【図解】TCP Keep-Alive/http Keep-Aliveの仕組みと違い ～Client/Serverの挙動とメリット,設定～KeepAlive とは一般に、ある 2 つの機器間の通信接続において、相手が活きているかを確認し、その接続を維持する仕組みを KeepAlive と呼びます。KeepAlive は TCP や http, IPsec, BGP 等、様々な TCP Keep-Alive: 在OS層級上設定 HTTP Keep-Alive: 在Server上設定. 如Apache或nginx 重點在於分析封包時, 可用下面的filter把TCP Keep-Alive時雙方發送的one garbage byte without data過濾掉(下圖黑色的部分...)!(tcp.analysis.keep_alive || tcp.analysis.keep_alive_ack)...只是如果攻擊者反過來利用這點的話?? Filter out TCP Keep-Alive packets in WiresharkBy default, Wireshark likes to mark TCP keep-alive packets as scary errors; opting to display them in a gruesome black-and-red and scaring anyone trying to analyze TCP dumps in an effort to debug n…

沒想到Virtual host設定裡面也暗藏著一些問題... https://portswigger.net/web-security/host-header