packet logger

The process of sk_buff encapsulation and Network Packet encapsulation is described in detail.It can be said that the sk_buff struct is the core of the Linux network protocol stack, and almost all operations are performed around the sk_buff struct, its importance is similar to that of BSD's mbuf (I have read "TCP/IP details Volume 2"). What is sk_buff?Sk_buff is the network data packet itself and the operati

What is Cisco Packet tracer?The Cisco Packet Tracer is a powerful network simulation tool for training in Cisco certifications. It gives us a good view of the interfaces of each router and network device, with many options, and we can use unlimited devices in the network just like with physical machines. We can create multiple networks in a single project for specialized training.

Https://www.tuicool.com/articles/7ni2yyr Recently work encountered a server application UDP lost packet, in the process of checking a lot of information, summed up this article for more people's reference. Before we begin, we'll use a diagram to explain the process of receiving a network message from a Linux system. First of all, network packets sent through the physical network to the NIC driver will read the message in the network into the ring buf

Author: sodimethyl Source: http://blog.csdn.net/sodme statement: This article can be reproduced, reproduced, spread without the consent of the author, but any reference to this article please keep the author, source and this statement information. Thank you!The common network servers are basically 7x24. For online games, at least require the server to work continuously for more than a week and ensure that no catastrophic event such as server crash occurs. In fact, it is almost unrealistic to req

The 1th chapter, router-based packet filtering firewall General concepts of 1.1 packet filtering firewalls 1.1.1 What is a packet filter firewall A packet filtering firewall is a software that looks at the header of the packet that flows through it, thus determining the fate

on the network. Therefore, the network analysis tools in the system are not a threat to the security of the local machine, but a threat to the security of other computers on the network. Tcpdump is defined as simple as possible, namely: dump the traffice on anetwork. a packet analysis tool that intercepts packets on the network according to the user's definition. As a necessary tool for the classic system administrator on the Internet, tcpdump, with

transmits data packets, if the length of the IP datagram plus the data frame header is greater than MTU, the data packets are divided into several parts for transmission and reorganized in the target system. For example, the maximum IP packet size (MTU) that can be transmitted over Ethernet is 1500 bytes. If the size of the data frame to be transmitted exceeds 1500 bytes, that is, the IP datagram length is greater than 1472 (1500-20-8 = 1472, normal

Document directory TCP packet TCP Reliability Assurance TCP data packets Source Port and destination port field -- each occupies 2 bytes. Identifies the application process of the sender and receiver. Number Field-4 bytes. Each byte in the data stream transmitted in the TCP connection is a serial number. The value of the serial number field refers to the sequence number of the first byte of the data sent in this section. The validation number

Programming | network Talking about socket programming, we may think of QQ and IE, yes. There are many network tools such as Peer-to-peer, NetMeeting and other applications implemented in the application layer, but also with the socket to achieve. The socket is a network programming interface that is implemented at the network application level, and Windows Sockets includes a set of system components that take advantage of Microsoft Windows message-driven features. The socket Specification versi

of the IP datagram plus the data frame header is greater than MTU, the data packets are divided into several parts for transmission and reorganized in the target system. For example, the maximum IP packet size (MTU) that can be transmitted over Ethernet is 1500 bytes. If the size of the data frame to be transmitted exceeds 1500 bytes, that is, the IP datagram length is greater than 1472 (1500-20-8 = 1472, normal datagram) bytes, the data frame needs

-Frequently used commands detailed Basic Commands $ tcpdump//default crawl all packets of the first NIC interface $ tcpdump–i ens33//crawl NIC ENS33 packet $ tcpdump host 47.95.224.4// Listen for host 47.95.224.4 receive all packets sent $tcpdump host 47.95.224.4 and 10.13.32.60//intercept all packets between host 47.95.224.4 and 10.13.32.60 $ tcpdump host 47.95.224.4 and \ (10.13.32.60 or 10.13.32.169\) //intercept all packets between the host

Reading directory Wireshark Introduction Wireshark cannot do Wireshark vs fiddler Other similar tools Who will use Wireshark? Wireshark starts packet capture Wireshark window Introduction Wireshark display Filtering Save Filter Filter expression Packet List Pane) Packet details pane) Wireshark and corresponding OSI Layer-7 Model Specific content of

DHCP principles and packet formatsDynamic Host Configuration Protocol (DHCP) is a Protocol designed by IETF to achieve automatic IP Configuration, it can automatically assign IP addresses, subnet masks, default gateways, DNS Server IP addresses, and other TCP/IP parameters to the client. Understanding the DHCP process can help us eliminate problems related to the DHCP service. DHCP is an application based on the UDP layer (that is to say, only UDP pac

For general users, it is difficult to crack the neighbor's wireless LAN password. Of course, you can also find specific methods and steps by searching. I am also a beginner. Here are my articles. If you are interested, take a look.The following methods are all tested on the XP platform:.You must note in advance that the prerequisite for cracking isYou must have a NIC that is supported by the airodump software., The support Nic can be checked online (http://www.wildpackets.com/support/downloads/d

These two days to see csdn some of the socket sticky packet, socket buffer settings, found that they are not very clear, so check the data to understand the record: One. Two simple concept long connection with short connection:1. Long connection Client side and server to establish a communication connection, the connection is established to open, and then send and receive messages. 2. Short connection The client side communicates with server every tim

for the TCP-based development of the communication program, there is a very important problem to solve, that is, packet and unpacking. I. Why TCP-based communication programs require packets and unpacking. TCP is a "flow" protocol, the so-called flow, is a string of data without bounds. You can think of the river water, is connected into a piece, in the meantime there is no dividing line. However, the general communication program development needs to

used to specify the maximum life cycle of each packet on the Internet. Each intermediate router reduces the TTL value by one before forwarding the IP packet to the next hop. A. Extract the final TTL value When a data packet arrives at the destination address to extract the TTL field value, this value is called the final TTL value. The challenge of hop count stat

Next I will introduce a very practical method based on the characteristics of network viruses scanning network addresses: Use the packet capture tool to find the virus source. Are you a network administrator? Have you ever experienced a sudden decline in network performance, failure to provide network services, slow server access, or even access, the network switch port indicator lights are flashing like crazy, the router at the network exit is alrea

Dynamic Host Configuration Protocol (DHCP) is a protocol designed by IETF to achieve automatic IP configuration, it can automatically assign IP addresses, subnet masks, default gateways, DNS Server IP addresses, and other TCP/IP parameters to the client. Understanding the DHCP process can help us eliminate problems related to the DHCP service. DHCP is an application based on the UDP layer (that is to say, only UDP packets can be viewed during the Snort detection process). DHCP uses UDP to carry

connection requires a "three-time handshake":First handshake: The client sends a SYN packet (SYN=J) to the server and enters the Syn_send state, waiting for the server to confirm;(That is, make a connection request packet: "I want to send you data, OK?" ”）Second handshake: The server receives the SYN packet, it must confirm the customer's SYN (ACK=J+1), and also