关于retran**its的信息
翻译英语。。请进
If Chinese people don't buy any Japanese goods in a month,thousands of Japanese companies will be facing bankrupt. If the Chinese don't purchase any Japanese commodities,half of the Japanese will lose their job. If no Chinese buy Japanese products in a year,the Japanese economic structure will melt down. In that case,can the Japanese still be that arrogant?
If you are Chinese,you don't have to go to the battle field to defeat the Janpanese,and all you need to do is to transfer this message.
host error什么意思
host error 主机错误

Host文件是一个在本机上存储网站IP地址的文件,也就是说当你输入网址上网时,浏览器会首先在本机上查找网站IP地址,没有的话才会向网上的DNS服务器询问。 扩展资料
The host records the error and retran**its the data to the target.
主机记录错误并向目标重新传输数据。
The write op is returned back to the host with a write error code.
写操作返回到主机并返回写错误码。
无法自动分配和指定IP地址
故障现象:机器以前可正常上网的,突然出现可认证,不能上网的现象(无法ping通**),重启机器或在MSDOS窗口下运行命令ARP -d后,又可恢复上网一段时间。
故障原因:这是APR病毒欺骗攻击造成的。
引起问题的原因一般是由传奇外挂携带的ARP木马攻击。当在局域网内使用上述外挂时,外挂携带的病毒会将该机器的MAC地址映射到**的IP地址上,向局域网内大量发送ARP包,从而致使同一网段地址内的其它机器误将其作为**,这就是为什么掉线时内网是互通的,计算机却不能上网的原因。
临时处理对策:
步骤一. 在能上网时,进入MS-DOS窗口,输入命令:arp –a 查看**IP对应的正确MAC地址,将其记录下来。
注:如果已经不能上网,则先运行一次命令arp –d将arp缓存中的内容删空,计算机可暂时恢复上网(攻击如果不停止的话),一旦能上网就立即将网络断掉(禁用网卡或拔掉网线),再运行arp –a。
步骤二. 如果已经有**的正确MAC地址,在不能上网时,手工将**IP和正确MAC绑定,可确保计算机不再被攻击影响。手工绑定可在MS-DOS窗口下运行以下命令: arp –s **IP **MAC
例如:假设计算机所处网段的**为218.197.192.254,本机地址为218.197.192.1在计算机上运行arp –a后输出如下:
C:\Documents and Settingsarp -a
Interface: 218.197.192.1 --- 0x2
Internet Address Physical Address Type
218.197.192.254 00-01-02-03-04-05 dynamic
其中00-01-02-03-04-05就是**218.197.192.254对应的MAC地址,类型是动态(dynamic)的,因此是可被改变。
被攻击后,再用该命令查看,就会发现该MAC已经被替换成攻击机器的MAC,如果大家希望能找出攻击机器,彻底根除攻击,可以在此时将该MAC记录下来,为以后查找做准备。
手工绑定的命令为:
arp –s 218.197.192.254 00-01-02-03-04-05
绑定完,可再用arp –a查看arp缓存,
C:\Documents and Settingsarp -a
Interface: 218.197.192.1 --- 0x2
Internet Address Physical Address Type
218.197.192.254 00-01-02-03-04-05 static
这时,类型变为静态(static),就不会再受攻击影响了。但是,需要说明的是,手工绑定在计算机关机重开机后就会失效,需要再绑定。所以,要彻底根除攻击,只有找出网段内被病毒感染的计算机,令其杀毒,方可解决。找出病毒计算机的方法:
如果已有病毒计算机的MAC地址,可使用NBTSCAN软件找出网段内与该MAC地址对应的IP,即病毒计算机的IP地址,然后可报告校网络中心对其进行查封。
NBTSCAN的使用方法:
下载nbtscan.rar到硬盘后解压,然后将cygwin1.dll和nbtscan.exe两文件拷贝到c:\windows\system32(或system)下,进入MSDOS窗口就可以输入命令:
nbtscan -r 218.197.192.0/24 (假设本机所处的网段是218.197.192,掩码是255.255.255.0;实际使用该命令时,应将斜体字部分改为正确的网段)。
注:使用nbtscan时,有时因为有些计算机安装防火墙软件,nbtscan的输出不全,但在计算机的arp缓存中却能有所反应,所以使用nbtscan时,还可同时查看arp缓存,就能得到比较完全的网段内计算机IP与MAC的对应关系。
补充一下:
Anti ARP Sniffer 使用说明
一、功能说明:
使用Anti ARP Sniffer可以防止利用ARP技术进行数据包截取以及防止利用ARP技术发送地址冲突数据包。
二、使用说明:
1、ARP欺骗:
填入**IP地址,点击〔获取**mac地址〕将会显示出**的MAC地址。点击[自动防护]即可保护当前网卡与该**的通信不会被第三方监听。
注意:如出现ARP欺骗提示,这说明攻击者发送了ARP欺骗数据包来获取网卡的数据包,如果您想追踪攻击来源请记住攻击者的MAC地址,利用MAC地址扫描器可以找出IP 对应的MAC地址。
2、IP地址冲突
首先点击“恢复默认”然后点击“防护地址冲突”。
如频繁的出现IP地址冲突,这说明攻击者频繁发送ARP欺骗数据包,才会出现IP冲突的警告,利用Anti ARP Sniffer可以防止此类攻击。
首先您需要知道冲突的MAC地址,Windows会记录这些错误。查看具体方法如下:
右击[我的电脑]--[管理]--点击[事件查看器]--点击[系统]--查看来源为[TcpIP]---双击事件可以看到显示地址发生冲突,并记录了该MAC地址,请**该MAC地址并填入Anti ARP Sniffer的本地MAC地址输入框中(请注意将:转换为-),输入完成之后点击[防护地址冲突],为了使MAC地址生效请禁用本地网卡然后再启用网卡,在CMD命令行中输入Ipconfig /all,查看当前MAC地址是否与本地MAC地址输入框中的MAC地址相符,如果更改失败请与我联系。如果成功将不再会显示地址冲突。
注意:如果您想恢复默认MAC地址,请点击[恢复默认],为了使MAC地址生效请禁用本地网卡然后再启用网卡。
Usage:
nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator]
[-m retran**its] (-f filename)|(scan_range)
-v verbose output. Print all names received
from each host
-d dump packets. Print whole packet contents.
-e Format output in /etc/hosts format.
-l Format output in lmhosts format.
Cannot be used with -v, -s or -h options.
-t timeout wait timeout milliseconds for response.
Default 1000.
-b bandwidth Output throttling. Slow down output
so that it uses no more that bandwidth bps.
Useful on slow links, so that ougoing queries
don't get dropped.
-r use local port 137 for scans. Win95 boxes
respond to this only.
You need to be root to use this option on Unix.
-q Suppress banners and error messages,
-s separator Script-friendly output. Don't print
column and record headers, separate fields with separato
r.
-h Print human-readable names for services.
Can only be used with -v option.
-m retran**its Number of retran**its. Default 0.
-f filename Take IP addresses to scan from file filename.
-f - makes nbtscan take IP addresses from stdin.
scan_range what to scan. Can either be single IP
like 192.168.1.1 or
range of addresses in one of two forms:
xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx.
Examples:
nbtscan -r 192.168.1.0/24
Scans the whole C-class network.
nbtscan 192.168.1.25-137
Scans a range from 192.168.1.25 to 192.168.1.137
nbtscan -v -s : 192.168.1.0/24
Scans C-class network. Prints results in script-friendly
format using colon as field separator.
Produces output like that:
192.168.0.1:NT_SERVER:00U
192.168.0.1:MY_DOMAIN:00G
192.168.0.1:ADMINISTRATOR:03U
192.168.0.2:OTHER_BOX:00U
...
nbtscan -f iplist
Scans IP addresses specified in file iplist.
查看IP:cmd-ipconfig or ipconfig /all
USAGE:
ipconfig [/? | /all | /renew [adapter] | /release [adapter] |
/flushdns | /displaydns | /registerdns |
/showclassid adapter |
/setclassid adapter [classid] ]
where
adapter Connection name
(wildcard characters * and ? allowed, see examples)
Options:
/? Display this help message
/all Display full configuration information.
/release Release the IP address for the specified adapter.
/renew Renew the IP address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies the dhcp class id.
The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.
For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.
For Setclassid, if no ClassId is specified, then the ClassId is removed.
Examples:
ipconfig ... Show information.
ipconfig /all ... Show detailed information
ipconfig /renew ... renew all adapters
ipconfig /renew EL* ... renew any connection that has its
name starting with EL
ipconfig /release *Con* ... release all matching connections,
eg. "Local Area Connection 1" or
"Local Area Connection 2"
TCP-各种参数
本文主要参考自:
The number of times TCP will attempt to retran**it a packet on an established connection normally, without the extra effort of getting the network layers involved. Once we exceed this number of retran**its, we first have the network layer update the route if possible before each new retran**it. The default is the RFC specified minimum of 3.
可以参考:
The maximum number of times a TCP packet is retran**itted in established state before giving up. The default value is 15, which corre-sponds to a duration of approximately between 13 to 30 minutes, depending on the retran**ission timeout. The RFC 1122 specified minimum limit of 100 seconds is typically deemed too short.
超过该值之后就会关闭连接,更详细的信息参见:
34. tcp_bic :BOOLEAN 缺省值为0
为快速长距离网络启用 Binary Increase Congestion;这样可以更好地利用以 GB 速度进行操作的链接;对于 WAN 通信应该启用这个选项。
man tcp可以获取所有参数详细解释。
官方文档:
linux系统中ifconfig和文件/proc/net/net看网卡的流量有什么不同吗?
/proc/net/netstat 是个动态的监控结果,这个文件的内容可读性很差,基本上你无法看出哪个数值和哪个字段对应.但是,这个文件应该和这个命令的输出结果对应的:
netstat -s
其结果实例如下:
# netstat -s
Ip:
879154658 total packets received
330463 forwarded
0 incoming packets discarded
878748006 incoming packets delivered
877040865 requests sent out
Icmp:
2110 ICMP messages received
2 input ICMP message failed.
ICMP input histogram:
destination unreachable: 115
redirects: 1974
echo requests: 5
echo replies: 16
463480 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 276820
redirect: 186581
echo request: 76
echo replies: 3
IcmpMsg:
InType0: 16
InType3: 115
InType5: 1974
InType8: 5
OutType0: 3
OutType3: 276820
OutType5: 186581
OutType8: 76
Tcp:
42340 active connections openings
12200 passive connection openings
23951 failed connection attempts
6286 connection resets received
5 connections established
876702907 segments received
876237223 segments send out
8426 segments retran**ited
0 bad segments received.
3208 resets sent
Udp:
114396 packets received
97 packets to unknown port received.
0 packet receive errors
1277 packets sent
TcpExt:
9 ICMP packets dropped because they were out-of-window
12223 TCP sockets finished time wait in fast timer
82624884 delayed acks sent
18 delayed acks further delayed because of locked socket
Quick ack mode was activated 24969 times
355480597 packets directly queued to recvmsg prequeue.
35784089 packets directly received from backlog
830125031 packets directly received from prequeue
164690190 packets header predicted
354815898 packets header predicted and directly queued to user
310086 acknowledgments not containing data received
520227894 predicted acknowledgments
5536 times recovered from packet loss due to SACK data
Detected reordering 3 times using FACK
Detected reordering 23 times using SACK
TCPDSACKUndo: 1
129 congestion windows recovered after partial ack
3751 TCP data loss events
TCPLostRetran**it: 1
1 timeouts after reno fast retran**it
811 timeouts after SACK recovery
2 timeouts in loss state
6263 fast retran**its
780 forward retran**its
74 retran**its in slow start
423 other TCP timeouts
57 sack retran**its failed
25417 DSACKs sent for old packets
59 DSACKs sent for out of order packets
5 DSACKs received
15 connections reset due to unexpected data
7 connections reset due to early user close
2 connections aborted due to timeout
IpExt:
InMcastPkts: 74183
OutMcastPkts: 880
InBcastPkts: 1928492
而IFCONFIG是网卡流量在一段时间内的统计信息:
eth0 Link encap:Ethernet HWaddr 00:06:5B:F8:14:14
inet addr:157.247.188.X Bcast:157.247.188.X Mask:255.255.255.0
inet6 addr: fe80::206:5bff:fef8:1414/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21734598 errors:50101 dropped:0 overruns:0 frame:40611
TX packets:3664803 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2934251964 (2.7 GiB) TX bytes:2083327055 (1.9 GiB)
Base address:0xece0 Memory:fe8e0000-fe900000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:874873385 errors:0 dropped:0 overruns:0 frame:0
TX packets:874873385 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1444495820 (1.3 GiB) TX bytes:1444495820 (1.3 GiB)
从以上结果对比可以看出, netstat文件里面的统计信息是多块网卡的总和,按照协议来归类的.ifconfig的结果是每块网卡一份,按照数据包收发来归类的.