Network protocol – HTTP protocol (packet capture and network layering)

Time:2021-7-6

This article mainly introduces  Wireshark  Packet capture tool  HTTP protocol  Related data, and then a simple analysis of these data, the main purpose is to more in-depth understanding  HTTP protocolAnd then find out why the network is layered,  OSI modelandTCP/IPThe difference between models.

1. HTTP protocol packet capture (Wireshark)

1.1 open  Wireshark  Tool, select the network card in use  Ethernet 4(subject to the actual use of your computer), click  capture, and then select  option
Network protocol - HTTP protocol (packet capture and network layering)
1.2 input in the filter column of the new window  port 80
Network protocol - HTTP protocol (packet capture and network layering)

Tips: input  port 80  Then click  startYou can start capturing,port 80Represents the filtered and  80 port  Related data requests.

1.3 open  Telnet  Tool simulation  HTTP  Request:

telnet singwa666.com 80
GET /themes/simpleboot3/portal/public/assets/css/moco.css HTTP/1.1
Host: singwa666.com

As shown in the figure below:
Network protocol - HTTP protocol (packet capture and network layering)

1.4 Telnet  simulation  HTTP  After the request, click on the top left cornerred  Button to stop capturing message:
Network protocol - HTTP protocol (packet capture and network layering)

1.5 find  WireShark  The article captured in  HTTP  Request related message:
Network protocol - HTTP protocol (packet capture and network layering)

Tips: find  Telnet  The data in the simulation request  double-click

1.6 double click the itemHTTP  Request data:
Network protocol - HTTP protocol (packet capture and network layering)

Tips: as shown in the figure, the message information is based on  ABNF  Descriptive  HTTP  The protocol format is standard.

2. Chrome capture: network panel analysis

2.1 Network diagram

Network protocol - HTTP protocol (packet capture and network layering)

Tips: fromoutlineAs you can see,29 requests  express  29  A request,46.9 kB transferred  It means that it is transmitted through the network  46.9KBdata960 kB resources  Indicates that the page is loaded  960KB  Our resources,Finish: 421 ms  It took me a long time to finish  421 ms  Time,DOMContentLoaded: 201 ms  express  DOM  Total consumption of content loading  201 msLoad: 376  expressDOMLoad consumed  376 ms

2.2 Network panel description

  • controller: appearance and function of control panel
  • filter: filter the resources displayed in the request list (press and hold Ctrl to select multiple filtering criteria)
  • overview: display  HTTP  Timeline of request and response
  • Request list: default time sorting, display columns can be selected
  • outline: total number of requests, total amount of data, total time spent

two point three    Controller description

  • Start to grab the bagNetwork protocol - HTTP protocol (packet capture and network layering)
  • Stop grabbingNetwork protocol - HTTP protocol (packet capture and network layering)
  • Clear requestNetwork protocol - HTTP protocol (packet capture and network layering)
  • To load save requests across pagesNetwork protocol - HTTP protocol (packet capture and network layering)For example, if you want to keep the original request list when there is a jump on a website page, you can select this item
  • Stop using cacheNetwork protocol - HTTP protocol (packet capture and network layering)
  • Offline simulation:Network protocol - HTTP protocol (packet capture and network layering)
  • Simulate other network speed connections:Network protocol - HTTP protocol (packet capture and network layering), including custom network speed
  • Hide filter paneNetwork protocol - HTTP protocol (packet capture and network layering)
  • Manually clear cache: right click request to select  Clear Browser Cache

two point four   Filter description

  • filter  AllXHRJSCSSImgMediaFontDocWS(WebSocket)ManifestOther  Type.
  • Hold down Ctrl to select more than one filter condition.
  • Filter by time: overview panel, drag scroll bar.
  • Hide Data URLsNetwork protocol - HTTP protocol (packet capture and network layering)
  • domain:Network protocol - HTTP protocol (packet capture and network layering)

two point five   Request list

  • The default is time sort
  • Sort by column
  • Sort by activity time,Start Time  The first request made is at the top,Response Time  The first request to start the download is at the top,End Time  The first completed request is at the top,Total Duration  The request with the shortest connection setting time and request / response time is at the top,Latency  The request with the shortest waiting time to respond is at the top
  • Names: resource name
  • StatusHTTP  Status code
  • Type: the name of the requested resource  MIMEtype
  • Initiator: the object or process that initiated the request,Parser (parser)express  ChromeOfHTMLThe parser initiates the request,Redirect (redirect)expressHTTPRedirection initiated the request,Script (script): the script started the request,Other (others): some other processes or actions initiate requests, such as the user clicking a link to jump to a page or entering a web address in the address bar

3. OSI model

OSI (Open System Interconnection Reference Model)The model is a theoretical conceptual model, which has not been implemented. However, in order to better understand the protocols and layers in the network, we need to refer to this model in the implementation of network protocols
Network protocol - HTTP protocol (packet capture and network layering)

Tips:application layerIt’s a business problem,Presentation layerResponsible for transforming messages in the network intoapplication layerMessages that can be read and written (such as TLS / SSL),Conversation layerResponsible for establishing session, handshake, maintaining connection and closing,Transport layerSolve the communication between processes,network layerbe responsible foripEstablish a connection between addresses,data link layerResponsible for LAN connection  MAC  The address is connected to the switch, router, etc,physical layerIt is mainly responsible for how the signal is transmitted.

4. TCP / IP model

What is actually used on the Internet  TCP/IP  Model, in  TCP/IP  In the model  OSI  The model has been simplified a lot, for exampleapplication layerNo right  Presentation layerConversation layerMake a strict distinction,data link layerand  physical layerThere is no strict distinction
Network protocol - HTTP protocol (packet capture and network layering)

Tips: in network layering, each layer only needs to be responsible for what each layer does, and does not care about the work of other layers, but it will increase additional data processing delay.

5. Message header

Network protocol - HTTP protocol (packet capture and network layering)

6. Packet capture analysis

Download a packet capture demonstration with the message file, addresshttp://www.singwa666.com/demo.pcapng

6.1 first use  WireShark  Open the message file and use the  http  Filtration:
Network protocol - HTTP protocol (packet capture and network layering)

6.2 open one of them for analysis
Network protocol - HTTP protocol (packet capture and network layering)

6.3 o’clock  Ethernet II  You can see thatdata link layerRelevant data:
Network protocol - HTTP protocol (packet capture and network layering)

Tips: Ethernet layer shows  MAC  Address related information.

6.4 o’clock  Internet Protocol ...  You can see that  IP layer  Relevant data:
Network protocol - HTTP protocol (packet capture and network layering)

It starts at 6.5  Transmission Control Protocol ...  You can see that  TCP layer  Relevant data:
Network protocol - HTTP protocol (packet capture and network layering)

6:00 a.m  Hypertext Transfer Protocol  You can see that  Application layer http  Relevant data:
Network protocol - HTTP protocol (packet capture and network layering)

Scan the code and pay attention to AI Yin Shi Xian

Network protocol - HTTP protocol (packet capture and network layering)