• [From HTTP to AWS][2]Analyze TCP/IP Packets


    · HTTP Analyzer

    如果你想成为一个黑客,应该也是可以看看的

    When I am writing a desktop client for AWS S3, and storage service of Amazon Web Services. During the development, I need to check the in/out packets, including HTTP headers, Representations, so that I can have a clearer picture of S3 and RESTful web service.

    Available Tools:

    CommView, Wireshark, SmartSniff, TPCMon, HTTP/HTTPS Analyzer, OmniPeek, PacketView Pro and tcpdump.

    After a few hours’ trying, I chose CommView finally.

    The only reason is that I just know how to use it without reading any documents and it has a 30 days free trial. However, I will look into Wireshark which is open source and has similar functionalities to CommView.

    In this document, I just focus on how to use it for my work. Now let’s start the strip.

    1. Download it from http://www.tamos.com/;

    2. Install and open CommView and you can see following main frame.

    image

    Figure 1 Mainframe

    In the mainframe, you see latest IP connections and add filtering rules.

    3. Choose a NIC Adapter and start to record. Here is “Intel® 82566…….”

    4. Choose “Rules” tab

    >> Add Ports Rules

    Checks “Enable port rules” and add support for Port 80 in both direction.

    Action = Capture

    Add Record = Both

    Add Port = HTTP

    image

    Figure 2 Add Ports Rules

    >> Add IP Addresses rules

    I have already know the involved IP addresses are “207.171.*.*” during yesterday’s trying.

    You can just skip these rules in the future.

    Action = Capture

    Add Record = Both

    Add IP Addresses = 207.171.*.*

    image

    Figure 3 Add IP Addresses Rules

    5. Run your AWS S3 client (CloudBerry, DragonDisk or …) and do some operations.

    6. Open “Latest IP Connections” Tab

    In “Latest IP Connections” Tab, you will see versatile information of each filtered out IP connection.

    image

    Figure 4 Latest IP Connections

    To know when and who about the connection, I always concern about following data: Remote IP/Hostname, Sessions, and Last packet.

    7. To know more about the connection, such as TCP/IP statistics and HTTP Headers/Presenatations, you can RMB on a connection and choose “Quick Filter” and “Log viewer” dialog will be presented.

    image

    Figure 5 Quick Filter

    8. In Log viewer, you can see each In/Out Packets.

    image

    Figure 6 Log viewer

    In this example, you can see the HTTP Header and know the request is to Get all keys under bucket .

    HTTP Header

    Version: HTTP/1.1

    Method: GET

    URI: /uniquebucketname/

    Host: s3.amazonaws.com

    Accept: */*

    Date: Wed, 09 Jun 2010 02:44:52 +0000

    Authorization: AWS ADFGRYHVBVHTUTRURRET:NJGHJJGHJGHJYTRTsggretetet=

    9. Another interested functionality is “Reconstruct TCP Session”

    image

    Figure 7 Reconstruct TCP Session

    This tool allows you to view the TCP conversation between two hosts.

    image

    Figure 8 TCP Session dialog

    You can switch to other Display type if needed.

    image

    Figure 9 View Type

    The Navigation buttons allow you to search the buffer for the next or previous TCP session.

    10. Hehe. It’s the end.

    I just show a simple workflow here. For more features of CommView and more information about how to monitor TCP conversion, it will be other stories.

    In actual, if you are using Firefox, there are 2 addons, Live HTTP Headers and Modify header can be also used.

    --------

     还有网络分析和扫描工具:

    >> Angry IP Scanner(开源)

    Angry IP Scanner is a free open-source program that runs on Windows, Mac OS X and Linux. The scanner is capable of pinging IP addresses, resolving host names and scanning ports. The program's abilities can be extended through a variety of Java plug-ins, but they are only available for the Windows version of the program.

    >>Free IP Scanner

    The Free IP Scanner is a free program that works on all Windows computers. The program can display the host name, MAC address and work group as long as an IP address is supplied. The program can be run from a CD because it is a standalone application that does not require installation.

    >> Advanced IP Scanner

    The Advanced IP Scanner is a free program developed only for computers that use Windows. The program locates all of the computers on your local network, scans your network to find available resources and allows you to remotely wake and shut down computers.

    >> Umit Tools

    http://www.umitproject.org/?active=project

  • 相关阅读:
    【Ecstore2.0】计划任务/队列/导入导出 的执行问题
    【Ecstore2.0】第三方信任登陆问题解决_备忘
    Ecstore 2.0 报表显示空白
    【Linux】 任务调度/计划 cron
    wdcp/wdlinux一键包的php5.3版本添加Zend.so 和Soap.so
    wdcp/wdlinux 在 UBUNTU/linux 中安装失败原因之创建用户
    假如女人是一种编程语言,你会更喜欢哪一种
    Linux中的ln
    wdcp/wdlinux 常用工具及命令集
    php 数组Array 删除指定键名值
  • 原文地址:https://www.cnblogs.com/piaoger/p/2011017.html
Copyright © 2020-2023  润新知