您当前的位置: 首页 > 慢生活 > 程序人生 网站首页程序人生
workerman调试-网络抓包
发布时间:2021-12-12 17:15:39编辑:雪饮阅读()
现假定有这样一个简单的服务端程序:
<?php
use Workerman\Worker;
use Workerman\Connection\TcpConnection;
require_once __DIR__ . '/vendor/autoload.php';
$worker = new Worker('tcp://0.0.0.0:8686');
$worker->protocol = 'Workerman\\Protocols\\Http';
$worker->onMessage = function(TcpConnection $connection)
{
$connection->send("hello");
};
// 运行worker
Worker::runAll();
?>
use Workerman\Worker;
use Workerman\Connection\TcpConnection;
require_once __DIR__ . '/vendor/autoload.php';
$worker = new Worker('tcp://0.0.0.0:8686');
$worker->protocol = 'Workerman\\Protocols\\Http';
$worker->onMessage = function(TcpConnection $connection)
{
$connection->send("hello");
};
// 运行worker
Worker::runAll();
?>
对外提供http访问服务。
为了抓包我们在访问前首先需要将上面脚本运行:
[root@localhost workerman]# /usr/local/php734/bin/php -c /usr/local/php734/lib/php/php.ini start.php start
Workerman[start.php] start in DEBUG mode
---------------------------------------- WORKERMAN -----------------------------------------
Workerman version:4.0.22 PHP version:7.3.4
----------------------------------------- WORKERS ------------------------------------------
proto user worker listen processes status
tcp root none tcp://0.0.0.0:8686 1 [OK]
--------------------------------------------------------------------------------------------
Press Ctrl+C to stop. Start success.
然后再执行抓包命令如:
[root@localhost workerman]# tcpdump -Ans 4096 -iany port 8686
注意:
-A以ascii打印
-n不现实名称地址,显示主机ip端口
-s抓取得每个数据包的长度
并且tcpdump你有可能系统没有内置,需要yum或者其它方式获取安装。
那么此时当浏览器请求之后:
就会看到tcpdump中抓到数据了:
那么这里抓包数据挺多的,这里对其中一部分数据进行解释下。
交互分析
[root@localhost workerman]# tcpdump -Ans 4096 -iany port 8686
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 4096 bytes
浏览器向170服务端发起握手请求SYN,这里[S]表示SYN请求
03:23:27.501979 IP 192.168.43.71.54664 > 192.168.43.170.sun-as-jmxrmi: Flags [S], seq 2691313, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@.@.....+G..+...!..)...........L..............................
170服务端向71客户端响应SYN+ACK,[.]表示ack,那么[S.]就是SYN+ACK,这里表示服务端针对71客户端的这个SYN请求已经收到
03:23:27.502015 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54664: Flags [S.], seq 1252051758, ack 2691314, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
E..4..@.@.b...+...+G!...J....)....r..h..............................
71客户端又给170服务端发送ack,表示71客户端自己也已经收到170服务端返回的syn+ack
03:23:27.502144 IP 192.168.43.71.54664 > 192.168.43.170.sun-as-jmxrmi: Flags [.], ack 1, win 2053, length 0
E..(..@.@.....+G..+...!..)..J../P....+........................
三次握手完毕后,71客户端开始向170服务端发送get请求,请求的是170的根路径,[P]表示发送数据,这里发送的数据是一个请求头,那么[P.]就是发送数据以及ack请求
03:23:27.502570 IP 192.168.43.71.54287 > 192.168.43.170.sun-as-jmxrmi: Flags [P.], seq 3475313796:3475314397, ack 2927842657, win 2052, length 601
E.....@.@.....+G..+...!..%....UaP.......GET / HTTP/1.1
Host: 192.168.43.170:8686
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: UM_distinctid=17dad543b5be0b-0e1a3139986361-978153c-1fa400-17dad543b5cd81; CNZZDATA1280502908=869204357-1639283939-%7C1639283939
对于71客户端发送的请求根路径的请求头,170服务端表示已收到
................
03:23:27.502579 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54287: Flags [.], ack 601, win 256, length 0
E..(..@.@.....+...+G!.....Ua.%..P....\..................
收到71客户端的请求头后,170服务端以[P.]给71客户端发送数据,同样是ack请求,数据内容是170的响应内容
03:23:27.502668 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54287: Flags [P.], seq 1:126, ack 601, win 256, length 125
E.....@.@..*..+...+G!.....Ua.%..P.......HTTP/1.1 200 OK
Server: workerman
Connection: keep-alive
Content-Type: text/html;charset=utf-8
Content-Length: 5
hello................
71客户端又收到170服务端的响应头,于是71客户端又给170服务端发送[P.],它向170服务端请求根目录下面的favicon.ico图片,浏览器上显示的每个页签图片(网址野区图片)
03:23:27.511912 IP 192.168.43.71.54287 > 192.168.43.170.sun-as-jmxrmi: Flags [P.], seq 601:1124, ack 126, win 2051, length 523
E..3..@.@.....+G..+...!..%....U.P....U..GET /favicon.ico HTTP/1.1
Host: 192.168.43.170:8686
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://192.168.43.170:8686/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: UM_distinctid=17dad543b5be0b-0e1a3139986361-978153c-1fa400-17dad543b5cd81; CNZZDATA1280502908=869204357-1639283939-%7C1639283939
170服务端又收到71客户端对于网址页签图的请求并告知71客户端已收到同时给71客户端响应这个页签图(这里会发现不仅仅返回页签图,还有之前返回的那个hello,
我猜测应该是我们这个建议服务端代码里面直接对onMessage统一回应了hello,即便这次只是请求页签图,但是也同样触发了onMessage)
................
03:23:27.512004 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54287: Flags [P.], seq 126:251, ack 1124, win 265, length 125
E.....@.@..)..+...+G!.....U..%..P.. ....HTTP/1.1 200 OK
Server: workerman
Connection: keep-alive
Content-Type: text/html;charset=utf-8
Content-Length: 5
hello................
然后下面这一堆堆,我的理解就是页签图的下载,所以基本上就一直是71客户端向170服务端发送多个请求(比如每次发的内容大概是当前下载进度)
03:23:27.554121 IP 192.168.43.71.54287 > 192.168.43.170.sun-as-jmxrmi: Flags [.], ack 251, win 2051, length 0
E..(..@.@.....+G..+...!..%....V[P.............................
03:24:12.506439 IP 192.168.43.71.54664 > 192.168.43.170.sun-as-jmxrmi: Flags [.], seq 0:1, ack 1, win 2053, length 1
E..)..@.@.....+G..+...!..)..J../P....+........................
03:24:12.506457 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54664: Flags [.], ack 1, win 229, options [nop,nop,sack 1 {0:1}], length 0
E..4$;@.@.>G..+...+G!...J../.).......h.....
.)...)..................
03:24:12.520636 IP 192.168.43.71.54287 > 192.168.43.170.sun-as-jmxrmi: Flags [.], seq 1123:1124, ack 251, win 2051, length 1
E..)..@.@.....+G..+...!..%....V[P.............................
03:24:12.520655 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54287: Flags [.], ack 1124, win 265, options [nop,nop,sack 1 {1123:1124}], length 0
E..4..@.@.....+...+G!.....V[.%..... .h.....
.%...%..................
03:24:57.521261 IP 192.168.43.71.54287 > 192.168.43.170.sun-as-jmxrmi: Flags [.], seq 1123:1124, ack 251, win 2051, length 1
E..).(@.@..d..+G..+...!..%....V[P.............................
03:24:57.521278 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54287: Flags [.], ack 1124, win 265, options [nop,nop,sack 1 {1123:1124}], length 0
E..4..@.@.....+...+G!.....V[.%..... .h.....
.%...%..................
03:24:57.521333 IP 192.168.43.71.54664 > 192.168.43.170.sun-as-jmxrmi: Flags [.], seq 0:1, ack 1, win 2053, length 1
E..).)@.@..c..+G..+...!..)..J../P....+........................
03:24:57.521337 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54664: Flags [.], ack 1, win 229, options [nop,nop,sack 1 {0:1}], length 0
E..4$<@.@.>F..+...+G!...J../.).......h.....
.)...)..................
然后这里有个F的标识位,这个F,查资料了解是FIN的意思,就是表示完成的意思。,这里我觉得可以理解为71客户端接收完成,然后通知170服务端说71客户端已经完成
03:24:58.457415 IP 192.168.43.71.54664 > 192.168.43.170.sun-as-jmxrmi: Flags [F.], seq 1, ack 1, win 2053, length 0
E..(./@.@..^..+G..+...!..)..J../P....*........................
170服务端收到FIN后,170服务端也通知71客户端说我收到了你的FIN这个消息,我这边也声明FIN
03:24:58.457534 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54664: Flags [F.], seq 1, ack 2, win 229, length 0
重要的是要注意,当主机发送FIN标志来关闭连接时,它可能会继续接收数据,直到远程主机也关闭了连接。所以下面这些请求还继续有71客户端与170服务端之间的通信。
E..($=@.@.>Q..+...+G!...J../.)..P....\..................
03:24:58.457652 IP 192.168.43.71.54664 > 192.168.43.170.sun-as-jmxrmi: Flags [.], ack 2, win 2053, length 0
E..(.0@.@..]..+G..+...!..)..J..0P....)........................
03:25:42.526577 IP 192.168.43.71.54287 > 192.168.43.170.sun-as-jmxrmi: Flags [.], seq 1123:1124, ack 251, win 2051, length 1
E..)..@.@.....+G..+...!..%....V[P.............................
03:25:42.526594 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54287: Flags [.], ack 1124, win 265, options [nop,nop,sack 1 {1123:1124}], length 0
E..4..@.@.....+...+G!.....V[.%..... .h.....
.%...%..................
03:26:27.526375 IP 192.168.43.71.54287 > 192.168.43.170.sun-as-jmxrmi: Flags [.], seq 1123:1124, ack 251, win 2051, length 1
E..)..@.@.....+G..+...!..%....V[P.............................
03:26:27.526392 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54287: Flags [.], ack 1124, win 265, options [nop,nop,sack 1 {1123:1124}], length 0
E..4..@.@.....+...+G!.....V[.%..... .h.....
.%...%..................
03:27:12.530011 IP 192.168.43.71.54287 > 192.168.43.170.sun-as-jmxrmi: Flags [.], seq 1123:1124, ack 251, win 2051, length 1
E..).q@.@.....+G..+...!..%....V[P.............................
03:27:12.530027 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54287: Flags [.], ack 1124, win 265, options [nop,nop,sack 1 {1123:1124}], length 0
E..4..@.@.....+...+G!.....V[.%..... .h.....
.%...%..................
03:27:57.531017 IP 192.168.43.71.54287 > 192.168.43.170.sun-as-jmxrmi: Flags [.], seq 1123:1124, ack 251, win 2051, length 1
E..).3@.@..Y..+G..+...!..%....V[P.............................
03:27:57.531035 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54287: Flags [.], ack 1124, win 265, options [nop,nop,sack 1 {1123:1124}], length 0
E..4..@.@.....+...+G!.....V[.%..... .h.....
.%...%..................
03:28:42.538087 IP 192.168.43.71.54287 > 192.168.43.170.sun-as-jmxrmi: Flags [.], seq 1123:1124, ack 251, win 2051, length 1
E..)..@.@.....+G..+...!..%....V[P.............................
03:28:42.538105 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54287: Flags [.], ack 1124, win 265, options [nop,nop,sack 1 {1123:1124}], length 0
E..4..@.@.....+...+G!.....V[.%..... .h.....
.%...%..................
03:28:58.927350 IP 192.168.43.71.54287 > 192.168.43.170.sun-as-jmxrmi: Flags [F.], seq 1124, ack 251, win 2051, length 0
E..(.@@.@..M..+G..+...!..%....V[P.............................
03:28:58.927481 IP 192.168.43.170.sun-as-jmxrmi > 192.168.43.71.54287: Flags [F.], seq 251, ack 1125, win 265, length 0
E..(..@.@.....+...+G!.....V[.%..P.. .\..................
03:28:58.927621 IP 192.168.43.71.54287 > 192.168.43.170.sun-as-jmxrmi: Flags [.], ack 252, win 2051, length 0
E..(.A@.@..L..+G..+...!..%....V\P.............................
对于上面文件传输这点有点混乱,查资料总结为:
TCP是一个全双工连接,这意味着有两个方向的数据流。
包数据中
[S]代表SYN请求(发起连接请求);[.]代表ACK回应,说明请求对端已经收到;[P]代表发送数据;[P.]代表[P] + [.],[F]表示FIN(完成)。关键字词:workerman,调试,抓包,网络
相关文章
- workerman实现http客户端及chunk服务端
- workerman的http服务-基本调试 - 查看运行状态
- workerman的http服务-基本调试
- workerman的http服务-SSE(推送服务,服务端主推)
- workerman的http服务-session管理-更改存储驱动
- workerman的http服务-session管理-设置session存储位
- workerman的http服务-session管理-更改session存储引
- workerman的http服务-session会话-判断对应session数
- workerman的http服务-session会话-删除所有session数
- workerman的http服务-session会话-获取并删除session