Does WebTest always send out TCP/ESP frames?  
Author Message
Azerila





PostPosted: Visual Studio Team System - Testing, Does WebTest always send out TCP/ESP frames? Top

Hi,

My question is in regards to how Visual Studio's backend request engine sends out and recieves frames to and from the outside network I am working on a project that requires me to sniff the network activity, capture the network traffic and the frames for some post-processing.

After reviewing the netmon results of a simple webtest, I found no HTTP frames being sent out and recieved. Instead, it seems like the underlying protocol that is being used is TCP... to be more acurate and assuming I'm not wrong the protocol being used is actually ESP. I have little knowledge of this protocol so I was wondering if anyone can help me understand this mystery. I think it's really interesting that the engine uses TCP packets instead of HTTP and I am also curious to know the reasoning behind this implementation decision.

I believe that ESP is, naively speaking, a form of encrypting the payload and the payload essentially can be the HTTP chunk of the frame. So, I'm really trying to understand more in details how VS2005 translates HTTP frames to TCP/ESP or if that is done by an external engine (ipsec maybe ). Ultimately, I would want to decrypt the content of these frames to be able to read the data that is being sent out and recieved in a VS2005 webtest request.

I really appreciate any comments and inputs.

Thanks,
- A



Visual Studio Team System22  
 
 
Josh Christie MS





PostPosted: Visual Studio Team System - Testing, Does WebTest always send out TCP/ESP frames? Top

Web tests send standard HTTP requests which are always contained within TCP segments (packets). If your network is using IPSec, an ESP packet will contain the TCP segment and an IP datagram (packet) will contain the ESP packet. Without IPSec, the IP datagrams will directly contain the TCP segments.

What I think you're seeing is that netmon 2.x doesn't know how to crack open the ESP packet to show you the TCP and then HTTP contents within it. I'm not sure if WireShark/Ethereal can do that, but you might want to give that a try instead of netmon 2.x. I know netmon 3.0 lets you dig into ESP packets, but it's not yet released.

What are you trying to do with the raw data sent by a web test Maybe there's a better way to do it.

Josh



 
 
Azerila





PostPosted: Visual Studio Team System - Testing, Does WebTest always send out TCP/ESP frames? Top

Thanks for the reply Josh... I'm using Netmon 3.0 actually and it shows me only ESP packets. If I remember correctly the order of the protocol layers shown by Netmon 3.0 is: Ethernet, Ipv4, TCP, and finally ESP, but there is no indication of any other protocol within (after) ESP and that's what was confusing to me.

I am currently away from my office so I can't send you more information about the output of my capture. I will do that early next week when I get back to my office and I'll try to explain my goal and what I see in Netmon 3.0 more in details.

Thanks much,

- A