英文:
Identify a QUIC Packet in UDP Payload
问题
我正在尝试编写一个自定义代码,用于处理QUIC Initial数据包。在一个pcap文件中,我想要识别quic数据包并区分它们与其他UDP数据包。我不确定在负载中应该查找哪个特定的位/字节。
负载似乎直接以quic头部开始。如何将其与其他UDP负载(如DNS等)区分开?
英文:
I am trying to write a custom code that processes QUIC Initial packets. In a pcap file, I would like to identify quic packet from other UDP packets. I am not sure on which particular bit/ byte in the payload to look for.
The payload directly seems to start with quic headers. How to distinguish this from other UDP payloads like DNS, etc.
答案1
得分: 1
UDP头部实际上没有提供有关负载类型的位或字段信息。您可能正在寻找类似于IPv4头部中的“协议”字段。
Wireshark使用所谓的解析器来确定负载的类型。您可以在此处找到QUIC解析器。
Wireshark使用多种技术来确定UDP数据包是否包含QUIC负载。其中一些技术包括:
- 使用的端口是否为80或443?如果是,负载可能是QUIC。
- 负载的开头是否是有效的QUIC头部?这包括验证QUIC版本或验证CID的有效性。
如果您尝试自己实现一个简单的解析器,我可能会使用上述“简单”的属性。
希望这回答了您的问题。
英文:
Actually, there is no bit or field in the UDP header providing you information about the type of payload. You were probably searching for something like the Protocol field in the IPv4 header.
Wireshark uses so-called dissectors to determine the type of payload. You can find the QUIC dissector here.
Wireshark uses multiple techniques to determine if a UDP datagram contains QUIC payload. Some of them are:
- is the port used 80 or 443? If yes, the payload could be QUIC.
- is the beginning of the payload a valid QUIC header? This includes the verification of the QUIC version or the validation of the CID.
If you try to implement a simple dissector on your own, I would probably use the "easy" properties mentioned above.
I hope this does answer your question.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论