Analysis Characteristics around wireshark https packets decrypting

Others 2019-09-25 03:30:45 views: null

Analysis Characteristics around wireshark https packets decrypting


Before (a) https decryption

1, protocol type: two kinds of
(1) the TCP (the fourth layer, the transport layer)
(2) the SSL / the TLS (the fifth layer, the application layer encryption and decryption)
2, where the application layer data packet characteristics
(1) Protocol ( protocol) of SSL / TLS protocol packets.
(2) Length (data length) is greater than 66 (rounded 70). Is the packet length is larger than 70, the application layer will contain data. Wireshark intermediate interface and a multi-position will Sockets Layer Layer Secure.
(3) Info (information) of a class of application layer custom data (Application Data), two types of application layer data keys certificate (Server Hello, Certificate, Server Key Exchange, Server Hello Done , etc.)

 

 

 

After (b) https decryption

1, protocol type, and variations: three kinds of
(1) the TCP (the fourth layer, the transport layer)
(2) the SSL / the TLS (the fifth layer, the application layer encryption). Change: only two types of application layer data certificate keys, without changing protocols, and substantially uniform before decryption.
(3) HTTP (fifth layer, application layer, custom data). Change: a class of the application layer from the original data converted from custom, and the background wireshark packet corresponding to light green,
expressly tabs (Decrypted SSL data) decrypted bottom interface.
2, where the application layer data packet characteristics
(1) Protocol (protocol) for the HTTP protocol packets.
(2) Length (data length) is greater than 66 (rounded 70). Is the packet length is larger than 70, the application layer will contain data. And an intermediate position of the interface will wireshark Secure Sockets Layer 1 layer and 1-n a plurality Hypertext Transfer Protocol layer.
(3) Info (information) defined for a class of application layer data from the Application Data described, it becomes a specific address http requests; two types of application layer data described in the certificate keys, substantially constant.

 

Guess you like

Origin www.cnblogs.com/andy9468/p/11579954.html
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com