wireguard的流量怎么被wireshark分辨出来的？

guanggao · 发表于 2024-1-1 09:56:12

所以不用考虑fq的问题啊 wireshark 都能直接区分出是不是wg的流量

墙肯定也能。。。。。
看代码也没哪个地方暴露什么特征啊

fieldType := header[0:4] fieldReceiver := header[4:8] fieldNonce := header[8:16] binary.LittleEndian.PutUint32(fieldType, MessageTransportType) binary.LittleEndian.PutUint32(fieldReceiver, elem.keypair.remoteIndex) binary.LittleEndian.PutUint64(fieldNonce, elem.nonce) // pad content to multiple of 16 paddingSize := calculatePaddingSize(len(elem.packet), int(atomic.LoadInt32(&device.tun.mtu))) elem.packet = append(elem.packet, paddingZeros[:paddingSize]...) // encrypt content and release to consumer binary.LittleEndian.PutUint64(nonce[4:], elem.nonce) elem.packet = elem.keypair.send.Seal( header, nonce[:], elem.packet, nil, ) elem.Unlock()

复制代码

//------------

err := peer.SendBuffer(elem.packet)

灌水王 · 发表于 2024-1-1 09:56:20

udp就卡斯特罗，刚刚出来时用k2跑过，轻松跑满百兆，诶，强国梦

灌水王 · 发表于 2024-1-1 09:56:58

https://lists.zx2c4.com/pipermail/wireguard/2016-July/000185.html

Generally speaking, WireGuard does not aim to evade DPS, unfortunately. There are several things that prevent this from occurring:

a) The first byte, which is a fixed type value. b) The fact that mac2 is most often all zeros. c) The fixed length of handshake messages. d) The unencrypted ephemeral public key.

灌水王 · 发表于 2024-1-1 09:57:23

https://wiki.wireshark.org/WireGuard

灌水王 · 发表于 2024-1-1 09:57:28

看下这篇邮件，里面有提到为什么wireguard容易被识别

https://lists.zx2c4.com/pipermail/wireguard/2018-September/003289.html

wireguard的流量怎么被wireshark分辨出来的？

本帖子中包含更多资源