Comprehensive comparison of the most popular packet capturing tools in the whole network

As a software testing engineer , Catching bags is always inevitable ： If you encounter problems, you need to analyze them and capture them ; Find out bug Need to locate the packet to capture ; To check the security of data transmission, you need to capture packets ; In case of incomplete requirements in interface testing, you also need to capture packets ... Just because packet capture is everywhere in testing , Therefore, there will be a large number of packet capture tools on the market for everyone to choose .

I have also sent some articles to introduce some common packet capture tools , such as wireshark,Charles etc. , Then there are a lot of small partners. One of the most frequently asked questions in private letters or messages is “ This tool and xxx What's the difference between tools ？” perhaps " This tool and xxx Who can use tools better ？"

therefore , In order to solve everyone's doubts , So that we can reasonably choose more suitable tools , Better assist in the execution of test work , Today, let's analyze the advantages and disadvantages of various popular bag capturing tools .

Fiddler

Fiddler Tools are classic and powerful , Everyone should understand this . It can provide computer terminal 、 Packet capture at mobile end 、 Include http The protocol and https The protocol can capture the message and analyze it ; You can set breakpoints to debug 、 Intercept the message for request replacement and data tampering , Request construction can also be performed , Network packet loss and delay can also be set APP Weak network test, etc .

therefore ,fiddler The first advantage of , Is powerful and complete ;

The second advantage is Fiddler It's open source and free , All computers can directly use all functions as long as they are installed ！ This is undoubtedly a very big advantage , It has also attracted a large number of users ！

Of course , It also has its own shortcomings ： Only in windows Lower installation and use . If you want to capture packets on other systems , such as MacOS System ,Linux System , that Fiddler There is no place for martial arts .

Charles

Charles Tool alias “ vase ”, It is implemented by proxy to capture packets , That is, when we visit the web page, we configure the proxy to point to Charles Listening port , Then all the requests Charles Will help us forward and record .

Charles Is very simple to use , After the agent is configured ,Charles I started to grab the bag . We can go directly through its GUI Look at the contents of the package , In fact, the function and use are similar to Fiddler Very similar , It can also provide packet capture analysis for computers and mobile phones 、 To set breakpoints 、 Weak network environment simulation, etc , So it's the same as fiddler What's the difference ？

advantage ：

1. Charles be based on Java Developed , Good cross platform . So not only support Windows System , And support MacOS, as well as Linux operating system ; So it's basically not windows Computers will choose Charles Tools .
2. Want to grab https The configuration of the protocol is also very simple , Just install charles Just your certificate

shortcoming ：

Charles Tools are not free . It needs to buy license, If you don't buy and use it, you will every 30 Once a minute , The experience is very bad ！

Wireshark

Wireshark It can also be installed and used on all platforms , But its functional focus and Charles&Fiddler Somewhat different , It is mainly used to capture the data packets of all protocols in the network , Very professional in analyzing network protocols and network problems ！

Wireshark The advantages of tools ：

1. You can select a specific network card to capture traffic , Then it will only capture the data of the concerned network card , It's very targeted ;
2. It can capture all protocol messages , And the captured message can be completed with OSI The format display of seven layer network model , You can clearly see every interaction message between the client and the server , And the detailed content of each packet at each level of the network is displayed . therefore , This tool is very suitable for learning and analyzing network protocols .
3. Provides very powerful filtering rules .Wireshark Can provide pre capture filtering , You can also capture and filter , And the filtering rules are very detailed , Can achieve very high precision and fine-grained packet filtering ;
4. Can combine TCPdump Use , Analyze online servers （Linux System ） Data packets captured under the , Positioning online problems .

Wireshark The disadvantages of tools ：

1. If you want to use it flexibly, you need to have a certain network foundation , It's difficult for beginners ;
2. Unable to analyze https Data packets , because wireshark It is the packet information obtained at the link layer , So what we get is https Packets are encrypted data , Therefore, the package content cannot be analyzed . Of course , We can https Decrypt the packet , But the operation has some complexity , It could take a lot of time .

BurpSuite

Burpsuite Tools are also based on Java Language development , So it can also be used across platforms , Include Windows,MacOS And Linux And so on .

Burpsuite Can provide capture function , It also works as a proxy between the browser and the website to intercept messages ; It can also modify the data content and forward it ; You can even choose to use the crawler to crawl down the relevant data of the website ...

however , It's definitely more than just a bag grabbing tool , It integrates a lot of practical tools to complete more powerful functions , such as http Request forwarding 、 modify 、 Scanning, etc . At the same time, these gadgets can cooperate with each other , stay BurpSuite Customized attack and scanning schemes are carried out under this framework .

So many function testers of this tool will use it to capture messages and tamper with data , Many security testers will use it for semi-automatic network security audit , Developers can also use its scanning tools for website stress testing and attack testing , It has a wider range of functions .

But it has its own shortcomings , It's not free ！ The annual cost per user is 299$, The cost of use is relatively high .

Official account program yuanmuzi

F12

F12 It's the simplest of many bag grabbing tools 、 The lightest , Because it is a browser built-in developer tool to provide the function of capturing browser data packets . It's installation free , Open the browser directly and you can use it directly , All very easy to use , Suitable for beginners at entry level .

It is mainly aimed at HTTP The protocol and HTTPS agreement , We can confirm a status of our network packets , By analyzing the contents of the request and response message , Analyze whether the request data and response data are correct , Positioning is a front-end issue or a back-end issue .

and F12 As part of the browser , It's the end of data transmission , I caught it HTTPs Message can get plaintext data ; However, it can only grasp the sending and receiving messages of the current browser , The hierarchy can only be in the application layer Http(s) agreement , Can't grab other data packets .

although F12 Packet capture debugging can also meet our basic testing needs , However, there is still a certain gap between the interface and power and other packet capturing tools .

TCPdump

TCPdump I wrote an article last week about , This is dedicated to Linux Command line grab tool , It can provide many parameters to filter and define network packets .

And the message it grabs can be printed directly in Linux Command line interface , It can also be saved as a file , And use Wireshark Tools open for more detailed analysis .

summary

in summary , There are a lot of package grabbing tools available for testing , However, each has its own advantages , There are also corresponding shortcomings , So according to their own use scenarios , The most important thing is to choose the most suitable bag grabbing tool ！

I have also prepared a 216 Page software testing engineer interview guide document information . And the corresponding video learning tutorial is free to share ！, The information includes basic knowledge 、Linux necessary 、Shell、 The principles of the Internet 、Mysql database 、 Special topic of bag capturing tools 、 Interface testing tool 、 Test advanced -Python Programming 、Web automated testing 、APP automated testing 、 Interface automation testing 、 Testing advanced continuous integration 、 Test architecture development test framework 、 Performance testing 、 Safety test, etc. , Pick up from above