2019-2020 µÚ¶þѧÆÚ TCP/IP ÐÒé·ÖÎöÆÚÄ©¿¼ºË´ó×÷Òµ
Ò»¡¢¿¼ºËÄ¿µÄ 1¡¢·ÖÎöÊý¾ÝÔÚÎå²ãÐÒéÕ»Öеķâ×°¼°Í¨ÐŹý³Ì£¬Àí½âͨÐÅ»ù±¾ÔÀí;
2¡¢¶ÔµäÐ͵ÄÍøÂçÓ¦ÓÃ(DNS¡¢HTTP¡¢FTP¡¢Email µÈ)ͨÐŽøÐÐÏêϸ·ÖÎö;
3¡¢Õë¶Ô HTTP µÄ User-agent ±àд¼òµ¥µÄ·ÃÎÊÏìÓ¦Ò³Ã棬²¢ÊìÁ·Ê¹Óà session ¼° cookie
4¡¢ÕÆÎÕ Socket ͨÐÅÐÒéʵÏֵķ½·¨£¬Äܹ»Ê¹ÓÃÖÁÉÙÒ»ÖÖÓïÑÔ±àдͨÐųÌÐò;
5¡¢Àí½â TCP Óë UDP ͨÐÅʵÏֵķ½·¨ºÍ¹ý³Ì£¬Àí½â±¨ÎĶηâ×°µÄ×÷Óã¬ÕÆÎÕ¿É¿¿´«Êäʵ Ïֵķ½·¨;
6¡¢Àí½â TCP Èý´ÎÎÕÊÖ½¨Á¢Á¬½Ó¡¢Êý¾Ý´«Êä¡¢ËĴλÓÊÖ²ð³ýÁ¬½ÓµÄ·½·¨ºÍ¹ý³Ì;
7¡¢ÕÆÎÕÊý¾Ý´«Êä¹ý³Ì¡£ ¶þ¡¢ÒÇÆ÷É豸/»·¾³
1¡¢°²×°ÓÐ wireshark µÄ¿Í»§¶Ë£¬Chrome ä¯ÀÀÆ÷;
2¡¢°²×°²¢ÅäÖÃÓÐ outlook »òÕß foxmail µÈÓʼþ¿Í»§¶Ë£¬ÄÜÕý³£ÊÕ·¢Óʼþ;
3¡¢°²×°ÓÐ dns ºÍ www¡¢ftp µÈ·þÎñµÄ·þÎñÆ÷£¬ÈçÔòÓû¥ÁªÍø·þÎñÌæ´ú; 4¡¢Óɽ»»»»ú´î½¨µÄ¾ÖÓòÍø£¬ÈçÎÞÔòʹÓû¥ÁªÍøÌæ´ú;
5¡¢ÖÁÉÙÒ»ÖÖ WEB ¿ª·¢¹¤¾ß;
6¡¢°²×°²¢ÅäÖÃÓÐ C|C++|C#|JAVA|PYTHON ÔËÐл·¾³µÄ·þÎñÆ÷¼°¿Í»§¶Ë(±ØÒª);
7¡¢Ïà¶ÔÎȶ¨µÄ¾ÖÓòÍø»·¾³(ÓÐÏß»òÕßÎÞÏß) Èý¡¢ÊµÑéÔÀí
1¡¢ÍøÂçÐÒé(network protocol)£¬¼ò³ÆΪÐÒ飬ÊÇΪ½øÐмÆËã»úÍøÂçÖеÄÊý¾Ý½»»»¶ø½¨Á¢
µÄ¹æÔò¡¢±ê×¼»òÔ¼¶¨¡£ÐÒé¹æ¶¨ÁËͨÐÅʵÌåÖ®¼äËù½»»»µÄÏûÏ¢µÄ¸ñʽ¡¢ÒâÒ塢˳ÐòÒÔ¼°Õë¶Ô ÊÕµ½ÐÅÏ¢»ò·¢ÉúʼþËù²ÉÈ¡µÄ¡°¶¯×÷¡±(actions)¡£
2¡¢¼ÆËã»úÍøÂçÌåϵ½á¹¹£¬¼ÆËã»úÍøÂçÌåϵ½á¹¹¼ò³ÆÍø ÂçÌåϵ½á¹¹(network architecture)£¬ÊÇ·Ö²ã½á¹¹£¬Ã¿²ã×ñÑ
ijЩÍøÂçÐÒéÍê³É±¾²ã¹¦ÄÜ£¬¼ÆËã»úÍøÂçÌåϵ½á¹¹ÊǼÆËã »úÍøÂçµÄ¸÷²ã¼°ÆäÐÒéµÄ¼¯ºÏ¡£µ±Ç°Ö÷Á÷µÄÌåϵ½á¹¹ÓÐÈý ÖÖ£¬·Ö±ðÊÇ OSI Æß²ã½á¹¹£¬TCP/IP ²Î¿¼Ä£ÐÍ£¬ÒÔ
¼° Internet Îå²ãÐÒéÕ»¡£
¿ª·Åϵͳ»¥Á¬(Open System Interconnect£¬OSI)²Î¿¼Ä£ ÐÍÊÇÓɹú¼Ê±ê×¼»¯×éÖ¯(ISO) 1984 ÄêÌá³öµÄ·Ö²ãÍøÂçÌåϵ
½á¹¹Ä£ÐÍ¡£Ä¿µÄÊÇÖ§³ÖÒì¹¹ÍøÂçϵͳµÄ»¥Á¬»¥Í¨£¬ÊÇÀí ½âÍøÂçϵͳµÄ×î¼ÑÄ£ÐÍ»òѧϰ¹¤¾ß¡£·ÖΪÎïÀí²ã£¬Êý¾ÝÁ´Â· ²ã£¬ÍøÂç²ã£¬´«Êä²ã£¬»á»°²ã£¬±íʾ²ã£¬Ó¦ÓòãÆ߲㣬ÿ²ãÍê
³ÉÌض¨µÄÍøÂ繦ÄÜ¡£
OSI ÊÇÒ»¸öÀíÂÛÉϵÄÍøÂçͨÐÅÄ£ÐÍ£¬TCP/IP ÔòÊÇʵ¼ÊÔËÐеÄÍøÂçÐÒé; TCP/IP ÐÒé×å·ÖΪËIJ㣬·Ö±ðΪӦÓò㣬´«Êä²ã£¬ÍøÂç²ã£¬ÍøÂç½Ó¿Ú²ã¡£
Internet Îå²ãÐÒéÕ»×ÛºÏÁË OSI Æß²ãÄ£ÐÍºÍ TCP/IP ËIJãÄ£Ð͵ÄÓŵ㣬°üÀ¨:Ó¦Óòã:Ö§³Ö¸÷ÖÖÍø ÂçÓ¦ÓÃ(FTP£¬SMTP£¬HTTP);
´«Êä²ã:½ø³Ì¡ª½ø³ÌµÄÊý¾Ý´«Êä(TCP£¬UDP); ÍøÂç²ã:Ô´Ö÷»úµ½Ä¿µÄÖ÷»úµÄÊý¾Ý·Ö×éÓëת·¢(IP ÐÒ飬·ÓÉÐÒéµÈ);
Êý¾ÝÁ´Â·²ã:ÏàÁÚÍøÂçÔªËصÄÊý¾Ý´«Êä; ÎïÀí²ã:±ÈÌØ´«Êä¡£
3¡¢Encapsulation ·â×°
·â×° Encapsulation£¬ÓÉÉϵ½ÏÂÔÚÿһ²ãÊý¾ÝÔö¼Ó¿ØÖÆÐÅÏ¢(Header)£¬¹¹ÔìÐÒéÊý¾Ýµ¥Ôª(PDU)£¬°ü À¨:µØÖ·(Address):±êʶ·¢ËͶË/½ÓÊÕ¶Ë;²î´í¼ì²â±àÂë(Error-detecting Code):ÓÃÓÚ²î´í¼ì²â»ò¾ÀÕý
ÐÒé¿ØÖÆ(Protocol control):ʵÏÖÐÒ鹦Äܵĸ½¼ÓÐÅÏ¢¡£ ½â·â×°£¬¾ÍÊÇ·â×°µÄÄæ¹ý³Ì£¬²ð½âÐÒé°ü£¬ÓÉϵ½ÉÏÈ¥³ý±¨Í·£¬Êý¾Ý·â×°ºÍ½â·â×°ÊÇÒ»¶ÔÄæ¹ý³Ì¡£
Îå²ãÐÒéÕ»µÄ·â×°ºÍ½â·â×°¹ý³ÌÈçÏÂ:
4¡¢Ó¦ÓòãÐÒé Ó¦ÓòãÐÒé
(application layer protocol)¶¨ÒåÁËÔËÐÐÔÚ²»Í¬¶ËϵͳÉϵÄÓ¦ÓóÌÐò½ø³ÌÈçºÎÏ໥´«µÝ±¨ÎÄ¡£°üº¬:Ïû Ï¢µÄÀàÐÍ(type){ÇëÇóÏûÏ¢,ÏìÓ¦ÏûÏ¢};ÏûÏ¢µÄÓï·¨(Syntax)¸ñʽ{ÏûÏ¢ÖÐÓÐÄÄЩ×Ö¶Î(field),ÿ¸ö×Ö¶ÎÈçºÎÃè Êö};×ֶεÄÓïÒå(semantics){×Ö¶ÎÖÐÐÅÏ¢µÄº¬Òå};¹æÔò(rules){½ø³ÌºÎʱ·¢ËÍ/ÏìÓ¦ÏûÏ¢,½ø³ÌÈçºÎ·¢ËÍ/Ïì Ó¦ÏûÏ¢}µäÐÍÍøÂçÓ¦Ó÷þÎñÓëÐÒéÖ÷ÒªÓÐ:
1)ÓòÃûϵͳ(Domain Name System£¬DNS):Ö÷ÒªÌṩÓòÃûºÍ IP µØÖ·Ö®¼äÓ³Éä¡£ 2)Îļþ´«ÊäÐÒé(File Transfer Protocol£¬FTP):ÔÚ»¥ÁªÍøµÄÁ½¸öÖ÷»ú¼äʵÏÖÎļþ»¥´«µÄÍø
ÂçÓ¦Óá£
3)³¬Îı¾´«ÊäÐÒé(HyperText Transfer Protocol£¬HTTP):ÓÃÓÚʵÏÖ WWW ·þÎñ£¬Ò²¾ÍÊÇ WEB ·þ Îñ¡£
4)SMTP(Simple Mail Transfer Protocol), ʹÓà TCP ½øÐÐ Email ÏûÏ¢µÄ¿É¿¿´«Êä¡£
5)POP3(Post Office Protocol 3), Ìṩ´Ó·þÎñÆ÷»ñÈ¡ÓʼþµÄ·þÎñ¡£
5¡¢Internet ÌṩµÄ´«Êä·þÎñ TCP Óë UDP
TCP(Transmission Control Protocol ´«Êä¿ØÖÆÐÒé)ÊÇÒ»ÖÖÃæÏòÁ¬½ÓµÄ¡¢¿É¿¿µÄ¡¢»ùÓÚ×Ö½ÚÁ÷¡¢¿É½øÐÐ
Á÷Á¿¿ØÖƵġ¢ÌṩӵÈû¿ØÖƵĴ«Êä²ãͨÐÅÐÒé¡£
UDP (User Datagram Protocol Êý¾Ý±¨ÐÒé)Ò»ÖÖÎÞÁ¬½ÓµÄ´«Êä²ãÐÒ飬Ìṩ¼òµ¥²»¿É¿¿ÐÅÏ¢´«ËÍ·þ Îñ¡£
TCP Óë UDP ÔÚ´«Êä²ãΪӦÓòã·þÎñºÍ³ÌÐòÌṩ´«Êä·þÎñ¡£ 6¡¢Socket
ÍøÂçÉϵijÌÐò½ø³Ì¼äͨÐÅÀûÓà socket ·¢ËÍ/½ÓÊÕÏûϢʵÏÖ¡£
½ø³ÌµÄ±êʶ·û IP µØÖ·+¶Ë¿ÚºÅ¡£
7¡¢Port ÓÉÓÚϵͳ¼ÓÔغó·þÎñÓë³ÌÐòÆä½ø³ÌºÅÊÇ°´¼ÓÔØ˳ÐòÅÅÐòµÄ£¬Òò´ËͨÐŵÄÁ½Ì¨Ö÷»úºÜÄÑͨ¹ý½ø³ÌºÅÕÒµ½
¶Ô·½£¬Âß¼ÉÏÌá³öÁËÒ»¸ö Port(¶Ë¿Ú)µÄ¸ÅÄî(½öÏÞÓÚ TCP Óë UDP ´«Êä¹ý³Ì)£¬¸Ã¡£ ¸ÅÄÂß¼ÉÏͬһÀàµÄ·þÎñºÍ APP ¹é½áµ½Ò»¸öͨÐųö¿Ú£¬ÄÇôͨÐÅÁíÍâÒ»¶Ë¾Í¿ÉÒÔͨ¹ýÒ»¸öËæ»úÑ¡
Ôñ´óÓÚ 1024 ÒÔÉÏ(ÒòΪ0-1023ÓÃ×÷ÖªÃû·þÎñÆ÷µÄ¶Ë¿Ú£¬ÈçFTP21¡¢HTTP80¡¢SMTP25¡¢TELNET21¡¢SSH22)µÄ ¶Ë¿ÚÏò¹Ì¶¨·þÎñµÄ¶Ë¿Ú(1024 ÒÔϹ̶¨·þÎñ)·¢ÆðͨÐÅÇëÇó¡£
8¡¢ Socket
Socket ±¾ÖÊÊDZà³Ì½Ó¿Ú(API)£¬¶Ô TCP/IP µÄ·â×°£¬TCP/IP ΪÍøÂç·þÎñºÍÓ¦ÓÃÌṩ Socket ±à³Ì½Ó ¿Ú£¬µ±Ç°Ö÷ÒªµÄ Socket ±à³ÌÖ÷ÒªÓÐ SOCK_STREAM (TCP)¡¢SOCK_DGRAM (UDP) ¹¤×÷ÔÚ´«Êä²ã£¬SOCK_RAW ¹¤×÷ÔÚÍøÂç²ã¡£
8¡¢ TCP ±¨ÎÄ·â×°¼°Í¨ÐŹý³Ì
TCP ÔÚ IP ²ãÌṩµÄ²»¿É¿¿·þÎñ»ù´¡ÉÏʵÏÖ¿É¿¿Êý¾Ý´«Êä·þÎñ£¬Á÷Ë®Ïß»úÖÆ´«Ê䣬ʹÓÃÀÛ»ýÈ·ÈÏÈ·ÈÏ ´«Ê䣬²¢Ê¹Óõ¥Ò»ÖØ´«¶¨Ê±Æ÷ºÍÊÕµ½Öظ´ ACK È·ÈÏ´«Êäʧ°Ü£¬½øÐÐÖØ´«¡£
TCP ¶Î½á¹¹°üº¬¡£
Ô´µØÖ·¶Ë¿Ú¡¢Ä¿µÄ¶Ë¿Ú£¬16 λ×ֶΣ¬·¢ËͽÓÊոñ¨ÎĶεÄÖ÷»úÖÐÓ¦ÓóÌÐòµÄ¶Ë¿ÚºÅ¡£ ÐòºÅ(segment µÚÒ»¸ö×ֽڵıàºÅ)¡¢È·ÈϺÅ(½ÓÊÕ·½ÆÚÍû´Ó¶Ô·½½ÓÊܵÄ×Ö½Ú±àºÅ), Flag(URG:½ô¼±Êý
¾Ý±ê־λ;ACK:È·Èϱê־λ;PSH:ÇëÇóÍÆËÍλ,·¢ËÍÁËÊý¾Ý;RST:Á¬½Ó¸´Î»;SYN:½¨Á¢Á¬½Ó£¬ÈÃÁ¬½ÓË«·½Í¬²½ ÐòÁкÅ;FIN:ÊÍ·ÅÁ¬½Ó)¡£
´°¿Ú´óС: TCP µÄ´°¿Ú´óС£¬ÒÔ×Ö½ÚΪµ¥Î»¡£×î´ó³¤¶ÈÊÇ 65535 ×Ö½Ú(16 λ)¡£ ¼ìÑéºÍ:½«´«Êä²ã´«Êä²ãαÊײ¿ÓëÊײ¿×Ö¶ÎÇóºÍ²¢Ð£Ñ飬±£Ö¤Êý¾ÝµÄÍêÕûÐÔºÍ׼ȷÐÔ¡£
ËÄ¡¢¿¼ºËÄÚÈÝ (Ò»)±¨ÎÄ·ÖÎö(50%)
1¡¢Ê¹Óà wireshark¡¢sniffer µÈ²¶×½¹¤¾ß²¶×½Ó¦ÓòãͨÐű¨ÎÄ¡£
2¡¢¶Ô±¨ÎÄÔÚÿһ²ãµÄ·â×°½øÐзÖÎö£¬ÌرðÊÇ DNS¡¢HTTP¡¢FTP Óë Email ÐÒ飬¶Ô¶Ë¿Ú¸´ÓÃÓë·Ö½â¡¢Ó¦ Óòã·þÎñÓëÐÒéµÄͨÐŹý³Ì½øÐзÖÎö¡£
3¡¢¶Ô HTTP ÐÒéµÄÇëÇó-ÏìÓ¦¹ý³Ì¼°ÐÒéÊý¾Ý·â×°½øÐÐÏêϸ·ÖÎö£¬±àдһ¸öÒ³Ã棬Äܹ»¼Ç¼¿Í»§
¶Ë User-Agent ÐÅÏ¢£¬²¢¸ù¾Ý·ÃÎÊÇëÇóµÄ User-Agent ·µ»Ø²»Í¬ÄÚÈÝ;²¢ÊìÁ·Ê¹Óà session ºÍ cookie¡£
Ïî ÄÚÈÝ Ä¿
µÃ·Ö ÑéÖ¤¼°ÒªÇó
1 PDU(DNS) capture 5
2 PDU(HTTP) capture 5
3 PDU(FTP) capture 5
4 PDU(SMTP) capture 5
5 PDU(POP) capture 5
6 PDU(DNS) analyze 15
7 PDU(HTTP) analyze 20
query,query response
TCP three-way handshake,http request,http response FTP µÇ¼¼°ÏÂÔØ
smtp
pop
Îå²ã·â×°¹ý³Ì,DNS ±¨ÎÄ·â×°£¬·â×°×Ö½Ú¼ÆËã
request,http response¹ý³Ì£¬¶Ë¿Ú¸´ÓÃ(¶à¸ö¿Í»§¶Ë) Í·²¿ÐÅÏ¢ÑéÖ¤;Äܸù¾Ý²»Í¬É豸·µ»Ø UA ÐÅÏ¢
8 PDU(FTP) analyze
9 PDU(SMTP) analyze
(¶þ)Socket ±à³Ì (50%)
5 FTP µÇ¼£¬ÏÂÔعý³ÌÑéÖ¤ 5 smtp ·¢ËÍÓʼþ¹ý³Ì
¿¼ºË×ܽá
30
¿¼ºËµÄ×ܽá(300 ×ÖÒÔÉÏ )
1¡¢Ê¹Óà Java/C/C++/C#/Python µÈÓïÑÔ±àд Socket ͨÐųÌÐò¡£ 2¡¢»ùÓÚ TCP µÄ SOCKET ͨÐŲâÊÔ¼°ÑéÖ¤¡£
3¡¢TCP ͨÐŹý³Ì·ÖÎö
µÃ·Ö ÑéÖ¤¼°ÒªÇó
25 ÀûÓà Socket connect ɨÃè×Ô¼º·þÎñÆ÷ÖÁÉÙ 1 ¸ö¶Ë¿Ú 15 ±àд Socket µÄ·þÎñÆ÷¼°¿Í»§¶Ë³ÌÐò
10 ÔÚ¾ÖÓòÍøÄÚ£¬½øÐÐͨÐŲâÊÔ
Ïî ÄÚÈÝ
1 ¶Ë¿ÚɨÃè±à³Ì¼°ÑéÖ¤
2 Socket ±à³Ì
3 Socket ²âÊÔ
4 ´«Êä²ã
10 ·ÖÎöÈý´ÎÎÕÊÖ½¨Á¢Á¬½Ó¹ý³Ì£¬Sequence Number ¼ÆËã ·ÖÐèÎö½«·¢ËÍÊý·¢¾Ý²¼¼°ÖÁÈ·»¥ÈÏÁª¹ýÍø³ÌÒÔ£¬±ãÀÏʦÁÄÌì¼ì²é ¼ÆËã
1 SYN – SYN,ACK – ACK ÑéÖ¤·ÖÎö ±à³Ì²âÊÔ
10 WEB Sequence Number
1030 ·ÖÎöʵËÄÑé´ÎµÄ»Ó×ÜÊÖ½á²ð(3³ý00Á¬×Ö½ÓÒÔ¹ýÉϳ̣¬ÓëSeÉÏqu°ëen²¿ce·ÖNÒ»umÆðbe)r ¼ÆËã
5 WEB SOCKET 2 PSH – SYN
ʵÑé×ܽá 3 Fin,ACK – ACK Fin,ACK – ACK
10 ÖÁÉÙµ¼ÖÂÒ»¸ö RST ²¢ËµÃ÷ÔÒò
5 ·¢ËÍÒ»¸öÖÁÉÙÐèÒª·Ö 2 ¸ö Segment µÄ±¨ÎÄ£¬
Sequence Number ¼ÆËã 1¡¢ÔÚ±¾µØÍø¿¨¶Ô DNS£¬WEB¡¢FTP¡¢SMTP µÄ±¨ÎĽøÐв¶×½
1)¡¢DNS ¼° HTTP ±¨ÎIJ¶×½
4 RST
Î塢ʵÑé²½Öè
5 Segments
¾Ý DNS ¼° WEB ÐÒéͨÐÅÔÀí·ÖÎö£¬ÔÚ¿Í»§¶Ë±¾µØä¯ÀÀÆ÷ÊäÈë www.scnu.edu.cn ·ÃÎÊ »ªÄÏʦ·¶´óѧ¹ÙÍøµÄ¹ý³Ì£¬»á·¢ÏÖËäÈ» DNS µÄ²éѯ Query ¹ý³ÌÊÇÒ»¸öµÝ¹é+µü´úµÄ¹ý³Ì£¬µ«
¸ù
ÔÚ¿Í»§¶Ë±¾µØÍø¿¨Ö»Äܲ¶×½µ½DNSµÄqueryºÍqueryresponse Êý¾Ý£¬Ò²¾ÍÊÇDNSµÄ²éѯºÍÓ¦´ð¹ý
³Ì£¬»¹ÓÐ TCP Èý´ÎÎÕÊÖ¼° HTTP µÄ·ÃÎÊÇëÇó¼°ÏìÓ¦ÇëÇó¹ý³Ì¡£ ¿Í»§¶Ë±¾µØ·ÃÎÊ»¥ÁªÍøµÄʱºòÊý¾ÝºÜ¶à£¬²»ÀûÓÚÐÒé·ÖÎö£¬¿ÉÒÔͨ¹ý¹ýÂ˲¶×½µÄ·½Ê½£¬Ö»Õë¶Ô
±¾µØÓòÃû·þÎñÆ÷ºÍ WEB ·þÎñÆ÷µÄͨÐŹý³Ì½øÐв¶×½£¬Í¨³££¬Ê¹Óà nslookup ¼° ping,tracer route µÈ¹¤¾ß¶¼¿ÉÔÚÒ»¶¨³Ì¶ÈÉϵõ½ WEB ·þÎñÆ÷µÄ IP µØÖ·¡£
ʹÓà Wireshark£¬Sniffer µÈ¹¤¾ßÔÚ¶Ô±¾¹ý³ÌµÄ DNS ·þÎñÆ÷ IP µØÖ·¼° WEB ·þÎñÆ÷ IP µØ Ö·½øÐйýÂË£¬²¶×½±¨ÎÄ¡£²¶×½µ½µÄ±¨ÎÄÈçÏÂ:
´Ëʱ¿ÉÒÔ¿´µ½ query ºÍ query response ±¨ÎÄ£¬TCP Èý´ÎÎÕÊÖ£¬µ«ÊÇ HTTP µÄ Request ºÍ Response ¹ý³Ì È´¿´²»µ½£¬·ÖÎö·¢ÏÖ¸ÃÍøÕ¾²ÉÓÃÁË HTTPS ¶ÔÐÒé¹ý³Ì½øÐÐÁË SSL ¼ÓÃÜ´«Êä(µ±Ç°¾ø´ó²¿·ÖÍøÕ¾²ÉÓÃÁ˼ÓÃÜ ´«Êä)£¬ÎÒÃÇÒª·ÖÎö HTTP µÄ¹ý³Ì£¬¿ÉÒÔÓÐÈýÖÖÑ¡Ôñ:
1 ²¶×½Ò»¸öÆäËûµÄ²»¼ÓÃÜHTTPÍøÕ¾½øÐзÖÎö;
2 ʹÓÃChromeµÈä¯ÀÀÆ÷ÌṩµÄ¿ª·¢Õß¹¤¾ß²é¿´·ÂÕæ;
3 ×ÔÐд¸÷Àà·þÎñÆ÷½øÐÐʵÑ飬ΪÁËÒÔºó½øÐиü¶àÍøÂçʵÑ飬½¨ÒéÊ×Ñ¡×ÔÐдÍø Âç»·¾³¡£
Chrome µÈä¯ÀÀÆ÷ÌṩµÄ¿ª·¢Õß¹¤¾ßÌṩ¶ÔÒƶ¯Öնˣ¬user-agent µÈµÄ·ÂÕ棬¶ÔÓÚÍøÂçÑÐ ¾¿£¬WEB ¿ª·¢¶¼Óкܴó°ïÖú£¬ÏÂͼËùʾΪ·ÂÕæ Ipad Òƶ¯Öն˷ÃÎÊÍøÕ¾µÄ·ÃÎÊÇëÇóºÍÏìÓ¦Çë
Çó¡£
²¶×½µ½×ÔÐдµÄ DNS ºÍ WEB ·þÎñÆ÷µÄ DNS ºÍ HTTP Êý¾ÝÈçÏÂ:(¸ÃÊý¾Ý°üÌṩÔÚ³¬ ÐÇ×ÊÔ´ÇøÏÂÔØ£¬½á¹ûʹÓÃÁË dns.qry.name matches “laozhao” || http||tcp ¹ýÂË)
2)¡¢Email(SMTP ºÍ POP)µÄ±¨ÎIJ¶×½
µ±Ç°Ö÷Á÷µÄ Email ·þÎñ¶¼ÌṩÁ˼ÓÃÜ£¬¿Éͨ¹ý´î½¨ SMTP Óʼþ·þÎñÆ÷£¬ÔÚ¿Í»§¶Ëͨ¹ý
outlook£¬foxmail µÈÓʼþ´úÀí½øÐÐͨÐÅ¡£ÏÂͼËùʾΪ×ÔÐд Email ·þÎñÆ÷Êý¾Ý(¿ÉÔÚ³¬ÐÇ×Ê Ô´ÇøÏÂÔØ)¡£
3)¡¢FTP µÄ±¨ÎIJ¶×½
ÔÚ windows ºÍ linux ϵͳ¿ÉÒÔºÜÇáËɴ FTP ·þÎñÆ÷£¬ÏÂͼËùʾΪ×ÔÐд FTP ·þÎñÆ÷
²¶×½µ½µÄµÇ½ºÍÏÂÔØÊý¾Ý¡£
2¡¢¶ÔÎå²ãÌåϵ½á¹¹¼°Ó¦Óò㱨ÎÄ·ÖÎöÑéÖ¤ 1)¡¢ÑéÖ¤ Internet Îå²ãÐÒéÕ»µÄ PDU ·â×°
Öð²ãµã»÷£¬¼´¿ÉÑéÖ¤Îå²ãÐÒé×Ô¶¥ÏòÏÂÖð²ã·â×°£¬Ò²¿ÉÑé֤ÿ²ã·â×° encapsulate µÄÍ· ²¿ÐÅÏ¢ Header£¬ÈçÏÂͼËùʾ´«Êä²ãµÄ UDP Í·²¿£¬³¤¶È 8£¬°üº¬ÁËÔ´¶Ë¿Ú£¬Ä¿µÄ¶Ë¿Ú£¬
³¤¶È£¬Ð£ÑéºÍ¡£
ÑéÖ¤×Ô¶¥ÏòÏÂÖð²ã·â×°µÄÊý¾Ý´óС:
Êý¾Ý×ܳ¤¶È= 33(DNS query)+ 8(UDP Í·²¿)+ 20(ÍøÂç²ãÍ·²¿)+ 14(ÒÔÌ«Ö¡Í· ²¿)=75Bytes=600bits
DNS query ΪʲôÊÇ 33 ×Ö½Ú£¬ÉÔºóÑéÖ¤¡£ 2)¡¢ÑéÖ¤Ó¦ÓòãÐÒéµÄͨÐŹý³ÌºÍÐÒé·â×°-»ùÓÚ UDP ´«ÊäµÄ DNS
dns query ÓÉ source 192.168.5.57 µÄ port 61230 ·¢Ïò destination 202.96.128.86 µÄ port 53(¹ã¶«µçÐÅ£¬×÷Ϊ±¾µØÓòÃû·þÎñÆ÷)£¬ÔÚÓ¦Óòã·â×°ÁËÈçÏÂÐÅÏ¢:
Í·²¿¹Ì¶¨ 12bytes Questions °üº¬:
Name ÓòÃû:15bytes
Label count ¼¸¼¶ÓòÃû:2 bytes Type ÀàÐÍ A :2 bytes
Class Àà±ð in internet :2 bytes
×ܳ¤:12+15+6=33bytes
dns query response ÓÉ source 202.96.128.86 µÄ port 53 ·¢»Ø±¾µØ destination 192.168.5.57
ÆäËûÐÅÏ¢×ÔÐÐÑéÖ¤¡£
3)¡¢ÑéÖ¤Ó¦ÓòãÐÒéµÄͨÐŹý³ÌºÍÐÒé·â×°-»ùÓÚ TCP ´«ÊäµÄ HTTP ËùÓлùÓÚ TCP ´«ÊäµÄÐÒ鶼»á ½øÐÐÈý´ÎÎÕÊÖÒÔÈ·±£ÃæÏòÁ¬½ÓµÄ¿É¿¿ÐÔ¡£
ÏÂͼËùʾ http request Óë http response ֮ǰ£¬Ê×ÏȽøÐÐÁË TCP Èý´ÎÎÕÊÖ(Èý´ÎÎÕÊÖÔÚÏÂÒ»´Îʵ ÑéÖصã·ÖÎö)£¬ÒÔÏÂÑéÖ¤ÁË http request µÄÔ´µØÖ·Ä¿µÄµØÖ·£¬ÇëÇó·½Ê½¼°ÇëÇóµÄ Header ÄÚÈÝ£¬ÆäÖÐ µÄ Connect Ϊ³Ö¾ÃÁ¬½Ó£¬User-Agent Ôò½«²Ù×÷²Ù×÷ϵͳ°æ±¾Óëä¯ÀÀÆ÷´«µÝ¸øÁË·þÎñÆ÷¡£(·þÎñÆ÷Òª¸ù¾Ý Óû§´úÀíÐÅÏ¢ÏìÓ¦)
ÑéÖ¤ http response ÏìÓ¦ÇëÇ󣬰üº¬ÁË·þÎñÆ÷µÄһϵÁÐÐÅÏ¢£¬»¹Óзµ»ØµÄÒ³Ãæ¡£
4)¡¢ÑéÖ¤Ó¦ÓòãÐÒéµÄͨÐŹý³ÌºÍÐÒé·â×°-»ùÓÚ TCP ´«ÊäµÄ SMTP
¹ýÂË TCP Á÷¿ÉÒÔ¿´µ½ÓÐ SMTP µÄÓʼþÄÚÈÝ£¬ ¿ÉÒÔÑéÖ¤:
SMTP ʹÓà TCP ½øÐÐ Email ÏûÏ¢µÄ¿É¿¿´«Êä ¶Ë¿Ú:25
´«Êä¹ý³ÌµÄÈý¸ö½×¶Î
ÎÕÊÖ — ÏûÏ¢µÄ´«Êä — ¹Ø±Õ ÃüÁî/ÏìÓ¦½»»¥Ä£Ê½ ÃüÁî(command):ASCII Îı¾ ÏìÓ¦(response):״̬ÂëºÍÓï¾ä Email ÏûÏ¢Ö»ÄÜ°üº¬ 7 λ ASCII Âë
3¡¢±àдҳÃ棬¸ù¾Ý¿Í»§¶Ë·þÎñÇëÇóµÄ User-Agent ÐÅÏ¢£¬·µ»Ø²»Í¬ÄÚÈÝ;²¢ÊìÁ·Ê¹Óà session ºÍ cookie£¬²¢ÊìÁ·Ê¹ÓÃÊý¾Ý¿âÁ¬½Ó¼°²Ù×÷
JSP »ñµÃ user-agent:request.getHeader(“user-agent”);»ñµÃ¿Í»§¶Ë IP µØÖ·:request.getRemoteAddr();»ñµÃ
Á¬½Ó¶Ë¿Ú:request.getRemotePort();¿ÉʹÓÃÕýÔò±í´ïʽÅжÏÉ豸:
String iosReg = “ip(hone|od|ad)”; Pattern iosPat = Pattern.compile(iosReg, Pattern.CASE_INSENSITIVE); Matcher matcherIOS = iosPat.matcher(User-Agent);if (matcherIOS.find()) {return true; }
ASP.NET »ñµÃ user-agent: Request.ServerVariables[“HTTP_USER_AGENT”];»ñµÃ¿Í»§¶Ë IP µØÖ·:
Request.ServerVariables[“REMOTE_ADDR”];ʹÓÃÕýÔò±í´ïʽÅжÏÉ豸:
Regex apple = new Regex(“ipod|iphone|ipad”); Match isApple = apple.Match(user-agent); if (isApple.Success){deviceType = “Apple”;}
Ò²¿ÉÒÔʹÓÃרҵµÄ User-Agent ½âÎö¹¤¾ß¿âUAParser.js½øÐнâÎö
±àд¼òµ¥Ò³Ã棬ͨ¹ý¾ÖÓòÍø·ÃÎʲâÊÔ:
ͨ¹ý¾ÖÓòÍø£¬Ê¹Óà ipad ºÍ iphone É豸·ÃÎÊ£¬·µ»ØÐÅÏ¢ÈçÏÂ:
ÈçÎÞÊÖ»úµÈÖÕ¶ËÉ豸²âÊÔ£¬¿ÉÒÔÑ¡Ôñ Chrome ä¯ÀÀÆ÷µÄ¿ª·¢Õß¹¤¾ß£¬·ÂÕæ Android »òÕß Ipad ºÍ Ihone É豸½øÐвâÊÔ¡£
¿Í»§¶Ë User-Agent ÐÅÏ¢¶ÔÓÚÖض¨Ïò£¬Óû§¸öÈËÆ«ºÃ£¬Êý¾ÝÍÚ¾ò£¬¾«×¼ÍÆËÍ£¬ÐÅÏ¢°²È«¶¼ ÓнÏΪÖØÒªµÄÒâÒ壬¿ÉÒÔÔÚÿ´ÎÓû§·ÃÎÊʱ¼Ç¼ÐÅÏ¢£¬ÔÚÊý¾Ý¿â±£´æ£¬²¢½øÐÐͳ¼Æ£¬ÈçÏÂͼ:
Session Óë Cookie µÄÑéÖ¤±È½ÏÄÑÒÔÔÚʵÑ鱨¸æÖÐÌåÏÖ£¬¿ÉÒÔÉêÇëһ̨ÔÆÖ÷»ú(»ùÓÚÔƼÆËãµÄÐéÄâÖ÷ »ú)£¬½«±àдÁË Session Óë Cookie µÄÍøÕ¾·¢²¼ÔÚ»¥ÁªÍø£¬·½±ãÀÏʦ¼ìÑé¡£
(¶þ)Socket ±à³Ì²¿·Ö
1¡¢¶Ë¿ÚɨÃè±à³Ì¼°ÑéÖ¤
¶Ë¿ÚɨÃèÊÇ»ùÓÚ Socket º¯ÊýµÄÓ¦Óã¬Ò»°ãͨ¹ý Socket connect Á¬½Ó·þÎñÆ÷¶Ë¿Ú£¬½¨Á¢³É
¹¦£¬¾Í˵Ã÷¶Ô·½¿ª·ÅÁ˸ö˿ڣ¬¶ÔÓÚÁ˽â·þÎñÆ÷¿ªÆôÁËÄÇЩÍøÂç·þÎñ±È½ÏÓÐÓᣠĿǰÖ÷ÒªµÄɨÃèÓÐ TCP connect() ¡¢TCP SYN¡¢TCP FIN µÈ£¬ÕâЩɨÃè¶ÔÓÚÕæʵµÄÉú ²ú»·¾³µÄÍøÂ簲ȫÔì³ÉÒ»¶¨µÄÍþв£¬É¨ÃèµÄ²âÊÔ¼°ÑéÖ¤Ó¦×Ô¼º´î½¨ÐéÄâ·þÎñÆ÷½øÐС£±à³ÌºÍ ²âÊÔÈçÏÂ:
2¡¢Socket ͨÐűà³Ì
µ±Ç°Ö÷ÒªµÄ Socket ±à³ÌÖ÷ÒªÓÐ SOCK_STREAM (TCP)¡¢ SOCK_DGRAM (UDP)£¬SOCK_RAW£¬ÒªÇóÍê³É»ùÓÚ TCP µÄ Socket ͨÐÅ£¬°üÀ¨ server ºÍ client ²¿·Ö£¬Óà C¡¢C++¡¢C#¡¢JAVA ºÍ Python ʵÏÖ¶¼¿ÉÒÔ£¬±ØÐëÓÐÁ¬½Ó½¨Á¢£¬Êý¾Ý´«Êä¼°Á¬½Ó²ð³ý¹ý³Ì¡£ ÔÚ×÷Òµ±¨¸æÖÐÌù³öºËÐÄ´úÂë¼´¿É¡£
²âÊÔ¹ý³ÌʾÀýÈçͼ:
4¡¢´«Êä²ãÐÒ鼰ͨÐŹý³Ì·ÖÎö ΪÁËÑéÖ¤¼°·ÖÎö´«Êä²ãÐÒ鼰ͨÐŹý³Ì£¬Ó¦ÔÚ·þÎñÆ÷ºÍ¿Í»§¶ËÖ®¼äÖÁÉÙ·¢ËÍÒ»ÌõÊý¾Ý(½¨Òé°ü º¬Ñ§ºÅºÍÐÕÃû)£¬²¢ÇÒÓÉÍ˳ö¼°¹Ø±ÕÁ¬½Ó£¬ÔÚ SocketServer »òÕß SocketClient ËùÔÚµÄÍø¿¨½øÐÐ ±¨ÎIJ¶×½£¬±¨ÎÄÄÚÈÝÓ¦°üº¬Èý´ÎÎÕÊÖ½¨Á¢Á¬½Ó¹ý³Ì¡¢Êý¾Ý·¢Ëͼ°È·ÈÏ£¬ËĴλÓÊÖ²ð³ýÁ¬½Ó¹ý ³Ì¡£
ʾÀýÈçÏÂ:
·Ö ÎöÕâÈý¸ö¹ý³Ì£¬²¢¼ÆËã Sequence Number¡£·ÖÎö¹ý³Ì¼°Ðò ÁкżÆËã ʾÀýÈçͼËùʾ:
5¡¢Segment ·Ö¶Î²âÊÔÑéÖ¤
×¼±¸Ò»¸ö´óÓÚ 1460 ±¶ÊýµÄ×Ö·û´®£¬½øÐÐ TCP ´«Ê䣬ÔÚ·þÎñÆ÷»ò¿Í »§¶Ë²¶×½±¨ÎÄ£¬²¢½øÐзÖÎö¡£
ʾÀýÈçͼ£¬×¼±¸ÁËÒ»¸ö 2950 µÄ×Ö·û´®£¬Ã¿ 1460 Ìáʾ OK ½áÊø£¬ ¿ÉÒÔ¿´µ½Êý¾Ý 2950 ±»·ÖΪ 3 ¸ö segment ´«Ê䣬·Ö±ðΪ 1460£¬1460£¬ 30£¬È·ÈϺÅÊÇÔÚÐòÁкŻù´¡ÉÏ¼Ó 2950£¬¾ßÌå¹ý³ÌÈçͼ¡£
HTTP ÐÒéÊǵ¥ÏòµÄÍøÂçÐÒ飬½¨Á¢Á¬½ÓºóÖ»ÔÊÐíä¯ÀÀÆ÷Ïò·þÎñÆ÷·¢ ³öÇëÇóºó£¬·þÎñÆ÷²ÅÄÜ·µ»Ø±¾ºÍ¸ºÔعý´ó¡£
WebSocket ÐèÒª·þÏàÓ¦µÄÊý¾Ý¡£ÔÚ¼´Ê±Í¨Ñ¶Ê±£¬ÂÖѯʱ¼ä¼ä¸ô£¬½ø Ðн»»¥¡£È±µãÊÇÐèÒª²»¶ÏµÄ·¢ËÍÇëÇ󣬶øÇÒͨ³£ÓÉÉϰ벿·ÖÎÒÃÇÖªµÀ HTTP request µÄHeader ÊǷdz£³¤µÄ£¬ÎªÁË´«ÊäÒ»¸öºÜСµÄÊý¾ÝÐèÒª¸½¼Ó ¹ý³¤µÄ¿ØÖÆÐÅÏ¢£¬´«Êä³ÉÎñÆ÷ºÍä¯ÀÀÆ÷ͨ¹ý HTTP ÐÒé½øÐÐÒ»¸öÎÕÊֵĶ¯ ×÷£¬È»ºóµ¥¶À½¨Á¢Ò»Ìõ TCP
µÄͨÐÅͨµÀ½øÐÐÊý¾ÝµÄ´«
ËÍ£¬¼õÉÙ´«Êä³É±¾ºÍ¸ºÔØ¡£
WEBSOCKET µÄʵÏÖ²âÊÔÈç
ͼ:ÐèÒª½«·þÎñÆ÷²¿ÊðÔÚÔÆ
Ö÷»úÉÏ£¬ÒÔ±ãÀÏʦ¼ì²é¡£
Áù¡¢×¢ÒâÊÂÏî
1¡¢wireshark µÄ²¶×½Ó¦¸ÃÑ¡ÔñÓ¦ÓòãÐÒé·¢ÉúµÄÍø¿¨
2¡¢ÕýȷʹÓùýÂËÓï¾ä½øÐÐÏàÓ¦¹ýÂË
3¡¢¾¡¿ÉÄÜÊéдһ¸ö¼òµ¥µÄ TCP Socket£¬×¢ÖØ·ÖÎö TCP ͨÐŹý³Ì¡£ 4¡¢Socket ±à³Ì¾¡¿ÉÄÜÍêÕû£¬ÌåÏÖÁ¬½Ó½¨Á¢£¬Êý¾ÝͨѶ£¬Á¬½Ó²ð³ýµÄ¹ý³Ì¡£
Æß¡¢Ë¼¿¼Ìâ
HTTPS ²ÉÓà SSL ´«Êä¼ÓÃÜ´«Êä HTTP ÐÒ飬Çë³¢ÊÔ·ÖÎö SSL µÄ¹ý³Ì¡£ 1¡¢¾¡¿ÉÄÜÊéдһ¸ö¼òµ¥µÄ TCP Socket£¬×¢ÖØ·ÖÎö TCP ͨÐŹý³Ì¡£
2¡¢Socket ±à³Ì¾¡¿ÉÄÜÍêÕû£¬ÌåÏÖÁ¬½Ó½¨Á¢£¬Êý¾ÝͨѶ£¬Á¬½Ó²ð³ýµÄ¹ý³Ì¡£
3¡¢Ö÷Á÷ Socket ͨÐÅÊÇ»ùÓÚ TCP ͨÐÅµÄ £¬ÔÚ TCP ͨÐÅÖо³£»áÀûÓÃͨÐŹý³Ì½øÐй¥
»÷£¬»ùÓÚ TCP ´«ÊäµÄ³£¼û¹¥»÷ÓÐ:SYN Flood£¬RST ¹¥»÷µÈ¡£Çë˼¿¼ÊµÏÖ¹¥»÷µÄ·½·¨ºÍ·ÀÓù·½ ·¨¡£