last time using this was long time ago which is why I almost forgot everything about it.

So this time I’ll write it down to help remember it.

  1. display filter & capture filter :capture filter is what packets you really capture and display is what you want to see. We can use the configuration icon on the top left for fast choosing capture filter, Expression icon for display filter.
  2. DSCP:
    Differentiated Services Code Point (DSCP)

    Originally defined as the Type of service (ToS) field. This field is now defined by RFC 2474 (updated by RFC 3168 and RFC 3260) forDifferentiated services (DiffServ). New technologies are emerging that require real-time data streaming and therefore make use of the DSCP field. An example is Voice over IP (VoIP), which is used for interactive data voice exchange.   https://en.wikipedia.org/wiki/IPv4#DSCP                     DiffServ uses a 6-bit differentiated services code point (DSCP) in the 8-bit differentiated services field (DS field) in the IP header for packet classification purposes. The DS field and ECN field replace the outdated IPv4 TOS field

  3. IntServ specifies a fine-grained QoS system, which is often contrasted with DiffServ’s coarse-grained control system. In order for IntServ to work, all routers along the traffic path must support it. Furthermore, many states must be stored in each router. As a result, IntServ works on a small-scale, but as you scale up to a system the size of the Internet, it is difficult to keep track of all of the reservations.[1]
  4. Per-hop behaviour

    From Wikipedia, the free encyclopedia

    In computer networking, per-hop behaviour (PHB) is a term used in differentiated services (DiffServ) or multiprotocol label switching(MPLS). It defines the policy and priority applied to a packet when traversing a hop (such as a router) in a DiffServ network.

    Rule that governs how packets are handled within a diffserv[1] network is called the Per-Hop Behavior (PHB). PHBs are defined to support the general properties controlled by IP precedence. DSCP Contains 6-bits, PHBs are created (one for each combination of the top 3 bits) of the form bbb000 to match the precedence behaviors and leaves the other DSCP values open where each b may take the value zero or 1.

    DSCP Bit Settings Meaning
    000000 Best effort
    bbb000 Conforms to the requirements of Type of Service queuing precedence
    bbbbb0 Available for standardization
    bbbb11 For experimental of local network usage
    bbbb01 For experimental of local network usage, but may be taken for standardization
    Class selector values
    DSCP Binary Hex Decimal Typical application Examples
    CS0 (Default) 000 000 0x00 0
    CS1 001 000 0x08 8 Scavenger YouTube, Gaming, P2P
    CS2 010 000 0x10 16 OAM SNMP,SSH,Syslog
    CS3 011 000 0x18 24 Signaling SCCP,SIP,H.323
    CS4 100 000 0x20 32 Realtime TelePresence
    CS5 101 000 0x28 40 Broadcast video Cisco IPVS
    CS6 110 000 0x30 48 Network control EIGRP,OSPF,HSRP,IKE
    CS7 111 000 0x38 56


  5. List of IP protocol numbers

    From Wikipedia, the free encyclopedia

    This is a list of IP numbers used in the Protocol field of the IPv4 header and the Next Header field of IPv6 header.

    Decimal Hex Keyword Protocol References
    0 0x00 HOPOPT IPv6 Hop-by-Hop Option RFC 2460
    1 0x01 ICMP Internet Control Message Protocol RFC 792
    2 0x02 IGMP Internet Group Management Protocol RFC 1112
    3 0x03 GGP Gateway-to-Gateway Protocol RFC 823
    4 0x04 IP-in-IP IP in IP (encapsulation) RFC 2003
    5 0x05 ST Internet Stream Protocol RFC 1190, RFC 1819
    6 0x06 TCP Transmission Control Protocol RFC 793
    7 0x07 CBT Core-based trees RFC 2189
    8 0x08 EGP Exterior Gateway Protocol RFC 888
    9 0x09 IGP Interior Gateway Protocol (any private interior gateway (used by Cisco for their IGRP))
    10 0x0A BBN-RCC-MON BBN RCC Monitoring
    11 0x0B NVP-II Network Voice Protocol RFC 741
    12 0x0C PUP Xerox PUP
    13 0x0D ARGUS ARGUS
    14 0x0E EMCON EMCON
    15 0x0F XNET Cross Net Debugger IEN 158
    16 0x10 CHAOS Chaos
    17 0x11 UDP User Datagram Protocol RFC 768
    18 0x12 MUX Multiplexing IEN 90
    19 0x13 DCN-MEAS DCN Measurement Subsystems
    20 0x14 HMP Host Monitoring Protocol RFC 869
    21 0x15 PRM Packet Radio Measurement
    22 0x16 XNS-IDP XEROX NS IDP
    23 0x17 TRUNK-1 Trunk-1
    24 0x18 TRUNK-2 Trunk-2
    25 0x19 LEAF-1 Leaf-1
    26 0x1A LEAF-2 Leaf-2
    27 0x1B RDP Reliable Datagram Protocol RFC 908
    28 0x1C IRTP Internet Reliable Transaction Protocol RFC 938
    29 0x1D ISO-TP4 ISO Transport Protocol Class 4 RFC 905
    30 0x1E NETBLT Bulk Data Transfer Protocol RFC 998
    31 0x1F MFE-NSP MFE Network Services Protocol
    32 0x20 MERIT-INP MERIT Internodal Protocol
    33 0x21 DCCP Datagram Congestion Control Protocol RFC 4340
    34 0x22 3PC Third Party Connect Protocol
    35 0x23 IDPR Inter-Domain Policy Routing Protocol RFC 1479
    36 0x24 XTP Xpress Transport Protocol
    37 0x25 DDP Datagram Delivery Protocol
    38 0x26 IDPR-CMTP IDPR Control Message Transport Protocol
    39 0x27 TP++ TP++ Transport Protocol
    40 0x28 IL IL Transport Protocol
    41 0x29 IPv6 IPv6 Encapsulation RFC 2473
    42 0x2A SDRP Source Demand Routing Protocol RFC 1940
    43 0x2B IPv6-Route Routing Header for IPv6 RFC 2460
    44 0x2C IPv6-Frag Fragment Header for IPv6 RFC 2460
    45 0x2D IDRP Inter-Domain Routing Protocol
    46 0x2E RSVP Resource Reservation Protocol RFC 2205
    47 0x2F GRE Generic Routing Encapsulation RFC 2784, RFC 2890
    48 0x30 MHRP Mobile Host Routing Protocol
    49 0x31 BNA BNA
    50 0x32 ESP Encapsulating Security Payload RFC 4303
    51 0x33 AH Authentication Header RFC 4302
    52 0x34 I-NLSP Integrated Net Layer Security Protocol TUBA
    53 0x35 SWIPE SwIPe IP with Encryption
    54 0x36 NARP NBMA Address Resolution Protocol RFC 1735
    55 0x37 MOBILE IP Mobility (Min Encap) RFC 2004
    56 0x38 TLSP Transport Layer Security Protocol (using Kryptonet key management)
    57 0x39 SKIP Simple Key-Management for Internet Protocol RFC 2356
    58 0x3A IPv6-ICMP ICMP for IPv6 RFC 4443, RFC 4884
    59 0x3B IPv6-NoNxt No Next Header for IPv6 RFC 2460
    60 0x3C IPv6-Opts Destination Options for IPv6 RFC 2460
    61 0x3D Any host internal protocol
    62 0x3E CFTP CFTP
    63 0x3F Any local network
    64 0x40 SAT-EXPAK SATNET and Backroom EXPAK
    65 0x41 KRYPTOLAN Kryptolan
    66 0x42 RVD MIT Remote Virtual Disk Protocol
    67 0x43 IPPC Internet Pluribus Packet Core
    68 0x44 Any distributed file system
    69 0x45 SAT-MON SATNET Monitoring
    70 0x46 VISA VISA Protocol
    71 0x47 IPCU Internet Packet Core Utility
    72 0x48 CPNX Computer Protocol Network Executive
    73 0x49 CPHB Computer Protocol Heart Beat
    74 0x4A WSN Wang Span Network
    75 0x4B PVP Packet Video Protocol
    76 0x4C BR-SAT-MON Backroom SATNET Monitoring
    77 0x4D SUN-ND SUN ND PROTOCOL-Temporary
    78 0x4E WB-MON WIDEBAND Monitoring
    80 0x50 ISO-IP International Organization for Standardization Internet Protocol
    81 0x51 VMTP Versatile Message Transaction Protocol RFC 1045
    82 0x52 SECURE-VMTP Secure Versatile Message Transaction Protocol RFC 1045
    83 0x53 VINES VINES
    84 0x54 TTP TTP
    84 0x54 IPTM Internet Protocol Traffic Manager
    86 0x56 DGP Dissimilar Gateway Protocol
    87 0x57 TCF TCF
    88 0x58 EIGRP EIGRP
    89 0x59 OSPF Open Shortest Path First RFC 1583
    90 0x5A Sprite-RPC Sprite RPC Protocol
    91 0x5B LARP Locus Address Resolution Protocol
    92 0x5C MTP Multicast Transport Protocol
    93 0x5D AX.25 AX.25
    94 0x5E IPIP IP-within-IP Encapsulation Protocol RFC 2003
    95 0x5F MICP Mobile Internetworking Control Protocol
    96 0x60 SCC-SP Semaphore Communications Sec. Pro
    97 0x61 ETHERIP Ethernet-within-IP Encapsulation RFC 3378
    98 0x62 ENCAP Encapsulation Header RFC 1241
    99 0x63 Any private encryption scheme
    100 0x64 GMTP GMTP
    101 0x65 IFMP Ipsilon Flow Management Protocol
    102 0x66 PNNI PNNI over IP
    103 0x67 PIM Protocol Independent Multicast
    104 0x68 ARIS IBM’s ARIS (Aggregate Route IP Switching) Protocol
    105 0x69 SCPS SCPS (Space Communications Protocol Standards) SCPS-TP[1]
    106 0x6A QNX QNX
    107 0x6B A/N Active Networks
    108 0x6C IPComp IP Payload Compression Protocol RFC 3173
    109 0x6D SNP Sitara Networks Protocol
    110 0x6E Compaq-Peer Compaq Peer Protocol
    111 0x6F IPX-in-IP IPX in IP
    112 0x70 VRRP Virtual Router Redundancy Protocol, Common Address Redundancy Protocol (not IANA assigned) VRRP:RFC 3768
    113 0x71 PGM PGM Reliable Transport Protocol RFC 3208
    114 0x72 Any 0-hop protocol
    115 0x73 L2TP Layer Two Tunneling Protocol Version 3 RFC 3931
    116 0x74 DDX D-II Data Exchange (DDX)
    117 0x75 IATP Interactive Agent Transfer Protocol
    118 0x76 STP Schedule Transfer Protocol
    119 0x77 SRP SpectraLink Radio Protocol
    120 0x78 UTI Universal Transport Interface Protocol
    121 0x79 SMP Simple Message Protocol
    122 0x7A SM Simple Multicast Protocol draft-perlman-simple-multicast-03
    123 0x7B PTP Performance Transparency Protocol
    124 0x7C IS-IS over IPv4 Intermediate System to Intermediate System (IS-IS) Protocol over IPv4 RFC 1142 and RFC 1195
    125 0x7D FIRE Flexible Intra-AS Routing Environment
    126 0x7E CRTP Combat Radio Transport Protocol
    127 0x7F CRUDP Combat Radio User Datagram
    128 0x80 SSCOPMCE Service-Specific Connection-Oriented Protocol in a Multilink and Connectionless Environment ITU-T Q.2111 (1999)
    129 0x81 IPLT
    130 0x82 SPS Secure Packet Shield
    131 0x83 PIPE Private IP Encapsulation within IP Expired I-D draft-petri-mobileip-pipe-00.txt
    132 0x84 SCTP Stream Control Transmission Protocol
    133 0x85 FC Fibre Channel
    134 0x86 RSVP-E2E-IGNORE Reservation Protocol (RSVP) End-to-End Ignore RFC 3175
    135 0x87 Mobility Header Mobility Extension Header for IPv6 RFC 6275
    136 0x88 UDPLite Lightweight User Datagram Protocol RFC 3828
    137 0x89 MPLS-in-IP Multiprotocol Label Switching Encapsulated in IP RFC 4023
    138 0x8A manet MANET Protocols RFC 5498
    139 0x8B HIP Host Identity Protocol RFC 5201
    140 0x8C Shim6 Site Multihoming by IPv6 Intermediation RFC 5533
    141 0x8D WESP Wrapped Encapsulating Security Payload RFC 5840
    142 0x8E ROHC Robust Header Compression RFC 5856
    143-252 0x8F-0xFC UNASSIGNED
    253-254 0xFD-0xFE Use for experimentation and testing RFC 3692
    255 0xFF Reserved.

Streaming Media Protocol




To follow all this, I recommend adding these fields as columns:

  • TCP length (tcp.len)
  • Sequence number (tcp.seq)
  • Next expected sequence number (tcp.nxtseq)
  • Acknowledgment number (tcp.ack)

There the follwing length now:
Frame length: Total length of the Frame, including the Padding Fields (if present and needed) of the Ethernet Layer
Captured Length: Frame Length which is captured (Interresting if a filter has been used)
IP.TotalLength: Total Packet Length. from IP-Header until Layer 7 payload ends
TCP.SegmentLegth: Resulting TCP Payload and only calculated by Wireshark
TCP.HeaderLength: Is the length of the TCP Header, because header size is variabel

Identification of TCP stream in wireshark












So basically netcat is a tool to do some bidirectional network communication over the TCP/UDP protocols.

ncat <host> [<port>]

<host> may be a hostname or IP address, and <port> is a port number. Listen mode is the same, with the addition of the --listen option (or its -l alias):

ncat –listen [<host>] [<port>]
ncat -l [<host>] [<port>]

1. Telnet

The very first thing netcat can be used as is a telnet program. Lets see how.

$ nc -v google.com 80

Now netcat is connected to google.com on port 80 and its time to send some message. Lets try to fetch the index page. For this type “GET index.html HTTP/1.1” and hit the Enter key twice. Remember twice.

$ nc -v google.com 80
Connection to google.com 80 port [tcp/http] succeeded!
GET index.html HTTP/1.1

HTTP/1.1 302 Found
Location: http://www.google.com/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 18 Aug 2012 06:03:04 GMT
Server: sffe
Content-Length: 219
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.

The output from google.com has been received and echoed on the terminal.

2. Simple socket server

To open a simple socket server type in the following command.

$ nc -l -v 1234

The above command means : Netcat listen to TCP port 1234. The -v option gives verbose output for better understanding. Now from another terminal try to connect to port 1234 using telnet command as follows :

$ telnet localhost 1234
Connected to localhost.
Escape character is '^]'.
ting tong

After connecting we send some test message like abc and ting tong to the netcat socket server. The netcat socket server will echo the data received from the telnet client.

$ nc -l -v 5555

Connection from port 5555 [tcp/rplay] accepted
ting tong

This is a complete Chatting System. Type something in netcat terminal and it will show up in telnet terminal as well. So this technique can be used for chatting between 2 machines.


monitor system

My goal is to build a cloud monitor system in one year.


  1. the goal of MS(monitoring system)/ difference with others
  2. the architecture and  function of MS/difference with others
  3. how to realize it
  4. refinements

1. the goal

provide complete and real time info about system, including resource, workload, forecast and etc.

2. function


  • alerts and alarms:Being able to set up alerts so that the proper administrator is notified depending on the issue is important. If a storage alert goes out to a server admin, the response may not be as fast as it would be had the alert gone out to a storage administrator.                             different alerts go to different administrator
  • resource management
  • user count
  • failover capabilities
  • roles and privileges:This isolation of roles creates effective audit trails. It also greatly reduces the risk that a team member will make the wrong changes to the system.
  • SLA considerations:This means monitoring uptime and environment usage. Depending on the type of SLA, different metrics are important to the administrator. This might mean monitoring the number of VMs working or adjusting downtime requirements
  • Testing and maintenance

samples of monitoring system




monitor system




# all kinds of command and special characters

In computing, a shebang (also called a sha-bang)——-   #!

#!/bin/sed -f
#!/bin/awk -f

Each of the above script header lines calls a different command interpreter, be it /bin/sh, the default shell (bash in a Linux system) or otherwise.

Invoking the script

chmod 555 scriptname (gives everyone read/execute permission) [2]

chmod +rx scriptname (gives everyone read/execute permission)

chmod u+rx scriptname (gives only the script owner read/execute permission)

Having made the script executable, you may now test it by ./scriptname. [3] If it begins with a “sha-bang” line, invoking the script calls the correct command interpreter to run it.

As a final step, after testing and debugging, you would likely want to move it to /usr/local/bin (as root, of course), to make the script available to yourself and all other users as a systemwide executable. The script could then be invoked by simply typing scriptname [ENTER] from the command-line.

Chapter 3. Special Characters

Comments. Lines beginning with a # (with the exception of #!) are comments and will not be executed.

A command may not follow a comment on the same line. There is no method of terminating the comment, in order for “live code” to begin on the same line. Use a new line for the next command.

Of course, a quoted or an escaped # in an echo statement does not begin a comment.

Command separator [semicolon]. Permits putting two or more commands on the same line.

echo hello; echo there

if [ -x "$filename" ]; then    #  Note the space after the semicolon.
#+                   ^^
  echo "File $filename exists."; cp $filename $filename.bak
else   #                       ^^
  echo "File $filename not found."; touch $filename
fi; echo "File test complete."

Terminator in a case option [double semicolon].

case "$variable" in
  abc)  echo "\$variable = abc" ;;
  xyz)  echo "\$variable = xyz" ;;

;;&, ;&

Terminators in a case option (version 4+ of Bash).

When considering directory names, a single dot represents the current working directory, and two dots denote the parent directory.

bash$ pwd

bash$ cd .
bash$ pwd

bash$ cd ..
bash$ pwd
	        echo -n

The dot often appears as the destination (directory) of a file movement command, in this context meaning current directory.

bash$ cp /home/bozo/current_work/junk/* .

Copy all the “junk” files to $PWD.


escape [backslash]. A quoting mechanism for single characters.

\X escapes the character X. This has the effect of “quoting” X, equivalent to ‘X’. The \ may be used to quote and , so they are expressed literally.

See Chapter 5 for an in-depth explanation of escaped characters.


Filename path separator [forward slash]. Separates the components of a filename (as in /home/bozo/projects/Makefile).

This is also the division arithmetic operator.


escape [backslash]. A quoting mechanism for single characters.


command substitution. The `command` construct makes available the output of command for assignment to a variable. This is also known as backquotes or backticks.


null command [colon]. This is the shell equivalent of a “NOP” (no op, a do-nothing operation). It may be considered a synonym for the shell builtin true. The : command is itself a Bashbuiltin, and its exit status is true (0).

ps -aux|grep mouse|awk ‘{print $2}’

ps -aux 列出所有process的信息,grep抓住,awk 只列出第二列的内容

man command



Variable substitution (contents of a variable).


echo $var1     # 5
echo $var2     # 23skidoo

A $ prefixing a variable name indicates the value the variable holds.

Example 4-3. Variable Assignment, plain and fancy


a=23              # Simple case
echo $a
echo $b

# Now, getting a little bit fancier (command substitution).

a=`echo Hello!`   # Assigns result of 'echo' command to 'a' ...
echo $a
#  Note that including an exclamation mark (!) within a
#+ command substitution construct will not work from the command-line,
#+ since this triggers the Bash "history mechanism."
#  Inside a script, however, the history functions are disabled by default.

a=`ls -l`         # Assigns result of 'ls -l' command to 'a'
echo $a           # Unquoted, however, it removes tabs and newlines.
echo "$a"         # The quoted variable preserves whitespace.
                  # (See the chapter on "Quoting.")

exit 0

4.3. Bash Variables Are Untyped

Unlike many other programming languages, Bash does not segregate its variables by “type.” Essentially, Bash variables are character strings, but, depending on context, Bash permits arithmetic operations and comparisons on variables. The determining factor is whether the value of a variable contains only digits.

find the file/number of line containing “matching_string”

sudo grep -rnw ‘path’ -e “matching_string”

no line folding

In less, it’s called line folding rather than line wrapping.  To set it not to fold, use the -S option:

-S, --chop-long-lines

Causes lines longer than the screen width to be chopped rather than folded. That is, the portion of a long line that does not fit in the screen width is not shown. The default is to fold long lines; that is, display the remainder on the next line.


Alternatively, as mentioned in the below comment, if you already opened the file, you can toggle the mode by typing -S (and then Enter for some implementations).




There are many different versions of UNIX, although they share common similarities. The most popular varieties of UNIX are Sun Solaris, GNU/Linux, and MacOS X.

The UNIX operating system

The UNIX operating system is made up of three parts; the kernel, the shell and the programs.

The kernel

The kernel of UNIX is the hub of the operating system: it allocates time and memory to programs and handles the filestore and communications in response to system calls.

As an illustration of the way that the shell and the kernel work together, suppose a user types rm myfile (which has the effect of removing the file myfile). The shell searches the filestore for the file containing the program rm, and then requests the kernel, through system calls, to execute the program rm on myfile. When the process rm myfile has finished running, the shell then returns the UNIX prompt % to the user, indicating that it is waiting for further commands.

The shell

The shell acts as an interface between the user and the kernel. When a user logs in, the login program checks the username and password, and then starts another program called the shell. The shell is a command line interpreter (CLI). It interprets the commands the user types in and arranges for them to be carried out. The commands are themselves programs: when they terminate, the shell gives the user another prompt (% on our systems).

The adept user can customise his/her own shell, and users can use different shells on the same machine. Staff and students in the school have the tcsh shell by default.

The tcsh shell has certain features to help the user inputting commands.

Filename Completion – By typing part of the name of a command, filename or directory and pressing the [Tab] key, the tcsh shell will complete the rest of the name automatically. If the shell finds more than one name beginning with those letters you have typed, it will beep, prompting you to type a few more letters before pressing the tab key again.

History – The shell keeps a list of the commands you have typed in. If you need to repeat a command, use the cursor keys to scroll up and down the list or type history for a list of previous commands.

Files and processes

Everything in UNIX is either a file or a process.

A process is an executing program identified by a unique PID (process identifier).

A file is a collection of data. They are created by users using text editors, running compilers etc.

Examples of files:

  • a document (report, essay etc.)
  • the text of a program written in some high-level programming language
  • instructions comprehensible directly to the machine and incomprehensible to a casual user, for example, a collection of binary digits (an executable or binary file);
  • a directory, containing information about its contents, which may be a mixture of other directories (subdirectories) and ordinary files.


pwd (print working directory)

Pathnames enable you to work out where you are in relation to the whole file-system. For example, to find out the absolute pathname of your home-directory, type cd to get back to your home-directory and then type

% pwd

The full pathname will look something like this –



% ls unixstuff/backups


~ (your home directory)

Home directories can also be referred to by the tilde ~ character. It can be used to specify paths starting at your home directory. So typing

% ls ~/unixstuff

will list the contents of your unixstuff directory, no matter where you currently are in the file system.

What do you think

% ls ~

would list?

What do you think

% ls ~/..


Command Meaning
ls list files and directories
ls -a list all files and directories
mkdir make a directory
cd directory change to named directory
cd change to home-directory
cd ~ change to home-directory
cd .. change to parent directory
pwd display the path of the current directory


cp location/file1  location/file2

with the file type

mv file1 file2

To move a file from one place to another, use the mv command. This has the effect of moving rather than copying the file, so you end up with only one file rather than two.

It can also be used to rename a file, by moving the file to the same directory, but giving it a different name.