wireshark抓包问题
答案:2 悬赏:30 手机版
解决时间 2021-02-25 12:15
- 提问者网友:太高姿态
- 2021-02-24 18:48
在使用wireshark抓取数据时,在返回的TCP中有的是“Continuation or non-HTTP traffic DATA”的数据,而有的是“TCP Segment of a Reassembled PDU ”的数据,这是为什么呢?这两个有什么区别又有什么相同的呢???
最佳答案
- 五星知识达人网友:几近狂妄
- 2021-02-24 19:20
That means ethereal sees packets on tcp port 80 which don't contain
an http header. This is quite common, since many http-objects are
larger than 1 tcp packet. Hence the comment "Continuation". You can
probably see an http-packet before those "continuations".
It also means you have some re-assembly settings turned off. Either
the "reassemble http headers" and "reassemble http bodies" options
are turned off in the http protocol preferences and/or the "allow
subdissector to reassemble tcp streams" option is turned off in the
tcp protocol preferences.
If they were all turned on, you would have seen "tcp segment of a
reassembled PDU" frames, ending in a http frame, containing the
whole http-request or http-response.
an http header. This is quite common, since many http-objects are
larger than 1 tcp packet. Hence the comment "Continuation". You can
probably see an http-packet before those "continuations".
It also means you have some re-assembly settings turned off. Either
the "reassemble http headers" and "reassemble http bodies" options
are turned off in the http protocol preferences and/or the "allow
subdissector to reassemble tcp streams" option is turned off in the
tcp protocol preferences.
If they were all turned on, you would have seen "tcp segment of a
reassembled PDU" frames, ending in a http frame, containing the
whole http-request or http-response.
全部回答
- 1楼网友:轻雾山林
- 2021-02-24 20:00
抓到包后,在filter那里填入oicq,然后回车,剩下的就都是qq的包了。注意oicq一定要是小写。
在packetdetails里面可以看到“oicq-imsoftware,popularinchina”。都是udp的包,里面的数据都是加密了的,应该是破解不了的。
ip地址可以直接从packetlist看到。119.147.12.170这个ip应该是腾讯的服务器,所有的通信都是通过腾讯服务器来中转的。另外一个ip就是你自己的ip。所以也不能看到好友的ip地址。
欢迎其他高手指正。
我要举报
如以上问答信息为低俗、色情、不良、暴力、侵权、涉及违法等信息,可以点下面链接进行举报!
大家都在看
推荐资讯