wireshark 包 分析 之 ftp 协议 还原 问题
来源:互联网 发布:php银联在线支付 编辑:程序博客网 时间:2024/05/01 12:37
问题:
由 ftp 文件 还原 问题 引出的 包的丢失 进行的 简要分析。
Understanding [TCP ACKed unseen segment] [TCP Previous segment not captured]
That very well may be a false positive. Like the warning message says, it is common for a capture to start in the middle of a tcp session. In those cases it does not have that information. If you are really missing acks then it is time to start looking upstream from your host for where they are disappearing. It is possible that tshark can not keep up with the data and so it is dropping some metrics. At the end of your capture it will tell you if the "kernel dropped packet" and how many. By default tshark disables dns lookup, tcpdump does not. If you use tcpdump you need to pass in the "-n" switch. If you are having a disk IO issue then you can do something like write to memory /dev/shm. BUT be careful because if your captures get very large then you can cause your machine to start swapping.
My bet is that you have some very long running tcp sessions and when you start your capture you are simply missing some parts of the tcp session due to that. Having said that, here are some of the things that I have seen cause duplicate/missing acks.
- Switches - (very unlikely but sometimes they get in a sick state)
- Routers - more likely than switches, but not much (路由)
- Firewall - More likely than routers. Things to look for here are resource exhaustion (license, cpu, etc)(防火墙)
- Client side filtering software - antivirus, malware detection etc.(客户端过滤软件防病毒,恶意软件检测)
seq是序列号,这是为了连接以后传送数据用的,ack是对收到的数据包的确认,值是等待接收的数据包的序列号。
可以看到 图1, seq = 558 , ack表示确认之前收到的 1812个包。 len的长度表示此包内容长度, 那么下次包的数量应该为558+17 = 575
控制和数据分连接传输的优点,我目前想到的有以下几点:
1、保证控制信息的独立性,精确到达,不受数据流影响,甚至可以控制流走tcp,数据流走udp;
- wireshark 包 分析 之 ftp 协议 还原 问题
- wireshark抓包分析之ftp协议的分析
- Wireshark抓包系列教程之二:HTTP协议分析
- wireshark过滤表达式&wireshark捕获ftp协议分析
- Wireshark实战分析之DNS协议分析
- wireshark 还原语音包 RTP
- wireshark 还原语音包 RTP
- Wireshark抓包实例分析HTTP问题
- Wireshark实战分析之UDP协议
- Wireshark实战分析之ARP协议
- Wireshark实战分析之IP协议
- Wireshark实战分析之UDP协议
- Wireshark实战分析之TCP协议
- Wireshark实战分析之DHCP协议
- Wireshark实战分析之TCP协议
- wireshark抓包分析和协议解析(转载)
- wireshark 抓包分析 TCPIP协议的握手
- Wireshark数据抓包分析——网络协议篇
- 流VPN对于Mac用户
- 深入ARC实现机制(一)
- 你想成为优秀的Java程序员吗? 面向对象
- Costume Party poj 3663 c++
- stacked CNN深度卷积网络的简单介绍
- wireshark 包 分析 之 ftp 协议 还原 问题
- oracle 修改服务器编码
- Effective C# Item30:尽可能实现CLS兼容的程序集
- python装饰器简单入门
- Windows Service
- maven 常用命令
- hdu 4007 Task schedule
- iOS学习之 iOS7下改变UINavigationBar颜色
- UVaLive 3530 - Martian Mining (简单DP)