wireguard的流量怎么被wireshark分辨出来的?
所以不用考虑fq的问题啊 wireshark 都能直接区分出是不是wg的流量
墙肯定也能。。。。。
看代码也没哪个地方暴露什么特征啊
fieldType := header fieldReceiver := header fieldNonce := header binary.LittleEndian.PutUint32(fieldType, MessageTransportType) binary.LittleEndian.PutUint32(fieldReceiver, elem.keypair.remoteIndex) binary.LittleEndian.PutUint64(fieldNonce, elem.nonce) // pad content to multiple of 16 paddingSize := calculatePaddingSize(len(elem.packet), int(atomic.LoadInt32(&device.tun.mtu))) elem.packet = append(elem.packet, paddingZeros[:paddingSize]...) // encrypt content and release to consumer binary.LittleEndian.PutUint64(nonce, elem.nonce) elem.packet = elem.keypair.send.Seal( header, nonce[:], elem.packet, nil, ) elem.Unlock()
//------------
err := peer.SendBuffer(elem.packet) udp就卡斯特罗,刚刚出来时用k2跑过,轻松跑满百兆,诶,强国梦 https://lists.zx2c4.com/pipermail/wireguard/2016-July/000185.html
Generally speaking, WireGuard does not aim to evade DPS, unfortunately. There are several things that prevent this from occurring:
a) The first byte, which is a fixed type value. b) The fact that mac2 is most often all zeros. c) The fixed length of handshake messages. d) The unencrypted ephemeral public key. https://wiki.wireshark.org/WireGuard 看下这篇邮件,里面有提到为什么wireguard容易被识别
https://lists.zx2c4.com/pipermail/wireguard/2018-September/003289.html
页:
[1]