1. HTTP review
* HTTP1.1 vs HTTP 1.0
使用一个TCP Connection处理多个到同一Server的请求
* HTTP Methods
Safe methods: HEAD, GET, OPTIONS, TRACE
Unsafe methods: POST, PUT, DELETE
* CONNECT (代理协议)
Converts the request connection to a transparent TCP/IP tunnel, usually to facilitate SSL-encrypted communication (HTTPS) through an unencrypted HTTP proxy.
2. HTML5 WebSocket
* 升级(与CONNECT方法无关)
一个WebSocket连接是在客户端与服务器之间HTTP协议的初始握手阶段将其升级到Web Socket协议来建立的,其底层仍是TCP/IP连接。
- GET /text HTTP/1.1\r\n
- Upgrade: WebSocket\r\n
- Connection: Upgrade\r\n
- Host: www.websocket.org\r\n
- ...\r\n
- HTTP/1.1 101 WebSocket Protocol Handshake\r\n
- Upgrade: WebSocket\r\n
- Connection: Upgrade\r\n
- ...\r\n
3. 阅读WebSocket的memo
http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-10
* 2-way communications via 1 single TCP Connection
* design philosophy
minmal framing
Note: compared with TCP
# origin-based security model
# multiple services on one port / multiple host names on one IP
# framing mechanism
# additinal closing handshake in-band
* relationship to TCP, HTTP
on top of TCP
HTTP: the only relationship is that its handshake is interpreted by HTTP servers as an Upgrade request.
* opening handshake
client side:
GET /chat HTTP/1.1
Host: server.example.com
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Sec-WebSocket-Origin: http://example.com
Sec-WebSocket-Protocol: chat, superchat
Sec-WebSocket-Version: 8
server side:
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
Sec-WebSocket-Protocol: chat
* Framing
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-------+-+-------------+-------------------------------+
|F|R|R|R| opcode|M| Payload len | Extended payload length |
|I|S|S|S| (4) |A| (7) | (16/63) |
|N|V|V|V| |S| | (if payload len==126/127) |
| |1|2|3| |K| | |
+-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - +
| Extended payload length continued, if payload len == 127 |
+ - - - - - - - - - - - - - - - +-------------------------------+
| |Masking-key, if MASK set to 1 |
+-------------------------------+-------------------------------+
| Masking-key (continued) | Payload Data |
+-------------------------------- - - - - - - - - - - - - - - - +
: Payload Data continued ... :
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Payload Data continued ... |
+---------------------------------------------------------------+
Q: 关于80与443的奇怪事情
At the time of writing of this
specification, it should be noted that connections on port 80 and 443
have significantly different success rates, with connections on port
443 being significantly more likely to succeed, though this may
change with time.
4. wireshark
* filters
有两种filter,一种是capture filter,另一种是display filter,分别有不同的语法。
* display filter
Some filter fields match against multiple protocol fields. For example, "ip.addr" matches against both the IP source and destination addresses in the IP header. The same is true for "tcp.port", "udp.port", "eth.addr", and others.
e.g:
ip.addr == 10.43.54.65 equals to ip.src == 10.43.54.65 or ip.dst == 10.43.54.65.
!(ip.addr == 10.43.54.65) vs. ip.addr != 10.43.54.65