header fields, such as lifetime (Time to live), this requires recalculation and validation of each point. The Internet protocol header needs to be processed.

(11) Source IP address, Destination IP address (Destination addresses)

Used to specify the IP address of the source host and the IP address of the destination host.

(12) option (options)

IP supports a variety of options, which are used to support troubleshooting, measurement, and security measures, which vary in length from 1 bytes to 40 bytes, depending on the item selected.

(13) Fill field

The purpose of this field is to resolve the problem that the IP header cannot be aligned because the option field is not byte-determined, and uses 0 to populate the exact data to make it 4-byte aligned.

The raw data of the IPV4 obtained in Netanalyzer 2.10,

Figure 2.10 IPv4 Raw Data

IPv4 Header 20 Bytes, no option field, IP version header length is only one byte to represent 0x45, representing the fourth version, 20 bytes of the header; Differentiated services 0x00 most IPV4 messages do not have this field, and the message length 0x0028 so that the message length is 40 bytes ; logo 0x04b4; flag (010) 2 No shards, offset (00000) 2, Time-to-live 0x40 64-Hop, protocol 0x06, upper-layer protocol is TCP, first checksum 0x0000 This is an invalid packet, and finally two-directional IP address.

Analyzing the results of IPv4 in Netanalyzer 2.11

Figure 2.11 The results of IPv4 analysis in Netanalyzer

5 Internet Protocol version Sixth (IPV6)

IPV6 is an abbreviation for Internet Protocol Version 6, where the internet Protocol translates to "Internet protocol." IPV6 is a next-generation IP protocol designed to replace the current version of the IP Protocol (IPV4) in the IETF (Internet Engineering Task Force, Internet Engineering). The current IP protocol version number is 4 (abbreviated as IPV4), and its next version is IPV6.

Features of IPV6:

(1) IPV6 address length is 128 bits, address space increased 2 of 9 Chinese IPV6 backbone node

(2) [1]6 times;

(3) Flexible IP packet header format. Replaces the variable-length option field in IPV4 with a series of fixed-format extension headers. The appearance of the options section of IPV6 also changes, so that the router can simply pass through the option without doing any processing, speeding up the processing speed of the message;

(4) IPV6 simplifies the message header format, the field only 8, accelerates the message forwarding, improves the throughput;

(5) Improve safety. Identity authentication and privacy are the key features of IPV6;

(6) Support for more service types;

(7) Allow the agreement to evolve, add new functions and adapt it to the future development of technology;

The IPV6 package is composed of IPv6 Baotou (40 bytes fixed length), expansion header and upper layer protocol data unit. The fragment header in the IPV6 packet extension header indicates the segmentation of the IPV6 packet. The non-segmented part includes: IPv6 header, hop-by-hop option header, Destination option header (for brokered routers) and routing header, segmented sections include: Certification header, ESP header, destination option header (for final destination), and upper layer protocol data unit. It is important to note, however, that in IPv6, only the source node can fragment the payload, and that the service cannot be used by IPV6 oversize packets.

Fixed header format for IPV6

Figure 2.12 IPv6 Fixed Header

The IPV6 header length is fixed at 40 bytes, removing all the options in the IPV4, including only 8 necessary fields, so although the IPV6 address is four times times the length of IPv4, the IPV6 header is only twice times the length of the IPV4 header.

(1) versions (version)

4-bit, IP protocol version number, value = 6.

(2) Traffic level (traffic class)

8-bit, indicating the IPV6 data Flow letter category or priority level. Functionality is similar to the IPV4 service type (TOS) field.

(3) Tour mark (Flow label)

20-bit, IPv6 new field, marking the traffic that requires special processing by the IPV6 router. This field is used for some traffic that has special requirements for the quality of the connection, such as real-time data transfer such as audio or video. In IPv6, there can be a number of different streams of data between the same source and the host, differentiated by a non-"0" stream mark. If the router is not required to do special processing, the field value is set to "0".

(4) Payload (Payload Length)

16-bit payload length. The load length includes the expansion head and upper pdu,16 bits representing up to 65535 bytes of payload length. Load exceeding this number of bytes, the field value is set to "0", using the heavy load (Jumbo Payload) option in the extended header-by-hop segment (hop-by-hop) option.

(5) Next header (next)

8-bit, identifies the type of header immediately following the IPV6 header, such as the expansion header (if any) or a Transport layer protocol header (such as TCP,UDP or ICMPV6).

(6) Hop count limit (Hop limit)

8-bit, similar to the TTL (Lifetime) field of the IPV4, uses the number of times the packet is forwarded between routers to qualify the lifetime of the packet. Each time the packet is forwarded, the field is reduced by 1, and the packet is dropped to 0 o'clock.

(7) Source Address

128-bit, sender host address.

(8) Address of destination (Destination)

128-bit, in most cases, the destination address is the address of the message. However, if there is a routing extension header, the destination address may be the next router interface in the sender's routing table.

Extension Baotou

An important improvement to the original IPv4 Baotou in IPv6 Baotou design is to move all optional fields out of the IPV6 header and into the expansion head. Because the other extension headers are not checked or processed by the brokered router except for the hop-by-hop option extension header, this improves the performance of the router's handling of the IPv6 groupings that contain the options.

IPV6 raw data obtained in Netanalyzer 2.13

Figure 2.13 IPV6 Raw Data

Netanalyzer the IPV6 information obtained in the analysis 2.14

Figure 2.14 Analysis results of IPV6 in Netanalyzer

6 Internet Control Message Protocol (ICMP)

ICMP is (Internet Control message Protocol) Internet Controlled message protocol. It is a sub-protocol of the TCP/IP protocol family that is used to pass control messages between IP hosts and routers. The control message refers to the message that the network is not accessible, whether the host is available, whether the route is available, and so on. These control messages, while not transmitting user data, play an important role in the delivery of user data.

The ICMP protocol is a non-connection-oriented protocol for transmitting error reporting control information. It is a very important protocol, it is very important for network security.

It is a sub-protocol of the TCP/IP protocol family and belongs to the Network layer protocol, which is mainly used for transmitting control information between host and router, including reporting errors, exchanging restricted control and state information, etc. ICMP messages are automatically sent when the IP data cannot be accessed, the IP router cannot forward packets at the current transfer rate, and so on.

ICMP provides consistent and understandable error reporting information. The sent error message is returned to the device that sent the original data, because only the sending device is the logical recipient of the error message. The sending device can then determine the type of error that occurred based on the ICMP message and determine how to better resend the failed packet. But the only feature of ICMP is to report a problem instead of correcting the error, and the task of correcting the error is done by the sender.

We often use ICMP protocols in the network, such as the ping that we use frequently to check for network access (both Linux and Windows), and this "Ping" process is actually the process of working with the ICMP protocol. There are other network commands, such as the TRACERT command for tracking routes, which are also based on the ICMP protocol.

ICMP header format

Figure 2.15 ICMP message format

(1) types (type)

Used to define the type of ICMP message.

(2) Code

Used to define the reason for identifying the type of sending this particular message.

(3) checksum (check sum)

The error control for data transmission provides the checksum of the entire ICMP message, which is calculated in the same way as the IP header checksum calculation method.

(4) Other parts of the header

The corresponding content is determined by the type of message, and most error reports do not use the field.

(5) data

T provides ICMP error and status report information, and the content varies by message type.

7 Transmission Control Protocol (TCP)

Tcp:transmission Control Protocol Protocol TCP is a connection-oriented, reliable, byte-stream-based transport layer (Transport layer) communication protocol, which is provided by the IETF RFC 793 description (specified). In the simplified computer network OSI model, it accomplishes the function specified by layer Fourth transport layer, and UDP is another important transport protocol in the same layer.

In the Internet Protocol family (Internet Protocol suite), the TCP layer is the transport layer located above the IP layer and under the application layer. There is often a need for reliable, pipe-like connections between the application tiers of different hosts, but the IP layer does not provide such a flow mechanism, but rather provides unreliable packet switching.

The application layer sends a 8-byte data stream for inter-network transmission to the TCP layer, and then TCP splits the data stream into a segment of the appropriate length (the limit of the maximum Transmission Unit (MTU) of the data link layer of the network that is usually connected to the computer). TCP then passes the result packet to the IP layer, which transmits the packet over the network to the TCP layer of the receiving side entity. TCP in order to ensure that no packet loss occurs, give each byte a sequence number, while the serial number also guarantees the delivery to the receiving entity of the packet received sequentially. The receiving entity then sends a corresponding acknowledgment (ACK) to the successfully received byte, and if the sending entity does not receive a confirmation within a reasonable round trip delay (RTT), then the corresponding data (assuming it is lost) will be re-transmitted. TCP uses a checksum function to verify the data for errors, and to calculate and verify both when it is sent and received.

First, after the TCP establishes the connection, both sides of the communication can carry on the data transmission simultaneously, secondly, he is full duplex, in the guarantee reliability, uses the time-out retransmission and the piggyback confirmation mechanism.

In the flow control, using the Sliding window protocol, the Protocol stipulates that the non-confirmed groups in the window need to be re-transmitted.

In congestion control, a widely acclaimed TCP congestion control algorithm (also called AIMD algorithm) is adopted, which mainly includes three main parts: 1, additive increase, multiplicative reduction, 2, slow start, 3, and responds to timeout events.

TCP protocol Header format:

Figure 2.16 TCP protocol header format

(1) Source port

The port of the source host process.

(2) Destination port (Destination port)

Process port number that identifies the destination host

(3) Serial numbers (Sequence number)

Used in a connection to determine the offset of the data message.

(4) Confirm serial number (acknowledgement numbers)

Confirm the information sent by the host, from the data that the other party has successfully obtained.

(5) Data offset

In some books also called the first ministerial degree, because the TCP protocol has an extension field, so you need to use the field callout, when there is no extension field, 20.

(6) Reserved fields

(7) sign (flags)

The status information used to pass the message.

(8) window sizes (Windows size)

A field that is designed to fit a sliding window.

(9) Checksum (check Sum)

Validates the data being transmitted to determine whether the data is complete.

(10) Emergency pointer (Urgent Pointer)

The mate status is used as the flag Urg, reminding the host to submit data as soon as possible.

(11) Option (options)

Used to accomplish similar tasks such as negotiating a resize window.

TCP packet data obtained in the Netanalyzer 2.17,

Figure 2.17 The TCP raw data obtained in Netanalyzer

You can see that the TCP field of the message has 28 bytes, so the TCP header has an extended field.

The results of the analysis of TCP messages in Netanalyzer are shown in 2.18

Figure 2.18 Analysis results of TCP packets in Netanalyzer

8 User Message Protocol (UDP)

UDP is the abbreviation of User Datagram protocol, the Chinese name is the Subscriber packet protocol, is a connectionless transport layer protocol in the OSI Reference Model, and provides a simple and unreliable information transfer service for transaction. It is the official specification of the IETF RFC 768 that is UDP.

The full name of the UDP protocol is the user Packet protocol, which is used in the network as the TCP protocol for processing

Packet, which is a non-connected protocol. In the OSI model, the fourth layer, the transport layer, is in the upper layer of the IP protocol. UDP has the disadvantage of not providing packet grouping, assembling, or sorting packets, that is, when the message is sent, it is not possible to know whether or not it arrives safely and completely. UDP is used to support network applications that need to transfer data between computers. A large number of client/server mode network applications, including the network video conferencing system, require the use of UDP protocol. UDP protocol has been used for many years since its inception, although its original glory has been obscured by some similar agreements, but even today, UDP is still a very practical and feasible network Transport layer protocol.

As with the well-known TCP (Transmission Control Protocol) Protocol, the UDP protocol is located directly on the top level of the IP (Internet Protocol) protocol. Depending on the OSI (Open Systems Interconnect) Reference Model, both UDP and TCP are transport-layer protocols.

The main function of the UDP protocol is to compress the network data traffic into the form of packets. A typical packet is a transmission unit of binary data. The first 8 bytes of each packet are used to contain the header information, and the remaining bytes are used to contain the specific transmitted data.

UDP header Format

Figure 2.19 UDP Packet Header format

(1) port number (source port)

The host port number of the sending data.

(2) Destination port number (Destination port)

The port number of the host that accepts the data.

(3) Length of data

The data length of the entire message.

(4) checksum (Checksum)

Extracts the checksum of the pseudo-header and the UPD header information.

The UDP raw data obtained in Netanalyzer is shown in 2.20

Figure 2.20 UDP Packet Raw data

The UDP packet obtained in Netanalyzer is shown in header 2.21

Figure 2.21 UDP header information obtained in Netanalyzer

Here are just some of the commonly used network protocols to do some simple explanation, in fact, many network protocols and some of the data packets are not strictly in accordance with the OSI seven layer model or TCP/IP model to execute, only in-depth understanding of them, we can do behind the development work. My above files are collected by themselves or done experiments, file format for the Libpcap way of pcap format files, you can open with the famous Wirshark, you can also use the non-famous Netanalyzer ^_^, In these files and do not join the SMTP and POP3 two well-known protocol, frankly, I deliberately, because by grasping the bag can easily crack my email password, so I did not put, you can try to catch

SMTP Port 53

POP3 Port 110

The filter expression is: TCP port-or TCP port -

How to use it, see Help.

All right, I'll write it here today, so please correct me.

Netanalyzer

Netanalzyer AC Group: 39753670 (PS only provide communication platform, the group master basically do not speak ^_^)

[Reprint please retain the author Information von Astronomy website: http://www.cnblogs.com/twzy/p/4762077.html]

Netanalyzer Note ii. Simple protocol analysis

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.