Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ivan Gromov2018-10-02 16:50:58
linux
Ivan Gromov, 2018-10-02 16:50:58

How to define a protocol without binding to a port?

Hello.
Has anyone encountered the issue of defining a protocol without being tied to a port number? Maybe there are some algorithms, for example, how wireshark does it. Maybe there is some library in which this is implemented?
Yes, for example, in http it is clear how: you can try to find some patterns, but what to do in other protocols, like ftp, pop3, etc. is not very clear.
UDP: Definition of Application Layer Protocols.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
S
Stanislav Makarov, 2018-10-02
@riivers

https://www.wireshark.org/lists/wireshark-dev/2008...
....
For example TCP defines port 80 only for the use of HTTP traffic. But, this convention doesn't prevent anyone from using TCP port 80 for some different protocol, or on the other hand using HTTP on a port number different to 80.
To solve this problem, Wireshark introduced the so called heuristic dissector mechanism to try to deal with these problems.
The link in the wireshark mailing list gives a detailed answer to this difficult question.

Report
D
Dmitry, 2018-10-02
@Tabletko

The protocol type is specified in the header in the ip packet. Headers are described in the RFC

Report
R
res2001, 2018-10-03
@res2001

Both FTP and POP3, as well as SMTP, IMAP and many others are text protocols, there you can also determine the protocol by the contents of the package.
In binary protocols, this method can also work, but you need to analyze binary information, not text.
In any case, for analysis, you need to know the protocol itself, at least textual, at least binary.
But, of course, not everything can be defined that way. For example, if any of the protocols is hidden behind SSL, then you will see encrypted traffic from the outside, and it is no longer possible to understand what is inside without decryption.
In addition, determining the protocol by port number is not an idea, because, probably, any server supports the ability to change the port.

Similar questions
D
Danil2020-03-14 19:16:34
How to create custom macros for text in PHP? 7Reply
A
Andrey Zhigunovsky2017-11-28 12:16:35
How to include fpdf library in laravel? 3Reply
U
unlik2018-01-09 04:26:45
How to make a simple calculator? 12Reply
A
AlexChAR2017-07-03 09:18:20
Why doesn't nmap see all devices? 1Reply
J
jslby2015-07-25 14:44:28
How to put a background on the console in Linux? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question