TCP/IP
IP
ICMP
UDP
TCP
重传机制
关键概念
RTO:TCP Retransmission Timeout
RTT: Round-trip delay
超时重传
快速重传
SACK(Selective Acknowledgment)
参见TCP Selective Acknowledgments (SACK) - PacketLife.net
Linux中对sack的支持:man tcp中/proc interface部分里搜索sack可以找到如下内容:
tcp_sack (Boolean; default: enabled; since Linux 2.2)
Enable RFC 2018 TCP Selective Acknowledgements.
另请结合How to turn Disable/Enable IP forwarding in Linux - LinuxConfig.org理解/proc接口的妙用
DSACK
Linux中对sack的支持:和SACK类似
邮件相关
原理
概况
参见:
MTA(SMTP server)
SMTP
发送邮件
telnet
详情参见通过 Telnet测试 邮件服务器发送邮件_我的世界的技术博客_51CTO博客
curl
参见以下链接:
POP3
IMAP
遇到过的问题
MX dns记录如何设置?
MX Record in DNS Explained with Example Configurations
Web相关
HTTP
客户端
curl
wget
Chrome
服务器
Apache
遇到过的问题:
lighttpd
Nginx
工具
Wireshark
参见Wireshark,这里是对它的补充
遇到过的问题
解密TLS
SSH远程抓包
TODO
wireshark漏判HTTP报文?(wireshark如何识别HTTP报文)
以太网报文捕获方式
参见CaptureSetup/Ethernet - The Wireshark Wiki
判断各种重传的依据
过滤掉重传报文
was captured using a snaplen of 9216 bytes?
应该没有问题:SnapLen - The Wireshark Wiki
想要下载旧版本的wireshark?
Index of /download/win64/all-versions
display filter contains string or regex?
1
2
3
4
5
frame contains ac:bd:10
frame contain "abc"
frame contain abc
frame contain "abc\x00\xab" # not work, refer to <https://stackoverflow.com/a/12521043>
xx.xx match "abc.*def"
另请参见wireshark-filter - The Wireshark Network Analyzer 3.4.5
WireDiff
参见Wirediff: a new tool to diff network captures | APNIC Blog
遇到过的问题
比较报文
-
Wirediff: a new tool to diff network captures | APNIC Blog。源码地址:aaptel/qtwirediff: Debugging tool to diff network traces via wireshark。另有smbcmp/smbcmp: diff, compare and debug SMB network traces
-
利用scapy编写python脚本。例如zecke/pcap-diff: Diff two or more PCAP files
修订记录
| 修订时间 | 修订人 | 版本 | 说明 |
|---|---|---|---|
| 2022-03-16 | wsxq2 | 1.0 | 初稿 |