最新的wireshark可以直接识别出mptcp。

Wireshark is a widely used network analyzer that can capture network traffic, save the captured packets (*.pcap) for later analysis and most importantly helps with analyzing such packet traces. Wireshark supports many protocols, which means it is able to assign meaning to bytes (dissect in the wireshark nomenclature) and display it accordingly. In some cases as in the TCP dissector, Wireshark even builds some state to provide expert information, for instance to identify TCP retransmissions. So far, Wireshark supported stateless dissection of MPTCP, i.e., it could dissect MPTCP options correctly, without being able to identify Multipath TCP connections.

Since November 2015 and the following patch (i.e., starting from Wireshark >= 2.1), Wireshark now considers MPTCP as a separate protocol, and builds states for MPTCP as well, thus mimicking TCP dissection.

This means Wireshark is now able to (providing the matching features are enabled):

  • map TCP subflows (tcp.stream) to MPTCP connections (mptcp.stream, see also mptcp.analysis.subflows).
  • List MPTCP connections

  • identify the master subflows (*mptcp.master == 1*)
  • check for mistmatched key/tokens and key/initial sequence data number (ISN)
  • etc... start filtering packets with *mptcp.* and wireshark autocompletion should show the different possibilities

Full MPTCP dissection can be quite CPU-consuming, thus some options are disabled by default and can be enabled through the menu Edit -> Preferences -> Protocols ->MPTCP.

  • Display relative MPTCP sequence numbers substracts the ISN to Data Sequence Numbers. This works only if the initial packets with the keys (3 way handshake) are captured and the wireshark option tcp relative sequence numbers is enabled.
  • In depth analysis of data sequence signal (DSS) mappings tells wireshark to look for the packets which sent the DSS mappings that cover the current packet; wireshark then displays a clickable item that brings you to the packet. This feature enables the creation of interval trees (introduced especially for this feature), which should consume quite a bit of memory/CPU so use with care !
  • Check for data duplication across subflows is a feature that was intended to help detect opportunistic reinjections or redundant schedulers but this is mostly experimental so use with care.

http://blog.multipath-tcp.org/blog/html/2016/08/23/mptcp_analyzer.html

MPTCP in Wireshark(转)的更多相关文章

  1. MPTCP iperf 发包方式

    之前用的发包方式是发送大文件,用NC监测. 今天改了另外一种发包方式iperf,简单记录下. iperf发包,具体方法: 1.在终端中运行拓扑脚本: 运行py脚本:sudo python topy.p ...

  2. wireshark 相关提示

    Packet size limited during capture      提示说明标记的包没有抓全,在某些操作系统中,默认只抓96个字节,tcpdump中有"-s"参数可用于 ...

  3. Wireshark

    0. install Wireshark on Ubuntu 14 sudo apt-get install -y wireshark sudo addgroup -quiet -system wir ...

  4. 通过Wireshark抓包进行Cookie劫持

    首先在目标A机器上运行Wireshark并开启浏览器,开启前关闭其他占用网络的软件,这里我拿51CTO.com做测试. 正常登陆51CTO用户中心,此时使用 http.cookie and http. ...

  5. 运维之网络安全抓包—— WireShark 和 tcpdump

    ------------------------------------------------本文章只解释抓包工具的捕获器和过滤器的说明,以及简单使用,应付日常而已----------------- ...

  6. 【转】[fix] Wireshark error: There are no interfaces on which a capture can be done. on Mac OS X

    I got the following error message when trying to open a network interface for capture using Wireshar ...

  7. kali linux之窥看女神上网隐私(ettercap+wireshark+zenmap +dsniff)

    作者:小波 http://www.cnblogs.com/xiaobo-Linux/ 无聊就玩了玩,不要干一些坏事哟~~网上也有一些文章关于kali linux的,就实战了一番.kali是用的debi ...

  8. Ubuntu16.04 LTS下apt安装WireShark

    Ubuntu16.04 LTS下apt安装WireShark 安装与配置 首先通过apt安装WireShark: $ sudo apt install wireshark 会同时安装许多的依赖包,其中 ...

  9. wireshark lua脚本

    1.目的:解析rssp2协议   2.如何使用wireshark lua插件 将编写的(假设为rssp2.lua)lua文本,放入wireshark 安装目录下,放哪里都行只要dofile添加了路径. ...

随机推荐

  1. iOS设计模式 - (2)UML类间关系精解

    在正式讲设计模式之前, 介绍一下UML类图之间的关系还是非常有必要的, 由于一些教程, 书籍, 包含我之后的文章, 都会大量使用类图, 去描写叙述各个类之间的关系.这是一种非常直观, 简约的方式. 当 ...

  2. ZYThumbnailTableView---堪比一个小型阅读App

    Demo github地址: https://github.com/liuzhiyi1992/ZYThumbnailTableView 原文地址:http://zyden.vicp.cc/zythum ...

  3. laravel 配置了自己的域名以后, localhost 无法访问 404 not found 的解决方法

    这是后盾网视频教程的方法,应该是配置虚拟主机,此方法要改动,apache服务器里的conf文件夹里的httpd.conf文件 和conf/extral里面的httpd-vhost文件 具体改动为,co ...

  4. 手机pc显示不同的内容

    <script type="text/javascript"> // var txt = $('#sjyincang').html(); // alert(txt); ...

  5. 怎样得到QML package的具体API接口

    虽然我们的developer站点有丰富的API介绍,可是,有些API的介绍可能并不全,有些API也在不断地演进中. 为了得到更具体的API,我们能够通过例如以下的命令来得到更加具体的信息.比方我们对& ...

  6. c# winform 根据窗体自动调整控件

    一.概述 本文要实现的功能是:当窗体最大化时,控件的大小可以随窗体一起变化.开发环境,vs2010 c# winform,窗体名称采用默认的Form1. 2.把调整控件大小的方法放到一个类中:Form ...

  7. docker: Dockerfile命令介绍

    前一章介绍了Dockerfile创建镜像的方法,Dockerfile文件都是一些指令,因此要掌握Dockerfile就必须了解这些指令.这一章就介绍下Dockerfile的指令. From: 功能为指 ...

  8. 配置tomcat,访问端口改为80

    首先:找到tomcat的的config文件夹下的server.xml文件: 编辑server.xml 保存server.xml文件,重启tomcat服务器,即可. 亲测好使.

  9. C++ ini解析器

    在gitee上找到的一个很好用的ini文件解析器,纯C++代码,移植方便. 项目地址:https://gitee.com/sollyu/IniParser 稍微修改了下,去掉了Windows平台相关定 ...

  10. 我所认为的KVC和KVO

    引子:    ​   为什么要写这个,只是突然一个念头闪现,说一下本人目前理解.KVC:    ​   Key-value coding,它是一种使用字符串标识符,间接访问对象属性的机制.但是关就这一 ...