Use the packet capture function in the test.

Use the packet capture function in the test.
Part1: in Windows, the packet capture tool WireSharkLinux has the following command: tcpdump-I eth0-s 0-w/home/nupt/log/2010112501.cap host 10.46.124.122-I indicates the network adapter-s indicates the file size-w specifies the file name written by packet capture information host specifies the target host use the ifconfig command to view the IP address and copy the captured package. Use the WireShark tool in windows to open the analysis.
Part2: wireshark practical filtering expression (for ip, protocol, port, length, and content) instance Introduction 1. The most common filter for wireshark is ip address filtering. There are several situations: (1) filter packets whose source address is 192.168.0.1, that is, capture packets whose source address meets the requirements. Expression: ip. src = 192.168.0.1 (2) filter packets whose destination address is 192.168.0.1, that is, capture packets whose destination address meets the requirements. Expression: ip. dst = 192.168.0.1 (3) filter packets whose source or destination address is 192.168.0.1, that is, capture packets whose source or destination address is 192.168.0.1. The expression is ip. addr = 192.168.0.1, or ip. src = 192.168.0.1 or ip. dst = 192.168.0.1 (4) to exclude the preceding data packets, we only need to enclose the data packets in parentheses and then use "! . Expression :! (Expression)
Ii. Filtering for protocols (1) only capture packets of a certain protocol, and the expression is simple, just enter the protocol name. The expression is as follows: http (2) needs to capture packets of multiple protocols, and you only need to combine the protocols logically. The expression is http or telnet (multiple protocols can be combined with logical symbols) (3) the packet expression for excluding a certain protocol is not arp! Tcp
3. port filtering (depending on the Protocol) (1) the packet expression for capturing a port is tcp. port = 80 (2) capture multi-port data packets, you can use and to connect, the following is the expression for capturing high ports: udp. port >=2048
4. Filtering for length and content (1) excessive length considerations (here the length specifies the length of the Data Segment) the expression is udp. length <30 http. content_length <= 20 (2) the filter expression for the data packet content is: http. request. uri matches "vipscu" (matching the request information containing the vipscu field in the http request) through the learning of the above basic functions, if you can play freely, You can flexibly apply, this is basically an entry point. The following is a complex example (from wireshark graphic tutorial ):
Tcp. dstport 3128 displays the packets whose destination TCP port is 3128. Ip. src_host 10.1.1.1 indicates the packets whose source ip address is 10.1.1.1. Host 10.1.2.3 displays packets whose destination or source IP address is 10.1.2.3. Src portrange 2000-2500 displays packets whose source is UDP or TCP and whose port number is within the range of 2000 to 2500. Not imcp displays all packets except icmp. (Icmp is usually used by the ping tool) src host 10.7.2.12 and not dst net 10.200.0.0/16 shows that the source IP address is 10.7.2.12, but the destination is not a packet of 10.200.0.0/16. (Src host 10.4.1.12 or src net 10.6.0.0/16) and tcp dst portrange 200-10000 and dst net 10.0.0.0/8 show that the source IP address is 10.4.1.12 or the source network is 10.6.0.0/16, the destination TCP port number is between 200 and 10000, And the destination is all packets in the network 10.0.0.0/8.
What is the purpose of packet capture During the software testing?

In the data interaction of program running, the transmitted data is generally transmitted in the form of data packets.
During the process of sending and receiving, the data in the sent data packet may contain incorrect data, or the received data may contain incorrect data, resulting in errors in subsequent program processing.
Therefore, we can directly capture transmitted data packets and parse the original data in the data packets using other tools or methods to determine whether the program error is caused by data errors, if an error occurs in that part of the data, and so on.
Packet Capture tests are generally used in communications and networks.

How to Use the packet capture tool? Answer

We recommend that you use wireshark to capture packets and view my post in Baidu space.
Slow network speed. First, you need to test whether the problem is caused by the operator. You can connect only one computer under tp-link to test whether the speed is normal. If it is normal, it must be that one or more of the 15 computers have problems. If the attack traffic only uploads things, causing congestion of your upstream bandwidth, you need to open the Image Port when capturing packets. However, your tp-link is not qualified.
Therefore, you can assume that only one computer has a problem. In case of a problem, unplug eight computers first. If there is no problem, the faulty computer is in these eight computers. Then unplug the seven servers and connect them to the four servers on the eight servers. In the same way, you can find the problematic computer again.