当前位置:网站首页>Technology sharing | packet capturing analysis TCP protocol
Technology sharing | packet capturing analysis TCP protocol
2022-07-06 19:59:00 【Hua Weiyun】
This article is excerpted from the internal textbook of Hogwarts testing and development society
TCP The protocol is in the transport layer , A connection oriented 、 reliable 、 Transport layer communication protocol based on byte stream .
Environmental preparation
Classify interface testing tools , It can be classified as follows :
- Network sniffer tool :tcpdump,wireshark
- Agent tools :fiddler,charles,anyproxyburpsuite,mitmproxy
- Analysis tools :curl,postman,chrome Devtool
Caught analysis TCP agreement
tcpdump
tcpdump Is a The of packets transmitted over a network “ head ” Completely intercepted to provide analysis Tools for . It supports for network layer 、 agreement 、 host 、 Network or port filtering , And provide and、or、not And other logical statements to remove useless information .
Give Way tcpdump Always monitor 443 port , If there is any difference, enter it into log In file
sudo tcpdump port 443 -v -w /tmp/tcp.log
Use this command , Will put the report in the directory /tmp/tcp.log
in .
Common parameters | meaning |
---|---|
port 443 | monitor 443 port |
-v | Output more detailed information |
-w | Write data to log in |
wireshark
wireshark It is also a network sniffing tool , In addition to having tcpdump function , There are more extensions , For example, analysis tools , But in interface testing , The process of capturing packets is often carried out on the server , Servers generally do not provide UI Interface , therefore wireshark Unable to work on server , Can only use tcpdump Grab bag generation log, And then log Import wireshark Use , There is UI Analysis on the client of the interface .
Caught analysis TCP agreement
Grab one http Of get request :
- Search on Baidu mp3
http://www.baidu.com/s?wd=mp3
- use tcpdump Intercept this get request , And generate log
- use wireshark open tcpdump Generated log
Use wireshark see log:
log The first few messages are three handshakes . Because the channel is unreliable , Before sending the data , It is necessary to ensure channel stability , And three handshakes are like the following operations :
- The first handshake : When establishing a connection , The client sends syn package (syn=j) To the server , And enter SYN_SENT state , Wait for server to confirm .
- The second handshake : Server received syn package , Must confirm customer's SYN(ack=j+1), At the same time, I also send a SYN package (seq=k), namely SYN+ACK package , At this time, the server enters SYN_RECV state ;
- The third handshake : Client receives server's SYN+ACK package , Send confirmation package to server ACK(ack=k+1), This package has been sent , Client and server access ESTABLISHED(TCP Successful connection ) state , Complete three handshakes .
After three handshakes , Can further communicate , It looks like this :
At the end of the communication , Four waves are also required :
- First wave : The client sends a... To the server FIN, Request to turn off data transfer .
- Second wave : The server received... From the client FIN, Send a ACK, among ack The value is equal to the FIN+SEQ.
- Third wave : The server sends a... To the client FIN, Tell client application to close .
- Fourth wave : The client receives... From the server FIN, Reply to one ACK To the server . among ack The value is equal to the FIN+SEQ.
Be careful : A request may be divided into multiple packets , So is a data , So in wireshark You'll see a lot of bags .
边栏推荐
- 学习打卡web
- [calculating emotion and thought] floor sweeper, typist, information panic and Oppenheimer
- Period compression filter
- Chic Lang: attributeerror: partially initialized module 'CV2' has no attribute 'GAPI_ wip_ gst_ GStreamerPipe
- Poj3617 best cow line
- HDU 1026 search pruning problem within the labyrinth of Ignatius and the prince I
- Crawler (14) - scrape redis distributed crawler (1) | detailed explanation
- Tencent T2 Daniel explained in person and doubled his job hopping salary
- mod_wsgi + pymssql通路SQL Server座
- Blue Bridge Cup microbial proliferation C language
猜你喜欢
某东短信登录复活 安装部署教程
Chic Lang: attributeerror: partially initialized module 'CV2' has no attribute 'GAPI_ wip_ gst_ GStreamerPipe
手把手教你学会js的原型与原型链,猴子都能看懂的教程
Tencent architects first, 2022 Android interview written examination summary
系统与应用监控的思路和方法
Tencent Android interview must ask, 10 years of Android development experience
枚举根据参数获取值
(3) Web security | penetration testing | basic knowledge of network security construction, IIS website construction, EXE backdoor generation tool quasar, basic use of
Speech recognition (ASR) paper selection: talcs: an open source Mandarin English code switching corps and a speech
OceanBase社区版之OBD方式部署方式单机安装
随机推荐
mod_ WSGI + pymssql path SQL server seat
String长度限制?
2022年6月语音合成(TTS)和语音识别(ASR)论文月报
腾讯云数据库公有云市场稳居TOP 2!
[play with Linux] [docker] MySQL installation and configuration
Tencent Android interview must ask, 10 years of Android development experience
【计网】第三章 数据链路层(3)信道划分介质访问控制
手把手教你学会js的原型与原型链,猴子都能看懂的教程
Interview assault 63: how to remove duplication in MySQL?
Alibaba数据源Druid可视化监控配置
22-07-05 七牛云存储图片、用户头像上传
VMware virtual machine cannot open the kernel device "\.\global\vmx86"
Cesium 点击绘制圆形(动态绘制圆形)
Vscode debug run fluent message: there is no extension for debugging yaml. Should we find yaml extensions in the market?
Oceanbase Community Edition OBD mode deployment mode stand-alone installation
深入浅出,面试突击版
Node.js: express + MySQL实现注册登录,身份认证
Standardized QCI characteristics
Guangzhou's first data security summit will open in Baiyun District
Selenium advanced operations