在包奇怪的字符 [英] strange characters in packets
问题描述
我正在写与libpcap的HTTP数据包嗅探器。
有时打印HTTP负载我得到奇怪的字符..你知道他们是怎样的内容?
I'm writing a sniffer for http packets with libpcap. Sometimes printing the content of the http payload I get strange characters.. do you know what could they be?
* XNT:3 @P#$ 1u`%S {M-
*xNT:���3�@�"P#1u`��$%S{M��
或
〜谢霆锋}> A} /`▒Ay
�~�tsE��}>a�����}/���`�▒�A�y
谢谢,您的答案。
如果标题是纯文本,所以这个问题是我的code。
If the header is in plain text so the problem is my code.
总之,可以POST请求采用base64 codeD?
Anyway, can a POST request be coded in base64?
推荐答案
在 utils_http.c
您有以下功能:
static int handle_tcp(const struct tcphdr *tcp, int len)
{
char buf[PCAP_SNAPLEN];
memcpy(buf, tcp + 1, len - sizeof(*tcp));
DEBUG("DANY TCPDs tcp string: %s",buf);
if (0 == handle_http(buf, len - sizeof(*tcp)))
return 0;
return 1;
}
这是做的假设TCP报头开始后20个字节的TCP负载总是启动(始终保持在20,因为的sizeof(* TCP)== 20
)。这不考虑任何TCP选项。如果您收到的数据包,TCP选项(这是很常见的), handle_http()
将二进制恩codeD TCP选项在其缓冲区的开头这可能是你所看到的。
This is making the assumption that the TCP payload always starts 20 bytes after the beginning of the TCP header (always 20 because sizeof(*tcp) == 20
). This doesn't take into account any TCP options. If you receive a packet with TCP options (which are very common), handle_http()
will have the binary-encoded TCP options at the beginning of its buffer which might be what you're seeing.
尝试这样的事情,而不是:
Try something like this instead:
static int handle_tcp(const struct tcphdr *tcp, int len)
{
char buf[PCAP_SNAPLEN];
memcpy(buf, (void*)tcp + tcp->doff*4, len - tcp->doff*4);
DEBUG("DANY TCPDs tcp string: %s",buf);
if (0 == handle_http(buf, len - tcp->doff*4))
return 0;
return 1;
}
或更好,但我不知道为什么你经常做几十您的缓冲区拷贝的每一个机会,你得到。你可以绕过指针除非我失去了一些东西:
Or better yet, I have no idea why you're constantly making dozens of copies of your buffer every chance you get. You can just pass pointers around unless I'm missing something:
static int handle_tcp(const struct tcphdr *tcp, int len) {
return handle_http((void*)tcp + tcp->doff*4, len - tcp->doff*4);
}
这篇关于在包奇怪的字符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!