[置顶] 国内部分软件网络通讯协议分析(含特征码)
我以前做了近百个国内外网络常用软件的协议分析,如QQ,BT,MSN等,现在晒出部分供网友参考,如有人和我分析的不同,请顶贴告知,谢谢广大网友参与.
我暂时研究的协议列表如下:
#patname type port packet.dat
QQ_TCP 2 0 2.dat
QQ_UDP 5 0 1.dat
MSN 2 1863
YAHOO 2 0 7.dat
OSCAR 2 0 8.dat
Skype_UDP 5 0 15.dat
UC_TCP 2 0 19.dat
UC_UDP 5 3001-3002
POPO_TCP 0 0 23.dat
ET_UDP 5 10000-10001
WangWang_TCP 2 0 36.dat
MaoYiTong 2 0 38.dat
IRC_TCP 2 6667
Ventrilo_TCP 0 0 48.dat
TeamSpeak_UDP 3 0 49.dat
RogerWilco_TCP 2 3782
RogerWilco_UDP 5 3782
PeerMe_TCP 2 5112
OpenH323 2 1720
GameComm_TCP 2 12535
GoogleTalk_TCP 2 5222
HTTP 0 0 9.dat
BT_TCP 2 0 4.dat
XUNLEI_TCP 2 3076
XUNLEI_UDP 5 3076
AppleJuice_TCP 0 0 6.dat
Ares 2 15983
ARES_TCP 0 0 21.dat
Edonkey_TCP 2 0 25.dat
DirectConnect 2 0 26.dat
Gnutella 2 6346,6348
Gnutella2_TCP 2 0 77.dat
Gnutella2_UDP 5 6346
IMesh_TCP 0 0 33.dat
Mute 2 4900
Poco_TCP 2 5354
Poco_UDP 5 9091,9099
KCeasy 2 0 41.dat
Soulseek_TCP 2 2240
Piolet_UDP 5 41170
PeerCast_TCP 2 7144
earthStation5_UDP 5 37
EarthStation_5 2 1002
Filetopia_TCP 1 0 56.dat
GNUnet_TCP 0 0 57.dat
Groove_TCP 0 0 60.dat
JXTA_TCP 2 0 61.dat
Mnet_TCP 2 22088
KAMUN_UDP 5 9000,9500
kubao 2 9292
TuoTu_TCP 2 3000,3306
RealLink_UDP 5 30001
BaiZhao_UDP 5 6600
BaiDuX_TCP 2 11111-11113
BaiDuX_UDP 5 11111-11113
QQ_Game 2 0 16.dat
LianZhong_TCP 2 2000-2002
ChinaGames 2 8000
KeLe8 2 10006,10020
MXD_TCP 2 8086,8484,8585
HaoFang 2 1203
FTP 2 21
QQFTP_UDP2 3 0 82.dat
QQFTP_TCP 0 0 30.dat
QQSHARE 1 0 31.dat
OSCARFTP 2 0 62.dat
MSNFTPUDP 5 0 75.dat
MSNFTPTCP 2 0 76.dat
OFT2_3 2 0 84.dat
OSCARFTP2 2 0 83.dat
SOCK4 0 0 13.dat
SOCK5 0 0 14.dat
HTTPS 0 0 64.dat
WinSCP2 2 0 65.dat
SMTP 2 25
POP3 2 110
RealPlayer 0 0 43.dat
FreeCast_TCP 2 1666
FreeCast_UDP 5 3478
PPLive_TCP 0 0 66.dat
QQLive_UDP 3 0 71.dat
我都是写在xml中的,数据包都通过测试的. 先具体列几个大家看看.
1.迅雷
<?xml version="1.0" encoding="ISO-8859-1"?>
<Config>
<CatagoryList>
<Catagory>
<Name>P2P</Name> // 软件所属类别名称为p2p类
<Protocol>
<Name>XUNLEI</Name> //软件名称迅雷
<Block>1</Block> //可以实现监控并封堵
<Desc>迅雷</Desc> //软件中文描述
<Pattern>
<Name>XUNLEI_TCP</Name> //迅雷的TCP通讯方式
<Desc>迅雷下载</Desc> //中文描述
<Type>0</Type> //TCP所属类别归为0
<Offset>0</Offset> //可以封堵标志为0
<Start>29</Start> //特征码开始标志
<Pattype>0</Pattype> //通过特征码匹配
<Pat>^/x29/x00/x00/x00</Pat> //可以实现匹配的特征码节选
</Pattern>
</Protocol>
</Catagory>
</CatagoryList>
</Config>
2.电驴eDonkey(电骡)
<?xml version="1.0" encoding="ISO-8859-1"?>
<Config>
<CatagoryList>
<Catagory>
<Name>P2P</Name>
<Protocol>
<Name>Edonkey</Name>
<Block>1</Block>
<Desc>电驴</Desc>
<Pattern>
<Name>Edonkey_TCP</Name>
<Desc>电驴TCP方式</Desc>
<Type>2</Type>
<Offset>0</Offset>
<Start>e3</Start>
<Pattype>0</Pattype>
<Pat>^/xe3.{1}/x00/x00/x00</Pat>
</Pattern>
</Protocol>
</Catagory>
</CatagoryList>
</Config>
3.新浪UC
<?xml version="1.0" encoding="ISO-8859-1"?>
<Config>
<CatagoryList>
<Catagory>
<Name>IM</Name>
<Protocol>
<Name>UC</Name>
<Block>1</Block>
<Desc>新浪UC</Desc>
<Pattern>
<Name>UC_TCP</Name>
<Desc>UC TCP方式</Desc>
<Type>2</Type>
<Offset>0</Offset>
<Start>01</Start>
<Pattype>0</Pattype>
<Pat>^/x01/x02/x03</Pat>
</Pattern>
<Pattern>
<Name>UC_UDP</Name>
<Desc>UC UDP方式</Desc>
<Type>5</Type>
<Offset>0</Offset>
<Start></Start>
<Pattype>1</Pattype>
<Pat>3001</Pat>
</Pattern>
<Pattern>
<Name>UC_UDP</Name>
<Desc>UC UDP方式</Desc>
<Type>5</Type>
<Offset>0</Offset>
<Start></Start>
<Pattype>1</Pattype>
<Pat>3002</Pat>
</Pattern>
</Protocol>
</Catagory>
</CatagoryList>
</Config>
4.浩方对战平台
<?xml version="1.0" encoding="ISO-8859-1"?>
<Config>
<CatagoryList>
<Catagory>
<Name>GAME</Name>
<Protocol>
<Name>HAOFANG</Name>
<Block>1</Block>
<Desc>浩方对战平台</Desc>
<Pattern>
<Name>HaoFang</Name>
<Desc>HaoFang</Desc>
<Type>2</Type>
<Offset>0</Offset>
<Start></Start>
<Pattype>1</Pattype>
<Pat>1203</Pat>
</Pattern>
</Protocol>
</Catagory>
</CatagoryList>
</Config>
5.QQ游戏
<?xml version="1.0" encoding="ISO-8859-1"?>
<Config>
<CatagoryList>
<Catagory>
<Name>GAME</Name>
<Protocol>
<Name>QQ_GAME</Name>
<Block>1</Block>
<Desc>QQ游戏</Desc>
<Pattern>
<Name>QQ_Game</Name>
<Desc>qq游戏</Desc>
<Type>2</Type>
<Offset>2</Offset>
<Start>2d</Start>
<Pattype>0</Pattype>
<Pat>^/x2d/x00(/x00/x00|/xff/xff)</Pat>
</Pattern>
</Protocol>
</Catagory>
</CatagoryList>
</Config>
先发这5个供网友参考,如果需要其他的,网友可以提出来,大家一起研究.