问题描述
我正在尝试分析Java的TLS库(而不是Bouncy Castle)。由于某些原因,Wireshark拒绝这样识别ClientHello片段。这是TCP数据包的十六进制转储。我将其分解为各个组成部分,以使其易于理解。
TCP stuff
020000004502008a000040004006f9ce0aa5001e5db8d822e28d01bbf3b9a9ab8c64a4fe8018081070fa00000101080a4e4e5d5845aa256f
16 TLS handshake record
0301 TLS v 1.0
0052 Fragment length 82 bytes
01 ClientHello message
00004e Message length 78 bytes
0303 TLS v 1.2
Client random
3c88c697bf2b559cc032faff7caccb17475ae76f36ededf279a9d1b9950e7367
00 Session ID length
0024 Cipher suite length 36 bytes 18 cipher suites
1301 1302 1303 c02b c02f cca9 ccaa c02c c030 c00a c009 c013 c014 009c 009d 002f 0035 000a
01 Compression methods length
00 Compression method null
0000 Extensions length
我不知所措,为什么Wireshark和一些网站没有将其识别为有效的握手记录。任何帮助表示赞赏。
编辑:
我重新运行了捕获,以显示Wireshark如何解释网络标头。
原始数据包
0000 0c ea c9 75 61 30 3c 22 fb 01 07 f3 08 00 45 00
0010 00 8a 00 00 40 00 40 06 42 23 c0 a8 01 c8 5d b8
0020 d8 22 e9 3b 01 bb ee e9 99 55 53 56 a2 a8 80 18
0030 08 0a dc d0 00 00 01 01 08 0a 4e d6 03 2b db 4f
0040 3f fb 16 03 01 00 52 01 00 00 4e 03 03 8a 80 b9
0050 8c 73 ee 40 30 ef 65 1d 8c 51 d2 39 09 34 17 79
0060 d1 af e1 63 96 1a ac b4 ad 96 03 dd 7a 00 00 24
0070 13 01 13 02 13 03 c0 2b c0 2f cc a9 cc aa c0 2c
0080 c0 30 c0 0a c0 09 c0 13 c0 14 00 9c 00 9d 00 2f
0090 00 35 00 0a 01 00 00 00
Wireshark的解释
Frame 3616: 152 bytes on wire (1216 bits),152 bytes captured (1216 bits) on interface en0,id 0
Interface id: 0 (en0)
Encapsulation type: Ethernet (1)
Arrival Time: Nov 3,2020 09:03:23.957190000 EST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1604412203.957190000 seconds
[Time delta from prevIoUs captured frame: 0.004793000 seconds]
[Time delta from prevIoUs displayed frame: 0.011314000 seconds]
[Time since reference or first frame: 49.409611000 seconds]
Frame Number: 3616
Frame Length: 152 bytes (1216 bits)
Capture Length: 152 bytes (1216 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II,Src: Apple_01:07:f3 (3c:22:fb:01:07:f3),Dst: ARRISGro_75:61:30 (0c:ea:c9:75:61:30)
Destination: ARRISGro_75:61:30 (0c:ea:c9:75:61:30)
Source: Apple_01:07:f3 (3c:22:fb:01:07:f3)
Type: IPv4 (0x0800)
Internet Protocol Version 4,Src: 192.168.1.200,Dst: 93.184.216.34
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0,ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 138
Identification: 0x0000 (0)
Flags: 0x40,Don't fragment
Fragment Offset: 0
Time to Live: 64
Protocol: TCP (6)
Header Checksum: 0x4223 [validation disabled]
[Header checksum status: Unverified]
Source Address: 192.168.1.200
Destination Address: 93.184.216.34
Transmission Control Protocol,Src Port: 59707,Dst Port: 443,Seq: 1,Ack: 1,Len: 86
Source Port: 59707
Destination Port: 443
[Stream index: 18]
[TCP Segment Len: 86]
Sequence Number: 1 (relative sequence number)
Sequence Number (raw): 4008286549
[Next Sequence Number: 87 (relative sequence number)]
AckNowledgment Number: 1 (relative ack number)
AckNowledgment number (raw): 1398186664
1000 .... = Header Length: 32 bytes (8)
Flags: 0x018 (PSH,ACK)
Window: 2058
[Calculated window size: 131712]
[Window size scaling factor: 64]
Checksum: 0xdcd0 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
Options: (12 bytes),No-Operation (nop),Timestamps
[SEQ/ACK analysis]
[Timestamps]
TCP payload (86 bytes)
TCP segment data (86 bytes)
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)