CS&BS
According to understand, easy to draw the map:
TCP / IP protocol model
According to preliminary understanding, summarized as follows:
| TCP / IP protocol stack | ||||
|---|---|---|---|---|
| Different layers | effect | protocol | ||
| Application layer | Communication between the time the decision to provide application services to users of communication activities, client and server | HTTP | BS architecture, using a URI resources on the Internet, a stateless protocol (Cookie appear) | |
| SMTP | Sending e-mail protocol, the client issues a request in text form, the server returns a response as three digits | |||
| SSH | Encrypted remote login protocol system | |||
| FTP | File transfer protocol, using two TCP connections: a control and data transmission request by an ASCII string, using three digit responses | |||
| TCPF Protocol (Text Chat Protocol), based on the UDP, the same request originator different, and the same sequence number in response to the request | ||||
| DNS | DNS protocol, IP address to solve the problem of bad memories, by retrieving the IP address of the domain name, but also many other records inquiry | |||
| Transport Layer | And processing for establishing a connection is disconnected when the two host communication, and to ensure that the data transmission confirmation | TCP | Connection-oriented, to ensure communication between the host (correctly handle packet loss, the transmission order of mess and the like), capable of efficient use of bandwidth, network congestion mitigation | |
| UDP | Connectionless-oriented, can transmit data at any time, as it is transmitted immediately to the network when data is received, the communication is not guaranteed | |||
| Internet layer | And a network interconnecting a network environment, the data transmitted from the sending host to receiving host | IP | Transmitting data packets across the network, so that the whole can receive Internet data, IP address, the non-reliable transmission (packet transmission is not successful even if the data is not retransmitted) | |
| ICMP | Solve the problem of data packet transmission is not successful, will give the sender sends an exception notification | |||
| ARP | IP address of the packet parsing the MAC address | |||
| Host-to-network layer | Data processing medium between interconnected by a transmission apparatus: a data -0 / 1 or high and low level pulsed light; transmission: identifying the MAC address | Ethernet | Normally by means of an exclusive cable between the terminal and the switch, into a coaxial cable, fiber optic, twisted pair cable, etc. | |
| Wireless communication | Generally use waves, infrared rays, etc., high-speed transmission in the local range | |||
| PPP | point-to-point protocol, 1-on-1 connected to a computer, needs to support (typically a telephone line, etc.) of the physical layer, the main protocols: LCP / IPCP (NCP) | |||
| ATM / POS / FDDI .... | ||||
wireshark packet capture analysis
这里使用https协议:http+SSL(TLS),比http 安全的SSL加密传输协议
其中,Application Data是加密形式的数据,可以通过向wireshark中导入SSL密钥看到解密后的报文内容。
按道理服务器应该还会向客户端发送Certificate证书,并且客户端进行验证,但是抓了很多次都没有看到这个包...
登录TIM:
可以看到登录TIM时主要使用UDP协议和OICQ协议,其中OICQ协议使用加密方式传输数据,必须先得到会话密钥否则无法解密传输内容。