PacketScope leverages eBPF to trace every packet inside the TCP/IP stack, visualizes protocol interactions, and uses large language models to automatically detect and block sophisticated network attacks with zero‑delay, addressing the growing $10.5 trillion cyber‑crime threat projected for 2025.
This guide walks senior operations engineers through ten authentic production‑level network problems, demonstrating how to capture and analyze packets with TCPDump, interpret key TCP/IP indicators, and apply concrete fixes ranging from firewall rules to load‑balancer health‑check settings.
This comprehensive guide walks you through why tcpdump is essential for ops engineers, how to install and configure it, basic and advanced filtering commands, real incident case studies, performance tuning, security analysis, and integration with other tools, turning raw packet captures into actionable insights.
This article walks senior operations engineers through ten authentic production‑level TCPDump case studies, teaching core command options, packet‑analysis heuristics, and a systematic four‑step troubleshooting framework that turns network mysteries into clear, actionable solutions.
This guide explains how to install TCPDump on various platforms, list network interfaces, capture traffic, apply filters by IP, port, or protocol, save and read capture files, and use advanced options like limiting packet count and displaying packet contents, empowering network and security professionals.
The article analyzes a mysterious production stall caused by a TCP communication bug where the D4 and D5 stages are merged, leading to a mis‑aligned length field that makes the server read an incorrect payload size, and presents two concrete fixes.
This article explains the purpose of TCP RST packets, how they appear during connection establishment, data transfer, firewall enforcement, and teardown, and provides practical techniques for distinguishing legitimate resets from spoofed or policy‑driven resets to improve network troubleshooting and security.
The article details a mysterious production stall at 70% caused by a TCP packet length field misalignment when the configuration name is "rabbit‑TD", explains the step‑by‑step investigation using server logs and packet captures, identifies the root cause of the merged D4/D5 packets, and proposes two concrete fixes to correct the length handling.
This article explains what TCP RST packets are, why they appear during connection establishment, data transfer, and termination, and how to diagnose server‑side, client‑side, and firewall‑induced resets by examining sequence diagrams, common error conditions, and TTL differences.
TCP RST packets, used to abruptly terminate or reject connections, appear at various stages—handshake, data transfer, and teardown—and can stem from server port closures, connection limits, malformed SYNs, firewall policies, timeouts, or middlebox interventions, with each scenario identifiable through detailed packet‑level analysis.
This guide explains how to use tcpdump on Linux to capture all traffic, filter by IP or port, save to files, read pcap files, and apply advanced filters, while highlighting important security, permission, and storage considerations.
This guide explains what TCPDump is, why it matters for Linux network monitoring, how it works under the hood, its key features and security considerations, how to install it, a full breakdown of its command‑line options, and dozens of practical examples for capturing and filtering packets, including integration with Wireshark.
This guide introduces tshark, shows how to install it on CentOS 7, demonstrates common capture commands, explains key command‑line options, and provides troubleshooting tips for effective network packet analysis.
The article explains how the four TCP/IP layers function, describes typical attacks targeting each layer such as ARP spoofing, DoS (including SYN flood), and DNS hijacking, and outlines detection and mitigation techniques for improving network security.
This guide explains how to use tcpdump for capturing and filtering network packets on Linux, covering basic usage, interface selection, host and port filters, protocol-specific captures, combined expressions, limiting capture size, saving to files, and a practical troubleshooting scenario with nginx and Node.js.
This article explains how to visualize and dissect TCP/IP packet structures using Wireshark, walks through each OSI/TCP‑IP layer, and details the fields of the TCP header such as ports, sequence numbers, flags, and checksum, providing a practical understanding of network protocol fundamentals.
This article explains the HTTPS protocol, its security advantages over HTTP, and provides a step‑by‑step Wireshark packet capture and analysis of a test website, covering TCP three‑way handshake, TLS ClientHello/ServerHello, certificate verification, key exchange, and encrypted data transmission.
pwru, Cilium’s eBPF‑based packet tracing utility, offers fine‑grained network diagnostics; this guide covers kernel requirements, installation steps, command‑line options, real‑world iptables drop detection examples, and an in‑depth look at its eBPF map configuration and perf‑event output mechanism.
This guide walks through Wireshark's powerful features for filtering packets by IP, protocol, and port, adjusting time display formats, viewing and modifying TCP sequence numbers, saving filtered captures, performing packet statistics, decoding logs, tracing TCP streams, and identifying device manufacturers via MAC addresses.
This guide walks through Wireshark's powerful features—including precise packet filtering, custom time display formats, absolute sequence number handling, exporting filtered captures, packet count statistics, decoding logs, TCP stream tracking, and manufacturer identification—to help engineers troubleshoot and analyze network traffic efficiently.
An in‑depth overview of network security threats reveals how attacks exploit vulnerabilities across TCP/IP layers—detailing ARP spoofing, DoS (including SYN flood), and DNS hijacking—and offers practical defense strategies such as packet analysis, firewall hardening, and proactive monitoring.
This guide demonstrates how to use Python's Scapy library to extract IP addresses from PCAP files, sniff usernames and passwords from mail traffic, discover live hosts via SYN packets, launch MAC address table flooding attacks, and conduct ARP spoofing for man‑in‑the‑middle attacks, providing complete code examples.
This article provides a comprehensive technical analysis of the HTTP/2 protocol, detailing its architectural improvements over HTTP/1.1, including HPACK header compression, binary framing, stream multiplexing, and server push, while demonstrating practical packet capture techniques to illustrate its performance optimizations.
This article explains the background of Server Load Balancing (SLB), details its three transmission modes—reverse proxy, transparent, and triangle—illustrates packet interactions with TCP and HTTP flows, and provides analysis of each mode using Wireshark captures.
This article provides a comprehensive overview of the Domain Name System, explaining how hostnames map to IP addresses, the hierarchical distributed design of DNS servers, query processes, caching mechanisms, packet structures, common attack vectors, and defensive measures such as DNSSEC.
This comprehensive guide explains DNS fundamentals, hierarchical server architecture, query processes, packet structure, caching mechanisms, and common security threats, providing clear examples, diagrams, and practical insights for anyone preparing for networking interviews or deepening their understanding of internet name resolution.
This article explains the background of server load balancing (SLB), compares layer‑4 and layer‑7 approaches, and details the three SLB transmission modes—reverse proxy, transparent pass‑through, and triangle—including packet‑level analysis and practical considerations.
The article investigates why MySQL replication reports the error “heartbeat is not compatible with local info” when large transactions exceed the 4 GB limit of the binlog's next_position field, reproduces the issue with a controlled experiment, analyzes packet structures, and proposes practical mitigation strategies.
This article explains the background of Server Load Balancing (SLB), describes its three transmission modes—reverse‑proxy, transparent, and triangular—and provides detailed packet‑level analysis of TCP/HTTP interactions for each mode, highlighting configuration nuances and security considerations.
This article provides a detailed walkthrough of MySQL protocol analysis using Wireshark, covering SSL disabling, packet capture commands, step‑by‑step examination of handshake, authentication, database selection, query execution packets, and an in‑depth look at related source‑code functions and command enums.
This article explains how network packets map to the TCP/IP four‑layer model, uses Wireshark and browser developer tools to capture and dissect HTTP requests, and illustrates each layer—from Ethernet to application—with clear examples and visual screenshots.
This article explains the fundamentals of the ARP (Address Resolution Protocol) and ICMP (Internet Control Message Protocol), describing how they operate in LAN environments, detailing their packet structures, and illustrating their practical use through ping and tracert commands with packet capture analysis.
Using Wireshark, this article dissects a complete HTTP request, explaining the TCP three‑way handshake, window scaling, SACK options, four‑step termination, and Keep‑Alive mechanisms, while illustrating each packet with screenshots and detailing how browsers may merge handshake steps for efficiency.
This article walks through capturing and dissecting an HTTP request with Wireshark, explaining TCP three‑way handshake, window scaling, SACK options, four‑way termination, and Keep‑Alive mechanisms, and shows how browsers may differ in connection handling.
The paper examines novel TCP reflection DDoS methods that exploit CDN IP ranges and increasingly use pure ACK responses, outlines their handshake‑state behavior, and proposes a per‑connection tracking defense algorithm—implemented in Tencent’s DaYu platform—to detect and mitigate SYN/ACK, ACK, and RST reflection flows without affecting legitimate traffic.
This article introduces the OSI model, IP and UDP protocols, explains the structure of IP and UDP packet headers, demonstrates how to create a simple UDP server and client in Python, and shows how to capture and analyze the traffic with Wireshark.
This comprehensive tutorial walks through capturing HTTP traffic with Wireshark and tcpdump, decodes raw TCP packets, explains request and response structures, explores encoding, MIME types, methods, status codes, and advanced topics such as proxies, caching, cookies, redirection, and connection management, giving developers a solid understanding of how HTTP works under the hood.
