Wireshark抓包实例分析HTTP问题

  • 网络基本功(二十七):Wireshark抓包实例分析HTTP问题(上)

     

    转载请在文首保留原文出处:EMC中文支持论坛https://community.emc.com/go/chinese image001.gif

     

    介绍

     

    HTTP的问题可能是由于慢速服务器或客户端,TCP性能问题,本文讨论上述问题以及其他可能因素。


    更多信息

     

    诊断过程:

     

    浏览网页性能变差的原因有很多,需要逐步分析。步骤如下:

    1. 首先,不仅要确认网络负载状况,还要注意通信链路上的出错率,以及导致性能变差的最明显的表现;
    2. 诊断TCP问题,检查以下细节:
    • 在Expert info窗口,确保没有太多重传以及重复ACK(百分之0.5至0.8尚可忍受)。
    • 确保HTTP连接上没有reset,可能由于防火墙或站点限制引发。

       3.  确保没有以下DNS问题:

    • 慢速响应时间
    • 域名未找到

    如果以上均不适用,就需要对HTTP深入研究。

     

    注意:将网络和IT环境看作一个整体。对于慢速网络浏览应用,TCP问题亦不能分离于HTTP,DNS问题。可能是由于慢速HTTP服务器,因服务器的慢速响应而产生了TCP重传。或者,由于DNS慢速服务器,打开网页可能需要好几秒钟。一步步定位问题就好了。

     

    当你第一次打开一个网页,可能需要几秒钟。在这种情况下,应当查看以下情况:

    1. 检查线路是否过载
    2. 检查线路延时(通过ping工具)
    3. 查看错误代码,通常能看到浏览器报错原因,但并不总是能看到。
    4. 配置过滤器http.response >= 400并查看有多少错误。以下章节,你会看到需要注意的示例。

     

    Informational codes

    image002.png

     

    Success codes

    image003.png

     

    Redirect codes

    image004.png

    参考

     

    Network Analysis Using Wireshark Cookbook

     

     

                 

  • 181. Re: 网络基本功系列:细说网络那些事儿(2月9日更新)
    Zhang,Jiawen
    Zhang,Jiawen 2015-3-9 下午11:24 回复 Zhang,Jiawen

    网络基本功(二十八):Wireshark抓包实例分析HTTP问题(下)

     

    转载请在文首保留原文出处:EMC中文支持论坛https://community.emc.com/go/chinese image001.gif

     

    介绍

     

    本文承接上文。


    更多信息

     

    Client errors:

     

                                                                             
     

    Code

     
     

    Status

     
     

    Explanation

     
     

    What    to do

     

    400

    Bad   request

    The   request could not be understood by the server due to a syntax problem.   The request should be modified by the client before resending to it.

    Check the   website address. This can also happen due to a site error.

    401

    Authorization   required

    The   client is denied access due to the lack of authentication codes.

    Check   your username and password.

    402

    Payment   required

    Reserved   for future use.

     

    403

    Forbidden

    The   client is not allowed to see a specific file. This can be due to the server   access limit.

    Check the   credentials. Also, there are fewer chances that the server is loaded.

    404

    Not found

    The   requested resource could not be found.

    This can   be because the resource was deleted, or it never existed before. It can also   be due to URL misspellings.

    405

    Method   not allowed

    The   method you are using to access the file is not supported or not allowed by   the resource.

     

    406

    Not   acceptable

    Content   generated by the resource is not acceptable according to the client request.

    Check/update   your browser.

    407

    Proxy   authentication required

    Request   authentication is required before it can be performed.

    The   client must first authenticate itself with the proxy.

    408

    Request   timed out

    It took   the server longer than the allowed time to process the request.

    Check   response time and load on the network.

    409

    Conflict

    The   request submitted by the client cannot be completed because it   conflicts with some established rules.

    Can be   because you try to upload a file that is older that the existing one or   similar problems. Check what the client is trying to do.

    410

    Gone

    The URL   requested by the client is no longer available from that system.

    Usually   this is a server problem. It can be due to a file that was deleted or   location was forwarded to a new location.

    411

    Content   length required

    The   request is missing itsContent-Length header.

    Compatibility   issue on a website. Change/update your browser.

    412

    Precondition   failed

    The   client has not set up a configuration that is required for the file to be   delivered.

    Compatibility   issue on a website. Change/update your browser.

    413

    Request   entity too long

    The   requested file was too big to process.

    Server   limitation.

    414

    Request   URI too long

    The   address you entered was overly long for the server.

    Server   limitation.

    415

    Unsupported   media type

    The file   type of the request is not supported.

    Server   limitation.

     

     

    以下示例是一个简单的客户端报错。按照以下步骤进行操作:

    1. 右键有报错的报文。
    2. 选择Follow TCP stream,会看到以下窗口:

    image002.jpg

       3.  显示以下内容:

     

    Client errors:

                                     
     

    Code

     
     

    Status

     
     

    Explanation

     
     

    What    to do

     

    500

    Internal   server error

    The web   server encountered an unexpected condition that prevented it from   carrying out the client request for access to the requested URL.

    Response   that is usually caused by a problem in your Perl code when a CGI program is   run.

    501

    Not   implemented

    The   request cannot be executed by the server.

    A server   problem.

    502

    Bad   gateway

    The   server you're trying to reach is sending back errors.

    A server   problem.

    503

    Service   unavailable

    The   service or file that is being requested is not currently available.

    A server   problem.

    504

    Gateway   timeout

    The   gateway has timed out. This message is like the 408 timeout   error, but this one occurs at the gateway of the server.

    Server is   down or nonresponsive.

    505

    HTTP   version not supported

    The HTTP   protocol version that you want to use for communicating with the server is   not supported by it.

    Server   does not support the HTTP version.

     

    服务器不可用(错误代码503)可能有多种原因。以下示例是一个小办公室碰到的问题:员工能够访问Facebook,但当他们点击站点上的链接,则显示页面被拦截。以下截屏中,可看出页面被防火墙拦截:

    image003.jpg

     

    工作原理:

    标准的HTTP浏览模式如下:

    1. TCP打开连接(三路握手信号)
    2. HTTP发送GET命令
    3. 数据下载到浏览器

     

    在一个网页打开多个连接的情况下(大多数网页都是如此)。每个连接需要一个DNS 查询,响应,TCP SYN-SYN/ACK-ACK,以及HTTP GET。之后数据才会出现在显示屏上。

     

    当你在packet detail面板没有看到显示内容时,右键报文并选择Follow TCP stream,会看到连接的细节数据。另一个广泛应用的工具是Fiddler,Fiddler是HTTP故障排查的免费工具。

     

    参考

     

    Network Analysis Using Wireshark Cookbook


https://community.emc.com/message/870552#870552
展开阅读全文

没有更多推荐了,返回首页