智能TCL电视机在线数据抓包.doc

智能TCL电视机在线数据抓包电视抓包为了捕捉电视开机到打开天气预报节目的过程中都传输了哪些数据。一,实验环境：电视：TCL58IP为11虚拟机：linux5系统RedhatIP为4二,实现过程电视：设置网关4虚拟机：echo1/proc/sys/ipv4/ip_forwardiptables-tnat-APOSTROUTING-s11-jMASQUERADEtcpdump-ieth0-nn-vv-tttt-s65535host11-wtcpdump.txt目录三,电视抓包.1、电视开机，通过ARP协议广播查找谁是网关4，获取网关的mac地址22、通过DNS,请求域名main.cedock，告诉电视该域名的IP0.33.电视向cedock/service.asmx/IPTV2（0）(main.cedock)的http的端口发送一个post请求，回应了数据，传输成功，从内容中看出传回了两个img2的URL.34、通过DNS请求域名hub5sr.em.sandai/hub5pn.em.sandai,4DNS回应两个域名的IP地址hub5sr.em.sandai（68）.4hub5pn.em.sandai（8）.45、电视向em.sandai:80/HTTP/IP（68）发送一个post请求数据，数据传输，回应数据传输成功.56、8（hub5pn.em.sandai）向电视数据传输.77、em.sandai:80/(68)传输数据给电视，电视接收数据，回应了数据传输成功78、电视向DNS请求域名为license.em.xunlei的IP（90）.9数据传输.99、电视向DNS请求域名为hub5u.em.sandai的IP地址，传输数据.910、电视再次向cedock/service.asmx/IPTV2（0）的http端口发送一个post请求数据，cedock/service.asmx/IPTV2回应，数据传输成功.1011、电视向DNS请求域名为service.cedock的IP，回应IP（2），电视向13cedock/weather/Getweather.action的http端口发送一个post请求，回应数据传输成功，而且从数据中可以读取到近三天的气温.13四.实验数据分析：1、电视开机，通过ARP协议广播查找谁是网关4，获取网关的mac地址2、通过DNS,请求域名main.cedock，告诉电视该域名的IP0.main.cedock.main.cedock.|(x.ns1.ns2.=.|(x8.O.n.3.电视向cedock/service.asmx/IPTV2（0）(main.cedock)的http的端口发送一个post请求，回应了数据，传输成功，从内容中看出传回了两个img2的URLPOST/service.asmx/IPTV2HTTP/1.1Host:main.cedockAept:*/*User-Agent:Mozilla/4.0(patible;MSIE5.0;Windows98)Pragma:no-cacheCache-Control:no-cacheContent-Length:526Content-Type:application/x-www-form-urlencodedConnection:closexmlString=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22utf-8%22%3F%3E%3Crequest+website%3D%22http%3A/main.cedock%22%3E%3Cparameter+type%3D%22Login%22+language%3D%22zh-CN%22%3E%3Cclient+type%3D%22MS58A%22+id%3D%22E019309481C9C04F38517EA44BD67C5EAB761890%22+keytoken%3D%227A35F6578B621EFEC4982DB829BD15824421F25C%22+keytype%3D%220%22+ver%3D%22V8-0MS5802-LF1V045%22/%3E%3Cuser+type%3D%22Normal%22+id%3D%221714829%22+keytoken%3D%22E63D4D648DB3A5826AB54E96A52F679F7480C69C%22+keytype%3D%220%22/%3E%3C/parameter%3E%3C/request%3EHTTP/1.1200OKServer:nginx/1.0.11Date:Fri,24Feb201202:08:02GMTContent-Type:text/xml;charset=utf-8Connection:closeX-Powered-By:ASP.NETX-AspNet-Version:2.0.50727Cache-Control:private,max-age=0Content-Length:559<xmlversion=1.0encoding=utf-8<responsewebsite=cedock/service.asmx/IPTV2<errortype=falsenote=servertime=2012-02-2410:07:59/<clienttype=ms58aactivatekey=rvCSY0zxbxsN3VhfBFiPr4PD6wXaqWpL/<serverlanguage=zh-<channeltype=updateurl=cedock/update/no_update.xmllasttime=2009-4-2710:20:25/</server<serverlanguage=en<channeltype=updateurl=cedock/update/no_update.xmllasttime=2009-4-2710:20:25/</server</response4、通过DNS请求域名hub5sr.em.sandai/hub5pn.em.sandai,DNS回应两个域名的IP地址hub5sr.em.sandai（68）hub5pn.em.sandai（8）5、电视向em.sandai:80/HTTP/IP（68）发送一个post请求数据，数据传输，回应数据POSTem.sandai:80/HTTP/1.1Content-Length:124Content-Type:application/octet-streamConnection:Close6.p.d.$.8.g.4$%Hs5.RC.eo.I.9.g)A.<.g.j.5B.ZLr.-KH.A;.L.C.f._.HTTP/1.1200OKContent-Length:2092Content-Type:application/octet-streamConnection:Close6.z.+.l.7.BZxL*T.$.G.Z8.3.e.,.M.b|.V.R.p)9I(.a.E.M.e.,.y.p.$.t.BGi.3.&6.l.u.qe.+.Cd.|Z.J.v.9mK.w.v.x.|.+!,5.a.p.4*.r.U.:O|.T.*.$.o.4.u.*.q|.k.)/.T.5.l.v.J4.F.<.lc.=8.Yj.C.%.zn.t&39;.L.N.&39;.6h.;.L.6.V.K.I.Y.P.o.OW.x.i+!d.2.2.3.LCR.YG.V.Yi<.Fg.k.F&39;.k.$.U.rw.%.L.A&c6.N.J|.Wk.r.*._.FM.j.BQ.kX.0.Z.T.0.).k.J.9.&N.:W./.&.z.W.H.wc.G.(.2.0.I.+.k.FC&C.w.8.N.Zt.A.S.).FD.;.d.7Ef.y.R.S.NS.c.J.OC._h.T!.i.sj.Go.H.6.e<.&39;.e.fkYj.b.E2<M.%eE.S.j.G.l.0.L.xV.V.%&39;./.p.Q.h.+.x.xDA.zt.N&.SFE.,&.b.:M.!.a.4mh.P.9.5.Am.n.*.Tr.F&39;R.S.0.D.+.&39;.%.Z.R.w4.G.E.H$8.b.l.W.:.F.J.8L.Z.m.o.t8O.<N.*.&.Z.ft.i_.u.:.V.*.br.&.1.X.H/.W.p.%U.A%.RVn.j-h.e.,.).2.(.X.=/.).e.K,.s1.82.|(a.7J.G.r.K.T2G.x.dazI.u=8.V*.L.v.m.1.8.=.h.e.T.mF/n0.)O.p.,.P./.x.W.y.).$.e.-.Z.os.=Q_).2&39;.Iyl.+.,.$.o.QC.b.B.2.4_.M.q6%.u9j.).,I+.r.b.A.6C.k.V5S.Y.2.&./.D.U.X+.5T|29.NXw.%.4.c.y.F;.O.-t.R.u$.r.&U.:.xQ.t.n+.6.ob.B.U.*d.T.:.T_.*)x.di./.b.h5.,.4.vr5.$r.2.!.W.a.e.sw7J.QM.D.Td.O.,D.-.w(h.J.6N.d8Z.E.2.7.3.G.9.;$.9.J.q.a.E.;.0.k.:n$.=.Qb.6.b.4.+|.);.8.u.r.oTpD.!j.P.T.P.h.,.;.A.V.w/!.W.e,.M.H0|im.pF.D.u.Hg.B_.Lg.,*.P.V8L+电视向em.sandai:80/HTTP/发送post请求，回应数据传输成功POSTem.sandai:80/HTTP/1.1Content-Length:124Content-Type:application/octet-streamConnection:Close6.p.d.$.8.g.4$%Hs5.RC.eo.I.9.g)A.<.g.j.5B.ZLr.-KH.A;.L.C.f._.HTTP/1.1200OKContent-Length:2092Content-Type:application/octet-streamConnection:Close6.z.+.l.7.BZxL*T.$.G.Z8.3.e.,.M.b|.V.R.p)9I(.a.E.M.e.,.y.p.$.t.BGi.3.&6.l.u.qe.+.Cd.|Z.J.v.9mK.w.v.x.|.+!,5.a.p.4*.r.U.:O|.T.*.$.o.4.u.*.q|.k.)/.T.5.l.v.J4.F.<.lc.=8.Yj.C.%.zn.t&39;.L.N.&39;.6h.;.L.6.V.K.I.Y.P.o.OW.x.i+!d.2.2.3.LCR.YG.V.Yi<.Fg.k.F&39;.k.$.U.rw.%.L.A&c6.N.J|.Wk.r.*._.FM.j.BQ.kX.0.Z.T.0.).k.J.9.&N.:W./.&.z.W.H.wc.G.(.2.0.I.+.k.FC&C.w.8.N.Zt.A.S.).FD.;.d.7Ef.y.R.S.NS.c.J.OC._h.T!.i.sj.Go.H.6.e<.&39;.e.fkYj.b.E2<M.%eE.S.j.G.l.0.L.xV.V.%&39;./.p.Q.h.+.x.xDA.zt.N&.SFE.,&.b.:M.!.a.4mh.P.9.5.Am.n.*.Tr.F&39;R.S.0.D.+.&39;.%.Z.R.w4.G.E.H$8.b.l.W.:.F.J.8L.Z.m.o.t8O.<N.*.&.Z.ft.i_.u.:.V.*.br.&.1.X.H/.W.p.%U.A%.RVn.j-h.e.,.).2.(.X.=/.).e.K,.s1.82.|(a.7J.G.r.K.T2G.x.dazI.u=8.V*.L.v.m.1.8.=.h.e.T.mF/n0.)O.p.,.P./.x.W.y.).$.e.-.Z.os.=Q_).2&39;.Iyl.+.,.$.o.QC.b.B.2.4_.M.q6%.u9j.).,I+.r.b.A.6C.k.V5S.Y.2.&./.D.U.X+.5T|29.NXw.%.4.c.y.F;.O.-t.R.u$.r.&U.:.xQ.t.n+.6.ob.B.U.*d.T.:.T_.*)x.di./.b.h5.,.4.vr5.$r.2.!.W.a.e.sw7J.QM.D.Td.O.,D.-.w(h.J.6N.d8Z.E.2.7.3.G.9.;$.9.J.q.a.E.;.0.k.:n$.=.Qb.6.b.4.+|.);.8.u.r.oTpD.!j.P.T.P.h.,.;.A.V.w/!.W.e,.M.H0|im.pF.D.u.Hg.B_.Lg.,*.P.V8L+6、8（hub5pn.em.sandai）向电视数据传输Sport:irdmidport:LiebDevMgmt-C;.0058A0000211014X.;.0015C5F06A5A0000:.9U.(数据乱码)7、em.sandai:80/(68)传输数据给电视，电视接收数据，回应了数据传输成功POSTem.sandai:80/HTTP/1.1Content-Length:124Content-Type:application/octet-streamConnection:Close6.p.d.$.8.g.4$%Hs5.RC.eo.I.9.g)A.<.g.j.5B.ZLr.-KH.A;.L.C.f._.HTTP/1.1200OKContent-Length:2092Content-Type:application/octet-streamConnection:Close6.z.+.l.7.BZxL*T.$.G.Z8.3.e.,.M.b|.V.R.p)9I(.a.E.M.e.,.y.p.$.t.BGi.3.&6.l.u.qe.+.Cd.|Z.J.v.9mK.w.v.x.|.+!,5.a.p.4*.r.U.:O|.T.*.$.o.4.u.*.q|.k.)/.T.5.l.v.J4.F.<.lc.=8.Yj.C.%.zn.t&39;.L.N.&39;.6h.;.L.6.V.K.I.Y.P.o.OW.x.i+!d.2.2.3.LCR.YG.V.Yi<.Fg.k.F&39;.k.$.U.rw.%.L.A&c6.N.J|.Wk.r.*._.FM.j.BQ.kX.0.Z.T.0.).k.J.9.&N.:W./.&.z.W.H.wc.G.(.2.0.I.+.k.FC&C.w.8.N.Zt.A.S.).FD.;.d.7Ef.y.R.S.NS.c.J.OC._h.T!.i.sj.Go.H.6.e<.&39;.e.fkYj.b.E2<M.%eE.S.j.G.l.0.L.xV.V.%&39;./.p.Q.h.+.x.xDA.zt.N&.SFE.,&.b.:M.!.a.4mh.P.9.5.Am.n.*.Tr.F&39;R.S.0.D.+.&39;.%.Z.R.w4.G.E.H$8.b.l.W.:.F.J.8L.Z.m.o.t8O.<N.*.&.Z.ft.i_.u.:.V.*.br.&.1.X.H/.W.p.%U.A%.RVn.j-h.e.,.).2.(.X.=/.).e.K,.s1.82.|(a.7J.G.r.K.T2G.x.dazI.u=8.V*.L.v.m.1.8.=.h.e.T.mF/n0.)O.p.,.P./.x.W.y.).$.e.-.Z.os.=Q_).2&39;.Iyl.+.,.$.o.QC.b.B.2.4_.M.q6%.u9j.).,I+.r.b.A.6C.k.V5S.Y.2.&./.D.U.X+.5T|29.NXw.%.4.c.y.F;.O.-t.R.u$.r.&U.:.xQ.t.n+.6.ob.B.U.*d.T.:.T_.*)x.di./.b.h5.,.4.vr5.$r.2.!.W.a.e.sw7J.QM.D.Td.O.,D.-.w(h.J.6N.d8Z.E.2.7.3.G.9.;$.9.J.q.a.E.;.0.k.:n$.=.Qb.6.b.4.+|.);.8.u.r.oTpD.!j.P.T.P.h.,.;.A.V.w/!.W.e,.M.H0|im.pF.D.u.Hg.B_.Lg.,*.P.V8L+8、电视向DNS请求域名为license.em.xunlei的IP（90）数据传输.0058A0000211014X.partner_duct_flag.8192.license*.100809000100305010000039nfhr8c0f620s08ekac.ip.11.os.eCos-2.L.report_interval.3600.expire_time.31536000.rule.09、电视向DNS请求域名为hub5u.em.sandai的IP地址，传输数据.hub5sr.em.sandai.hub5pn.em.sandai.hub5sr.em.sandai.hub5sr.2.hub4t.G.G.G.G.G.ns4.xunlei.ns1.ns2.ns3.hub5pn.em.sandai.hub5pn.2.z.:.2.z.;.2.z.<.2.:.9X.2.:.9.2.=.Y.2.w.2.w.2.z.9.ns3.xunlei.ns4.ns1.ns2.license.em.xunlei.license.em.xunlei.<.ns3.xunlei.ns4.G.ns1.G.ns2.G.hub5u.em.sandai.hub5u.em.sandai.hub5u.1.chub5u.E.:.ns2.xunlei.ns3.p.ns4.p.ns1.p;.0058A0000211014X.do.8./.(.10、电视再次向cedock/service.asmx/IPTV2（0）的http端口发送一个post请求数据，cedock/service.asmx/IPTV2回应，数据传输成功POST/service.asmx/IPTV2HTTP/1.1Host:main.cedockAept:*/*User-Agent:Mozilla/4.0(patible;MSIE5.0;Windows98)Pragma:no-cacheCache-Control:no-cacheContent-Length:526Content-Type:application/x-www-form-urlencodedConnection:closexmlString=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22utf-8%22%3F%3E%3Crequest+website%3D%22http%3A/main.cedock%22%3E%3Cparameter+type%3D%22Login%22+language%3D%22zh-CN%22%3E%3Cclient+type%3D%22MS58A%22+id%3D%22E019309481C9C04F38517EA44BD67C5EAB761890%22+keytoken%3D%227A35F6578B621EFEC4982DB829BD15824421F25C%22+keytype%3D%220%22+ver%3D%22V8-0MS5802-LF1V045%22/%3E%3Cuser+type%3D%22Normal%22+id%3D%221714829%22+keytoken%3D%22E63D4D648DB3A5826AB54E96A52F679F7480C69C%22+keytype%3D%220%22/%3E%3C/parameter%3E%3C/request%3EHTTP/1.1200OKServer:nginx/1.0.11Date:Fri,24Feb201202:08:02GMTContent-Type:text/xml;charset=utf-8Connection:closeX-Powered-By:ASP.NETX-AspNet-Version:2.0.50727Cache-Control:private,max-age=0Content-Length:559<xmlversion=1.0encoding=utf-8<responsewebsite=cedock/service.asmx/IPTV2<errortype=falsenote=servertime=2012-02-2410:07:59/<clienttype=ms58aactivatekey=rvCSY0zxbxsN3VhfBFiPr4PD6wXaqWpL/<serverlanguage=zh-<channeltype=updateurl=cedock/update/no_update.xmllasttime=2009-4-2710:20:25/</server<serverlanguage=en<channeltype=updateurl=cedock/update/no_update.xmllasttime=2009-4-2710:20:25/</server</response11、电视向DNS请求域名为service.cedock的IP，回应IP（2），电视向cedock/weather/Getweather.action的http端口发送一个post请求，回应数据传输成功，而且从数据中可以读取到近三天的气温POST/weather/Getweather.actionHTTP/1.1Host:service.cedockAept:*/*User-Agent:Mozilla/4.0(patible;MSIE5.0;Windows98)Pragma:no-cacheCache-Control:no-cacheContent-Length:561Content-Type:application/x-www-form-urlencodedConnection:closexmlString=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22utf-8%22%3F%3E%3Crequest+website%3D%22http%3A/service.cedock%