由买买提看人间百态

topics

全部话题 - 话题: packet
首页 上页 1 2 3 4 5 6 7 8 9 10 下页 末页 (共10页)
d******s
发帖数: 113
1
来自主题: Internet版 - vpn and dsl internet sharing
The local packet will be tunnel also?
This is the case:
PC2------PC1-----Internet
PC2 access the PC1 via win2k's ICS.
PC2 does not run VPN client.
Let PC1 run the VPN client, then PC2 can not ping PC1.
Will the packets destinated to PC1 be tunneled?
Or maybe the VPN client intercepted the protocol stack of the
LAN part of the PC1 also?
s***a
发帖数: 200
2
来自主题: Internet版 - Cisco VLAN IOS comfig help ...
sorry. actually there is sth wrong with what i said.
you are right.
the cisco access switch will remove the tag before it sends the packet
to the host that connects to the port
add the tag after it gets packets from the host
if you sniff the traffic of NIC of your PC,
layer 2 header will be just
Dest Mac, Source Mac, Type(IP)
if you sniff the traffic of the switch port,
there is extra bytes for VLAN header between eth and IP
ethereal.com will be a good tool when you want to
figure out the detai
b******e
发帖数: 66
3
来自主题: Internet版 - Cisco VLAN IOS comfig help ...
Actually, this is not true ...
VLAN tags are only imposed/stripped on a trunk port, packets come in/going out
a access port is not tagged (one exception is that you configure a access port
to be .1q tunnel in which case incoming packets are tagged).

should
is
wondering
transmitting
vlan
g**c
发帖数: 144
4
【 以下文字转载自 ChinaNews 讨论区,原文如下 】
发信人: ideal (ideal), 信区: ChinaNews
标 题: Re: 非法下载电影被报告,版权问题
发信站: Unknown Space - 未名空间 (Tue Apr 19 11:23:50 2005), 站内信件
像下载电影这类的大文件,需要多少个ip packets啊?
你要跟踪就需要对每个packet进行跟踪,还要同时对
tcp端口进行跟踪,这容易做到吗?
另外,如果使用p2p,一个文件的不同部分都是
从不同用户那里来的,这样跟踪起来就更加难了
而且,我下载电影一般不会一次可以下载成功,必须
分开几次下载,这岂不是难上加难?
不要说只跟踪到一部分就可以作为证据啊?
l***y
发帖数: 791
5
you should have finished network analysis before you seriously thinking
about deploying an VOIP solution, your network should be
1) QoS enabled
2) round-trip time between sites less than 400 ms
3) no big jitter, packet loss <1%, packet out of sequence at minimal
4) em, dynamically routed and reachable? :0~
5) you have to decide if this is going with h323 or sip, if sip, is it going
to be
dns dependant.
k***r
发帖数: 496
6
【 以下文字转载自 Security 讨论区 】
发信人: kiler (Killer), 信区: Security
标 题: 在我的router里发现这样的一个log信息
发信站: BBS 未名空间站 (Sat Jan 6 03:27:41 2007)
Time Message Source Destination
Jan/05/2007 06:07:35 Unknow Packet!! 82.101.189.49:36185 68.32.102.111:42641

Note
Packet Dropped
68.32.102.111 是我的router的ip。这个82.101.189.49:36185想干什么?
谢谢指教。
c*****t
发帖数: 1879
7
This is assuming data is big. If the data is small, then it basically
can be transmitted in a single packet or two in some cases. The minimum
size of packet is actually quite big, usually 1k size.
b***i
发帖数: 3043
8
就是那个JBoss Spring Framework终于可以使用Mysql了。但是,每次我手动重启后,
打开页面就出现Exception。为什么刚开机就不能open database?是不是那个database
。我经常需要等待一小时以上才能看到正常的网页。此app使用了Hibernate。我就是想
看到一个网站能够把用户保存的数据存到数据库,下次app重启后仍然可以看到保存过
的数据。我手动重启是为了模拟网站计算机崩溃,然后看看数据库是不是还在。为什么
这么个简单的事情就这么多问题?
org.springframework.web.util.NestedServletException: Request processing
failed; nested exception is javax.persistence.PersistenceException: org.
hibernate.exception.JDBCConnectionException: could not prepare statement
javax.persistence.PersistenceExcepti... 阅读全帖
B*********s
发帖数: 292
9
来自主题: Linux版 - Ubuntu的firewall?
千辛万苦把无线网络装上了,上网没有问题,下载skype能达到500kbps,却看不到网络
邻居的内容。
我怀疑是firewall的问题。从那台电脑访问路由器 http://192.168.0.1 是 Failed to Connect。我从另一台ubuntu上ping那台电脑都是 0 reached:
987 packets transmitted, 0 received, 100% packet loss, time 986149m
或者,跟“Workgroup”有关么?
请问:怎么查firewall? 新装的系统,没有修改太多东西。
y***n
发帖数: 100
10
我用的就是'sta'mode.
我看了网上不少repeater的sample configuration,我用了都不行:(
我现在副router(openwrt)可以上网
比如说我从PC上ping到google,我怎么知道是副router没有把ping packet给
主router。还是google的返回packet被副router drop了?
p**i
发帖数: 688
11
来自主题: Linux版 - 问个远程唤醒机器的问题
如果你只需要WOL, 也不一定非得刷router. WOL用的是UDP port 9 (discard service
), 我以
前的dlink router都是forward WAN udp port 9 to LAN 255.255.255.255 port 9
during
business hours. 机器都设成wake up by magic packets. 然后从外面向router的WAN
IP发
packet就成了 http://gsd.di.uminho.pt/jpo/software/wakeonlan/

ssh/
r***u
发帖数: 56
12
来自主题: Linux版 - ssh 连 X 速度巨慢!
The prob is with the X protocol, which is not efficient for a client and a
server residing on a network, due to a lot of small packets
boosting
up the delay. There is no way you can improve by simply reconfiguring.
In stead, you can use NX, which is a revised protocol designed for slow
(and
fast) networks (basically protocol optimization to combine small packets
+
compression). It was reported to work fine on a dial-up link.
P***P
发帖数: 1387
13
来自主题: Linux版 - 怎么重发一个http包?
是这样子的, 因为mm正在玩一类似开心农场的flash小游戏, 因为这里购买漫游币不便
, 玩得也不耐烦. 所以就怂恿我做个外挂. 那游戏基本就是让人单调点鼠标. 本来想弄
个模拟模拟鼠标键盘自动控制就玩了, 又觉得这样太低级, 不如抓包来玩.
于是用wireshark找到了对应的http包, 抛开前面的那些frame/ip/tcp header, linux
下面怎么重新发送一个新的http packet? 就是说这个http packet已经现成在那了,
有什么简单的方法重新发送它?
对于网络工具网络编程完全不熟
如果没有简单的方法, 用curl如何实现发送跟那个包一抹一样的内容. 其实就是个get
request
包样本如下
GET /dir/abc.php?myuid=123456 HTTP/1.1
Host: a.b.c
Connection: keep-alive
Referer: http://my2.mowhere.cn/index.php?my_sig_uId=123456
X-Requested-With: XMLHttpRequest
XNVER: 01.01
p****o
发帖数: 1340
14
来自主题: Linux版 - ath5k: wireless problem
用了这么久的linux,最让我痛苦的就是这个ath5k的wireless驱动。今天又出了新问题
。这是ifconfig的输出:
ath0
Link encap:Ethernet HWaddr 00:1f:e1:1d:2c:bb
inet6 addr: fe80::21f:e1ff:fe1d:2cbb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:63 errors:0 dropped:0 overruns:0 frame:0
TX packets:83 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8670 (8.4 KiB) TX bytes:18123 (17.6 KiB)
连上了,可就是网不通。router显示也是正常的。后来我发现在ifconfig的输出里只有
“inet6 addr”,却没有“inet addr”那一行。
那位知道这可能是怎么回事?谢了!
z**r
发帖数: 17771
15
这个QoS要说具体点比较复杂,现在这些家用router,顶多也就是做些非常基本的,不
同型号估计能支持的相差挺多。
不过上面跑的应用都差不多。一般家里的high speed internet是非对称带宽,上行一
般都很小,看你用的什么service,如果最普通的dsl,可能上行只有几百kbps,这种情
况下对这种p2p的应用就要小心,尤其家里有其他应用比如voip等其他对实时性要求较
高的应用,很容易受到影响。
QoS分很多种,基本有4个主要components,classification, marking, policing, and
queueing, 一般家用的都能支持一些很基本的classification和queueing,但是对于
queueing里面也就支持个class based queue。queueing的特点之一有点像你说的如果
没有congestion,就不会起作用,但也不是完全没有作用,要看具体的traffic和设备
能支持的feature,以及设备本身能提供的queue depth等。
再加上video packet的特性就是基本上都是接近MTU的大包,而... 阅读全帖
c******n
发帖数: 4965
16
来自主题: Linux版 - how to do this iptables setup?
looks my guess is right
http://en.wikipedia.org/wiki/Network_address_translation#NAT_an
"
To avoid ambiguity in the handling of returned packets, a one-to-many NAT
must alter higher level information such as TCP/UDP ports in outgoing
communications and must maintain a translation table so that return packets
can be correctly translated back. RFC 2663 uses the term NAPT (network
address and port translation) for this type of NAT. Other names include PAT
(port address translation), IP masquerading... 阅读全帖
S*A
发帖数: 7142
17
来自主题: Linux版 - simulate connection drop by iptables?
You can simulate random packet drop in iptables.
http://code.nomad-labs.com/2010/03/11/simulating-dropped-packet

prepare
established
onto
q***z
发帖数: 934
18
来自主题: Programming版 - One network C question
Hello I am a newbie on network programming.
I am trying to receive a packet
if((numbytes = recvfrom(udp_fd1, buf, MAXLEN-1, 0,(struct
sockaddr*)®ister_addr, &addr_len))==-1){
fprintf(stderr, "error in recvfrom.\n");
exit(1);
}
The packet I am receiving has the following possible structure.
typedef struct struct_CN
{
unsigned char magicA;
unsigned char magicB;
unsigned short msgLen;
} CN;
typedef struct struct_Cc
{
CN msgHeader;
uns
t****t
发帖数: 6806
19
首先, 0014 a9ec是32bit, 不识数...?!
其次, -XX是"Print each packet, including its link level header", 不读手册
的...?!
拿掉Eth的14 byte, 再拿掉IP的20byte, 从0x22开始才是TCP packet, a51f和0050才是
正确的src/dst port number. 你稍微动动脑子就知道, 你连别人的80端口, 肯定找
0050就对了啊.

port, 然后16bit是dest port.如下图所是:
source port number,因为在google返回的包头中b16b 0014才是。是不是我哪里读错
了?谢谢。
p****s
发帖数: 32405
20
来自主题: Programming版 - 有没有人玩过XSupplicant
最近在XP上钻研这个玩意, 写个工作笔记吧, 如果有人也玩过这个看看能不能提示下.
大的picture就是三个东西:
1. 一个无线网卡做wireless node (WN)
2. 一个AP作为authenticator
3. AP跟Radius server(Authentication server, a.k.a AS)都连在一个LAN上
现在的情况是:
WN可以跟AP associate上,
AP 和 Radius server也可以互ping
但是, WN上总显示authenticating... 然后就time out fail了.
具体log如下
2008-09-05 9:49:33.277 - Interface 'WLAN miniUSB Adapter - Packet Scheduler Miniport' is scanning for wireless networks. Please wait.
2008-09-05 9:49:33.293 - Interface 'WLAN miniUSB Adapter - Packet Scheduler Mini
k***r
发帖数: 4260
21
来自主题: Programming版 - 有点挠头
需要处理一些小的XML packet,一边接收,一边处理,回复。但是XML packet不大,但
很灵活,可能是多层嵌套。一直没想出来用什么数据结构和object model去处理。各位
有何高见?
d**c
发帖数: 51
22
写一个server, UDP listening socket is bound to INADDR_ANY,怎么才能知道client
的packet是send到哪个IP的,举个例子:
client 1,
sendto(1.1.1.1, data);
client 2,
sendto(2.2.2.2, data);
。。。
client n,
sendto(n.n.n.n, data);
Load balancer 把client 1,2, ... n 的requests都送到我的server,我的code用
recvfrom,只能得到client的IP。我感兴趣的是如何得到target IP address,1.1.1.1
or 2.2.2.2, or n.n.n.n,根据target IP 的值做不同的处理。现在能想到的就是看
raw packet的IP header info。各位大拿们有什么好的建议,请指点,谢谢。
c****d
发帖数: 116
23
The packet is something like
struct packet
{
unsigned int a;
unsigned int b;
....
};
The size of the struct differs between 32-bit and 64-bit system.
how can I make it the same size across different platforms?
thanks
w*s
发帖数: 7227
24
hi, i'm new to this, many thanks for help !
trying to send a query packet out,
size 1454 bytes, 1st word 0xfffffffb, 2nd 0xffffffff, 3rd 0x392
the correct packet sent from c code is captured in wireshark in the picture,
but got this,
socket.error: [Errno 10051] A socket operation was attempted to an
unreachable network
The code is like this,
def send_pnp_query():
print "... send query ..."
msg = bytearray(1454)
#ptr = PNP(msg)
msg[0] = 0xfb
msg[1] = 0xff
msg[2] = 0xff
... 阅读全帖
S*A
发帖数: 7142
25
来自主题: Programming版 - 10M persistent TCP connections
C10M 的定义有好几个方面,不是 hold 住 10M 个连接没有神魔
流量就可以的。
这个是网上抄来的 C10M 定义:
Today (2013), $1200 will buy you a computer with 8 cores, 64 gigabytes of
RAM, 10-gbps Ethernet, and a solid state drive. Such systems should be able
to handle:
- 10 million concurrent connections
- 10 gigabits/second
- 10 million packets/second
- 10 microsecond latency
- 10 microsecond jitter
- 1 million connections/second
直接用 linux 做的网络处理上限大概在 1M packet/sec 左右。
所以没有 openonload/DPDK 包的数目就吃不消。
S*A
发帖数: 7142
26
来自主题: Programming版 - 10M persistent TCP connections

不是很理解,展开说说。他列这两项出来,就是为了说,C10M
不是单单保持 TCP 连接就可以了,应该用一定的流量。而且也不应该
是全部大的 jumbo frame, 应该有小的数据包。因为中断处理的问题,
一般的 kernel 网络处理的时候,10G 只有大的数据包才行,受到
packet rate 的限制。 Robert 对 packet rate 提出要求,就是说
平均包大小再 1K 左右,不是全部 jumbo frame。 我觉得很合理啊。
你觉得这个放一起有很大问题吗?我觉得这个是 Insight,针对以前
10G 网卡单单 bitrate 的测试说的。你觉得思考什么地方不透彻了?
对不起,不是很了解你,假设你做不出来是不对的。你有什么 insight
可以共享一下?
d*******r
发帖数: 3299
27
来自主题: Programming版 - 10M persistent TCP connections
那如果是处理大量匀速到达的小size packets 呢?比如,游戏server, metric data
collecting server.
packets/second 貌似就很有意义呀。我不是来抬杠的, 我就在琢磨做这2种server。
d*******r
发帖数: 3299
28
来自主题: Programming版 - 10M persistent TCP connections
这个是我没说清楚,我说的匀速是指一条从client到server的connection以内,比如游
戏人物到server的 heartbeats 或者 每单位时间的 游戏client 的 states update.
我觉得这种 scenario, 每个状态更新的packet,都是大小差不多的,small size的。
不会一个很大,一个很小。所以 message or packets per second 的 measurement 对
这种 scenario 是有意义的。
但是从 server 端看,肯定也有忽然接收很多 concurrent connections 的情况,比如
周五晚上大家都上线玩游戏了。
g*****g
发帖数: 34805
29
来自主题: Programming版 - 10M persistent TCP connections
http://blog.erratasec.com/2013/02/custom-stack-it-goes-to-11.ht
这里不写着吗,custom network stack. You don’t want a full TCP/IP stack
anyway, but a degenerate stack tuned to your application.
This is done first by rewriting the network driver. Instead of a network
driver that hands off packets to the kernel, you change the driver does that
it doesn’t. Instead, you map the packet buffers into user-mode space.
换句话说,要从driver开始写,不做标准的TCP/IP支持。所以部署的软件,不只是OS参
数的问题,换个网卡都不行。在我看来,这种做法,做个DNS, load balancer也许可以
... 阅读全帖
S*A
发帖数: 7142
30
来自主题: Programming版 - 10M persistent TCP connections
C10M 的定义有好几个方面,不是 hold 住 10M 个连接没有神魔
流量就可以的。
这个是网上抄来的 C10M 定义:
Today (2013), $1200 will buy you a computer with 8 cores, 64 gigabytes of
RAM, 10-gbps Ethernet, and a solid state drive. Such systems should be able
to handle:
- 10 million concurrent connections
- 10 gigabits/second
- 10 million packets/second
- 10 microsecond latency
- 10 microsecond jitter
- 1 million connections/second
直接用 linux 做的网络处理上限大概在 1M packet/sec 左右。
所以没有 openonload/DPDK 包的数目就吃不消。
S*A
发帖数: 7142
31
来自主题: Programming版 - 10M persistent TCP connections

不是很理解,展开说说。他列这两项出来,就是为了说,C10M
不是单单保持 TCP 连接就可以了,应该用一定的流量。而且也不应该
是全部大的 jumbo frame, 应该有小的数据包。因为中断处理的问题,
一般的 kernel 网络处理的时候,10G 只有大的数据包才行,受到
packet rate 的限制。 Robert 对 packet rate 提出要求,就是说
平均包大小再 1K 左右,不是全部 jumbo frame。 我觉得很合理啊。
你觉得这个放一起有很大问题吗?我觉得这个是 Insight,针对以前
10G 网卡单单 bitrate 的测试说的。你觉得思考什么地方不透彻了?
对不起,不是很了解你,假设你做不出来是不对的。你有什么 insight
可以共享一下?
d*******r
发帖数: 3299
32
来自主题: Programming版 - 10M persistent TCP connections
那如果是处理大量匀速到达的小size packets 呢?比如,游戏server, metric data
collecting server.
packets/second 貌似就很有意义呀。我不是来抬杠的, 我就在琢磨做这2种server。
d*******r
发帖数: 3299
33
来自主题: Programming版 - 10M persistent TCP connections
这个是我没说清楚,我说的匀速是指一条从client到server的connection以内,比如游
戏人物到server的 heartbeats 或者 每单位时间的 游戏client 的 states update.
我觉得这种 scenario, 每个状态更新的packet,都是大小差不多的,small size的。
不会一个很大,一个很小。所以 message or packets per second 的 measurement 对
这种 scenario 是有意义的。
但是从 server 端看,肯定也有忽然接收很多 concurrent connections 的情况,比如
周五晚上大家都上线玩游戏了。
g*****g
发帖数: 34805
34
来自主题: Programming版 - 10M persistent TCP connections
http://blog.erratasec.com/2013/02/custom-stack-it-goes-to-11.ht
这里不写着吗,custom network stack. You don’t want a full TCP/IP stack
anyway, but a degenerate stack tuned to your application.
This is done first by rewriting the network driver. Instead of a network
driver that hands off packets to the kernel, you change the driver does that
it doesn’t. Instead, you map the packet buffers into user-mode space.
换句话说,要从driver开始写,不做标准的TCP/IP支持。所以部署的软件,不只是OS参
数的问题,换个网卡都不行。在我看来,这种做法,做个DNS, load balancer也许可以
... 阅读全帖
T********i
发帖数: 2416
35
来自主题: Programming版 - 10M persistent TCP connections
我不管此人是谁。我就问你是否知道OpenOnLoad的用户多少?
我用OpenOnLoad 4年还从来没崩过。什么叫不稳定?
OpenOnLoad是hybrid,就是kernel-mode和user-mode都能用。不是pure user-mode。而
且OpenOnLoad是20m packets/s。达不到该blog号称的intel的80m packets/second。
这些都不是问题。问题是C10M即使不用OpenOnLoad,保持10M连接根本没问题。受影响
的是throughput。而且这个影响不大,顶多是一倍。
况且,Solarflare NIC顶多是2X10G的ethernet port。Intel号称的80G。
当然,和你说这些也没啥用。反正你牵狗就来喷。

呗。
of
stack
m*f
发帖数: 3078
36
来自主题: Programming版 - 开始折腾DPDK+mTCP
10gbps,dpdk对64byte的包,处理能力直接到线速,大概双向28.88 million packets
per second,这个网上都查得到。同样纯linux内核协议栈只能处理到dpdk的零头,同样
双向,64 bytes的小包,印象中不到5 million packets per second。腾讯和阿里都有
dpdk现成的产品好多年
dpdk不完全是用户态这么简单,还有很多别的基于linux的技术,比如huge page,物理
页可以是2m或1g,大大减少了tlb的失败的可能性,通常标准linux的物理页只有4k
p******g
发帖数: 347
37
================================================================debug3:
authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/nowhere7/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-
with-mic,password
debug1: Trying private key: /home/nowhere7/.ssh/id_dsa
debug3: no such identity: /home/nowhere7/.ssh/id_dsa: No such file ... 阅读全帖
h**h
发帖数: 132
38
来自主题: Security版 - 似乎中国的网络经过日本
I will probably not worry about that. Alternative route is definitely
there, it may be just a backup circuit, which is much more expensive
and less easier to use. As a rule of thumb, IP packet is best of effort
delivery, that's why it take path through jp.
Overall, it is because China is not as advanced as JP in terms of
economics, technology. If China is as strong as US, or just better than
JP, I guess those fat pipe will come out between US and CN directly,
then you will see packets between US
m*********d
发帖数: 7
39
来自主题: Security版 - 似乎中国的网络经过日本

It is not necessary to buy out all isp's.
Just as you said, having a direct high speed optical line
between u.s. of a. and p.r.c is enough.
Shortest path are the usual path a packet will follow.
I am not advocating about how all packets should be routed, but
wishing to avoid at all cost to route through jp.
a***t
发帖数: 39
40

也不断地向server

The short answer is: usually not.
The longers answer is more complicated:
1. when your computer is receiving the information from the server, it also
sends the information back to server, like acknowledgement packets. TCP
traffic is always bi-directional.
2. It depends on the specific VPN. Some kind of VPN gateways like Nortel sends
the keepalive packet once every minute (tuneable) to make sure the client is
still alive, if not, it will tear down the connection.
3. It also depends
y***n
发帖数: 114
41
来自主题: Security版 - reduce tcpdump to connection level.
Hi,
Could anyone tell me where I can find some programs that can analyze tcpdump
raw file and generate an output to the connection level? As far as I know,
tcpdump only gives the record of each packet, but I just want to summarize
these packets to connection level. For example, the duration time, bytes sent
to/from and syn flag of each connection. Thank you.
b****k
发帖数: 10
42
来自主题: Security版 - 网络监听问题请教
If you are using switch, then you can only get broadcast or multicast packets.
It soulds like you're getting multicast packets.




k***r
发帖数: 496
43
Time Message Source Destination
Jan/05/2007 06:07:35 Unknow Packet!! 82.101.189.49:36185 68.32.102.111:42641

Note
Packet Dropped
68.32.102.111 是我的router的ip。这个82.101.189.49:36185想干什么?
谢谢指教。
a**a
发帖数: 63
44
来自主题: Unix版 - TCP throughput: What does it mean?
Effective transmission (in bits) divided by total time used (in seconds).
"Effective" -- since there's packet drop and re-transmission and thus
duplicate transmission for packets.

don't
sentence
or
y******e
发帖数: 7
45
来自主题: Unix版 - [转载] ifconfig 一问
【 以下文字转载自 THU 讨论区 】
【 原文由 yjlspace 所发表 】
请问ifconfig其中几项的意思?
1. eth0 Link encap:Ethernet HWaddr 00:02:B3:39:2C:41
2. inet addr:10.0.1.14 Bcast:10.0.1.255 Mask:255.255.255.0
3. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
4. RX packets:86 errors:0 dropped:0 overruns:0 frame:0
5. TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
6. collisions:0 txqueuelen:100
7. RX bytes:5426 (5.2 Kb) TX bytes:1022 (1022.0 b)
8.
首页 上页 1 2 3 4 5 6 7 8 9 10 下页 末页 (共10页)