The TCP protocol is a connection-oriented, reliable communication protocol based on byte streams at the transmission layer. The tcpdump tool can be used to capture and analyze TCP traffic to troubleshoot and study network behavior.
Preparation
Interface testing tools can be categorized into the following:
tcpdump is a tool that completely captures the âheadersâ of data packets transmitted on a network for analysis. It supports filtering at the network layer, protocol, host, network, or port level, and uses logical statements like and, or, not to eliminate redundant information.
Have tcpdump constantly monitor port 443 and direct any anomalies into a log file.
Using this command, the report will be placed in the /tmp/tcp.log directory.
Wireshark is also a network sniffing tool. In addition to having tcpdumpâs capabilities, it offers more extended features, such as analysis tools. However, in interface testing, the packet capturing process often takes place on servers, which typically do not provide a UI interface. Therefore, Wireshark cannot operate on servers directly. Instead, tcpdump captures packets to generate a log, which Wireshark then imports for analysis on a client with a UI.
Capture an HTTP GET request:
1. Search for âmp3â on Baidu
2. Use tcpdump to intercept this GET request and generate a log
3. Open the log generated by tcpdump with Wireshark
Reviewing the log with Wireshark:
The initial segments of the log represent the three-way handshake because the channel is unreliable. Before sending data, you must ensure channel stability, and the three-way handshake involves these operations:
To end communication, a four-way handshake is required:
Original Declaration: This article is authorized by the author for publication by the Tencent Cloud Developer Community and may not be reproduced without permission.
If there is any infringement, please contact us for removal.