I am writing a webserver of my own and I’m trying to tune its behaviour.
For this purpose, it would be nice to be able to see exactly how the HTTP traffic is split into individual TCP packets.
Is there a tool that can visualise this nicely?
I think that wireshark is what you are looking for
Wireshark is a network sniffer which can show and save HTTP transactions.
Wireshark or Netmon (http://www.fiddler2.com/redir/?id=netmon) will do this. You might like the VRTA tool for Netmon (http://www.microsoft.com/download/en/details.aspx?id=21462) which helps make sense of HTTP traffic when looking at a low-level capture.
Related
I am not quite sure I understand why this doesn't work. Is this possible? What are the pitfalls of using this if we decide it is possible?
There are actually efforts pursuing such an approach. It ultimately led to the development of coap. But plain HTTP cannot work on UDP, as all packets being sent out are essentially "fire and forget," lacking any guarantee for them to arrive their designated target. Also, order of packets can be entirely different on the receiving side. I believe there were some efforts to get HTTP running via sctp, though.
If you're seriously going down this route, you may want to look at QUIC: https://www.chromium.org/quic
I am wondering about the difference between HTTP and TCP data transfer protocols for online games.
I have heard many people using TCP or UDP to transfer data between client and server for online games.
But can you use http at all? I know http is mostly used for web browsing, but if I could set up web server and let my game applications use GET and POST methods, I can still send data back and forth right? Is it that this way of communicating is too slow or unnecessary?
And just one thing about TCP transmission protocols, if I were to write some gaming application using TCP, is it that the data are usually transferred using something called "sockets" (like Socket classes in Java)? What about UDP?
Thanks very much!
Appreciate any answer!
HTTP is an additional layer on top of TCP that defines what a request looks like, what a response looks like, and how the connection is closed or maintained across requests. You can either use it or not use it, depending on what you actually need to transport. If your game consists of a series of requests that each get a reply, HTTP might make sense. If it's more like unsolicited messages in each direction, making HTTP work is like putting a square peg in a round hole.
Most platforms provide a socket interface that allows you to work with either TCP or UDP depending on the protocol specified when the socket is allocated. Some higher-level APIs look completely different for different protocols.
In web development, I usually use Firebug. But now I have to use Wireshark to monitor Http requests sent by an Android simulator. Wireshark is a fantastic tool, however it is too fat for what I'm doing, and quite painful to copy/paste the request.
So I'm looking for a simpler alternative on Linux Ubuntu.
Wireshark is mostly bloated due to the GUI front-end; however it has a text-version called tshark that uses substantially less memory... the syntax is very similar to tcpdump...
To capture packets sent to and from a webserver on 192.168.12.14, use this...
tshark -n -i eth0 tcp and host 192.168.12.14 and port 80
You may also consider using ngrep http://ngrep.sourceforge.net/usage.html#http
I want to monitor the websocket traffic (like to see what version of the protocol the client/server is using) for debugging purposes. How would I go about doing this? Wireshark seems too low level for such a task. Suggestions?
Wireshark sounds like what you want actually. There is very little framing or structure to WebSockets after the handshake (so you want low-level) and even if there was, wireshark would soon (or already) have the ability to parse it and show you the structure.
Personally, I often capture with tcpdump and then parse the data later using wireshark. This is especially nice when you may not be able wireshark on the device where you want to capture the data (i.e. a headless server). For example:
sudo tcpdump -w /tmp/capture_data -s 8192 port 8000
Alternately, if you have control over the WebSockets server (or proxy) you could always print out the send and receive data. Note that since websocket frames start with '\x00' will want to avoid printing that since in many languages '\x00' means the end of the string.
If you're looking for the actual data sent and received, the recent Chrome Canary and Chromium have now WebSocket message frame inspection feature.
You find details in this thread.
I think you should use Wireshark
Steps
Open wireshark
Go to capture and follow bellow path: capture > interfaces > start capture in your appropriate device.
Write rules in filter tcp.dstport == your_websoket_port
Hit apply
For simple thing, wireshark is too complex, i wanted to check only if the connection can be establish or not. Following Chrome plugin "Simple Web-socket (link : https://chrome.google.com/webstore/detail/simple-websocket-client/pfdhoblngboilpfeibdedpjgfnlcodoo?hl=en)" work like charm. See image.
https://lh3.googleusercontent.com/bEHoKg3ijfjaE8-RWTONDBZolc3tP2mLbyWanolCfLmpTHUyYPMSD5I4hKBfi81D2hVpVH_BfQ=w640-h400-e365
I would like a recommendation for a tool(sniffer that able to modify packets maybe?) that would be able to mess up the TCP packets sent/recieved between the 2 apps in various ways. The main purpose is to test the behavior of the apps when bad/invalid messages arrive. An invalid message is a valid TCP packet but the application level format is bad in some way (so this tool would operate on levels 6,7 of the OSI model and screw up messages sent by the apps)
I've played with Fiddler2 and found it quite good for http(s) packets.
This is only half an answer, but if you just want a network sniffer (no ability to modify packets) here is a review of 11 packet sniffers.
Setup proxy with netcat which will pipe input from transmitting application through your custom mangler and then to receiving application. You will need to write mangler, however.