Ask Your Question

markleo's profile - activity

2022-06-21 08:01:45 +0000 marked best answer How to export part of a TCP stream to a .pcapng file?

How to export part of a TCP stream to a .pcapng file?

2022-06-20 12:07:41 +0000 marked best answer there say `Change Cipher Spec`? why it do not use `Choose Cipher Suite`?

I have a question about Server Hello of TLS handshake.

you see the red frame I tagged.

why there say Change Cipher Spec? why it do not use Choose Cipher Suite?

2022-06-20 08:52:08 +0000 asked a question there say `Change Cipher Spec`? why it do not use `Choose Cipher Suite`?

there say `Change Cipher Spec`? why it do not use `Choose Cipher Suite`? https://i.stack.imgur.com/rvxmf.png I have a q

2022-06-20 02:32:10 +0000 edited question How to export part of a TCP stream to a .pcapng file?

How to export part of a TCP stream to a .pcapng file? https://i.stack.imgur.com/nW1Na.png How to export part of a TCP

2022-06-20 02:31:56 +0000 edited question How to export part of a TCP stream to a .pcapng file?

How to export part of a TCP stream to a .pcapng file? How to export part of a TCP stream to a .pcapng file?

2022-06-20 01:59:48 +0000 asked a question How to export part of a TCP stream to a .pcapng file?

How to export part of a TCP stream to a .pcapng file? How to export part of a TCP stream to a .pcapng file?

2022-04-10 05:43:20 +0000 commented answer Where is the iptables MARK location in my case?

then how can kernel identify the actual packet? so the mark in kernel can correspond the actual packet.

2022-04-10 05:21:48 +0000 marked best answer Where is the iptables MARK location in my case?

In my Server, I emptied all the iptables rules, and then add below rule:

iptables -t mangle -N DIVERT  
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -A DIVERT -j MARK --set-mark 1  
iptables -t mangle -A DIVERT -j ACCEPT

I can check it:

[[email protected] go-tproxy]# iptables -n -L  -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DIVERT     tcp  --  0.0.0.0/0            0.0.0.0/0            socket

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain DIVERT (1 references)
target     prot opt source               destination         
MARK       all  --  0.0.0.0/0            0.0.0.0/0            MARK set 0x1
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

You see the MARK set 0x1 tag in rules, and then I useping www.demo.comand `curl -vo 1 'https://google.com' to test the data. and I capture the packages by wireshark, you can check: https://github.com/moonshineBoy/paste...

I didn't find the location of the MARK set 0x1 in capture-https.pcapng, please tell me where is the MARK location.

2022-04-10 05:21:48 +0000 received badge  Scholar (source)
2022-04-09 10:27:44 +0000 edited question Where is the iptables MARK location in my case?

Where is the iptables MARK location in my case? In my Server, I emptied all the iptables rules, and then add below ru

2022-04-09 10:27:44 +0000 received badge  Editor (source)
2022-04-09 10:17:47 +0000 asked a question Where is the iptables MARK location in my case?

Where is the iptables MARK location in my case? In my Server, I emptied all the iptables rules, and then add below ru

2022-04-09 04:50:26 +0000 asked a question How could Wireshark pick out the streams of UDP or TCP?

How could Wireshark pick out the streams of UDP or TCP? how could wireshark to pick out TCP or UDP stream ? what's t

2021-11-19 06:35:16 +0000 asked a question How to get all the domains which use DNS query?

How to get all the domains which use DNS query? How to list all the DNS domains? I have a requirement: check my snapsh