The TCP protocol is a connection-oriented, reliable, byte stream-based transport layer communication protocol in the transport layer.
Environmental preparation
The interface testing tools can be classified into the following categories:
- Network sniffing tools: tcpdump, wireshark
- Proxy tools: fiddler, charles, anyproxyburpsuite, mitmproxy
- Analysis tools: curl, postman, chrome Devtool
Packet capture and analysis of TCP protocol
tcpdump
tcpdump is a tool that completely intercepts the "header" of data packets transmitted in the network for analysis . It supports filtering for network layer, protocol, host, network or port, and provides logical statements such as and, or, not to remove useless information.
Let tcpdump listen to port 443 all the time, and input it into the log file if there is any abnormality
sudo tcpdump port 443 -v -w /tmp/tcp.logWith this command, the obtained report will be placed /tmp/tcp.log in the directory.
wireshark
Wireshark is also a network sniffing tool. In addition to the tcpdump function, it also has more extended functions, such as analysis tools. However, in the interface test, the packet capture process is often carried out on the server, and the server generally does not provide a UI interface, so Wireshark cannot work on the server, and can only use tcpdump to capture packets to generate logs, and then import the logs into wireshark for analysis on the client with UI interface.
Packet capture analysis TCP protocol
Grab an http get request:
- Search mp3 on Baidu
http://www.baidu.com/s?wd=mp3 - Use tcpdump to intercept this get request and generate a log
- Open the log generated by tcpdump with wireshark
Use wireshark to view the log:
The first few pieces of information in the log are the three-way handshake. Because the channel is unreliable, it is necessary to ensure that the channel is stable before sending data, and the three-way handshake is like the following operations:
- The first handshake: When the connection is established, the client sends a syn packet (syn=j) to the server, and enters the SYN_SENT state, waiting for the server to confirm.
- The second handshake: the server receives the syn packet, must confirm the client's SYN (ack=j+1), and at the same time send a SYN packet (seq=k), that is, the SYN+ACK packet, and the server enters the SYN_RECV state at this time;
- The third handshake: The client receives the SYN+ACK packet from the server and sends a confirmation packet ACK (ack=k+1) to the server. After the packet is sent, the client and server enter the ESTABLISHED (TCP connection is successful) state and complete three times shake hands.
After a three-way handshake, further communication is possible, as follows:
At the end of the exchange, four waves of hands are also required:
- The first wave: the client sends a FIN to the server, requesting to close the data transmission.
- The second wave: the server receives the client's FIN and sends an ACK to the client, where the value of ack is equal to FIN+SEQ.
- Third wave: The server sends a FIN to the client, telling the client application to close.
- The fourth wave: the client receives the FIN from the server and replies an ACK to the server. The value of ack is equal to FIN+SEQ.
Note: A request may be divided into multiple packets, and so is a piece of data, so you will see many packets in wireshark.
Finally: In order to give back to the die-hard fans, I have compiled a complete software testing video learning tutorial for you. If you need it, you can get it for free 【保证100%免费】
How to obtain the full set of materials: Click the small card below to get it yourself
