I’m using the Net panel in Firebug to evaluate the performance of web pages I’m writing.
Specifically, I’m wondering what the precise meaning is of the stages for each resource that’s downloaded (i.e. DNS lookup, Connecting, Blocking, Sending, Waiting, receiving).
But more generally, is there a Firebug guide where I can look this stuff up?
The various stages correspond to the various states of the connection being made for the resource. I don't know of any documents on them and a quick look around the Firebug network page doesn't show any explanations. There is some documentation in the resources area (wiki) of the Firebug site, though it looks like its subtly different than what is actually presented in the interface. They seem reasonably obvious to me, but I suppose I could be wrong, too.
DNS lookup - the name of the remote server is being resolved to an IP address
Connecting - a TCP/IP connection is being opened to the remote server
Blocking - the client is waiting for another request to complete (or a thread to become available) before sending the request
Sending - the client is sending data to the remote server
Waiting - the client is waiting on a response from the remote server
Receiving - the client is reading data from the remote server
You can read up on HTTP headers.
And for the whole firebug net panel you can read this.
Although it doesn’t include an answer to this question, Amy Hoy and Thomas Fuchs’s PDF ebook JavaScript Performance Rocks! has a lot of good information about measuring web page performance using Firebug
Related
i'm too beginner in squid. i want a way to remain anonymous over the net. i also want to be able to access the contents of the internet which are filtered. my Windows computer is beyond firewall (filtered). my server (CentOS 5) is not. for example, when i enter http://facebook.com in the browser url, it redirects to an intranet ip which tells me to avoid going to this site!
now i've installed squid on server and traffic is propagated through this server. but this redirection occurs. so still i can't open filtered sites.
what can i do? a friend of mine told that the only way is to use https. ie. the connection between browser (Firefox) and the server must use this protocol. is it right? and how can i do that?
what's your suggestion? i don't want necessarily to use squid. besides, https protocol gets banned or decreased in speed in my country sometimes. so i prefer the protocol remain http. i thought also about writing a code in client and server to transform, compress/decompress and packetize as hoax binary http packets to be sent as much speed and success as possible. but i'm not an expert in this context and now i prefer more straightforward ways.
i respect any help/info.
I assume you are located in Iran. I would suggest using TOR if you mainly access websites. The latest release works reasonably well in Iran. It also includes an option to obfuscate traffic so it is not easily detectable that you are using TOR.
See also this question: https://tor.stackexchange.com/questions/1639/using-tor-in-iran-for-the-first-time-user-guide
A easy way to get the TOR package is using the autoresponder: https://www.torproject.org/projects/gettor.html
In case the website is blocked, it works as follows:
Users can communicate with GetTor robot by sending messages via email.
Currently, the best known GetTor email address is gettor#torproject.org.
This should be the most current stable GetTor robot as
it is operated by Tor Project.
To ask for Tor Browser a user should send an email to GetTor robot
with one of the following options in the message body:
windows: If the user needs Tor Browser for Windows.
linux: If the user needs Tor Browser for Linux.
osx: If the user needs Tor Browser for Mac OSX.
This might sound really naive but I would really find a descriptive answer helpful.
So, my question is this:
I can use Firebug to look at AJAX requests made from any website I visit. So, am I right in saying that I wouldn't be able to examine the same communication between the client and the server if the website choses to use Websockets? In other words, does this make it more secure?
No. Not at all. Just because the browser does not (yet) have a tool to show WebSocket traffic, doesn't make it any more secure. You can always run a packet sniffer to monitor the traffic, for example.
No, because there will be other ways beside the browser-build in tools to read your traffic.
Have a try: Install and run Wireshark and you will be able to see all packets you send and receive via Websockets.
Depends on the application. If you are fully Ajax without reloading the document for data then I would think websockets would provide a better authentication for data requests then a cookie session in regards to connection hijack. Given that you are using SSL of course.
Never rely on secrecy of algorithm cause it only gives you false sense of security. Wiki: Security by obscurity
Remember that browser is a program on my computer and I am the one who have a full control over what is send to you, not my browser.
I guess it's only matter of time (up to few months IMO) when developer tools such as Firebug will provide some fancy tool for browsing data send/received by WebSockets.
WebSockets has both an unencrypted (ws://) and encrypted mode (wss://). This is analogous to HTTP and HTTPS. WebSockets protocol payload is simply UTF-8 encoded. From a network sniffing perspective there is no advantage to using WebSockets (use wss and HTTPS for everything at all sensitive). From the browser perspective there is no benefit to using WebSockets for security. Anything running in the browser can be examined (and modified) by a sufficiently knowledgeable user. The tools for examining HTTP/AJAX requests just happen to be better right now.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Recently, I came across an issue where a CGI application is not responding. Symptom is Firefox displaying:
Transferring data from localhost...
But the thing is I cannot see any traffic from Firebug's Net panel, and the browser just stays on the same stage forever.
I am thinking about the ways to debug this application but I cannot see the source code or any of its compiled Java/C++ components, therefore I reckon a HTTP network level of diagnostics is a good start.
I have little experience in Fiddler and Wireshark, just wondering will they get better feedback/statistics in the HTTP network level? I've heard Wireshark is advanced but could possibly introduce a large volume of traffic so system admins don't like it very much. At this time I think Firebug doesn't really show me enough information.
I need to collect information so that I can then forward to client as proof.
Wireshark, Firebug, Fiddler all do similar things - capture network traffic.
Wireshark captures any kind of network packet. It can capture packet details below TCP/IP (HTTP is at the top). It does have filters to reduce the noise it captures.
Firebug tracks each request the browser page makes and captures the associated headers and the time taken for each stage of the request (DNS, receiving, sending, ...).
Fiddler works as an HTTP/HTTPS proxy. It captures every HTTP request the computer makes and records everything associated with it. It does allow things like converting post variables to a table form and editing/replaying requests. It doesn't, by default, capture localhost traffic in IE, see the FAQ for the workaround.
The benefit of WireShark is that it could possibly show you errors in levels below the HTTP protocol. Fiddler will show you errors in the HTTP protocol.
If you think the problem is somewhere in the HTTP request issued by the browser, or you are just looking for more information in regards to what the server is responding with, or how long it is taking to respond, Fiddler should do.
If you suspect something may be wrong in the TCP/IP protocol used by your browser and the server (or in other layers below that), go with WireShark.
None of the above, if you are on a Mac. Use Charles Proxy. It's the best network/request information collecter that I have ever come across. You can view and edit all outgoing requests, and see the responses from those requests in several forms, depending on the type of the response. It costs 50 dollars for a license, but you can download the trial version and see what you think.
If your on Windows, then I would just stay with Fiddler.
Fiddler is the winner every time when comparing to Charles.
The "customize rules" feature of fiddler is unparalleled in any http debugger. The ability to write code to manipulate http requests and responses on-the-fly is invaluable to me and the work I do in web development.
There are so many features to fiddler that charles just does not have, and likely won't ever have. Fiddler is light-years ahead.
To complement the list, also be aware of http://mitmproxy.org/
I use both Charles Proxy and Fiddler for my HTTP/HTTPS level debugging.
Pros of Charles Proxy:
Handles HTTPS better (you get a Charles Certificate which you'd put in 'Trusted Authorities' list)
Has more features like Load/Save Session (esp. useful when debugging multiple pages), Mirror a website (useful in caching assets and hence faster debugging), etc.
As mentioned by jburgess, handles AMF.
Displays JSON, XML and other kind of responses in a tree structure, making it easier to read. Displays images in image responses instead of binary data.
Cons of Charles Proxy:
Cost :-)
If you're developing an application that transfers data using AMF (fairly common in a particular set of GIS web APIs I use regularly), Fiddler does not currently provide an AMF decoder that will allow you to easily view the binary data in an easily-readable format. Charles provides this functionality.
I've implemented a web chat system using Jabber, with the Tigase server and an Ajax-based client communicating over BOSH using JsJac, with Apache mod_proxy forwarding the HTTP traffic to Tigase. This works reasonably well, but I've noticed one major gap in performance versus a desktop Jabber client (like Exodus), particularly when joining a multi-user chat with a long history of messages.
Specifically, from monitoring HTTP traffic, it appears that the server can only send one XMPP message per HTTP request-response cycle. For normal usage this is fine (we're getting roughly 80-100msec round-trip times, which isn't too bad), but when loading MUC history it can be a real drag.
So my question is: does Jabber or BOSH provide any mechanism for bundling or streaming messages that might apply to this use case? Are any clients and servers out there implementing something like this already? Or would I have to modify Tigase and JsJac myself (which is certainly possible, but not ideal)?
Actually, the BOSH server can collect as many responses from the Jabber server and send them as one single response to the client. I am the author of one such BOSH library: http://code.google.com/p/node-xmpp-bosh/.
The response body has nothing to do with the request body in case of BOSH. I mean that the response could and mostly will be a response to an unrelated request (mostly a later request).
I have implemented a BOSH communications solution with Java on the server and GWT on the client (a browser). A C client implementation has also been made. Presently, I am in the process of making the solution available online for tests. Please take a look at the following Google presentation to see if my solution is relevant for your business:
https://docs.google.com/present/edit?id=0AUPL-u98h45WZGQzNWNjOGhfMGd6bWI1NmNk&hl=en&authkey=CPTzrWc
To see the speaker notes, make sure you hit the "View Speaker Notes" button in the bottom-right corner of the page.
I'm using the MS Winsock control in VB6 and I want to understand things like
"when does the Server Close the
connection (triggering the
Winsock_Close() event), and a
related question:
How do you know
when all the data from a a Post has
been returned?
More info:
I should have mentioned: I've already read the MSDN description, etc., but it doesn't actually explain what's happening. E.g., it explains the the Close() event fires when the Server ends the connection but doesn't explain what would cause the connection to end and whether a broken connection would trigger a Close event, etc.
And none of the MSDN descriptions explain know when all the data has arrived. (I suspect it's the Close even firing).
You might want to try out the following walkthrough
tcp.oflameron.com/
You can find the complete code here
If you have any Qs in particular, plz ask here...
GoodLUCK!!
- CVS
Using the Winsock Control at http://msdn.microsoft.com/en-us/library/aa733709(VS.60).aspx
MSDN Search of "Winsock control" at http://social.msdn.microsoft.com/Search/en-US?query=Winsock+control&ac=8
Documentation Lacks
The documentation will not provide the information you are asking for. This is an ActiveX control that allows you to connect computers through TCP/IP protocol stacks.
The information you want applies to how these computer "talk" (the protocol). That totally depends on the server application and client application that are communicating. For instance, if I am connecting to the FTP Service of another computer, the server will not close the connection until I send the appropriate command or until the server detects an idle connection. On the other hand, some services will close the connection on any invalid command, especially SMTP Servers will tighten security.
You need to check out the documentation of the service you are connecting with. The documentation will tell you how to send commands, command format, response codes, how commands are acknowledge, and so on.
SAMPLE: VBFTP.EXE: Implementing FTP Using WinInet API from VB at http://support.microsoft.com/kb/175179