确定 HTTP 数据包

发布于 2024-08-28 17:27:25 字数 97 浏览 8 评论 0原文

您好,

如何从使用 Sharppcap 捕获的数据包中确定数据包是否是 http 数据包?

我们能否确定 frpm TCP 数据包是否是 HTTP?

Greeting,

how is possible to determine from captured packets using sharppcap if the packet is http packet or not?

and can we determine frpm TCP packets if the packet is HTTP or not?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

半暖夏伤 2024-09-04 17:27:25

根据 rfc2616 - 超文本传输​​协议 - HTTP/1.1

HTTP 消息的版本由消息第一行中的 HTTP-Version 字段指示

因此,您可以检查数据包并扫描消息标头中的 HTTP 版本文本和/或 HTTP 协议的其他已知字段。虽然如果一条消息被分成多个数据包,此方法可能不是 100% 准确,但它可能足够好,至少作为第一次切割。

According to rfc2616 - Hypertext Transfer Protocol -- HTTP/1.1:

The version of an HTTP message is indicated by an HTTP-Version field in the first line of the message

So, you could inspect packets and scan for the HTTP version text in message headers, and/or other known fields of the HTTP protocol. Although this method may not be 100% accurate if a message is broken up into multiple packets, it would probably be good enough, at least as a first cut.

请远离我 2024-09-04 17:27:25

我是 sharppcap/packet.net 的作者/维护者。

我有一些执行 tcp 重组和 http 解析的类,这些类在复杂的网络监控应用程序中用于识别和跟踪 http 会话。这些都经过了充分的单元测试并得到了很好的评论。

它们可用于二进制或源代码级别的许可。

编辑:为什么投票否决?开发代码和测试花费了数百个小时,这是一个已被重用的解决方案。在重新实现相同的功能之前,这当然值得考虑。

I am the author/maintainer of sharppcap/packet.net.

I have a few classes that perform tcp reassembly and http parsing that are in use in a complex network monitoring app to identify and follow http sessions. These are fully unit tested and well commented.

They are available for licensing either at the binary or source level.

Edit: Why vote this down? It took hundreds of hours to develop the code and tests and it's a drop in solution that has been reused. It's certainly worth considering before re-implementing the same functionality.

泪意 2024-09-04 17:27:25

听起来您正在查看单个 TCP 片段。如果它来自消息的开头,那么它的第一行将有一个 HTTP 版本,但如果您只是从网络上随机提取数据包并希望能够知道它们是 HTTP,那么您就不走运了- TCP 片段中没有任何内容表明其中的内容。唯一了解的方法就是查看整个对话。

It sounds like you're looking at a single TCP fragment. If that came from the beginning of a message, it will have an HTTP version in the first line, but if you're just pulling random packets off the network and hoping to be able to tell they're HTTP you're out of luck - there is nothing in the TCP fragments which indicates what is in them. The only way to know would be to look at the whole conversation.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文