Packet capture analysis TCP protocol

Enterprise 2023-08-26 01:59:19 views: null

The TCP protocol is a connection-oriented, reliable, byte stream-based transport layer communication protocol in the transport layer.

Environmental preparation

The interface testing tools can be classified into the following categories:

Network sniffing tools: tcpdump, wireshark
Proxy tools: fiddler, charles, anyproxyburpsuite, mitmproxy
Analysis tools: curl, postman, chrome Devtool

Packet capture and analysis of TCP protocol

tcpdump
tcpdump is a tool that completely intercepts the "header" of data packets transmitted in the network and provides analysis. It supports filtering for network layer, protocol, host, network or port, and provides logical statements such as and, or, not to remove useless information.

Let tcpdump listen to port 443 all the time, and input it into the log file if there is any abnormality

sudo tcpdump port 443 -v -w /tmp/tcp.log

With this command, the obtained report will be placed  /tmp/tcp.log in the directory.

Common parameters meaning
port 443 Listen on port 443
-v output more detailed information
-w write data to log

Wireshark
Wireshark is also a network sniffing tool. In addition to the tcpdump function, it has more extended functions, such as analysis tools. However, in the interface test, the packet capture process is often performed on the server, and the server generally does not provide a UI interface. Therefore, wireshark cannot work on the server, and can only use tcpdump to capture packets to generate logs, and then import the logs into wireshark for analysis on the client with UI interface.

Packet capture analysis TCP protocol

Grab an http get request:

Search for mp3 on Baidu http://www.baidu.com/s?wd=mp3
Use tcpdump to intercept this get request and generate a log
Open the log generated by tcpdump with wireshark

Use wireshark to view the log:

The first few pieces of information in the log are the three-way handshake. Because the channel is unreliable, it is necessary to ensure that the channel is stable before sending data, and the three-way handshake is like the following operations:

The first handshake: When the connection is established, the client sends a syn packet (syn=j) to the server, and enters the SYN_SENT state, waiting for the server to confirm.
The second handshake: the server receives the syn packet, must confirm the client's SYN (ack=j+1), and at the same time send a SYN packet (seq=k), that is, the SYN+ACK packet, and the server enters the SYN_RECV state at this time;
The third handshake: the client receives the SYN+ACK packet from the server and sends an acknowledgment packet ACK (ack=k+1) to the server. After the packet is sent, the client and server enter the ESTABLISHED (TCP connection successful) state and complete three times shake hands.

After a three-way handshake, further communication is possible, as follows:

At the end of the exchange, four waves of hands are also required:

The first wave: the client sends a FIN to the server, requesting to close the data transmission.
The second wave: the server receives the client's FIN and sends an ACK to the client, where the value of ack is equal to FIN+SEQ.
Third wave: The server sends a FIN to the client, telling the client application to close.
The fourth wave: the client receives the FIN from the server and replies an ACK to the server. The value of ack is equal to FIN+SEQ.
Note: A request may be divided into multiple packets, and so is a piece of data, so you will see many packets in wireshark.

Finally, I would like to thank everyone who has read my article carefully. Reciprocity is always necessary. Although it is not a very valuable thing, if you can use it, you can take it away directly: [Collect at the end of the article]

     [The following is the most complete software test engineer learning knowledge architecture system diagram + full set of materials I compiled in 2023]

1. From entry to mastery of Python programming

2. Interface automation project actual combat 

3. Actual Combat of Web Automation Project


4. Actual Combat of App Automation Project 

5. Resume of first-tier manufacturers


6. Test and develop DevOps system 

7. Commonly used automated testing tools

Eight, JMeter performance test 

9. Summary (little surprise at the end)

life is long so add oil. Every effort will not be let down, as long as you persevere, there will be rewards in the end. Cherish your time and pursue your dreams. Don't forget the original intention, forge ahead. Your future is in your hands!

Life is short, time is precious, we cannot predict what will happen in the future, but we can grasp the present moment. Cherish every day and work hard to make yourself stronger and better. Firm belief, persistent pursuit, success will eventually belong to you!

Only by constantly challenging yourself can you constantly surpass yourself. Persist in pursuing your dreams and move forward bravely, and you will find that the process of struggle is so beautiful and worthwhile. Believe in yourself, you can do it!  

Guess you like

Origin blog.csdn.net/nhb687095/article/details/132297781
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com