Network protocol – HTTP protocol (packet capture practice and network layering)

Time:2021-9-22

This article mainly introduces  Wireshark  Obtained by packet capture tool  HTTP protocol  Relevant data, and then make a simple analysis of these data, the main purpose is to have a deeper understanding  HTTP protocolAnd then find out why the network is layered,  OSI modelandTCP/IPDifferences between models.

1. HTTP protocol packet capture practice (Wireshark)

1.1 opening  Wireshark  Tool, select the network card in use  Ethernet 4(subject to the actual use of your computer), click  capture, and select  option
Network protocol - HTTP protocol (packet capture practice and network layering)
1.2 enter in the filter bar in the new window  port 80
Network protocol - HTTP protocol (packet capture practice and network layering)

Tips: input  port 80  Then click  startYou can start capturing,port 80Indicates filtered and  Port 80  Related data requests.

1.3 opening  Telnet  Tool simulation  HTTP  Request:

telnet singwa666.com 80
GET /themes/simpleboot3/portal/public/assets/css/moco.css HTTP/1.1
Host: singwa666.com

As shown in the figure below:
Network protocol - HTTP protocol (packet capture practice and network layering)

1.4 Telnet  simulation  HTTP  After the request, click on the top left cornergules  Button to stop capturing message:
Network protocol - HTTP protocol (packet capture practice and network layering)

1.5 find  WireShark  The item captured in  HTTP  Relevant message requested:
Network protocol - HTTP protocol (packet capture practice and network layering)

Tips: found  Telnet  The data requested in the simulation  double-click

1.6 double click the itemHTTP  Request data:
Network protocol - HTTP protocol (packet capture practice and network layering)

Tips: as shown in the figure, the message information is based on  ABNF  Descriptive  HTTP  Protocol format specification.

2. Chrome packet capture: network panel analysis

2.1 Network diagram

Network protocol - HTTP protocol (packet capture practice and network layering)

Tips: fromoutlineAs you can see,29 requests  express  29  Requests,46.9 kB transferred  Indicates that it has been transmitted over the network  46.9KBdata960 kB resources  Indicates that the page is loaded  960KB  Resources,Finish: 421 ms  It takes a total of  421 ms  Time,DOMContentLoaded: 201 ms  express  DOM  Total content load consumption  201 msLoad: 376  expressDOMLoad consumed  376 ms

2.2 Network panel description

  • controller: appearance and function of control panel
  • filter: filter the resources displayed in the request list (press and hold Ctrl to select multiple filter criteria)
  • overview: display  HTTP  Timeline of request and response
  • Request list: default time sorting, optional display column
  • outline: total requests, total data volume, total time spent

two point three    Controller description

  • Start capturing bagsNetwork protocol - HTTP protocol (packet capture practice and network layering)
  • Stop capturing packetsNetwork protocol - HTTP protocol (packet capture practice and network layering)
  • Clear requestNetwork protocol - HTTP protocol (packet capture practice and network layering)
  • To load save requests across pagesNetwork protocol - HTTP protocol (packet capture practice and network layering)For example, if you want to keep the original request list when a website page has a jump, you can select this item
  • Stop using cacheNetwork protocol - HTTP protocol (packet capture practice and network layering)
  • Offline simulation:Network protocol - HTTP protocol (packet capture practice and network layering)
  • Simulate other network speed connections:Network protocol - HTTP protocol (packet capture practice and network layering), which includes custom network speed
  • Hide filter paneNetwork protocol - HTTP protocol (packet capture practice and network layering)
  • Manually clear cache: right click to request selection  Clear Browser Cache

two point four   Filter description

  • filter  AllXHRJSCSSImgMediaFontDocWS(WebSocket)ManifestOther  Type.
  • Press and hold Ctrl to select multiple criteria to filter.
  • Filter by time: overview panel, drag the scroll bar.
  • Hide Data URLsNetwork protocol - HTTP protocol (packet capture practice and network layering)
  • domain:Network protocol - HTTP protocol (packet capture practice and network layering)

two point five   Request list

  • The default is time sorting
  • Sort by column
  • Sort by activity time,Start Time  The first request made is at the top,Response Time  The first request to start the download is at the top,End Time  The first request completed is at the top,Total Duration  The request with the shortest connection setup time and request / response time is at the top,Latency  The request with the shortest response time is at the top
  • Names: resource name
  • StatusHTTP  Status code
  • Type: of the requested resource  MIMEtype
  • Initiator: the object or process that initiated the request,Parserexpress  ChromeofHTMLThe parser initiated the request,RedirectexpressHTTPRedirection initiated the request,Script (script): the script started the request,Other (other): some other process or action initiates a request, such as the user clicking a link to jump to the page or entering the web address in the address bar

3. OSI model

OSI (Open System Interconnection Reference Model)The model is a theoretical conceptual model, which has not really been implemented, but it needs to be referred to in order to better understand the protocol and layering in the network:
Network protocol - HTTP protocol (packet capture practice and network layering)

Tips:application layerIt solves business problems,Presentation layerResponsible for converting messages in the network intoapplication layerMessages that can be read and written (such as TLS / SSL),Session layerResponsible for establishing session, handshaking, maintaining connection and closing,Transport layerResolve process to process communication,network layerbe responsible foripEstablish a connection between addresses,data link layerResponsible for connection in LAN  MAC  The address is connected to switches, routers, etc,physical layerMainly responsible for how the signal is transmitted.

4. TCP / IP model

What is actually used in the Internet  TCP/IP  Model, in  TCP/IP  Pair in model  OSI  The model has been simplified a lot, such asapplication layerNo, right  Presentation layerSession layerMake strict distinctions,data link layerand  physical layerThere is no strict distinction:
Network protocol - HTTP protocol (packet capture practice and network layering)

Tips: in network layering, each layer only needs to be responsible for what each layer does, and does not care about the work of other layers, but it will increase additional data processing delay.

5. Message header

Network protocol - HTTP protocol (packet capture practice and network layering)

6. Packet capture analysis

Download a message file for packet capture demonstration, addresshttp://www.singwa666.com/demo.pcapng

6.1 first use  WireShark  Open the message file and use  http  Filtering:
Network protocol - HTTP protocol (packet capture practice and network layering)

6.2 click one of them for analysis:
Network protocol - HTTP protocol (packet capture practice and network layering)

6.3 point opening  Ethernet II  Can seedata link layerRelevant data:
Network protocol - HTTP protocol (packet capture practice and network layering)

Tips: the Ethernet layer shows  MAC  Address related information.

6.4 point on  Internet Protocol ...  Can see  IP layer  Relevant data:
Network protocol - HTTP protocol (packet capture practice and network layering)

6.5 point on  Transmission Control Protocol ...  Can see  TCP layer  Relevant data:
Network protocol - HTTP protocol (packet capture practice and network layering)

6.6 point on  Hypertext Transfer Protocol  Can see  Application layer http  Relevant data:
Network protocol - HTTP protocol (packet capture practice and network layering)

Scan code and pay attention to eyin Shixian

Network protocol - HTTP protocol (packet capture practice and network layering)