c++ - 如何解析网络流量的十六进制代码

标签 c++ networking tcp hex

首先,感谢 Stack Overflow 社区。我在这里找到了很多称职的答案,所以我将尝试提出我自己的问题。

我有一个 WinPcap 示例程序,它将我的网络流量“转储”为 Hexcode。 我做了一个简单的服务器/客户端对,它定期发送一些文本(22 字节)。

问题:
在 C++ 中解析此十六进制转储并生成类似于 Wireshark 或 phd 的输出(仅在控制台中)。

在阅读了一些 TCP/IP 引用资料 (1) 之后,我无法确定所有字节的“值” 所以例如有 76 个字节,向后读:

  • 前 22 个字节是我的数据;
  • 那么,TCP头有20个;
  • IP header 为 20,然后是其他一些字节,我不知道它们代表什么。我对 IP 协议(protocol)不是很了解。

这是一个十六进制的例子:

08 00 27 b3 23 63 f4 6d 04 2e 68 24 08 00 45 00
00 3e 31 c4 40 00 80 06 45 9e c0 a8 01 03 c0 a8
01 04 0b 27 04 d2 b0 f7 47 61 28 6c fd a7 50 18
fa f0 8e a0 00 00 48 61 6c 6c 6f 20 64 61 73 20
69 73 74 20 65 69 6e 20 54 65 73 74

问题:
谁能告诉我这些第一个字节是做什么用的,以及 在哪里可以获得网络流量如何构成的(简单)描述?

(1) TCP Reference , IP Reference

最佳答案

我用了Packet Dump Decode并将其解码为以下数据...pdd 将十六进制转储转换为可以在 wireshark 中使用的内容...然后我从 wireshark 信息向后工作以分解数据包...

Ethernet Header
---------------
08 00 27 b3 23 63 f4 6d 04 2e 68 24 08 00 

IP Header
---------
45 00 00 3e 31 c4 40 00 80 06 45 9e 
c0 a8 01 03 c0 a8 01 04

TCP Header
----------
0b 27 04 d2 b0 f7 47 61 28 6c fd a7 50 18
fa f0 8e a0 00 00

TCP Data Payload
----------------
48 61 6c 6c 6f 20 64 61 73 20
69 73 74 20 65 69 6e 20 54 65 73 74

还有完整的 wireshark 解码...

Frame 1: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
    WTAP_ENCAP: 1
    Arrival Time: Nov 24, 2012 07:12:54.000000000 Central Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1353762774.000000000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 76 bytes (608 bits)
    Capture Length: 76 bytes (608 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:data]
Ethernet II, Src: AsustekC_2e:68:24 (f4:6d:04:2e:68:24), Dst: CadmusCo_b3:23:63 (08:00:27:b3:23:63)
    Destination: CadmusCo_b3:23:63 (08:00:27:b3:23:63)
        Address: CadmusCo_b3:23:63 (08:00:27:b3:23:63)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: AsustekC_2e:68:24 (f4:6d:04:2e:68:24)
        Address: AsustekC_2e:68:24 (f4:6d:04:2e:68:24)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 192.168.1.3 (192.168.1.3), Dst: 192.168.1.4 (192.168.1.4)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 62
    Identification: 0x31c4 (12740)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x459e [correct]
        [Good: True]
        [Bad: False]
    Source: 192.168.1.3 (192.168.1.3)
    Destination: 192.168.1.4 (192.168.1.4)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: msrp (2855), Dst Port: search-agent (1234), Seq: 1, Ack: 1, Len: 22
    Source port: msrp (2855)
    Destination port: search-agent (1234)
    [Stream index: 0]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 23    (relative sequence number)]
    Acknowledgment number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
    Window size value: 64240
    [Calculated window size: 64240]
    [Window size scaling factor: -1 (unknown)]
    Checksum: 0x8ea0 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [Bytes in flight: 22]
Data (22 bytes)

0000  48 61 6c 6c 6f 20 64 61 73 20 69 73 74 20 65 69   Hallo das ist ei
0010  6e 20 54 65 73 74                                 n Test
    Data: 48616c6c6f20646173206973742065696e2054657374
    [Length: 22]

关于c++ - 如何解析网络流量的十六进制代码,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13541227/

上一篇:sockets - ConnectAsync 阻塞 UI 线程

下一篇:Node.js TCP 套接字在轮询前等待几秒钟? (net.createServer)

相关文章:

c++ - 前向声明导致头文件出现问题

c++ - 逐元素元组加法

c++ - MODBUS TCP 应答转换为浮点 C++

c++ - DirectWrite:Windows 7 上的字符间距

python - 如何知道 StreamReader 何时准备就绪?

c++ - C++ 中的跨平台网络代码?

Java IOException Stream 在服务器客户端程序中关闭

C# IMAP 客户端 - 到邮件服务器的多个连接

java - 在 JDBC 到 mysql 连接中指定 TCP 协议(protocol)

c++ - 从基指针容器访问派生成员

©2024 IT工具网  联系我们