Technology sharing | packet capturing analysis TCP protocol

TCP The protocol is in the transport layer , A connection oriented 、 reliable 、 Transport layer communication protocol based on byte stream .

Environmental preparation

Classify interface testing tools , It can be classified as follows ：

Network sniffer tool ：tcpdump,wireshark

Agent tools ：fiddler,charles,anyproxyburpsuite,mitmproxy

Analysis tools ：curl,postman,chrome Devtool

Caught analysis TCP agreement

tcpdump

tcpdump Is a network transmission of data packets “ head ” Completely intercepted to provide analysis tools . It supports for network layer 、 agreement 、 host 、 Network or port filtering , And provide and、or、not And other logical statements to remove useless information .

Give Way tcpdump Always monitor 443 port , If there is any difference, enter it into log In file

sudo tcpdump port 443 -v -w /tmp/tcp.log
Use this command , Will put the report in the directory /tmp/tcp.log in .

wireshark

wireshark It is also a network sniffing tool , In addition to having tcpdump function , There are more extensions , For example, analysis tools , But in interface testing , The process of capturing packets is often carried out on the server , Servers generally do not provide UI Interface , therefore wireshark Unable to work on server , Can only use tcpdump Grab bag generation log, And then log Import wireshark Use , There is UI Analysis on the client of the interface .

Caught analysis TCP agreement

Grab one http Of get request ：

Search on Baidu mp3 http://www.baidu.com/s?wd=mp3

use tcpdump Intercept this get request , And generate log

use wireshark open tcpdump Generated log

Use wireshark see log：

log The first few messages are three handshakes . Because the channel is unreliable , Before sending the data , It is necessary to ensure channel stability , And three handshakes are like the following operations ：

The first handshake ： When establishing a connection , The client sends syn package （syn=j） To the server , And enter SYN_SENT state , Wait for server to confirm .

The second handshake ： Server received syn package , Must confirm customer's SYN（ack=j+1）, At the same time, I also send a SYN package （seq=k）, namely SYN+ACK package , At this time, the server enters SYN_RECV state ;

The third handshake ： Client receives server's SYN+ACK package , Send confirmation package to server ACK（ack=k+1）, This package has been sent , Client and server access ESTABLISHED（TCP Successful connection ） state , Complete three handshakes .

After three handshakes , Can further communicate , It looks like this ：

At the end of the communication , Four waves are also required ：

First wave ： The client sends a... To the server FIN, Request to turn off data transfer .

Second wave ： The server received... From the client FIN, Send a ACK, among ack The value is equal to the FIN+SEQ.

Third wave ： The server sends a... To the client FIN, Tell client application to close .

Fourth wave ： The client receives... From the server FIN, Reply to one ACK To the server . among ack The value is equal to the FIN+SEQ.

Be careful ： A request may be divided into multiple packets , So is a data , So in wireshark You'll see a lot of bags .

Last ： It can be in the official account ： Sad spicy bar ！ Get one by yourself 216 Page software testing engineer interview guide document information 【 Free of charge 】. And the corresponding video learning tutorial is free to share ！, It includes basic knowledge 、Linux necessary 、Shell、 The principles of the Internet 、Mysql database 、 Special topic of bag capturing tools 、 Interface testing tool 、 Test advanced -Python Programming 、Web automated testing 、APP automated testing 、 Interface automation testing 、 Testing advanced continuous integration 、 Test architecture development test framework 、 Performance testing 、 Safety test, etc. .

I recommend one 【Python Automated test communication group ：746506216】, We can discuss communication software testing together , Learn software testing together 、 Interview and other aspects of software testing , Help you advance quickly Python automated testing / Test Development , On the road to high pay .

Friends who like software testing , If my blog helps you 、 If you like my blog content , please “ give the thumbs-up ” “ Comment on ” “ Collection ” One Key triple connection ！