智能 UDP 协议分析仪?
是否有“智能”UDP 协议分析器可以帮助我对基于消息的协议进行逆向工程?
我正在使用 Wireshark 进行嗅探,但如果有一个工具可以检测协议中的规律性(重复的字符串、CRC/校验和或长度的协议位,...)并辅助该过程,将会有所帮助。
Is there a "smart" UDP protocol analyzer that can help me reverse engineer a message based protocol?
I'm using Wireshark to do the sniffing, but if there's a tool that can detect regularities in the protocol (repeated strings, bits of the protocol that are CRC/Checksum or length, ...) and aid the process that would help.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要一个通用推理引擎。尝试恢复协议的最佳方法(假设您所在的司法管辖区允许这样做)是从会话开始时了解底层消息传输,然后尝试通过一系列 ping 手动模拟各方的行为-pong 消息试验。通过这种方式,您可以了解消息结构及其功能。
使用 UDP 帧边界是开始寻找结构的好地方。
如果您没有文档,您会发现即使您对协议有了很好的理解,在项目过程中也会多次感到惊讶。
如果可以的话,让现有系统准确执行您需要使用的场景,然后仅复制相同的序列,仅更改有效负载(以及任何校验和)。这样你就可以在不全面了解协议的情况下达到要求。
有关执行此操作的示例,您可以查看 Samba 项目的历史回顾,网址为 一点历史和一点乐趣。
You are asking for a universal inference engine. The best way to try to recover the protocol (assuming you are in a jurisdiction that permits this) is to understand the underlying message transfer from the beginning of a session, and then trying to manually simulate the behaviour of each party through a sequence of ping-pong message trials. This way you develop an understanding of the message structures and their functioning.
Using the UDP frame boundaries is a good place to start looking for structure.
If you have no documentation, you will find that even if you gain a good understanding of the protocol, expect to be surprised many times during the project.
If you can, have your existing systems carry out exactly the scenario you need to use, and then simply replicate the same sequence with payload (and any checksum) changes only. This way you can possibly achieve the requirement without a comprehensive understanding of the protocol.
For an example of the effort in doing this you could look at a historical review of the Samba project at A bit of history and a bit of fun.