Why can't I catch Baidu's data packets

Tech 2023-05-16 05:18:39 Source: Network

1414baidu.compingIP$ ping baidu

1414

baidu.com

pingIP

$ ping baidu.comPING baidu.com (39.156.66.10) 56(84) bytes of data.64 bytes from 39.156.66.10 (39.156.66.10): icmp_seq=1 ttl=49 time=30.6 ms64 bytes from 39.156.66.10 (39.156.66.10): icmp_seq=2 ttl=49 time=30.6 ms64 bytes from 39.156.66.10 (39.156.66.10): icmp_seq=3 ttl=49 time=30.6 ms

baidu.com39.156.66.10

tcpdumpeth0ip39.156.66.10baidu.pcap

$ tcpdump -i eth0 host 39.156.66.10 -w baidu.pcap

baidu.comcurl

$ curl 'https://baidu.com'

baidu.com

wiresharkbaidu.pcaphttp.host == "baidu.com"

HTTPSbaidu.comHTTPHostrequest body

http.host

HTTPSClient Helloserver_name

  tls.handshake.extensions_server_name == "baidu.com"

Follow-TCP Stream

TCP

TCPTLSTCP

18205602844344356028

56028

443HTTPS

HTTP8080

1820baidu.com

URLbody

tcpdump

$ tcpdump -i eth0 host 39.156.66.10 -w baidu.pcap

key
/Users/xiaobaidebug/ssl.key

$ export SSLKEYLOGFILE=/Users/xiaobaidebug/ssl.key

curlchromecurlchrome

$ curl 'https://baidu.com'$ open -a Google Chrome #macchrome

/Users/xiaobaidebug/ssl.key

wireshark

ProtocolsTLS

ssl.key

1820

http.host == "baidu.com"

ssl.key

HTTPS

TCPHTTPTCP

TCPHTTPS

HTTPSTLSSSLTLS1.2

TLS""

TLS

Client Hello TLS1.2RSA

Server Hello + + TLS1.2

Client Key Exchange: pre_master_key pre_master_key
Change Cipher Spec: pre_master_key""
Encrypted Handshake Message""Finished

Change Cipher Spec pre_master_key""""
Encrypted Handshake Message""Finished

client random

server random

pre_master_key

HTTPS

client random server random pre_master_key

pre_master_key

pre_master_key

pre_master_key

HTTPSTCPHTTPTLSOpenSSLNSSTLS

SSLKEYLOGFILETLSpre_master_key
/Users/xiaobaidebug/ssl.key

TLSkeyTLSSSLKEYLOGFILETLSSSLKEYLOGFILEcurlchrome

SSLKEYLOGFILE

ssl.key

# SSL/TLS secrets log file, generated by NSSCLIENT_RANDOM 5709aef8ba36a8eeac72bd6f970a74f7533172c52be41b200ca9b91354bd662b 09d156a5e6c0d246549f6265e73bda72f0d6ee81032eaaa0bac9bea362090800174e0effc93b93c2ffa50cd8a715b0f0CLIENT_RANDOM 57d269386549a4cec7f91158d85ca1376a060ef5a6c2ace04658fe88aec48776 48c16429d362bea157719da5641e2f3f13b0b3fee2695ef2b7cdc71c61958d22414e599c676ca96bbdb30eca49eb488aCLIENT_RANDOM 5fca0f2835cbb5e248d7b3e75180b2b3aff000929e33e5bacf5f5a4bff63bbe5 424e1fcfff35e76d5bf88f21d6c361ee7a9d32cb8f2c60649135fd9b66d569d8c4add6c9d521e148c63977b7a95e8fe8CLIENT_RANDOM be610cb1053e6f3a01aa3b88bc9e8c77a708ae4b0f953b2063ca5f925d673140 c26e3cf83513a830af3d3401241e1bc4fdda187f98ad5ef9e14cae71b0ddec85812a81d793d6ec934b9dcdefa84bdcf3

CLIENT_RANDOMpre_master_key

wiresharkpre_master_key

wiresharkclient random

"bff63bbe5"

server random

client randomssl.key

"bff63bbe5"client random

pre_master_key

wireshark

ssl.keypre_master_keyTLSclient helloHTTPSTLS

baiduwireshark
HTTPSHTTPURLRequest Bodyfilterhttp.host == "baidu.com"
HTTPS3HTTPS
client randomserver randompre_master_keySSLKEYLOGFILE
SSLKEYLOGFILEcurlchromeHTTPSTLSsslkeyclient randompre_master_keyclient randompre_master_key

wireshark

time
source

destination

protocol

info

http

macmacwiresharkmacmac8/01

ipipv4DS FieldipTTL

seq NumberpayloadTCP80httptcp53bytesACKackseqACK

http200wireshark

Wireshark

ip.addr ipip.srcip.dstIPIPeth.addrmaceth.srceth.dstmacmac

tcp.portudp.portospfospf

andornoteqequal

ip192.168.10.243macf8:48:fd:fc:2e:00

dnsdns

ospf

lsa

LSULSA

wireshark

Disclaimer: The content of this article is sourced from the internet. The copyright of the text, images, and other materials belongs to the original author. The platform reprints the materials for the purpose of conveying more information. The content of the article is for reference and learning only, and should not be used for commercial purposes. If it infringes on your legitimate rights and interests, please contact us promptly and we will handle it as soon as possible! We respect copyright and are committed to protecting it. Thank you for sharing.(Email:[email protected])

Mobile advertising space rental

Tag: Why can catch Baidu data packets