Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ivan Gromov2018-10-02 16:50:58
linux
Ivan Gromov, 2018-10-02 16:50:58

How to define a protocol without binding to a port?

Hello.
Has anyone encountered the issue of defining a protocol without being tied to a port number? Maybe there are some algorithms, for example, how wireshark does it. Maybe there is some library in which this is implemented?
Yes, for example, in http it is clear how: you can try to find some patterns, but what to do in other protocols, like ftp, pop3, etc. is not very clear.
UDP: Definition of Application Layer Protocols.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
S
Stanislav Makarov, 2018-10-02
@riivers

https://www.wireshark.org/lists/wireshark-dev/2008...
....
For example TCP defines port 80 only for the use of HTTP traffic. But, this convention doesn't prevent anyone from using TCP port 80 for some different protocol, or on the other hand using HTTP on a port number different to 80.
To solve this problem, Wireshark introduced the so called heuristic dissector mechanism to try to deal with these problems.
The link in the wireshark mailing list gives a detailed answer to this difficult question.

Report
D
Dmitry, 2018-10-02
@Tabletko

The protocol type is specified in the header in the ip packet. Headers are described in the RFC

Report
R
res2001, 2018-10-03
@res2001

Both FTP and POP3, as well as SMTP, IMAP and many others are text protocols, there you can also determine the protocol by the contents of the package.
In binary protocols, this method can also work, but you need to analyze binary information, not text.
In any case, for analysis, you need to know the protocol itself, at least textual, at least binary.
But, of course, not everything can be defined that way. For example, if any of the protocols is hidden behind SSL, then you will see encrypted traffic from the outside, and it is no longer possible to understand what is inside without decryption.
In addition, determining the protocol by port number is not an idea, because, probably, any server supports the ability to change the port.

Similar questions
B
Bliss022021-05-03 18:53:48
How to remove selection from margin? 2Reply
K
krll-k2014-11-11 18:00:11
What does the "route add 192.168.42.0 mask 255.255.255.0 192.168.1.41" command do? 1Reply
V
Valery2019-04-06 13:41:38
Maintaining minimal free disk space Linux? 1Reply
S
Sergey Kolpakov2016-11-09 16:19:44
How to force sed to search not from the beginning of a line with '*' quantifier? 2Reply
K
Klaud1112019-04-06 19:42:53
Can installing Python3 on the server affect the user experience? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question