Here’s a revised version of the content, including the keyword:—Catching and analyzing the TCP protocol can be effectively managed using interface testing tools. These tools help capture the data packets transmitted over a network, allowing for detailed examination and troubleshooting of TCP
This article is excerpted from the Hogwarts Test Development Society’s internal textbook.
The TCP protocol is a transport-layer communication protocol that is connection-oriented, reliable, and stream-based.
Environment Preparation
The interface testing tools can be categorized into the following types:
Catching and Analyzing TCP Protocol
tcpdump
tcpdump is a tool. It supports filtering by network layer, protocol, host, network, or port and provides logical statements like and, or, not to eliminate useless information.
Make tcpdump constantly monitor port 443, and if there are any anomalies, output them to a log file.
Using this command will place the obtained report in the directory.
Common Parameters | Meaning |
---|---|
port 443 | Monitor port 443 |
-v | Output more detailed information |
-w | Write data into the log |
wireshark
wireshark is also a network sniffing tool. In addition to having tcpdump capabilities, it also offers more extended features, such as analysis tools. However, during interface testing, the packet capture process often occurs on the server, which typically does not provide a UI interface. Therefore, wireshark cannot work on the server and can only use tcpdump to capture packets to generate logs, then import the log into wireshark for analysis on a client with a UI interface.
Catching and Analyzing TCP Protocol
Capture an HTTP GET request:
Use wireshark to view the log:
The first few segments of the log show a three-way handshake. Since channels are unreliable, before sending data, channel stability must be ensured, and the three-way handshake is like these operations below:
After a three-way handshake, communication can proceed as follows:
When ending communication, four-way handshake is also necessary:
A single request may be split into multiple packets, and the same is true for data, so many packets will be seen in wireshark.
Original declaration: This article is authorized by the author for publication in the Tencent Cloud Developer Community and may not be reproduced without permission.