热门标签
热门文章
- 1ElasticSearch常见用法,看这一篇就够了
- 2记录安装Nodejs和HBuilderX搭建、部署微信小程序开发环境(一)_如何配置和安装hbulder与微信小程序开发工具
- 3php textrank,textrank-jieba 算法复现
- 4项目打包上传到linux系统_项目打包后上传到linux服务器
- 5国行 lg g3 D858 刷 lg g3 D858hk 教程(备忘)
- 6什么是虚拟内存?_虚拟内存是指外存的一部分,可以解决内存不足的问题,它按照外存的管理方式进行管理
- 7java Flink(四十二)Flink的序列化以及TypeInformation介绍(源码分析)
- 8AI 数字人短视频变现及引流,轻松掌握流量密码_独特的ai数字人播报视频引流
- 9机器学习中的无监督学习是什么?
- 10representation learning 表示学习_张似衡
当前位置: article > 正文
Python 使用dpkt提取五元组_bad_certificate_status_response
作者:很楠不爱3 | 2024-03-06 18:43:21
赞
踩
bad_certificate_status_response
这个是在实习期间做的一个小程序,用来提取包的五元组。提取包可以用wireshark进行保存,也可以使用师兄开发的程序Streamdump进行抓包,格式为pcap
这个程序的目的是抓取五元组:目的IP,目的端口,源地址,源端口以及ServerName。也可以作其他修改,提取需要的东西。
存在一些奇怪的包是解析不出来的,那些奇怪的包我还以为是我的程序有错误,特意把包的地址放在了数据库字段中,经查阅确实是奇怪的包。
以下是三个Python文件源代码,笔者只是简单写了一下,望指教
# PraseTLS.py import socket import struct import dpkt from constants import PRETTY_NAMES from binascii import hexlify def parse_tcp_packet(tcp): """ Parses TCP packet :param tcp: :return: """ # stream={} if len(tcp.data): if tcp.data[0] in set((20,21,22)): stream=tcp.data #parse_tls_records(stream) # print(name) else: return '' else: return '' str1=parse_tls_records(stream) #print(str1) return str1 def parse_tls_records(stream): """ Parse TLS Records :param stream: :return: """ try: records,bytes_used=dpkt.ssl.tls_multi_factory(stream) except dpkt.ssl.SSL3Exception as exception: return '' for record in records: record_type=pretty_name('tls_record',record.type) if record_type=='handshake': str1=parse_tls_handshake(record.data) return str1 return '' def parse_tls_handshake(data): """ Parses TLS Handshake message contained in data according to their type. """ try: handshake_type = ord(data[:1]) if handshake_type == 4: #print('[#] New Session Ticket is not implemented yet') return '' else: handshake = dpkt.ssl.TLSHandshake(data) except dpkt.ssl.SSL3Exception as exception: return '' except dpkt.dpkt.NeedData as exception: return '' if handshake.type == 1: str1=parse_client_hello(handshake) #print(str1) return str1 else: return '' def parse_client_hello(handshake): # compressions = [] # cipher_suites = [] # extensions = [] payload = handshake.data.data session_id, payload = unpacker('p', payload) cipher_suites, pretty_cipher_suites = parse_extension(payload, 'cipher_suites') # consume 2 bytes for each cipher suite plus 2 length bytes payload = payload[(len(cipher_suites) * 2) + 2:] compressions, pretty_compressions = parse_extension(payload, 'compression_methods') # consume 1 byte for each compression method plus 1 length byte payload = payload[len(compressions) + 1:] str1 = parse_extensions(payload) #print(str) return str1 def parse_extensions(payload): """ Parse data as one or more TLS extensions. """ extensions = [] serverName='' if len(payload) <= 0: return '' extensions_len, payload = unpacker('H', payload) while len(payload) > 0: extension = Extension(payload) extensions.append(extension) serverName = extension.PrintSeverName() if len(serverName): #print(serverName) break # consume 2 bytes for type and 2 bytes for length payload = payload[extension._length + 4:] return serverName class Extension(object): """ Encapsulates TLS extensions. """ def __init__(self, payload): self._type_id, payload = unpacker('H', payload) self._type_name = pretty_name('extension_type', self._type_id) self._length, payload = unpacker('H', payload) # Data contains an array with the 'raw' contents self._data = None # pretty_data contains an array with the 'beautified' contents self._pretty_data = None if self._length > 0: self._data, self._pretty_data = parse_extension(payload[:self._length], self._type_name) def PrintSeverName(self): # Prints out data array in textual format if self._type_name=='server_name': return self._pretty_data[0][2:-1] #return '{0}: {1}'.format(self._type_name, self._pretty_data) return '' def parse_extension(payload, type_name): """ Parses an extension based on the type_name. Returns an array of raw values as well as an array of prettified values. """ entries = [] pretty_entries = [] format_list_length = 'H' format_entry = 'B' list_length = 0 if type_name == 'elliptic_curves': format_list_length = 'H' format_entry = 'H' if type_name == 'ec_point_formats': format_list_length = 'B' if type_name == 'compression_methods': format_list_length = 'B' format_entry = 'B' if type_name == 'heartbeat': format_list_length = 'B' format_entry = 'B' if type_name == 'next_protocol_negotiation': format_entry = 'p' else: if len(payload) > 1: # contents are a list list_length, payload = unpacker(format_list_length, payload) if type_name == 'status_request' or type_name == 'status_request_v2': _type, payload = unpacker('B', payload) format_entry = 'H' if type_name == 'padding': return payload, hexlify(payload) if type_name == 'SessionTicket_TLS': return payload, hexlify(payload) if type_name == 'cipher_suites': format_entry = 'H' if type_name == 'supported_groups': format_entry = 'H' if type_name == 'signature_algorithms': format_entry = 'H' if type_name == 'cipher_suites': format_entry = 'H' if list_length: payload = payload[:list_length] while (len(payload) > 0): if type_name == 'server_name': _type, payload = unpacker('B', payload) format_entry = 'P' if type_name == 'application_layer_protocol_negotiation': format_entry = 'p' entry, payload = unpacker(format_entry, payload) entries.append(entry) if type_name == 'signature_algorithms': pretty_entries.append('{0}-{1}'. format(pretty_name ('signature_algorithms_hash', entry >> 8), pretty_name('signature_algorithms_signature', entry % 256))) else: if format_entry.lower() == 'p': pretty_entries.append(entry) else: pretty_entries.append(pretty_name(type_name, entry)) return entries, pretty_entries def unpacker(type_string, packet): """ Returns network-order parsed data and the packet minus the parsed data. """ if type_string.endswith('H'): length = 2 if type_string.endswith('B'): length = 1 if type_string.endswith('P'): # 2 bytes for the length of the string length, packet = unpacker('H', packet) type_string = '{0}s'.format(length) if type_string.endswith('p'): # 1 byte for the length of the string length, packet = unpacker('B', packet) type_string = '{0}s'.format(length) data = struct.unpack('!' + type_string, packet[:length])[0] if type_string.endswith('s'): data = ''.join(str(data)) return data, packet[length:] def pretty_name(name_type, name_value): """Returns the pretty name for type name_type.""" if name_type in PRETTY_NAMES: if name_value in PRETTY_NAMES[name_type]: name_value = PRETTY_NAMES[name_type][name_value] else: name_value = '{0}: unknown value {1}'.format(name_value, name_type) else: name_value = 'unknown type: {0}'.format(name_type) return name_value
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
# constants.py PRETTY_NAMES = { 'alert_level': { 1: 'warning', 2: 'fatal' }, 'alert_description': { 0: 'close_notify', 10: 'unexpected_message', 20: 'bad_record_mac', 21: 'decryption_failed', 22: 'record_overflow', 30: 'decompression_failure', 40: 'handshake_failure', 41: 'no_certificate', 42: 'bad_certificate', 43: 'unsupported_certificate', 44: 'certificate_revoked', 45: 'certificate_expired', 46: 'certificate_unknown', 47: 'illegal_parameter', 48: 'unknown_ca', 49: 'access_denied', 50: 'decode_error', 51: 'decrypt_error', 60: 'export_restriction', 70: 'protocol_version', 71: 'insufficient_security', 80: 'internal_error', 86: 'inappropriate_fallback', 90: 'user_canceled', 100: 'no_renegotiation', 110: 'unsupported_extension', 111: 'certificate_unobtainable', 112: 'unrecognized_name', 113: 'bad_certificate_status_response', 114: 'bad_certificate_hash_value', 115: 'unknown_psk_identity' }, 'cipher_suites': { 0x010080: 'SSL_CK_RC4_128_WITH_MD5', 0x020080: 'SSL_CK_RC4_128_EXPORT40_WITH_MD5', 0x030080: 'SSL_CK_RC2_128_CBC_WITH_MD5 ', 0x040080: 'SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5', 0x050080: 'SSL_CK_IDEA_128_CBC_WITH_MD5', 0x060040: 'SSL_CK_DES_64_CBC_WITH_MD5', 0x0700C0: 'SSL_CK_DES_192_EDE3_CBC_WITH_MD5', 0x080080: 'SSL_CK_RC4_64_WITH_MD5', 0x00: 'TLS_NULL_WITH_NULL_NULL', 0x01: 'TLS_RSA_WITH_NULL_MD5', 0x02: 'TLS_RSA_WITH_NULL_SHA', 0x03: 'TLS_RSA_EXPORT_WITH_RC4_40_MD5', 0x04: 'TLS_RSA_WITH_RC4_128_MD5', 0x05: 'TLS_RSA_WITH_RC4_128_SHA', 0x06: 'TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5', 0x07: 'TLS_RSA_WITH_IDEA_CBC_SHA', 0x08: 'TLS_RSA_EXPORT_WITH_DES40_CBC_SHA', 0x09: 'TLS_RSA_WITH_DES_CBC_SHA', 0x0A: 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', 0x0B: 'TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA', 0x0C: 'TLS_DH_DSS_WITH_DES_CBC_SHA', 0x0D: 'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA', 0x0E: 'TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA', 0x0F: 'TLS_DH_RSA_WITH_DES_CBC_SHA', 0x10: 'TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA', 0x11: 'TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA', 0x12: 'TLS_DHE_DSS_WITH_DES_CBC_SHA', 0x13: 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA', 0x14: 'TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA', 0x15: 'TLS_DHE_RSA_WITH_DES_CBC_SHA', 0x16: 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA', 0x17: 'TLS_DH_anon_EXPORT_WITH_RC4_40_MD5', 0x18: 'TLS_DH_anon_WITH_RC4_128_MD5', 0x19: 'TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA', 0x1A: 'TLS_DH_anon_WITH_DES_CBC_SHA', 0x1B: 'TLS_DH_anon_WITH_3DES_EDE_CBC_SHA', 0x1E: 'TLS_KRB5_WITH_DES_CBC_SHA', 0x1F: 'TLS_KRB5_WITH_3DES_EDE_CBC_SHA', 0x20: 'TLS_KRB5_WITH_RC4_128_SHA', 0x21: 'TLS_KRB5_WITH_IDEA_CBC_SHA', 0x22: 'TLS_KRB5_WITH_DES_CBC_MD5', 0x23: 'TLS_KRB5_WITH_3DES_EDE_CBC_MD5', 0x24: 'TLS_KRB5_WITH_RC4_128_MD5', 0x25: 'TLS_KRB5_WITH_IDEA_CBC_MD5', 0x26: 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA', 0x27: 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA', 0x28: 'TLS_KRB5_EXPORT_WITH_RC4_40_SHA', 0x29: 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5', 0x2A: 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5', 0x2B: 'TLS_KRB5_EXPORT_WITH_RC4_40_MD5', 0x2C: 'TLS_PSK_WITH_NULL_SHA', 0x2D: 'TLS_DHE_PSK_WITH_NULL_SHA', 0x2E: 'TLS_RSA_PSK_WITH_NULL_SHA', 0x2F: 'TLS_RSA_WITH_AES_128_CBC_SHA', 0x30: 'TLS_DH_DSS_WITH_AES_128_CBC_SHA', 0x31: 'TLS_DH_RSA_WITH_AES_128_CBC_SHA', 0x32: 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA', 0x33: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', 0x34: 'TLS_DH_anon_WITH_AES_128_CBC_SHA', 0x35: 'TLS_RSA_WITH_AES_256_CBC_SHA', 0x36: 'TLS_DH_DSS_WITH_AES_256_CBC_SHA', 0x37: 'TLS_DH_RSA_WITH_AES_256_CBC_SHA', 0x38: 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA', 0x39: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', 0x3A: 'TLS_DH_anon_WITH_AES_256_CBC_SHA', 0x3B: 'TLS_RSA_WITH_NULL_SHA256', 0x3C: 'TLS_RSA_WITH_AES_128_CBC_SHA256', 0x3D: 'TLS_RSA_WITH_AES_256_CBC_SHA256', 0x3E: 'TLS_DH_DSS_WITH_AES_128_CBC_SHA256', 0x3F: 'TLS_DH_RSA_WITH_AES_128_CBC_SHA256', 0x40: 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256', 0x41: 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA', 0x42: 'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA', 0x43: 'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA', 0x44: 'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA', 0x45: 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA', 0x46: 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA', 0x60: 'TLS_RSA_EXPORT1024_WITH_RC4_56_MD5', 0x61: 'TLS_RSA_EXPORT1024_WITH_RC2_56_MD5', 0x62: 'TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA', 0x63: 'TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA', 0x64: 'TLS_RSA_EXPORT1024_WITH_RC4_56_SHA', 0x65: 'TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA', 0x66: 'TLS_DHE_DSS_WITH_RC4_128_SHA', 0x67: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', 0x68: 'TLS_DH_DSS_WITH_AES_256_CBC_SHA256', 0x69: 'TLS_DH_RSA_WITH_AES_256_CBC_SHA256', 0x6A: 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256', 0x6B: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256', 0x6C: 'TLS_DH_anon_WITH_AES_128_CBC_SHA256', 0x6D: 'TLS_DH_anon_WITH_AES_256_CBC_SHA256', 0x80: 'TLS_GOSTR341094_WITH_28147_CNT_IMIT', 0x81: 'TLS_GOSTR341001_WITH_28147_CNT_IMIT', 0x82: 'TLS_GOSTR341094_WITH_NULL_GOSTR3411', 0x83: 'TLS_GOSTR341001_WITH_NULL_GOSTR3411', 0x84: 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA', 0x85: 'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA', 0x86: 'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA', 0x87: 'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA', 0x88: 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA', 0x89: 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA', 0x8A: 'TLS_PSK_WITH_RC4_128_SHA', 0x8B: 'TLS_PSK_WITH_3DES_EDE_CBC_SHA', 0x8C: 'TLS_PSK_WITH_AES_128_CBC_SHA', 0x8D: 'TLS_PSK_WITH_AES_256_CBC_SHA', 0x8E: 'TLS_DHE_PSK_WITH_RC4_128_SHA', 0x8F: 'TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA', 0x90: 'TLS_DHE_PSK_WITH_AES_128_CBC_SHA', 0x91: 'TLS_DHE_PSK_WITH_AES_256_CBC_SHA', 0x92: 'TLS_RSA_PSK_WITH_RC4_128_SHA', 0x93: 'TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA', 0x94: 'TLS_RSA_PSK_WITH_AES_128_CBC_SHA', 0x95: 'TLS_RSA_PSK_WITH_AES_256_CBC_SHA', 0x96: 'TLS_RSA_WITH_SEED_CBC_SHA', 0x97: 'TLS_DH_DSS_WITH_SEED_CBC_SHA', 0x98: 'TLS_DH_RSA_WITH_SEED_CBC_SHA', 0x99: 'TLS_DHE_DSS_WITH_SEED_CBC_SHA', 0x9A: 'TLS_DHE_RSA_WITH_SEED_CBC_SHA', 0x9B: 'TLS_DH_anon_WITH_SEED_CBC_SHA', 0x9C: 'TLS_RSA_WITH_AES_128_GCM_SHA256', 0x9D: 'TLS_RSA_WITH_AES_256_GCM_SHA384', 0x9E: 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', 0x9F: 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 0xA0: 'TLS_DH_RSA_WITH_AES_128_GCM_SHA256', 0xA1: 'TLS_DH_RSA_WITH_AES_256_GCM_SHA384', 0xA2: 'TLS_DHE_DSS_WITH_AES_128_GCM_SHA256', 0xA3: 'TLS_DHE_DSS_WITH_AES_256_GCM_SHA384', 0xA4: 'TLS_DH_DSS_WITH_AES_128_GCM_SHA256', 0xA5: 'TLS_DH_DSS_WITH_AES_256_GCM_SHA384', 0xA6: 'TLS_DH_anon_WITH_AES_128_GCM_SHA256', 0xA7: 'TLS_DH_anon_WITH_AES_256_GCM_SHA384', 0xA8: 'TLS_PSK_WITH_AES_128_GCM_SHA256', 0xA9: 'TLS_PSK_WITH_AES_256_GCM_SHA384', 0xAA: 'TLS_DHE_PSK_WITH_AES_128_GCM_SHA256', 0xAB: 'TLS_DHE_PSK_WITH_AES_256_GCM_SHA384', 0xAC: 'TLS_RSA_PSK_WITH_AES_128_GCM_SHA256', 0xAD: 'TLS_RSA_PSK_WITH_AES_256_GCM_SHA384', 0xAE: 'TLS_PSK_WITH_AES_128_CBC_SHA256', 0xAF: 'TLS_PSK_WITH_AES_256_CBC_SHA384', 0xB0: 'TLS_PSK_WITH_NULL_SHA256', 0xB1: 'TLS_PSK_WITH_NULL_SHA384', 0xB2: 'TLS_DHE_PSK_WITH_AES_128_CBC_SHA256', 0xB3: 'TLS_DHE_PSK_WITH_AES_256_CBC_SHA384', 0xB4: 'TLS_DHE_PSK_WITH_NULL_SHA256', 0xB5: 'TLS_DHE_PSK_WITH_NULL_SHA384', 0xB6: 'TLS_RSA_PSK_WITH_AES_128_CBC_SHA256', 0xB7: 'TLS_RSA_PSK_WITH_AES_256_CBC_SHA384', 0xB8: 'TLS_RSA_PSK_WITH_NULL_SHA256', 0xB9: 'TLS_RSA_PSK_WITH_NULL_SHA384', 0xBA: 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256', 0xBB: 'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256', 0xBC: 'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256', 0xBD: 'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256', 0xBE: 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256', 0xBF: 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256', 0xC0: 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256', 0xC1: 'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256', 0xC2: 'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256', 0xC3: 'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256', 0xC4: 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256', 0xC5: 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256', 0xFF: 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV', 0x5600: 'TLS_FALLBACK_SCSV', 0xC001: 'TLS_ECDH_ECDSA_WITH_NULL_SHA', 0xC002: 'TLS_ECDH_ECDSA_WITH_RC4_128_SHA', 0xC003: 'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA', 0xC004: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA', 0xC005: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA', 0xC006: 'TLS_ECDHE_ECDSA_WITH_NULL_SHA', 0xC007: 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', 0xC008: 'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA', 0xC009: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', 0xC00A: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', 0xC00B: 'TLS_ECDH_RSA_WITH_NULL_SHA', 0xC00C: 'TLS_ECDH_RSA_WITH_RC4_128_SHA', 0xC00D: 'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA', 0xC00E: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA', 0xC00F: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA', 0xC010: 'TLS_ECDHE_RSA_WITH_NULL_SHA', 0xC011: 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', 0xC012: 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', 0xC013: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 0xC014: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 0xC015: 'TLS_ECDH_anon_WITH_NULL_SHA', 0xC016: 'TLS_ECDH_anon_WITH_RC4_128_SHA', 0xC017: 'TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA', 0xC018: 'TLS_ECDH_anon_WITH_AES_128_CBC_SHA', 0xC019: 'TLS_ECDH_anon_WITH_AES_256_CBC_SHA', 0xC01A: 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA', 0xC01B: 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA', 0xC01C: 'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA', 0xC01D: 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA', 0xC01E: 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA', 0xC01F: 'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA', 0xC020: 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA', 0xC021: 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA', 0xC022: 'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA', 0xC023: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', 0xC024: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', 0xC025: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256', 0xC026: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384', 0xC027: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 0xC028: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 0xC029: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256', 0xC02A: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384', 0xC02B: 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 0xC02C: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 0xC02D: 'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256', 0xC02E: 'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384', 0xC02F: 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 0xC030: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 0xC031: 'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256', 0xC032: 'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384', 0xC033: 'TLS_ECDHE_PSK_WITH_RC4_128_SHA', 0xC034: 'TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA', 0xC035: 'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA', 0xC036: 'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA', 0xC037: 'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256', 0xC038: 'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384', 0xC039: 'TLS_ECDHE_PSK_WITH_NULL_SHA', 0xC03A: 'TLS_ECDHE_PSK_WITH_NULL_SHA256', 0xC03B: 'TLS_ECDHE_PSK_WITH_NULL_SHA384', 0xC03C: 'TLS_RSA_WITH_ARIA_128_CBC_SHA256', 0xC03D: 'TLS_RSA_WITH_ARIA_256_CBC_SHA384', 0xC03E: 'TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256', 0xC03F: 'TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384', 0xC040: 'TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256', 0xC041: 'TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384', 0xC042: 'TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256', 0xC043: 'TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384', 0xC044: 'TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256', 0xC045: 'TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384', 0xC046: 'TLS_DH_anon_WITH_ARIA_128_CBC_SHA256', 0xC047: 'TLS_DH_anon_WITH_ARIA_256_CBC_SHA384', 0xC048: 'TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256', 0xC049: 'TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384', 0xC04A: 'TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256', 0xC04B: 'TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384', 0xC04C: 'TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256', 0xC04D: 'TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384', 0xC04E: 'TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256', 0xC04F: 'TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384', 0xC050: 'TLS_RSA_WITH_ARIA_128_GCM_SHA256', 0xC051: 'TLS_RSA_WITH_ARIA_256_GCM_SHA384', 0xC052: 'TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256', 0xC053: 'TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384', 0xC054: 'TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256', 0xC055: 'TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384', 0xC056: 'TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256', 0xC057: 'TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384', 0xC058: 'TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256', 0xC059: 'TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384', 0xC05A: 'TLS_DH_anon_WITH_ARIA_128_GCM_SHA256', 0xC05B: 'TLS_DH_anon_WITH_ARIA_256_GCM_SHA384', 0xC05C: 'TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256', 0xC05D: 'TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384', 0xC05E: 'TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256', 0xC05F: 'TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384', 0xC060: 'TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256', 0xC061: 'TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384', 0xC062: 'TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256', 0xC063: 'TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384', 0xC064: 'TLS_PSK_WITH_ARIA_128_CBC_SHA256', 0xC065: 'TLS_PSK_WITH_ARIA_256_CBC_SHA384', 0xC066: 'TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256', 0xC067: 'TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384', 0xC068: 'TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256', 0xC069: 'TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384', 0xC06A: 'TLS_PSK_WITH_ARIA_128_GCM_SHA256', 0xC06B: 'TLS_PSK_WITH_ARIA_256_GCM_SHA384', 0xC06C: 'TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256', 0xC06D: 'TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384', 0xC06E: 'TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256', 0xC06F: 'TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384', 0xC070: 'TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256', 0xC071: 'TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384', 0xC072: 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256', 0xC073: 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384', 0xC074: 'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256', 0xC075: 'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384', 0xC076: 'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256', 0xC077: 'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384', 0xC078: 'TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256', 0xC079: 'TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384', 0xC07A: 'TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC07B: 'TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC07C: 'TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC07D: 'TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC07E: 'TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC07F: 'TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC080: 'TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256', 0xC081: 'TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384', 0xC082: 'TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256', 0xC083: 'TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384', 0xC084: 'TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256', 0xC085: 'TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384', 0xC086: 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC087: 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC088: 'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC089: 'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC08A: 'TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC08B: 'TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC08C: 'TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256', 0xC08D: 'TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384', 0xC08E: 'TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256', 0xC08F: 'TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384', 0xC090: 'TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256', 0xC091: 'TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384', 0xC092: 'TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256', 0xC093: 'TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384', 0xC094: 'TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256', 0xC095: 'TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384', 0xC096: 'TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256', 0xC097: 'TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384', 0xC098: 'TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256', 0xC099: 'TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384', 0xC09A: 'TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256', 0xC09B: 'TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384', 0xC09C: 'TLS_RSA_WITH_AES_128_CCM', 0xC09D: 'TLS_RSA_WITH_AES_256_CCM', 0xC09E: 'TLS_DHE_RSA_WITH_AES_128_CCM', 0xC09F: 'TLS_DHE_RSA_WITH_AES_256_CCM', 0xC0A0: 'TLS_RSA_WITH_AES_128_CCM_8', 0xC0A1: 'TLS_RSA_WITH_AES_256_CCM_8', 0xC0A2: 'TLS_DHE_RSA_WITH_AES_128_CCM_8', 0xC0A3: 'TLS_DHE_RSA_WITH_AES_256_CCM_8', 0xC0A4: 'TLS_PSK_WITH_AES_128_CCM', 0xC0A5: 'TLS_PSK_WITH_AES_256_CCM', 0xC0A6: 'TLS_DHE_PSK_WITH_AES_128_CCM', 0xC0A7: 'TLS_DHE_PSK_WITH_AES_256_CCM', 0xC0A8: 'TLS_PSK_WITH_AES_128_CCM_8', 0xC0A9: 'TLS_PSK_WITH_AES_256_CCM_8', 0xC0AA: 'TLS_PSK_DHE_WITH_AES_128_CCM_8', 0xC0AB: 'TLS_PSK_DHE_WITH_AES_256_CCM_8', 0xC09C: 'TLS_RSA_WITH_AES_128_CCM', 0xC09D: 'TLS_RSA_WITH_AES_256_CCM', 0xC09E: 'TLS_DHE_RSA_WITH_AES_128_CCM', 0xC09F: 'TLS_DHE_RSA_WITH_AES_256_CCM', 0xC0A0: 'TLS_RSA_WITH_AES_128_CCM_8', 0xC0A1: 'TLS_RSA_WITH_AES_256_CCM_8', 0xC0A2: 'TLS_DHE_RSA_WITH_AES_128_CCM_8', 0xC0A3: 'TLS_DHE_RSA_WITH_AES_256_CCM_8', 0xC0A4: 'TLS_PSK_WITH_AES_128_CCM', 0xC0A5: 'TLS_PSK_WITH_AES_256_CCM', 0xC0A6: 'TLS_DHE_PSK_WITH_AES_128_CCM', 0xC0A7: 'TLS_DHE_PSK_WITH_AES_256_CCM', 0xC0A8: 'TLS_PSK_WITH_AES_128_CCM_8', 0xC0A9: 'TLS_PSK_WITH_AES_256_CCM_8', 0xC0AA: 'TLS_PSK_DHE_WITH_AES_128_CCM_8', 0xC0AB: 'TLS_PSK_DHE_WITH_AES_256_CCM_80', 0xC0AC: 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM', 0xC0AD: 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM', 0xC0AE: 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8', 0xC0AF: 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8', 0xCC13: 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 0xCC14: 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 0xCC15: 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 0xCCA8: 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 0xCCA9: 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 0xFEFE: 'SSL_RSA_FIPS_WITH_DES_CBC_SHA', 0xFEFE: 'SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA', 0xFFE0: 'SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA', 0xFFE1: 'SSL_RSA_FIPS_WITH_DES_CBC_SHA' }, 'compression_methods': { 0: 'null', 1: 'Zlib' }, 'ec_point_formats': { 0: 'uncompressed', 1: 'ansiX962_compressed_prime', 2: 'ansiX962_compressed_char2' }, 'extension_type': { 0: 'server_name', 1: 'max_fragment_length', 2: 'client_certificate_url', 3: 'trusted_ca_keys', 4: 'truncated_hmac', 5: 'status_request', 6: 'user_mapping', 7: 'client_authz', 8: 'server_authz', 9: 'cert_type', 10: 'elliptic_curves', 11: 'ec_point_formats', 12: 'srp', 13: 'signature_algorithms', 14: 'use_srtp', 15: 'heartbeat', 16: 'application_layer_protocol_negotiation', 17: 'status_request_v2', 18: 'signed_certificate_timestamp', 19: 'client_certificate_type', 20: 'server_certificate_type', 21: 'padding', 22: 'encrypt_then_mac', 23: 'extended_master_secret', 35: 'SessionTicket_TLS', 13172: 'next_protocol_negotiation', 30031: 'channel_id_old', 30032: 'channel_id', 62208: 'tack', 65281: 'renegotiation_info'}, 'heartbeat': { 0: 'heartbeat_request', 1: 'peer_allowed_to_send' }, 'elliptic_curves': { 1: 'sect163k1', 2: 'sect163r1', 3: 'sect163r2', 4: 'sect193r1', 5: 'sect193r2', 6: 'sect233k1', 7: 'sect233r1', 8: 'sect239k1', 9: 'sect283k1', 10: 'sect283r1', 11: 'sect409k1', 12: 'sect409r1', 13: 'sect571k1', 14: 'sect571r1', 15: 'secp160k1', 16: 'secp160r1', 17: 'secp160r2', 18: 'secp192k1', 19: 'secp192r1', 20: 'secp224k1', 21: 'secp224r1', 22: 'secp256k1', 23: 'secp256r1', 24: 'secp384r1', 25: 'secp521r1', 26: 'brainpoolP256r1', 27: 'brainpoolP384r1', 28: 'brainpoolP512r1', 256: 'ffdhe2048', 257: 'ffdhe3072', 258: 'ffdhe4096', 259: 'ffdhe6144', 260: 'ffdhe8192', 65281: 'arbitrary_explicit_prime_curves', 65282: 'arbitrary_explicit_char2_curves' }, 'signature_algorithms_hash': { #RFC 5246 0: 'none', 1: 'md5', 2: 'sha1', 3: 'sha224', 4: 'sha256', 5: 'sha384', 6: 'sha512' }, 'signature_algorithms_signature': { 0: 'anonymous', 1: 'rsa', 2: 'dsa', 3: 'ecdsa' }, 'status_request': { 0: 'empty' }, 'tls_record': { 20: 'change_cipher', 21: 'alert', 22: 'handshake', 23: 'application_data' }, 'tls_version': { 0x300: 'SSL 3.0', 0x301: 'TLS 1.0', 0x302: 'TLS 1.1', 0x303: 'TLS 1.2', } }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
- 363
- 364
- 365
- 366
- 367
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376
- 377
- 378
- 379
- 380
- 381
- 382
- 383
- 384
- 385
- 386
- 387
- 388
- 389
- 390
- 391
- 392
- 393
- 394
- 395
- 396
- 397
- 398
- 399
- 400
- 401
- 402
- 403
- 404
- 405
- 406
- 407
- 408
- 409
- 410
- 411
- 412
- 413
- 414
- 415
- 416
- 417
- 418
- 419
- 420
- 421
- 422
- 423
- 424
- 425
- 426
- 427
- 428
- 429
- 430
- 431
- 432
- 433
- 434
- 435
- 436
- 437
- 438
- 439
- 440
- 441
- 442
- 443
- 444
- 445
- 446
- 447
- 448
- 449
- 450
- 451
- 452
- 453
- 454
- 455
- 456
- 457
- 458
- 459
- 460
- 461
- 462
- 463
- 464
- 465
- 466
- 467
- 468
- 469
- 470
- 471
- 472
- 473
- 474
- 475
- 476
- 477
- 478
- 479
- 480
- 481
- 482
- 483
- 484
- 485
- 486
- 487
- 488
- 489
- 490
- 491
- 492
- 493
- 494
- 495
- 496
- 497
- 498
- 499
- 500
- 501
- 502
- 503
- 504
- 505
- 506
- 507
- 508
- 509
- 510
- 511
- 512
- 513
- 514
- 515
- 516
# -*- coding: utf-8 -* """ 用dpkt解析包 """ #import dpkt import socket import time import struct import json import os import pymysql import mysql.connector from PraseTLS import * import threading import _thread """ 链接数据库操作 """ mydb=pymysql.connect(host='localhost', user='', passwd='', database='', charset='utf8') mydb.autocommit(True) mycursor = mydb.cursor() TableName = '' COLCreate = '' #mycursor.execute("CREATE TABLE %s (%s)" % (TableName, COLstr)) try: mycursor.execute("SELECT * FROM %s" % (TableName)) except pymysql.Error as e: mycursor.execute("CREATE TABLE %s (%s)" % (TableName, COLCreate)) """ PrintPcap 将收到的pcap文件解析出来 Time :时间 Src :源地址(内网) Dst :目的地址(外网) Srcport:源地址端口 Dstport:目的地址端口 """ def PrintPcap(pcap,path): info=dict() flag=True serverName = '' for (timestrap, buffer) in pcap: # 遍历一遍是获取每个包的IP四元组,判断是上、下行包,增加减行包数目大小 num=0 tcpnum=0 try: # 获取以太网部分数据 eth = dpkt.ethernet.Ethernet(buffer) # 获取IP层数据 ip = eth.data # 把储存在inet_ntoa中的IP地址转换成一个字符串 src = socket.inet_ntoa(ip.src) dst = socket.inet_ntoa(ip.dst) ip_payload = ip.data srcSport = ip_payload.sport dstDport = ip_payload.dport timeArray=time.localtime(timestrap) otherStyleTime=time.strftime("%Y-%m-%d %H:%M:%S",timeArray) num = len(ip_payload.data) str1=parse_tcp_packet(ip_payload) if len(str1)>0 and len(serverName)==0: serverName=str1 #print(serverName) except Exception as err: print("[error] %s" % err) print(path) if flag == True: if isPrivateIp(src)==False: return info.update(Path=path) info.update(Time=otherStyleTime) info.update(Src=src) info.update(Dst=dst) info.update(SrcPort=srcSport) info.update(DstPort=dstDport) info.update(Server_name='') flag =False #print(info) #serverName.encode('utf8') if not info: return if len(serverName)>0: info['Server_name']=serverName #print(serverName) if len(serverName)>50: info['Server_name']=serverName[0:49] #print(info) infotup=tuple(info.values()) info.clear() return infotup """ 如果是私有地址,返回true,公有地址返回false """ def isPrivateIp(ip): ip1 = 167772160 ip2 = 2886729728 ip3 = 3232235520 # 将ip地址转换成二进制的形式 binaryIp = socket.inet_aton(ip) # 将二进制转成无符号long型 numIp = struct.unpack('!L', binaryIp)[0] # 32位都是1 mark = 2 ** 32 - 1 # 取numIP的前16位 tag = (mark << 16) & numIp if ip3 == tag: return True # 取numIP的前12位 tag = mark << 20 & numIp if ip2 == tag: return True # 取numIP的前8位 tag = (mark << 24) & numIp if ip1 == tag: return True return False def filename(file_dir): print(f'线程名称:{threading.current_thread().name}开始时间:{time.strftime("%Y-%m-%d %H:%M:%S")}') list_file=[] infos=[] n=0 for root,dirs,files in os.walk(file_dir): #print(root) #C:\Users\123\Desktop\stream-test\stream #root=root.replace('\\','/') #C: / Users / 123 / Desktop / stream - test / stream for file in files: file = os.path.join(root,file) file=file.replace('\\','/') list_file.append(file) #print(os.path.join(root,file)) #获取一个文件下的所有文件,如果文件夹下存在文件夹,这样拼接会出错 #list_file.append(root+"/"+file) """ 以上用拼接方法扩展不好 os.path.join(文件夹,文件名列表)获得在这个文件夹下所有的文件 if file.endswith(".pcap"): print(os.path.join(root, file)) """ #print(list_file) for i in list_file: f=open(i,mode='rb') try: pcap=dpkt.pcap.Reader(f) except: print(i) #PrintPcap(pcap) tup=PrintPcap(pcap,i) if tup is None: continue #print(tup) infos.append(tup) n+=1 if n % 1000==0: try: mycursor.executemany(COLstr,infos) print("插入成功") mydb.commit() except Exception as e: #print(infos) #print(e) mydb.rollback() n=0 infos.clear() mycursor.executemany(COLstr, infos) print(f'线程名称:{threading.current_thread().name} 结束时间:{time.strftime("%Y-%m-%d %H:%M:%S")}') if __name__ == "__main__": filename("/home/test/new-flow") mydb.commit() mycursor.close() mydb.close() print("over")
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
以上是自己动手做的解包程序,才接触的时候还是比较困难。希望能提出宝贵意见改进,谢谢。
声明:本文内容由网友自发贡献,转载请注明出处:【wpsshop博客】
推荐阅读
相关标签
