红杉树(ecitnet)的博客

键盘时常跟不上思路......

国内部分软件网络通讯协议分析(含特征码)

我以前做了近百个国内外网络常用软件的协议分析,如QQ,BT,MSN等,现在晒出部分供网友参考,如有人和我分析的不同,请顶贴告知,谢谢广大网友参与.

我暂时研究的协议列表如下:

#patname type port packet.dat
QQ_TCP 2 0 2.dat
QQ_UDP 5 0 1.dat
MSN 2 1863 
YAHOO 2 0 7.dat
OSCAR 2 0 8.dat
Skype_UDP 5 0 15.dat
UC_TCP 2 0 19.dat
UC_UDP 5 3001-3002 
POPO_TCP 0 0 23.dat
ET_UDP 5 10000-10001 
WangWang_TCP 2 0 36.dat
MaoYiTong 2 0 38.dat
IRC_TCP 2 6667 
Ventrilo_TCP 0 0 48.dat
TeamSpeak_UDP 3 0 49.dat
RogerWilco_TCP 2 3782 
RogerWilco_UDP 5 3782 
PeerMe_TCP 2 5112 
OpenH323 2 1720 
GameComm_TCP 2 12535 
GoogleTalk_TCP 2 5222 
HTTP 0 0 9.dat
BT_TCP 2 0 4.dat
XUNLEI_TCP 2 3076 
XUNLEI_UDP 5 3076 
AppleJuice_TCP 0 0 6.dat
Ares 2 15983 
ARES_TCP 0 0 21.dat
Edonkey_TCP 2 0 25.dat
DirectConnect 2 0 26.dat
Gnutella 2 6346,6348 
Gnutella2_TCP 2 0 77.dat
Gnutella2_UDP 5 6346 
IMesh_TCP 0 0 33.dat
Mute 2 4900 
Poco_TCP 2 5354 
Poco_UDP 5 9091,9099 
KCeasy 2 0 41.dat
Soulseek_TCP 2 2240 
Piolet_UDP 5 41170 
PeerCast_TCP 2 7144 
earthStation5_UDP 5 37 
EarthStation_5 2 1002 
Filetopia_TCP 1 0 56.dat
GNUnet_TCP 0 0 57.dat
Groove_TCP 0 0 60.dat
JXTA_TCP 2 0 61.dat
Mnet_TCP 2 22088 
KAMUN_UDP 5 9000,9500 
kubao 2 9292 
TuoTu_TCP 2 3000,3306 
RealLink_UDP 5 30001 
BaiZhao_UDP 5 6600 
BaiDuX_TCP 2 11111-11113 
BaiDuX_UDP 5 11111-11113 
QQ_Game 2 0 16.dat
LianZhong_TCP 2 2000-2002 
ChinaGames 2 8000 
KeLe8 2 10006,10020 
MXD_TCP 2 8086,8484,8585 
HaoFang 2 1203 
FTP 2 21 
QQFTP_UDP2 3 0 82.dat
QQFTP_TCP 0 0 30.dat
QQSHARE 1 0 31.dat
OSCARFTP 2 0 62.dat
MSNFTPUDP 5 0 75.dat
MSNFTPTCP 2 0 76.dat
OFT2_3 2 0 84.dat
OSCARFTP2 2 0 83.dat
SOCK4 0 0 13.dat
SOCK5 0 0 14.dat
HTTPS 0 0 64.dat
WinSCP2 2 0 65.dat
SMTP 2 25 
POP3 2 110 
RealPlayer 0 0 43.dat
FreeCast_TCP 2 1666 
FreeCast_UDP 5 3478 
PPLive_TCP 0 0 66.dat
QQLive_UDP 3 0 71.dat

我都是写在xml中的,数据包都通过测试的. 先具体列几个大家看看.

 1.迅雷 

<?xml version="1.0" encoding="ISO-8859-1"?>

<Config>
        <CatagoryList>
                <Catagory>
                        <Name>P2P</Name>                                                 // 软件所属类别名称为p2p类
                        <Protocol>
                                <Name>XUNLEI</Name>                                 //软件名称迅雷
                                <Block>1</Block>                                               //可以实现监控并封堵
                                <Desc>迅雷</Desc>                                         //软件中文描述
                                <Pattern>
                                        <Name>XUNLEI_TCP</Name>            //迅雷的TCP通讯方式
                                        <Desc>迅雷下载</Desc>                        //中文描述
                                        <Type>0</Type>                                       //TCP所属类别归为0
                                        <Offset>0</Offset>                                  //可以封堵标志为0
                                        <Start>29</Start>                                    //特征码开始标志
                                        <Pattype>0</Pattype>                            //通过特征码匹配
                                        <Pat>^/x29/x00/x00/x00</Pat>             //可以实现匹配的特征码节选
                                </Pattern>
                        </Protocol>
                </Catagory>
        </CatagoryList>
  </Config>

 2.电驴eDonkey(电骡)

  <?xml version="1.0" encoding="ISO-8859-1"?>
  <Config>
        <CatagoryList>
                <Catagory>
                        <Name>P2P</Name>
                        <Protocol>
                                <Name>Edonkey</Name>
                                <Block>1</Block>
                                <Desc>电驴</Desc>
                                <Pattern>
                                        <Name>Edonkey_TCP</Name>
                                        <Desc>电驴TCP方式</Desc>
                                        <Type>2</Type>
                                        <Offset>0</Offset>
                                        <Start>e3</Start>
                                        <Pattype>0</Pattype>
                                        <Pat>^/xe3.{1}/x00/x00/x00</Pat>
                                </Pattern>
                        </Protocol>
                </Catagory>
        </CatagoryList>
  </Config>

3.新浪UC

  <?xml version="1.0" encoding="ISO-8859-1"?>
  <Config>
        <CatagoryList>
                <Catagory>
                        <Name>IM</Name>
                        <Protocol>
                                <Name>UC</Name>
                                <Block>1</Block>
                                <Desc>新浪UC</Desc>
                                <Pattern>
                                        <Name>UC_TCP</Name>
                                        <Desc>UC TCP方式</Desc>
                                        <Type>2</Type>
                                        <Offset>0</Offset>
                                        <Start>01</Start>
                                        <Pattype>0</Pattype>
                                        <Pat>^/x01/x02/x03</Pat>
                                </Pattern>
    <Pattern>
                                        <Name>UC_UDP</Name>
                                        <Desc>UC UDP方式</Desc>
                                        <Type>5</Type>
                                        <Offset>0</Offset>
                                        <Start></Start>
                                        <Pattype>1</Pattype>
                                        <Pat>3001</Pat>
                                </Pattern>
    <Pattern>
                                        <Name>UC_UDP</Name>
                                        <Desc>UC UDP方式</Desc>
                                        <Type>5</Type>
                                        <Offset>0</Offset>
                                        <Start></Start>
                                        <Pattype>1</Pattype>
                                        <Pat>3002</Pat>
                                </Pattern>
                        </Protocol>
                </Catagory>
        </CatagoryList>
  </Config>

4.浩方对战平台
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <Config>
        <CatagoryList>
                <Catagory>
                        <Name>GAME</Name>
                        <Protocol>
                                <Name>HAOFANG</Name>
                                <Block>1</Block>
                                <Desc>浩方对战平台</Desc>
                                <Pattern>
                                        <Name>HaoFang</Name>
                                        <Desc>HaoFang</Desc>
                                        <Type>2</Type>
                                        <Offset>0</Offset>
                                        <Start></Start>
                                        <Pattype>1</Pattype>
                                        <Pat>1203</Pat>
                                </Pattern>
                        </Protocol>
                </Catagory>
        </CatagoryList>
  </Config>
5.QQ游戏
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <Config>
        <CatagoryList>
                <Catagory>
                        <Name>GAME</Name>
                        <Protocol>
                                <Name>QQ_GAME</Name>
                                <Block>1</Block>
                                <Desc>QQ游戏</Desc>
                                <Pattern>
                                        <Name>QQ_Game</Name>
                                        <Desc>qq游戏</Desc>
                                        <Type>2</Type>
                                        <Offset>2</Offset>
                                        <Start>2d</Start>
                                        <Pattype>0</Pattype>
                                        <Pat>^/x2d/x00(/x00/x00|/xff/xff)</Pat>
                                </Pattern>
                        </Protocol>
                </Catagory>
        </CatagoryList>
  </Config>

先发这5个供网友参考,如果需要其他的,网友可以提出来,大家一起研究.

阅读更多
个人分类: 网络与信息安全
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

不良信息举报

国内部分软件网络通讯协议分析(含特征码)

最多只允许输入30个字

加入CSDN,享受更精准的内容推荐,与500万程序员共同成长!
关闭
关闭