Wireshark-users: Re: [Wireshark-users] Wireshark-users Digest, Vol 58, Issue 9
From: Paula Dufour <psdufour@xxxxxxxxx>
Date: Thu, 10 Mar 2011 22:37:23 -0500
Hi,
The localhost address is used by the operating system as a way to pass information through different processes of an application. Netbackup is one example.
Paula
On Thu, Mar 10, 2011 at 3:00 PM, <wireshark-users-request@xxxxxxxxxxxxx> wrote:
Send Wireshark-users mailing list submissions to
wireshark-users@xxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
wireshark-users-request@xxxxxxxxxxxxx
You can reach the person managing the list at
wireshark-users-owner@xxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."
Today's Topics:
1. localhost versus url (Tony Anecito)
2. Re: localhost versus url (David Alanis)
3. Re: Help with Zigbee decryption (Joe Desbonnet)
4. Re: localhost versus url (Jaap Keuter)
5. Re: localhost versus url (Guy Harris)
6. Re: Help with Zigbee decryption (Maynard, Chris)
7. question about SCTP multi-homing (WangWeiguo)
8. Re: localhost versus url (Tony Anecito)
9. Re: localhost versus url (Tony Anecito)
10. Re: localhost versus url (Jaap Keuter)
11. Re: localhost versus url (Tony Anecito)
12. Re: question about SCTP multi-homing (Michael T?xen)
13. Re: question about SCTP multi-homing (Jeff Morriss)
14. Re: Help with Zigbee decryption (Guy Harris)
----------------------------------------------------------------------
Message: 1
Date: Wed, 9 Mar 2011 14:11:33 -0800 (PST)
From: Tony Anecito <adanecito@xxxxxxxxx>
To: Wireshark Users <wireshark-users@xxxxxxxxxxxxx>
Subject: [Wireshark-users] localhost versus url
Message-ID: <957435.27881.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=iso-8859-1
Hi All,
I was running some performance tests last week and noticed with the client app
running on the same server or apache web server machine the response time was
much better when using localhost in the url versus my domain name.?I assumed
somehow the connection is bypassing my router and connecting to the apache
process directly. Is that so and if not what should I see on Wireshark if
anything? Or is even the tcp/ip stack short circuited?
Thanks,
-Tony
------------------------------
Message: 2
Date: Wed, 09 Mar 2011 17:28:26 -0600
From: David Alanis <canito@xxxxxxxx>
To: wireshark-users@xxxxxxxxxxxxx
Subject: Re: [Wireshark-users] localhost versus url
Message-ID: <20110309172826.mdv02xxdisw88ws4@xxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes";
format="flowed"
Quoting Tony Anecito <adanecito@xxxxxxxxx>:
> Hi All,
>
> I was running some performance tests last week and noticed with the
> client app
> running on the same server or apache web server machine the response time was
> much better when using localhost in the url versus my domain name.
Do you have the domain entered correctly in your /etc/hosts file?
During your performance tests whilst using the FQDN did you notice any
weird DNS/Reverse lookups for your domain name?
That definately sounds fishy, but not improbable.
> ?I assumed
> somehow the connection is bypassing my router and connecting to the apache
> process directly. Is that so and if not what should I see on Wireshark if
> anything? Or is even the tcp/ip stack short circuited?
Let me make sure I understand, if you configure Apache (e.g.) with the
domain name it is much slower than configuring Apache with the
localhost name?
>
> Thanks,
> -Tony
>
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
------------------------------
Message: 3
Date: Wed, 9 Mar 2011 23:38:51 +0000
From: Joe Desbonnet <joe@xxxxxxxxxx>
To: wireshark-users@xxxxxxxxxxxxx
Subject: Re: [Wireshark-users] Help with Zigbee decryption
Message-ID:
<AANLkTincGhAxvwcXJBTAQjYNUHUD0V9_AcyYLzAA3no=@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
To answer my own question. I succeeded in decrypting ZigBee HA (Home
Automation) profile packets a while back, but thought it worth
mentioning here in case anyone else has the same problem.
I upgraded to version 1.4.3 of Wireshark. Then set the following:
Edit -> Preferences... -> Protocols -> ZigBee NWK
Security Level: AES-128 Encryption, 32-bit Integrity Protection
Network Key: 39:30:65:63:6E:61:69:6C:6C:41:65:65:42:67:69:5A
(that's the ASCII values of ZigBeeAlliance09 *in reverse*)
BTW: if anyone has the ZENA 802.15.4 / ZigBee network analyzer from
Microchip Technologies, I've written a short Linux C utility that
streams the packets from the device in PCAP format and can be piped
into Wireshark. Details here: http://code.google.com/p/microchip-zena/
Joe.
On Fri, Jan 14, 2011 at 12:38 AM, Joe Desbonnet <joe@xxxxxxxxxx> wrote:
> I'm attempting to sniff and decrypt packets in home automation
> equipment which is supposed to be setup with encryption key
> "ZigBeeAlliance09".
>
> I've entered ZigBeeAlliance09 as a string in the "Network Key" field
> in Edit -> Preferences -> Protocols -> Zigbee NWK
> however the UI does not seem to be acting on it.
>
> In the packet view under Zigbee Security Header I have a collapsible node:
>
> ?[Expert Info (Warn/Undecoded): Encrypted Payload]
> ?[Message: Encrypted Payload]
> ?[Severity level: warn]
> ?[Group: Undecoded]
>
> Then the Data node just lists the data from the packet verbatim (no decryption).
>
> What must I do to decrypt this payload? I've tried other random
> strings for the key and it makes no difference. It doesn't seem to be
> trying to decrypt.
>
> To reproduce my problem see the pcap capture file here:
> http://www.mail-archive.com/wireshark-bugs@xxxxxxxxxxxxx/msg24773.html
> (file bug5331_test.pcap). The text of the bug implies it uses the same
> key (ZigBeeAlliance09). Look at the first packet. The payload is two
> bytes 0xb9 0x06 (encrypted). I cannot find any way view the decrypted
> packet.
>
> I'm using the standard Ubuntu package (version 1.2.7) and I also tried
> the latest version 1.4.3.
>
> Any pointers or suggestions would be greatly appreciated.
>
> Thanks in advance,
>
> Joe.
>
------------------------------
Message: 4
Date: Thu, 10 Mar 2011 08:19:12 +0100
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] localhost versus url
Message-ID: <4D787B70.3090006@xxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hello Tony,
Assuming your domain name is resolved to your public IP address on the outside
of the firewall/NAT, your assumption is right.
When entering localhost in the URL, that's resolved to 127.0.0.1, your local
machines loopback interface. No Ethernet networking involved, so watching with
Wireshark won't show this traffic at all (unless capturing the on the loopback
interface on a !Windows machine).
When entering the FQDN in the URL, that's resolved to your outside address.
Browser traffic flows to that address first, then comes back to access the
Apache server. Now you'll see the traffic when you capture on the network
interface, once going out and once coming in.
In the circumstance that there's no NAT involved (so your outside address is
your interface address) you still end up with more delay that going through the
loopback interface. The extra DNS interactions, and probably additional safety
measures of your platform, take away a little time for every object retrieved.
Thanks,
Jaap
On 03/09/2011 11:11 PM, Tony Anecito wrote:
> Hi All,
>
> I was running some performance tests last week and noticed with the client app
> running on the same server or apache web server machine the response time was
> much better when using localhost in the url versus my domain name. I assumed
> somehow the connection is bypassing my router and connecting to the apache
> process directly. Is that so and if not what should I see on Wireshark if
> anything? Or is even the tcp/ip stack short circuited?
>
> Thanks,
> -Tony
------------------------------
Message: 5
Date: Wed, 9 Mar 2011 23:39:09 -0800
From: Guy Harris <guy@xxxxxxxxxxxx>
To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] localhost versus url
Message-ID: <4D2C809E-01C4-417C-ACF9-C1E92F922075@xxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii
On Mar 9, 2011, at 11:19 PM, Jaap Keuter wrote:
> Assuming your domain name is resolved to your public IP address on the outside of the firewall/NAT, your assumption is right.
>
> When entering localhost in the URL, that's resolved to 127.0.0.1, your local machines loopback interface. No Ethernet networking involved, so watching with Wireshark won't show this traffic at all (unless capturing the on the loopback interface on a !Windows machine).
!Windows && !Solaris - Solaris (except perhaps in OpenSolaris 11) doesn't support a capture mechanism that can listen to loopback traffic.
On the other hand:
> When entering the FQDN in the URL, that's resolved to your outside address. Browser traffic flows to that address first, then comes back to access the Apache server. Now you'll see the traffic when you capture on the network interface, once going out and once coming in.
...in at least some operating systems, even attempts to send packets to one of your own network addresses will go through the same path as attempts to send packets to 127.0.0.1, so either you won't be able to capture them at all, on Windows (where there is no equivalent to UN*X loopback interfaces; the Windows "loopback interface" is different) or on UN*Xes where you can't capture in the loopback interface, or you'll have to capture them on the loopback interface, just as you capture traffic to 127.0.0.1.
> In the circumstance that there's no NAT involved (so your outside address is your interface address) you still end up with more delay that going through the loopback interface. The extra DNS interactions, and probably additional safety measures of your platform, take away a little time for every object retrieved.
My guess is that's the performance issue; traffic from your machine to one of its non-loopback IP addresses, or to its loopback address, largely go through the same code path, so it's probably that looking up the host name via DNS is slower than looking up "loopback" or that something else is triggered by traffic to a local address that's not triggered by traffic to 127.0.0.1.
------------------------------
Message: 6
Date: Thu, 10 Mar 2011 09:48:27 -0500
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
To: 'Community support list for Wireshark'
<wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Help with Zigbee decryption
Message-ID:
<FEA7253CE01175418CE6A9BE162A91552A066A345B@xxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"
Thanks for the information Joe. I posted a link to your tool on the Wireshark wiki: http://wiki.wireshark.org/WPANFamily
- Chris
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Joe Desbonnet
Sent: Wednesday, March 09, 2011 6:39 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: Re: [Wireshark-users] Help with Zigbee decryption
BTW: if anyone has the ZENA 802.15.4 / ZigBee network analyzer from
Microchip Technologies, I've written a short Linux C utility that
streams the packets from the device in PCAP format and can be piped
into Wireshark. Details here: http://code.google.com/p/microchip-zena/
- end -
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.
------------------------------
Message: 7
Date: Fri, 11 Mar 2011 02:03:08 +0800
From: WangWeiguo <encwgwg@xxxxxxxxxxx>
To: <wireshark-users@xxxxxxxxxxxxx>
Subject: [Wireshark-users] question about SCTP multi-homing
Message-ID: <SNT114-W863E5652A933AFEA48DFBA7C80@xxxxxxx>
Content-Type: text/plain; charset="gb2312"
Hi all,
Anyone can help with this SCTP multi-homing question? I've read the spec. (RFC 4960) and googled, but still it's quite hard to really understand the essentials of the multi-homing.
The question is based on the diagram as following, which is a SCTP association beteen End Point A and B, on each End Point has two IP addresses serving this SCTP association:
Node A Node B
IP A1 ------- IP B1
\ /
\ /
/\
/ \
IP A2 ------ IP B2
In this way, there are actually 4 physical links in this single association: A1 -> B1, A2 -> B2, A1 -> B2, and A2 -> B1.
The question is: among these 4 links, how many can be defined as Prime?
>From the spec., it looks like only one pair of IP addresses (ig. A1->B1) can be defined as prime so all traffic actually just goes on this link only, however in this way it means that among the 4 available links, only one is bearing traffic in normal cases and all other 3 are standby in case of prime failure, it doesn't look like make sense if compare to the possibility of having 2 out of 4 as prime and other 2 as standby. Furthermore, in case of prime (say A1-> B1) failure, which of the other three will take over and how are they prioritized?
Thanks.
Kevin. Wong.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110311/24ffbd53/attachment.html>
------------------------------
Message: 8
Date: Thu, 10 Mar 2011 10:04:56 -0800 (PST)
From: Tony Anecito <adanecito@xxxxxxxxx>
To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] localhost versus url
Message-ID: <543194.98893.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=iso-8859-1
Hi David,
My Domain name is registered with godaddy.
I have not tried Wireshark yet I was hoping this is commonly known why the
network would do this magic.
I will look at the other responses.
Many thanks for the quick feedback!
-Tony
----- Original Message ----
From: David Alanis <canito@xxxxxxxx>
To: wireshark-users@xxxxxxxxxxxxx
Sent: Wed, March 9, 2011 4:28:26 PM
Subject: Re: [Wireshark-users] localhost versus url
Quoting Tony Anecito <adanecito@xxxxxxxxx>:
> Hi All,
>
> I was running some performance tests last week and noticed with the? client
app
> running on the same server or apache web server machine the response time was
> much better when using localhost in the url versus my domain name.
Do you have the domain entered correctly in your /etc/hosts file?
During your performance tests whilst using the FQDN did you notice any weird
DNS/Reverse lookups for your domain name?
That definately sounds fishy, but not improbable.
> ?I assumed
> somehow the connection is bypassing my router and connecting to the apache
> process directly. Is that so and if not what should I see on Wireshark if
> anything? Or is even the tcp/ip stack short circuited?
Let me make sure I understand, if you configure Apache (e.g.) with the domain
name it is much slower than configuring Apache with the localhost name?
>
> Thanks,
> -Tony
>
>
>
> ___________________________________________________________________________
> Sent via:? ? Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:? ? http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>? ? ? ? ? ? ? mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
___________________________________________________________________________
Sent via:? ? Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:? ? http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
? ? ? ? ? ? mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
------------------------------
Message: 9
Date: Thu, 10 Mar 2011 10:12:31 -0800 (PST)
From: Tony Anecito <adanecito@xxxxxxxxx>
To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] localhost versus url
Message-ID: <597719.68738.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=iso-8859-1
Hi Jaap,
Many thanks that makes sense. I do have a router with a set of static ips
provided by my isp and one of the ips is registered with godaddy and is tied to
my own domain name and that was what I was using prior to using localhost. I did
notice on wireshark when using my domain I would see what you described.
I wonder what layers of the OSI 7 layer model is bypassed? I would think the
first three (1-3) would be bypassed?
Thanks,
-Tony
----- Original Message ----
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Sent: Thu, March 10, 2011 12:19:12 AM
Subject: Re: [Wireshark-users] localhost versus url
Hello Tony,
Assuming your domain name is resolved to your public IP address on the outside
of the firewall/NAT, your assumption is right.
When entering localhost in the URL, that's resolved to 127.0.0.1, your local
machines loopback interface. No Ethernet networking involved, so watching with
Wireshark won't show this traffic at all (unless capturing the on the loopback
interface on a !Windows machine).
When entering the FQDN in the URL, that's resolved to your outside address.
Browser traffic flows to that address first, then comes back to access the
Apache server. Now you'll see the traffic when you capture on the network
interface, once going out and once coming in.
In the circumstance that there's no NAT involved (so your outside address is
your interface address) you still end up with more delay that going through the
loopback interface. The extra DNS interactions, and probably additional safety
measures of your platform, take away a little time for every object retrieved.
Thanks,
Jaap
On 03/09/2011 11:11 PM, Tony Anecito wrote:
> Hi All,
>
> I was running some performance tests last week and noticed with the client app
> running on the same server or apache web server machine the response time was
> much better when using localhost in the url versus my domain name. I assumed
> somehow the connection is bypassing my router and connecting to the apache
> process directly. Is that so and if not what should I see on Wireshark if
> anything? Or is even the tcp/ip stack short circuited?
>
> Thanks,
> -Tony
___________________________________________________________________________
Sent via:? ? Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:? ? http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
? ? ? ? ? ? mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
------------------------------
Message: 10
Date: Thu, 10 Mar 2011 19:36:29 +0100
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] localhost versus url
Message-ID: <4D791A2D.4070205@xxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi,
Well, the relationship with OSI layers is a bit awkward, but if you want to talk
layers, you end up circumventing the Datalink and Physical Layers when going
through the loopback. The Network Layer determines that the packet doesn't need
to go to a physical network interface, but rigtht back into the network stack.
Thanks,
Jaap
On 03/10/2011 07:12 PM, Tony Anecito wrote:
> Hi Jaap,
>
> Many thanks that makes sense. I do have a router with a set of static ips
> provided by my isp and one of the ips is registered with godaddy and is tied to
> my own domain name and that was what I was using prior to using localhost. I did
> notice on wireshark when using my domain I would see what you described.
>
> I wonder what layers of the OSI 7 layer model is bypassed? I would think the
> first three (1-3) would be bypassed?
>
> Thanks,
> -Tony
>
>
>
> ----- Original Message ----
> From: Jaap Keuter<jaap.keuter@xxxxxxxxx>
> To: Community support list for Wireshark<wireshark-users@xxxxxxxxxxxxx>
> Sent: Thu, March 10, 2011 12:19:12 AM
> Subject: Re: [Wireshark-users] localhost versus url
>
> Hello Tony,
>
> Assuming your domain name is resolved to your public IP address on the outside
> of the firewall/NAT, your assumption is right.
>
> When entering localhost in the URL, that's resolved to 127.0.0.1, your local
> machines loopback interface. No Ethernet networking involved, so watching with
> Wireshark won't show this traffic at all (unless capturing the on the loopback
> interface on a !Windows machine).
>
> When entering the FQDN in the URL, that's resolved to your outside address.
> Browser traffic flows to that address first, then comes back to access the
> Apache server. Now you'll see the traffic when you capture on the network
> interface, once going out and once coming in.
>
> In the circumstance that there's no NAT involved (so your outside address is
> your interface address) you still end up with more delay that going through the
> loopback interface. The extra DNS interactions, and probably additional safety
> measures of your platform, take away a little time for every object retrieved.
>
> Thanks,
> Jaap
>
> On 03/09/2011 11:11 PM, Tony Anecito wrote:
>> Hi All,
>>
>> I was running some performance tests last week and noticed with the client app
>> running on the same server or apache web server machine the response time was
>> much better when using localhost in the url versus my domain name. I assumed
>> somehow the connection is bypassing my router and connecting to the apache
>> process directly. Is that so and if not what should I see on Wireshark if
>> anything? Or is even the tcp/ip stack short circuited?
>>
>> Thanks,
>> -Tony
------------------------------
Message: 11
Date: Thu, 10 Mar 2011 10:42:05 -0800 (PST)
From: Tony Anecito <adanecito@xxxxxxxxx>
To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] localhost versus url
Message-ID: <196569.32993.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=iso-8859-1
Thanks Jaap I was looking into that and I believe you are right even about the
relationship with OSI!
Best Regards,
-Tony
----- Original Message ----
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Sent: Thu, March 10, 2011 11:36:29 AM
Subject: Re: [Wireshark-users] localhost versus url
Hi,
Well, the relationship with OSI layers is a bit awkward, but if you want to talk
layers, you end up circumventing the Datalink and Physical Layers when going
through the loopback. The Network Layer determines that the packet doesn't need
to go to a physical network interface, but rigtht back into the network stack.
Thanks,
Jaap
On 03/10/2011 07:12 PM, Tony Anecito wrote:
> Hi Jaap,
>
> Many thanks that makes sense. I do have a router with a set of static ips
> provided by my isp and one of the ips is registered with godaddy and is tied
to
> my own domain name and that was what I was using prior to using localhost. I
>did
> notice on wireshark when using my domain I would see what you described.
>
> I wonder what layers of the OSI 7 layer model is bypassed? I would think the
> first three (1-3) would be bypassed?
>
> Thanks,
> -Tony
>
>
>
> ----- Original Message ----
> From: Jaap Keuter<jaap.keuter@xxxxxxxxx>
> To: Community support list for Wireshark<wireshark-users@xxxxxxxxxxxxx>
> Sent: Thu, March 10, 2011 12:19:12 AM
> Subject: Re: [Wireshark-users] localhost versus url
>
> Hello Tony,
>
> Assuming your domain name is resolved to your public IP address on the outside
> of the firewall/NAT, your assumption is right.
>
> When entering localhost in the URL, that's resolved to 127.0.0.1, your local
> machines loopback interface. No Ethernet networking involved, so watching with
> Wireshark won't show this traffic at all (unless capturing the on the loopback
> interface on a !Windows machine).
>
> When entering the FQDN in the URL, that's resolved to your outside address.
> Browser traffic flows to that address first, then comes back to access the
> Apache server. Now you'll see the traffic when you capture on the network
> interface, once going out and once coming in.
>
> In the circumstance that there's no NAT involved (so your outside address is
> your interface address) you still end up with more delay that going through
the
> loopback interface. The extra DNS interactions, and probably additional safety
> measures of your platform, take away a little time for every object retrieved.
>
> Thanks,
> Jaap
>
> On 03/09/2011 11:11 PM, Tony Anecito wrote:
>> Hi All,
>>
>> I was running some performance tests last week and noticed with the client
app
>> running on the same server or apache web server machine the response time was
>> much better when using localhost in the url versus my domain name. I assumed
>> somehow the connection is bypassing my router and connecting to the apache
>> process directly. Is that so and if not what should I see on Wireshark if
>> anything? Or is even the tcp/ip stack short circuited?
>>
>> Thanks,
>> -Tony
___________________________________________________________________________
Sent via:? ? Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:? ? http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
? ? ? ? ? ? mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
------------------------------
Message: 12
Date: Thu, 10 Mar 2011 20:11:54 +0100
From: Michael T?xen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] question about SCTP multi-homing
Message-ID: <9BD6F17D-38F7-47B8-8A15-BA89188F3182@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii
On Mar 10, 2011, at 7:03 PM, WangWeiguo wrote:
> Hi all,
> Anyone can help with this SCTP multi-homing question? I've read the spec. (RFC 4960) and googled, but still it's quite hard to really understand the essentials of the multi-homing.
>
> The question is based on the diagram as following, which is a SCTP association beteen End Point A and B, on each End Point has two IP addresses serving this SCTP association:
>
> Node A Node B
> IP A1 ------- IP B1
> \ /
> \ /
> /\
> / \
> IP A2 ------ IP B2
>
> In this way, there are actually 4 physical links in this single association: A1 -> B1, A2 -> B2, A1 -> B2, and A2 -> B1.
>
> The question is: among these 4 links, how many can be defined as Prime?
Typically, one of the remote peers addresses is considered a primary path (and the source address
will be selected based on the routing table). Also remote addresses are supervised using HEARTBEATs.
> From the spec., it looks like only one pair of IP addresses (ig. A1->B1) can be defined as prime so all traffic actually
The SCTP stack will select the primary address. Using the socket API, the application can
also specify which remote address should be the primary.
> just goes on this link only, however in this way it means that among the 4 available links, only one is bearing traffic in normal cases and all other 3 are standby in case of prime failure, it doesn't look like make sense if compare to the
Please note, that each node will supervise two remote addresses.
> possibility of having 2 out of 4 as prime and other 2 as standby. Furthermore, in case of prime (say A1-> B1) failure, which of the other three will take over and how are they prioritized?
The socket API does not provide a way to indicate where to failover to.
However, the application can handle notifications indicating that a path state
changes to UNREACHABLE and then set a new primary path.
The socket API I'm referring to is available at
http://tools.ietf.org/html/draft-ietf-tsvwg-sctpsocket
which is implemented (partly) by FreeBSD, Linux and Solaris.
Best regards
Michael
>
> Thanks.
>
> Kevin. Wong.
>
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
------------------------------
Message: 13
Date: Thu, 10 Mar 2011 14:24:41 -0500
From: Jeff Morriss <jeff.morriss.ws@gmail.com>
To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] question about SCTP multi-homing
Message-ID: <4D792579.8020402@xxxxxxxxx>
Content-Type: text/plain; charset=GB2312
WangWeiguo wrote:
> Hi all,
> Anyone can help with this SCTP multi-homing question? I've read the
> spec. (RFC 4960) and googled, but still it's quite hard to really
> understand the essentials of the multi-homing.
>
> The question is based on the diagram as following, which is a SCTP
> association beteen End Point A and B, on each End Point has two IP
> addresses serving this SCTP association:
>
> Node A Node B
> IP A1 ------- IP B1
> \ /
> \ /
> /\
> / \
> IP A2 ------ IP B2
>
> In this way, there are actually 4 physical links in this single
> association: A1 -> B1, A2 -> B2, A1 -> B2, and A2 -> B1.
>
> The question is: among these 4 links, how many can be defined as Prime?
> From the spec., it looks like *_only one_* pair of IP addresses (ig.
> A1->B1) can be defined as prime so all traffic actually just goes on
> this link only, however in this way it means that among the 4 available
> links, only one is bearing traffic in normal cases and all other 3 are
> standby in case of prime failure, it doesn't look like make sense if
> compare to the possibility of having 2 out of 4 as prime and other 2 as
> standby. Furthermore, in case of prime (say A1-> B1) failure, which of
> the other three will take over and how are they prioritized?
When asking a new question or starting a new topic of discussion, please
do not reply to an email on another topic. Doing so messes up the
threading (grouping of messages with the same topic together) in many
email clients.
The IETF tsvwg mailing list might be a good place to discuss this too.
Anyway, yes, only one pair of IP addresses would be considered the
primary. The idea (in 4960) is that all packets should (excepting
retransmissions) travel on the same path until path failover. (There is
a draft for loadsharing on all paths.)
In the case of primary path failure, the same 4960 clause applies:
> When retransmitting data that timed out, if the endpoint is multi-
> homed, it should consider each source-destination address pair in its
> retransmission selection policy. When retransmitting timed-out data,
> the endpoint should attempt to pick the most divergent source-
> destination pair from the original source-destination pair to which
> the packet was transmitted.
>
> Note: Rules for picking the most divergent source-destination pair
> are an implementation decision and are not specified within this
> document.
As it says, "most divergent" is more complicated when you're dealing
with both source and destination IP addresses. To me, this means
"change both the source and destination addresses." Of course if you
have more than 2 source and/or destination IP addresses, then you have
more than 1 equally divergent choices.
------------------------------
Message: 14
Date: Thu, 10 Mar 2011 11:25:46 -0800
From: Guy Harris <guy@xxxxxxxxxxxx>
To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Help with Zigbee decryption
Message-ID: <BFFF69E6-72C2-4A07-BE9D-CB167FD99B02@xxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii
On Mar 9, 2011, at 3:38 PM, Joe Desbonnet wrote:
> BTW: if anyone has the ZENA 802.15.4 / ZigBee network analyzer from
> Microchip Technologies, I've written a short Linux C utility that
> streams the packets from the device in PCAP format and can be piped
> into Wireshark. Details here: http://code.google.com/p/microchip-zena/
At some point, it might be interesting to incorporate that code into libpcap. The main issue is that it would need a libpcap API to select the channel, but that can be added.
------------------------------
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users
End of Wireshark-users Digest, Vol 58, Issue 9
**********************************************
--
Paula Dufour
410-857-9069 (h)
301-939-7918 (w)
443-340-9839 (c)
psdufour@xxxxxxxxx
- Prev by Date: Re: [Wireshark-users] Will EMF interference show up in Wireshark?
- Next by Date: [Wireshark-users] Wireshark Date interpretation
- Previous by thread: Re: [Wireshark-users] Will EMF interference show up in Wireshark?
- Next by thread: [Wireshark-users] Wireshark Date interpretation
- Index(es):
- Get Wireshark
- Download
- Code of Conduct