More on tracing network connections.

I've been writing about tracing http requests or other kind of connections, as this can be very helpful doing system integration work. And recently I discovered two other tools that I never used before.

The first one is netcat (also known as nc: if you are on a Unix box you can learn about it with "$ man nc" command).
With this tool you can do useful stuff to test network connection between components and/or manually simulate network services.
For example I can start a server socket on port 8000 issuing the command

# if you are running Linux version of netcat
$ nc -l -p 8000

# if you are running BSD version of netcat
$ nc -l 8000

Then I can trace http connections pointing my browser to http://localhost:8000/some/url
Netcat can also send back to the browser what you type on the console, so you can manually send bytes to the client.
This is the scenario I used to trace what my client was sending to an external http server offering some rest services. But still I think that tcpmon is more flexible to trace actual traffic between systems (see here for some examples).
With netcat you can manipulate network responses manually, for example to fake the server you want to connect to (if you know the protocol) and explore how your client software is behaving handling that response. Without forgetting that software tests must be automatic, with junit or whatever; the preliminary "exploring" task it's easier to be done manually, just to understand how things are working.

The second tool I discovered, tcpdump, is much more powerful and can be applied in cases when you cannot have a tool in the middle, like tcpmon.
For example you need to spy the traffic that is sent and received from a web server, to verify that the communication is going as you expect.
Then you use the command:

$ sudo /usr/sbin/tcpdump -s 0 -i eth0 -X port 80

Tcpdump will then connect to the kernel and will display an hex dump of the communication that is passing through the port 80 (web).
In this case you don't need to reconfigure the server, but you can just spy existing installations without modifying your software (thing that you can't do, for example, for production servers).

If you are running Linux, probably you have those two tools installed already.

One Response to “More on tracing network connections.”  

  1. 1 Mandy

    Good post.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


April 2009
« Mar   May »

Follow me

twitter flickr LinkedIn feed

Subscribe by email

Enter your email address:



Tag Cloud