Today, we’re going to speak about sniffers – special tools that help users to intercept, edit and analyze requests that are going through them. They are used to analyze client-server interaction, emulate test suites via modifying the traffic.
The basic request to sniffers is the ability to monitor traffic. It allows seeing the real state of the network level. More specifically, the following questions arise:
- Is the request being performed generally?
- Whether the request is blocked (it is extremely important at the beginning of software development and testing)?
- How much time elapsed between the network action and request sending?
- Is the request written correctly?
- Is the request duplicated?
- What is the order of requests sent?
- Current response time and response format.
If we can answer all the questions except the one, we can see where the bug is right now.
The Operating Principle of Sniffers
All the sniffers work on the principle of man in the middle. Conventionally, there is a middleware server where requests and responses go through. Sniffer is launched on a PC that is in the same local network as a mobile device with the application under test.
Usually, the connection is established via Wi-Fi. In the Wi-Fi configurations on a mobile device, the IP address of the PC and the port of the instrument is set up as proxy server. The IP address can be found via the command line or in the sniffer directly. It’s a little more complicated with HTTPS – you need to install the sniffer’s SSL certificate on the device and enable it so that the traffic can be decrypted.
Choosing the Best Sniffer
The first one is Wireshark. It is low-level and is supported by numerous protocols. If desired, you can intercept different types of traffic: from VoIP, BLE, to HTTP. The product is completely cross-platform and has an intuitive design.
The major drawback lies in the fact that the product cannot decrypt HTTPS traffic in real-time. First, you have to write the packets, and then the certificate. Only after that, you can analyze the traffic.
The next one is Charles. This application is familiar to testers, programmers, and system analysts around the world. It has a lot of functions, parameters, and additional features. Also, it’s worth noting that this software is cross-platform!
The big disadvantage of the free version – it shuts down every half hour.
The third one is Fiddler. This software interacts with Windows quickly, you can switch between parameters with a few clicks. Also, among its features, we can highlight the regular expressions for substitutions and a very flexible Scripting tool.
A clear disadvantage is that the graphical interface is extremely banal, and the software functions on Windows only.
To conclude, we’d like to say the following. Traffic monitoring is extremely important. After all, thorough testing and configuration of this parameter allow you not only to save the software from bugs but also save users from extremely unwanted attempts to figure out why traffic is being spent and where it goes.