[From HTTP to AWS][2]Analyze TCP/IP Packets

· HTTP Analyzer

如果你想成为一个黑客,应该也是可以看看的

When I am writing a desktop client for AWS S3, and storage service of Amazon Web Services. During the development, I need to check the in/out packets, including HTTP headers, Representations, so that I can have a clearer picture of S3 and RESTful web service.

Available Tools:

CommView, Wireshark, SmartSniff, TPCMon, HTTP/HTTPS Analyzer, OmniPeek, PacketView Pro and tcpdump.

After a few hours’ trying, I chose CommView finally.

The only reason is that I just know how to use it without reading any documents and it has a 30 days free trial. However, I will look into Wireshark which is open source and has similar functionalities to CommView.

In this document, I just focus on how to use it for my work. Now let’s start the strip.

1. Download it from http://www.tamos.com/;

2. Install and open CommView and you can see following main frame.

image

Figure 1 Mainframe

In the mainframe, you see latest IP connections and add filtering rules.

3. Choose a NIC Adapter and start to record. Here is “Intel® 82566…….”

4. Choose “Rules” tab

>> Add Ports Rules

Checks “Enable port rules” and add support for Port 80 in both direction.

Action = Capture

Add Record = Both

Add Port = HTTP

image

Figure 2 Add Ports Rules

>> Add IP Addresses rules

I have already know the involved IP addresses are “207.171.*.*” during yesterday’s trying.

You can just skip these rules in the future.

Action = Capture

Add Record = Both

Add IP Addresses = 207.171.*.*

image

Figure 3 Add IP Addresses Rules

5. Run your AWS S3 client (CloudBerry, DragonDisk or …) and do some operations.

6. Open “Latest IP Connections” Tab

In “Latest IP Connections” Tab, you will see versatile information of each filtered out IP connection.

image

Figure 4 Latest IP Connections

To know when and who about the connection, I always concern about following data: Remote IP/Hostname, Sessions, and Last packet.

7. To know more about the connection, such as TCP/IP statistics and HTTP Headers/Presenatations, you can RMB on a connection and choose “Quick Filter” and “Log viewer” dialog will be presented.

image

Figure 5 Quick Filter

8. In Log viewer, you can see each In/Out Packets.

image

Figure 6 Log viewer

In this example, you can see the HTTP Header and know the request is to Get all keys under bucket .

HTTP Header

Version: HTTP/1.1

Method: GET

URI: /uniquebucketname/

Host: s3.amazonaws.com

Accept: */*

Date: Wed, 09 Jun 2010 02:44:52 +0000

Authorization: AWS ADFGRYHVBVHTUTRURRET:NJGHJJGHJGHJYTRTsggretetet=

9. Another interested functionality is “Reconstruct TCP Session”

image

Figure 7 Reconstruct TCP Session

This tool allows you to view the TCP conversation between two hosts.

image

Figure 8 TCP Session dialog

You can switch to other Display type if needed.

image

Figure 9 View Type

The Navigation buttons allow you to search the buffer for the next or previous TCP session.

10. Hehe. It’s the end.

I just show a simple workflow here. For more features of CommView and more information about how to monitor TCP conversion, it will be other stories.

In actual, if you are using Firefox, there are 2 addons, Live HTTP Headers and Modify header can be also used.

 

--------

 还有网络分析和扫描工具:

>> Angry IP Scanner(开源)

Angry IP Scanner is a free open-source program that runs on Windows, Mac OS X and Linux. The scanner is capable of pinging IP addresses, resolving host names and scanning ports. The program's abilities can be extended through a variety of Java plug-ins, but they are only available for the Windows version of the program.

 

>>Free IP Scanner

The Free IP Scanner is a free program that works on all Windows computers. The program can display the host name, MAC address and work group as long as an IP address is supplied. The program can be run from a CD because it is a standalone application that does not require installation.

 

>> Advanced IP Scanner

The Advanced IP Scanner is a free program developed only for computers that use Windows. The program locates all of the computers on your local network, scans your network to find available resources and allows you to remotely wake and shut down computers.

>> Umit Tools

http://www.umitproject.org/?active=project

posted on 2011-04-10 00:27  飘行天下  阅读(535)  评论(0编辑  收藏  举报

导航