1. Caicai’s team story
In 2020, Cai Cai has been diligently leading the team to focus on channel docking projects. With the integration of various channels, we encountered a multitude of challenges, each presenting N*N problems of being blamed. Despite the diverse nature of these issues, numerous solutions have been accumulated over time, showcasing our resilience and problem-solving skills. I will choose one of these strategies to describe below, and I hope you will listen attentively to this narrative.
Cai Cai led his brothers and worked late into the night for more than a few days, and the project was finally launched as scheduled.
According to the team’s practice, the production environment must be prepared in advance before going online. Cai Cai arranged for his brother Xiao Guo to open up the network environment ( database , access domain name , etc.) in advance to avoid any problems when going online.
After the network was connected, the brothers happily deployed the application to production. After the application was started, they never expected that the Connection Reset message would be reported as soon as it was called…
Upon seeing this, Xiao Yu, the main force of Cai Cai’s team, went to the three parties to confirm the cause, but the three parties insisted that there was no problem… … While Xiao Yu was negotiating with the three parties, Cai Cai, who had been baptized by the years, had already started the Wireshark software in a flash.
Cai Cai skillfully input commonly used expressions on Wireshark for screening and filtering, revealing the true nature of the network problem, capturing on-site evidence and throwing it to the three parties, who were speechless.
Cai Cai just wants to convey that: when doing technology, you should act like a technician. No matter how much you talk, it is all nonsense. The only real truth is to implement and solve problems.
2. Diagnostic skills of Caicai
According to Cai Cai’s experience, most problems when connecting with three parties occur in the TCP connection establishment link, that is, in the handshake link. When the TCP connection establishment fails, the most reliable way to troubleshoot is to use Wireshark to analyze it. However, given that the manifestations of failed handshakes are different, it still requires skills to solve them.
[Cai Cai diagnostic technique 1: Connection Reset]
Code language: javascript
copy
(tcp.flags.reset == 1) && (tcp.seq == 1)This technique (the above expression) can filter out packets with Seq number 1 and the Reset flag, which usually means that the handshake request was rejected by the other party (the connection was rejected by the other party).
The actual combat is as follows:
Right-click the packet of interest and select Follow -> TCP Stream menu.
Then the whole process of failure can be displayed.
[Cai Cai Diagnostic Skill 2: TCP Retransmission]
Code language: javascript
copy
(tcp.flags.syn == 1) && (tcp.analysis.retransmission)This technique (expression) can filter out retransmitted handshake requests because the other party did not receive it or the confirmation packet replied by the other party was lost.
The actual combat is as follows:
Right-click the packet of interest and select Follow -> TCP Stream menu.
Then the failure process can be displayed. It is obvious that the reason for the handshake failure is packet loss, which causes 20.20.20.21 to not receive the handshake request.
[Cai Cai diagnostic technique three: client and server two-pronged approach]
“When you have eliminated all the impossible, whatever remains, no matter how unbelievable, is the truth – Sherlock Holmes.” Using Wireshark to troubleshoot problems is the same as Sherlock Holmes’s way of solving cases. First, try to capture all network packets (both the client and the server, without missing any details), then look for various clues in the network packets, make inferences based on the network protocol, and then remove the evidence covered up by humans to get the final truth.
3. Vegetable gossip
This article mainly discusses how to locate the problem with the help of Wireshark. I hope it will be helpful to you. Knowledge gained from books is always shallow. You must practice it yourself to truly understand it. For some things that cannot be conveyed, you need to combine Wireshark to capture packets and analyze them yourself.
This is the end of my Wireshark sharing. In order to make sure there are no omissions in the sharing, I have consulted a lot of documents, books and official materials. I have summarized them and shared them with you, hoping that they will be helpful to you.