I need to performance test an application [BRM remedy, ar user] that is using an TCP protocol. I don’t have much knowledge on TCP Protocol.
I tried with wireshark to analyze the requests, but it is showing TCP request with data checks [Assuming that my data is splitting into small chunks by TCP protocol implementation].
Can you please suggest me some good tool that can monitor TCP requests and responses [like HTTP fiddler for HTTP Protocol]?
I will be using Jmeter for the perf testing.
You might be seeing packets in the TCP format , but you can docode your packet in wire share too.
Open your capture in wireshark go to Analyze -> Decode As -> and all request will will traslated accodingly.
If you want analyse a specific TCP stream or want to to which tcp stream a packet belong to , right click on packet and click "Follow tcp..." , you will be finding allthe packets belong that particular tcp stream.
It mostly work for me with above two functionality , hope same for you.
Related
so I'm working on a project where the program can detect when its being scanned for malicious purposes by checking how many ports are being scanned at the same time and scanning them back using the SYN method and I would like to know if the TCP or UDP protocol is better for a so called "counter-scan" to the target without getting noticed I have some ideas like:
I can send them using UDP and the attacker wouldn't notice them .
using the TCP method use the existing 3 way handshake to mask the
SYN packets with his responses
sorry I have no source code since I'm still brain storming
Yes, UDP scan can be done by looking at ICMP (NOT IMCP) port unreachables, but these are often filtered.
I guess UDP would not be less "noticed"--TCP does more harm since it needs state saved (waiting for ACKs).
(nit: please work on your English)
It's about HTTP(s) or TCP protocol.
I am learning HTTP using Wireshark, I see lots of retransmission packets in TCP protocol. And I want to calculate the total size of data sent by client-end to server-end, except for retransmission.
How can I get the whole pure size of data I sent to server, except retransmission?
Is there any flag for retransmission in TCP protocol?
There's no "retransmission" flag it TCP. Finding retransmissions requires analyzing the sequence numbers of sent segments, which is something wireshark does - for instance, you can use the display filter tcp.analysis.retransmission to find TCP segments that wireshark considers to be retransmissions.
To find the amount of data sent in a tcp session, right click any segment from the session, and click Follow -> TCP Stream:
It'll generate a display filter such as tcp.stream eq 138 and show you the entire content of the selected tcp session, including the amount of shared data, regardless of retransmissions:
For a service which just returns a small number when queried such as 30, or 10, but would have to handle up to 5 or so requests at any instance, would TCP or UDP be a better protocol? I am leaning towards UDP, but I wanted some expert opinions. I am looking for relatively quick reply times as well. Could you tell me what the advantages of each would be for a service like this? Thanks.
TCP is a reliable connection-based protocol. So, you are guaranteed that data is sent/received - the packets are automatically re-sent if they are not verified to be received on the other end. However, there is the overhead of the three-way handshake for establishing the connection.
TCP is used for protocols like HTTP where there is a one-time exchange of information (the HTTP Request and Reply).
UDP is an unreliable connection-less protocol. So you can simply send / receive a packet but you have no (automatic, OS stack-provided) way of verifying that the other end got your message. If you care, you have to implement some kind of ACK yourself.
UDP is used often for more continuous, "streaming" type protocols. For example, many online multiplayer games use UDP to exchange game information to/from the host. They do this on a continual, periodic basis. So if a packet is lost, it's not really a big deal, because another update is just around the corner. It would be far worse for the gameplay if you had to wait for that (now stale) update to be re-transmitted.
DNS is also implemented over UDP.
Ultimately the choice is yours. I would probably default to TCP for most cases, and only use UDP in a scenario like I described.
I can send a tcp syn, and I receive a syn/ack back, but at that point linux sends a tcp rst because it was not linux tcp that opened the connection.
I'm wondering if I can stop the rst, or if there's another way to manually perform the handshake so I can send arbitrary packets after it.
I'm implementing a nat for a class and I'm trying to debug more effectively.
The discussion surrounding this question is probably helpful.
If you are doing this for experimental reasons (i.e. not trying to interact with real tcp services) I would recommend that you set the protocol number to 253-254 instead of the regular 6 for tcp, that should allow you to prevent the kernel from picking up on the packets that you are generating.
I was configuring IPtable yesterday. My colleague just asked me this question, and I couldn't anwser. I realized that I'm a much better developper than sysadmin and need to improve that.
So what are they? What are they for? Cons/Pros (if it's relevant).
These are like basic questions.
UDP :: User Datagram Protocol
1) No end to end Connection between to machines (may be in local network or somewhere in the internet).
2) The data received at the receiver end is not in stream as in TCP but as a complete block of data.
3) At the transport layer no packet order check is performed. That is in case of any error in the received packet, the receiver will not ask for resending the same packet to the sender.
4) Because of the above behaviour no sending buffers are required at the sender's end.
5) As no end to end connection is estld. and there are no handshakings required, UDP are pretty much faster but less reliable than TCP. Thus mostly used in gaming and DNS etc..
6) No acknowledgement required to be sent after recieiving packets.
TCP :: Transmission control Protocol
1) End to end Connection is maintained between to machines (may be in local network or somewhere in the internet).
2) The data received at the receiver end is a stream in TCP. Thus, when we do network programming for servers we first parse the header first and then depending upon the size mentioned in the header we obtain that much more number of bytes from the buffer.
3) Error checking and sequence number are all done. Thus in case any packet is received out of order (rarely) or is erred than that packet is made to resend. Also, lots of other protocols are involved for flow control (end to end flow control).
4) As connection establishment , handshaking and acknowledgement is to be done TCP are basically slower in operation than UDP.(Not significantly I believe)
5) Lots of protocols uses TCP as underlying transport protocol. HTTP,FTP,TELNET etc..
6) The communication procedure involves:
Server:: 1) Socket Open
2) Socket Bind
3) Socket Listen
4) Socket Accept
5) Socket Send/Recv
Client :: 1) Socket Open
2) Socket Connect
3) Socket Send/Recv
There are lots of other differeces also..but the above being the most common ones.
TCP is a reliable protocol which ensures that your packets reach their destination and is used in applications where all data must me trasfered accurately between parties. TCP requires both parties to negotiate a connection before data transfer can start and it is a resilient protocol since it will repeatedly resend a packet until that packet is received by the intended recipient.
UDP is unreliable in a sense that it allows some packets to be lost in transit. Some applications of UDP are found in movie streaming where you can actually afford to lose a frame and not jeopardize movie quality. UDP does not need binding between the two parties and is often looked at as a light alternative to TCP.
A nice table is found here:TCP vs UDP
P.R.'s answer is mostly correct, but incomplete.
TCP is a reliable, connected stream protocol. Its view of data is that of a bidirectional stream of bytes between hosts: whatever bytes you send will arrive at the other end in the same order, at least as far as the application is concerned (the OS will rearrange packets if needed).
UDP is an unconnected datagram protocol. Its view of data is that of discrete datagrams, or messages, with no guarantee that these messages actually reach their recipient, or that they arrive in the order they were sent. It does guarantee that if a message arrives, it arrives in its entirety and without modification.
This website probably offers the simplest explanation to the actual difference of UDP and TCP. From implementation point of view, see this question.
For short answer: TCP works kind of like registered letter when UDP is kind of like ordinary letter - with the latter you never know whether the recipient got the packet you sent.
There are loads of helpful comparisons
chris is right!
One fancy link dropping out of google is: http://www.skullbox.net/tcpudp.php