0 views collected around this technical thread.
netcap is an open‑source eBPF‑driven kernel network packet capture tool that extends tcpdump syntax to trace skb‑related functions across the Linux network stack, offering detailed packet tracing, customizable filters, multi‑trace aggregation, and user‑defined output to improve debugging of packet loss and performance issues.
This article walks through a real‑world case where an app’s content loading fails due to MTU/MSS mismatches, explains how packet captures reveal retransmissions and missing ACKs, demonstrates ping‑based MTU probing, and shows how oversized request parameters in a new version caused the issue.
The investigation used Wireshark captures to uncover that a new app version sent oversized TCP segments—due to altered MSS and path‑MTU mismatch—causing unacknowledged retransmissions, which were diagnosed with ping‑do‑not‑fragment tests and resolved by trimming the request parameters and confirming via TLS key logging.
The article introduces xcap, an eBPF‑based next‑generation kernel network packet capture tool that overcomes the limitations of traditional utilities like tcpdump by providing flexible hook points, customizable filtering, and support for diverse network scenarios such as AF_XDP and DPDK, thereby dramatically improving packet‑loss debugging efficiency.
This guide explains why dual-machine debugging is needed, outlines the two main scenarios (virtual machine and physical machine), and provides step‑by‑step instructions for configuring VirtualKD as well as network‑based kernel debugging on Windows systems, including common test cases and useful commands.
nettrace is an eBPF‑powered command‑line utility that traces a packet’s full kernel lifecycle, diagnoses network faults with a built‑in knowledge base, monitors anomalies and skb drops, supports NAT, GRE, IPVS and netfilter hooks, and replaces legacy tools like tcpdump and droptrace in cloud‑native Linux environments.
This article introduces AndroidMonitor, a lightweight Android packet‑capture library, explains how to add its monitor and monitor‑plugin dependencies, configure ProGuard, customize entry names, ports and logos, and optionally use AndroidLocalService to expose captured data via a local socket for both mobile and PC UI visualization.
This article analyzes why an iOS SSO QR‑code login sometimes fails with a 404 error despite being on company Wi‑Fi, explains the 301 redirect caused by network restrictions, and provides a step‑by‑step solution using NSURLCache inspection and cache‑clearing techniques.
The article explains Whistle, a Node.js‑based cross‑platform HTTP proxy, by first showing a simple proxy implementation and then detailing its full architecture—five core modules for request entry, tunneling, processing, rule management, and plugin handling—along with its extensible, isolated plugin system.
This article explains the internal mechanisms of tcpdump, showing how it registers a virtual protocol in the kernel's ptype_all list to intercept packets during both receive and transmit paths, how netfilter interacts with these paths, and provides guidance for building a custom packet‑capture program.
This article explains the challenges of iOS network request debugging, reviews existing external and in‑app tools, dives into the URL loading system and URLProtocol mechanics, and presents a delegate‑proxy solution that captures all traffic without altering the original requests, even in production environments.
This guide compares five popular packet‑capture tools—Wireshark, Tcpdump, Charles, and mitmproxy—explaining their strengths, weaknesses, installation steps, filter syntax, and best‑use scenarios for developers and testers needing efficient network debugging.
This guide explains how to install Charles, configure an iPhone proxy, capture HTTP/HTTPS traffic, set breakpoints, modify requests, repeat calls, and simulate network conditions, providing a comprehensive workflow for iOS network debugging and performance testing.
This guide explains how to configure Fiddler for capturing HTTPS traffic from mobile devices, install and trust its certificate on iPhone, and leverage features such as request inspection, saving sessions, replaying, mock responses with AutoResponder, and setting global or per‑request breakpoints.
This article investigates an intermittent timeout issue caused by a Java Apache HttpClient implementation that leaks connections, explains why numerous RST packets appear during TLS shutdown, and presents experiments and code revisions that clarify the TCP/TLS interaction and proper resource handling.
This guide explains how to set up the development environment, create a C# class‑library project, add Fiddler references, implement required interfaces, enable debugging, and build a custom Fiddler plugin that automatically decrypts encrypted SDK HTTP requests and displays them in clear text for testing.