解码嗅探到的数据包
我知道每个数据包都有一些标头,看起来像是字符的随机组合。另一方面,内容本身可以是纯 ascii 格式,因此它可能是人类友好的。我嗅探到的一些数据包是可读的(当然是原始的 html 标头)。但有些数据包看起来像这样:
0000 00 15 af 51 68 b2 00 e0 98 be cf d6 08 00 45 00 ...Qh... ......E.
0010 05 dc 90 39 40 00 2e 06 99 72 08 13 f0 49 c0 a8 ...9@... .r...I..
0020 64 6b 00 50 c1 32 02 7a 60 4f 4c b6 45 62 50 10 dk.P.2.z `OL.EbP.
这只是一部分,这些数据包通常更长。我的问题是,如何解码数据包内容/数据?我需要整个流吗?解码是否简单,或者每个应用程序都可以对其进行稍微编码,以确保这些数据包的安全?
编辑: 我不关心标题,Wireshark 显示了这一点。然而,这完全是毫无价值的信息。我想解码数据/内容。
I understand that each packet has some header that seems like a random mix of chars. On the other hand, the content itself can be in pure ascii and therefore it might be human friendly. Some of the packets I sniffed were readable (raw html headers for sure). But some packets looked like this:
0000 00 15 af 51 68 b2 00 e0 98 be cf d6 08 00 45 00 ...Qh... ......E.
0010 05 dc 90 39 40 00 2e 06 99 72 08 13 f0 49 c0 a8 ...9@... .r...I..
0020 64 6b 00 50 c1 32 02 7a 60 4f 4c b6 45 62 50 10 dk.P.2.z `OL.EbP.
That was just a part, these packets were usually longer. My question is, how can I decode the packet content/data? Do I need the whole stream? Is the decoding simple, or every application can encode it slightly else, to ensure these packets are secured?
Edit:
I don't care about the header, Wireshark shows that. However, that's totally worthless info. I want to decode the data/content.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
数据包的内容由发送它的进程定义。把它想象成一个电话。所说的内容取决于谁打电话以及他们正在与谁交谈。您必须研究构建它的程序以确定如何“解码”它。有一些嗅探器会解析一些常用的编码方法并尝试这样做。
The content of a packet is defined by the process sending it. Think of it like a telephone call. What's said is dependent on who is calling and who they are talking to. You have to study the programs that construct it to determine how to "decode" it. There are some sniffers that will parse some commonly used methods of encoding and try to do this already.
为什么不直接使用wireshark之类的东西呢?
Why not just use something like wireshark?
数据包标头将取决于发送相关数据包的应用程序,如之前的文章中所述。您还可以使用 Wiresharks 协议参考来了解一些常见协议。
这里列出的是数据包字节,您需要查看数据包详细信息视图以了解看似随机的数据对应的内容。在数据包详细信息视图中,当您选择数据包的各个部分时,它将在数据包字节视图中突出显示相应的字节。
Packet headers will depend on the application sending the packet in question, as mentioned in an earlier post. You can also use Wiresharks protocol reference for understanding some of the common protocols.
What you have listed here is the Packet Byte, what you need to see is the Packet Detail view to understand what does the seemingly random data correspond to. In Packet Detail view, when you select various parts of the packet, it will highlight corresponding byte in the Packet Byte view.
如果您使用 C#,请使用 SharpPcap 并查看代码中的示例以了解它的工作原理。
将过滤器设置为仅捕获 UDP,捕获数据包,将其解析为 udp,并提取有效负载。有效负载的格式基于发送它的应用程序。
有很多额外的乱码,因为每个 udp 数据包都包含一堆:
数据之前的
If you're using C#, grab SharpPcap and look at the examples in code to get a feel for how it works.
Set the filter to only capture UDP, capture a packet, parse it to udp, and extract the payload. The payload's format is based on the application sending it.
There's a lot of extra gibberish because every udp packet contains a stack of:
of information before your data and all incoming data is in binary format until you parse it to something meaningful.