版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/zslngu/article/details/88956633
wireshart 抓包分析流程
- 一次具体的请求
a. dns
请求
Domain Name System (query)
Transaction ID: 0xfbc8
Flags: 0x0100 Standard query
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
m.booktxt.net: type A, class IN
Name: m.booktxt.net
[Name Length: 13]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
[Response In: 35]
(ipv6查询)
Domain Name System (query)
Transaction ID: 0x8a03
Flags: 0x0100 Standard query
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
m.booktxt.net: type AAAA, class IN
Name: m.booktxt.net
[Name Length: 13]
[Label Count: 3]
Type: AAAA (IPv6 Address) (28) # 此字段为AAAA 与 ipv4的A不同
Class: IN (0x0001)
[Response In: 37]
dns 响应
返回的内容包括一条cname记录 和 cname对应主机的ip地址
Domain Name System (response)
Transaction ID: 0xfbc8
Flags: 0x8180 Standard query response, No error
Questions: 1
Answer RRs: 6
Authority RRs: 2
Additional RRs: 5
Queries # 查询内容
m.booktxt.net: type A, class IN
Name: m.booktxt.net
[Name Length: 13]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Answers
m.booktxt.net: type CNAME, class IN, cname 17510daa86cca0d5.cdn.jiashule.com # cdn cname type
Name: m.booktxt.net
Type: CNAME (Canonical NAME for an alias) (5)
Class: IN (0x0001)
Time to live: 14
Data length: 35
CNAME: 17510daa86cca0d5.cdn.jiashule.com
17510daa86cca0d5.cdn.jiashule.com: type A, class IN, addr 198.44.227.232 # 同时也返回了cname 所对应主机的ip地址 后续的请求选择这一个作为目的主机的ip地址
Name: 17510daa86cca0d5.cdn.jiashule.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 600
Data length: 4
Address: 198.44.227.232
17510daa86cca0d5.cdn.jiashule.com: type A, class IN, addr 38.27.103.154
Name: 17510daa86cca0d5.cdn.jiashule.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 600
Data length: 4
Address: 38.27.103.154
17510daa86cca0d5.cdn.jiashule.com: type A, class IN, addr 198.44.227.227
Name: 17510daa86cca0d5.cdn.jiashule.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 600
Data length: 4
Address: 198.44.227.227
17510daa86cca0d5.cdn.jiashule.com: type A, class IN, addr 38.27.103.145
Name: 17510daa86cca0d5.cdn.jiashule.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 600
Data length: 4
Address: 38.27.103.145
17510daa86cca0d5.cdn.jiashule.com: type A, class IN, addr 192.126.125.214
Name: 17510daa86cca0d5.cdn.jiashule.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 600
Data length: 4
Address: 192.126.125.214
Authoritative nameservers
jiashule.com: type NS, class IN, ns ns1.jiasule.net
Name: jiashule.com
Type: NS (authoritative Name Server) (2)
Class: IN (0x0001)
Time to live: 78484
Data length: 14
Name Server: ns1.jiasule.net
jiashule.com: type NS, class IN, ns ns2.jiasule.net
Name: jiashule.com
Type: NS (authoritative Name Server) (2)
Class: IN (0x0001)
Time to live: 78484
Data length: 6
Name Server: ns2.jiasule.net
Additional records
ns1.jiasule.net: type A, class IN, addr 117.21.219.80 # NS记录 解析服务器记录。用来表明由哪台服务器对该域名进行解析。这里的NS记录只对子域名生效。
Name: ns1.jiasule.net
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 20
Data length: 4
Address: 117.21.219.80
ns1.jiasule.net: type A, class IN, addr 106.42.25.208
Name: ns1.jiasule.net
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 20
Data length: 4
Address: 106.42.25.208
ns1.jiasule.net: type A, class IN, addr 113.207.76.78
Name: ns1.jiasule.net
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 20
Data length: 4
Address: 113.207.76.78
ns2.jiasule.net: type A, class IN, addr 111.202.98.78
Name: ns2.jiasule.net
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 20
Data length: 4
Address: 111.202.98.78
ns2.jiasule.net: type A, class IN, addr 117.21.219.80
Name: ns2.jiasule.net
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 20
Data length: 4
Address: 117.21.219.80
[Request In: 30]
[Time: 0.037653000 seconds]
b. tcp 握手
client : SYN time: Apr 1, 2019 18:11:52.232883000 中国标准时间
这里可以看一下 tcp段头部信息的标志位
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
服务器回ack 并发送syn(同一个包)
Apr 1, 2019 18:11:52.411599000 中国标准时间
0.178716000(此ack的rtt 0.178716000s)
client 回ack
c. https 认证与密钥协商流程
Apr 1, 2019 18:11:52.447665000 中国标准时间 ~
Apr 1, 2019 18:11:52.821547000 中国标准时间
d. http 流程
Apr 1, 2019 18:11:53.000584000 中国标准时间~
Apr 1, 2019 18:11:53.006031000 中国标准时间(client 发送FIN)
Apr 1, 2019 18:11:53.021478000 中国标准时间(client 发送下一次连接的SYN)
Apr 1, 2019 18:11:53.183395000 中国标准时间(server 发送FIN)
如果使用 requests session 这些流程只走一次
握手(0.18s)加认证耗时差不多0.6s
