智能TCL电视机在线数据抓包
智能TCL电视机在线数据抓包 电视抓包
为了捕捉电视开机到打开天气预报节目的过程中都
传输了哪些数据。
一,实验环境:
电视:TCL58
IP为192.168.100.111 虚拟机:linux5系统Redhat IP为192.168.100.24
二,实现过程
电视:设置网关192.168.100.24
虚拟机:echo1/proc/sys//ipv4/ip_forward
iptables-tnat-APOSTROUTING-s192.168.100.111-jMASQUERADE
tcpdump-ieth0-nn-vv-tttt-s65535host192.168.100.111-wtcpdump.txt
目录
三,电视抓包...
1、电视开机,通过ARP
广播查找谁是网关
192.168.100.24,获取网关的mac地址2
2、通过DNS,请求域名main.cedock,告诉电视该域
名的IP124.40.120.20.3
3.电视向cedock/service.asmx/IPTV2(124.40.120.20)(main.cedock)的http的端口发送一
个post请求,回应了数据,传输成功,从内容中看出传
回了两个img2的URL.3
4、通过DNS请求域名
hub5sr.em.sandai/hub5pn.em.sandai,4
DNS回应两个域名的IP地址hub5sr.em.sandai(123.129.242.168)...4
hub5pn.em.sandai(122.143.5.58)...4
5、电视向em.sandai:80/HTTP/IP(123.129.242.168)发送一个post请求数据,数据传输,回应数据传输成功...5
6、122.143.5.58(hub5pn.em.sandai)向电视数据传输...7
7、em.sandai:80/(123.129.242.168)传输数据给电视,电视接收数据,回应了数据传输成功7
8、电视向DNS请求域名为license.em.xunlei的IP(60.217.235.190)...9
数据传输...9
9、电视向DNS请求域名为hub5u.em.sandai的IP地址,传输数据...9
10、电视再次向cedock/service.asmx/IPTV2
(124.40.120.20)的http端口发送一个post请求数据,cedock/service.asmx/IPTV2回应,数据传输成功...10
11、电视向DNS请求域名为service.cedock的IP,回应IP(124.40.120.12),电视向13
cedock/weather/Getweather.action的http端口发送一个post请求,回应数据传输成功,而且从数据中可以读取到近三天的气温...13
四.实验数据分析:
1、电视开机,通过ARP协议广播查找谁是网关
192.168.100.24,获取网关的mac地址
2、通过DNS,请求域名main.cedock,告诉电视该域
名的IP124.40.120.20
.............main.cedock..................
main.cedock.................|(x..............ns1...............ns2...=..........|(x8.O..........n...
3.电视向cedock/service.asmx/IPTV2(124.40.120.20)(main.cedock)的http的端口发送一
个post请求,回应了数据,传输成功,从内容中看出传
回了两个img2的URL
POST/service.asmx/IPTV2HTTP/1.1
Host:main.cedock
Aept:*/*
User-Agent:Mozilla/4.0(patible;MSIE5.0;Window
s98)
Pragma:no-cache
Cache-Control:no-cache
Content-Length:526
Content-Type:application/x-www-form-urlencoded
Connection:close
xmlString=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22utf-8%22%3F%3E%3Crequest+website%3D%22http%3A//main.cedock%22%3E%3Cparameter+type%3D%22Login%22+language%3D%22zh-CN%22%3E%3Cclient+type%3D%22MS58A%22+id%3D%22E019309481C9C04F38517EA44BD67C5EAB761890%22+keytoken%3D%227A35F6578B621EFEC4982DB829BD15824421F25C%22+keytype%3D%220%22+ver%3D%22V8-0MS5802-LF1V045%22/%3E%3Cuser+type%3D%22Normal%22+id%3D%221714829%22+keytoken%3D%22E63D4D648D
B3A5826AB54E96A52F679F7480C69C%22+keytype%3D%220%
22/%3E%3C/parameter%3E%3C/request%3E
HTTP/1.1200OK
Server:nginx/1.0.11
Date:Fri,24Feb201202:08:02GMT
Content-Type:text/xml;charset=utf-8
Connection:close
X-Powered-By:ASP.NET
X-AspNet-Version:2.0.50727
Cache-Control:private,max-age=0
Content-Length:559
<xmlversion="1.0"encoding="utf-8"
<responsewebsite="cedock/service.asmx/IPTV2"
<errortype="false"note=""servertime="2012-02-2410:07:59"/
<clienttype="ms58a"activatekey="rvCSY0zxbxsN3VhfBFiPr4PD6wXaqWpL"/
<serverlanguage="zh-"
<channeltype="update"url="cedock/update/no_update.xml"lasttime="2009-4-2710:20:25"/
</server
<serverlanguage="en"
<channeltype="update"url="cedock/update/no_update.xml"lasttime="2009-4-2710:20:25"/
</server
</response
4、通过DNS请求域名
hub5sr.em.sandai/hub5pn.em.sandai,DNS回应两个域名
的IP地址hub5sr.em.sandai(123.129.242.168)
hub5pn.em.sandai(122.143.5.58)
5、电视向em.sandai:80/HTTP/IP(123.129.242.168)
发送一个post请求数据,数据传输,回应数据
POSTem.sandai:80/HTTP/1.1
Content-Length:124
Content-Type:application/octet-stream
Connection:Close
6.......p....d...$..8.....g.4$%Hs5..RC.eo.I......9.....g)A...<.g.j...5B........ZLr....-KH..
A;....L~......C....f...._.[.....
HTTP/1.1200OK
Content-Length:2092
Content-Type:application/octet-stream
Connection:Close
6...........z...[...+...l...7"...BZxL*T.$.......G............Z8...3.
....e.,.M..."b|..V...R..p)9I(.a........E.M....{.e....,.......y..p.$........t...........BGi..`.3..&6.l..u.qe..+.Cd....
...|Z.J.v....@9mK..w.......v.x...|....+!,5.a.p.....4*.r.U..].:O|.............T.*.$.....`..o.4..u~.*.....q|.k..)/..T...5......l..v..J4..F.....<...}lc.=8..Yj....C..%.zn..t&39;...L......N......."&39;.[...6h..{...;....L.....6..V.K.I..Y....P......o..OW.x.i+!d...2.2...3.LCR.YG.V.Yi<`...Fg..k...F&39;..k.......$..U...rw.%.........L.....@A&c6......N......J|..Wk..r..*.~._......FM@.j.BQ.kX......0.Z.T..}.0....).{.k.J..9.&N......:W./...&.z....W..H..wc....G.(.2.0.I..+...k...FC&C..w....8..N..Zt.~[.A..........S.")`.FD....;...`d.....7Ef.....y.R..S..NS.c....[J..OC..._h.T!..`....~.i........sj.Go.H......6...`e<.&39;.e.fk
Yj.b....E2<M].%`e^E..S......j...G..l...0.L.xV..V.....%&39;...../..p...Q...h.....+`......x..xDA......zt.N&...SFE..,&..b...:M......!...a.4mh..P.9..]...5.A~m..n..*..Tr..
.F&39;R.....S..0..D@...`....+...&39;.%.Z..R..w4....G........E......
..H$8.b..l..W.:...F...J..8L~...Z......m..o.t8O..<N.......*.&.Z..ft.....
..^i_.u....:.....@V.*.b"r.@....]&......1.X.....H/....W.p.%U.....A%.RVn"..j-]h...e..,.)).2.........(...........X...=/.)..e.K@,.s1..82....|(
a.7J......
G...r.....K.T2G.x.dazI..u=8...V*.L..v...m.....1.8.........=......h....."..e.T.....mF/n0..}..)O...p..`.,,..P...../.....x.W.y....).$.e.......-.}..Z.os.=Q_)..2&39;.......Iyl.........+..,.$.....o.......QC.b......B......2.^.4_.M....q6%.u9j..)...,I+.r.b.@...
.A.6C........k...V5S.Y..2....[&../....D.....U.X+..5T|29.N
Xw...%..4..c.y...F;.......^...O..-t..R.u$.r..&U..^.:....xQ......t.n`+.6...o"b..B.U.*d....."T..:.T`_.."*)x..[.di.}....../.b`.h5...,...4..vr5
....$r...2.....!.W..a...e......s[w7J..........Q`M....D.........Td...O..,D..-..w(}h................J.6N..........d8Z.E.`...2.....7....
..3.G.9.....;$....]......9......J...q..a......E....;.0.k.........:n$......=..Qb..[....6..b..4..+|.)@;.........8....u.r.....oTpD......!j.P...`.T..P.h...,..;..A...V.w/!...W...e,..M..H0|im.pF.^..D.....u.Hg....B_............Lg....,*..P.V8L+
电视向em.sandai:80/HTTP/发送post请求,回应数
据传输成功
POSTem.sandai:80/HTTP/1.1
Content-Length:124
Content-Type:application/octet-stream
Connection:Close
6.......p....d...$..8.....g.4$%Hs5..RC.eo.I......9.....g)A...<.g.j...5B........ZLr....-KH..A;....L~......C....f...._.[.....
HTTP/1.1200OK
Content-Length:2092
Content-Type:application/octet-stream
Connection:Close
6...........z...[...+...l...7"...BZxL*T.$.......G............Z8...3.
....e.,.M..."b|..V...R..p)9I(.a........E.M....{.e....,.......y..p.$........t...........BGi..`.3..&6.l..u.qe..+.Cd....
...|Z.J.v....@9mK..w.......v.x...|....+!,5.a.p.....4*.r.U..].:O|.............T.*.$.....`..o.4..u~.*.....q|.k..)/..T...5......l..v..J4..F.....<...}lc.=8..Yj....C..%.zn..t&39;...L......N......."&39;.[...6h..{...;....L.....6..V.K.I..Y....P......o..OW.x.i+!d...2.2...3.LCR.YG.V.Yi<`...Fg..k...F&39;..k.......$..U...rw.%.........L.....@A&
amp;c6......N......J|..Wk..r..*.~._......FM@.j.BQ.kX......0.Z.T..}.0....).{.k.J..9.&N......:W./...&.z....W..H..wc....G.(.2.0.I..+...k...FC&C..w....8..N..Zt.~[.A..........S.")`.FD....;...`d.....7Ef.....y.R..S..NS.c....[J..OC..._h.T!..`....~.i........sj.Go.H......6...`e<.&39;.e.fkYj.b....E2<M].%`e^E..S......j...G..l...0.L.xV..V.....%&39;...../..p...Q...h.....+`......x..xDA......zt.N&...SFE..,&..b...:M......!...a.4mh..P.9..]...5.A~m..n..*..Tr..
.F&39;R.....S..0..D@...`....+...&39;.%.Z..R..w4....G........E......
..H$8.b..l..W.:...F...J..8L~...Z......m..o.t8O..<N.......*.&.Z..ft.....
..^i_.u....:.....@V.*.b"r.@....]&......1.X.....H/....W.p.%U.....A%.RVn"..j-]h...e..,.)).2.........(...........X...=/.)..e.K@,.s1..82....|(
a.7J......
G...r.....K.T2G.x.dazI..u=8...V*.L..v...m.....1.8.........=......h....."..e.T.....mF/n0..}..)O...p..`.,,..P...../.....x.W.y....).$.e.......-.}..Z.os.=Q_)..2&39;.......Iyl.........+..,.$.....o.......QC.b......B......2.^.4_.M....q6%.u9j..)...,I+.r.b.@...
.A.6C........k...V5S.Y..2....[&../....D.....U.X+..5T|29.N
Xw...%..4..c.y...F;.......^...O..-t..R.u$.r..&U..^.:....xQ......t.n`+.6...o"b..B.U.*d....."T..:.T`_.."*)x..[.di.}....../.b`.h5...,...4..vr5....$r...2.....!.W..a...e......s[w7J..........Q`M....D.........Td...O..,D..-..w(}h................J.6N..........d8Z.E.`...2.....7....
..3.G.9.....;$....]......9......J...q..a......E....;.0.k.........:n$......=..Qb..[....6..b..4..+|.)@;.........8....u.r.....oTpD......!j.P...`.T..P.h...,..;..A...V.w/!...W...e,..M..H0|im.pF.^..
D.....u.Hg....B_............Lg....,*..P.V8L+
6、122.143.5.58(hub5pn.em.sandai)向电视数据
传输
Sport:irdmidport:LiebDevMgmt-C
;........0058A0000211014X....
;...............0015C5F06A5A0000:.9U@.
(数据乱码)
7、em.sandai:80/(123.129.242.168)传输数据给电
视,电视接收数据,回应了数据传输成功
POSTem.sandai:80/HTTP/1.1
Content-Length:124
Content-Type:application/octet-stream
Connection:Close
6.......p....d...$..8.....g.4$%Hs5..RC.eo.I......9.....g)A...<.g.j...5B........ZLr....-KH..A;....L~......C....f...._.[.....
HTTP/1.1200OK
Content-Length:2092
Content-Type:application/octet-stream
Connection:Close
6...........z...[...+...l...7"...BZxL*T.$.......G............Z8...3.
....e.,.M..."b|..V...R..p)9I(.a........E.M....{.e....,.......y..p.$........t...........BGi..`.3..&6.l..u.qe..+.Cd....
...|Z.J.v....@9mK..w.......v.x...|....+!,5.a.p.....4*.r.U..].:O|.............T.*.$.....`..o.4..u~.*.....q|.k..)/..T...5......l..v..J4..F.....<...}lc.=8..Yj....C..%.zn..t&39;...L......N......."&39;.[...6h..{...;....L.....6..V.K.I..Y....P......o..OW.x.i+!d...2.2...3.LCR.YG.V.Yi<`...Fg..k...F&39;..k.......$..U...rw.%.........L.....@A&
amp;c6......N......J|..Wk..r..*.~._......FM@.j.BQ.kX......0.Z.T..}.0....).{.k.J..9.&N......:W./...&.z....W..H..wc....G.(.2.0.I..+...k...FC&C..w....8..N..Zt.~[.A..........S.")`.FD....;...`d.....7Ef.....y.R..S..NS.c....[J..OC..._h.T!..`....~.i........sj.Go.H......6...`e<.&39;.e.fkYj.b....E2<M].%`e^E..S......j...G..l...0.L.xV..V.....%&39;...../..p...Q...h.....+`......x..xDA......zt.N&...SFE..,&..b...:M......!...a.4mh..P.9..]...5.A~m..n..*..Tr..
.F&39;R.....S..0..D@...`....+...&39;.%.Z..R..w4....G........E......
..H$8.b..l..W.:...F...J..8L~...Z......m..o.t8O..<N.......*.&.Z..ft.....
..^i_.u....:.....@V.*.b"r.@....]&......1.X.....H/....W.p.%U.....A%.RVn"..j-]h...e..,.)).2.........(...........X...=/.)..e.K@,.s1..82....|(
a.7J......
G...r.....K.T2G.x.dazI..u=8...V*.L..v...m.....1.8.........=......h....."..e.T.....mF/n0..}..)O...p..`.,,..P...../.....x.W.y....).$.e.......-.}..Z.os.=Q_)..2&39;.......Iyl.........+..,.$.....o.......QC.b......B......2.^.4_.M....q6%.u9j..)...,I+.r.b.@...
.A.6C........k...V5S.Y..2....[&../....D.....U.X+..5T|29.N
Xw...%..4..c.y...F;.......^...O..-t..R.u$.r..&U..^.:....xQ......t.n`+.6...o"b..B.U.*d....."T..:.T`_.."*)x..[.di.}....../.b`.h5...,...4..vr5....$r...2.....!.W..a...e......s[w7J..........Q`M....D.........Td...O..,D..-..w(}h................J.6N..........d8Z.E.`...2.....7....
..3.G.9.....;$....]......9......J...q..a......E....;.0.k.........:n$......=..Qb..[....6..b..4..+|.)@;.........8....u.r.....oTpD......!j.P...`.T..P.h...,..;..A...V.w/!...W...e,..M..H0|im.pF.^..
D.....u.Hg....B_............Lg....,*..P.V8L+
8、电视向DNS请求域名为license.em.xunlei的IP
(60.217.235.190)数据传输
.................0058A0000211014X....
...partner_id....20000014....product_flag....8192....license*...100809000100305010000039nfhr8c0f620s08ekac....ip....192.168.100.111....os....eCos-2
........L................report_interval....3600....expire_time....31536000....rule....0
9、电视向DNS请求域名为hub5u.em.sandai的IP地
址,传输数据
.............hub5sr.em.sandai..................hub5pn.em.sandai..................hub5sr.em.sandai......
............hub5sr...2...........hub4t...G..........{....G..........{....G..........{....G..........{....G..........{..............
.ns4.xunlei...............ns1...............ns2...............ns3.........
.....hub5pn.em.sandai..................hub5pn...2..........z..:.2..........z..;.2..........z..
<.2..........:.9X.2..........:.9..2..........=..Y.2..........w..
.2..........w....2..........z..9.........~.
.ns3.xunlei...........~...ns4...........~...ns1...........~...ns2..
.............license.em.xunlei.....
.............license.em.xunlei.................<................ns3.xunlei..............ns4.G.............ns1.G.............ns2.G
.............hub5u.em.sandai.....
.............hub5u.em.sandai..................hub5u...1..........chub5u...E..........:............}.
.ns2.xunlei...........}...ns3.p.........}...ns4.p.........}...ns1.p
;........0058A0000211014X..do....8...../......................................(..........
10、电视再次向cedock/service.asmx/IPTV2
(124.40.120.20)的http端口发送一个post请求数据,
cedock/service.asmx/IPTV2回应,数据传输成功
POST/service.asmx/IPTV2HTTP/1.1
Host:main.cedock
Aept:*/*
User-Agent:Mozilla/4.0(patible;MSIE5.0;Windows98)
Pragma:no-cache
Cache-Control:no-cache
Content-Length:526
Content-Type:application/x-www-form-urlencoded
Connection:close
xmlString=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22utf-8%22%3F%3E%3Crequest+website%3D%22http%3A//main.cedock%22%3E%3Cparameter+type%3D%22Login%22+language%3D%22zh-CN%22%3E%3Cclient+type%3D%22MS58A%22+id%3D%22E019309481C9C04F38517EA44BD67C5EAB761890%22+keytoken%3D%227A35F6578B621EFEC4982DB829BD15824421F25C%22+keytype%3D%220%22+ver%3D%22V8-0MS5802-LF1V045%22/%3E%3Cuser+type%3D%22Normal%22+id%3D%221714829%22+keytoken%3D%22E63D4D648DB3A5826AB54E96A52F679F7480C69C%22+keytype%3D%220%22/%3E%3C/parameter%3E%3C/request%3E
HTTP/1.1200OK
Server:nginx/1.0.11
Date:Fri,24Feb201202:08:02GMT Content-Type:text/xml;charset=utf-8 Connection:close
X-Powered-By:ASP.NET
X-AspNet-Version:2.0.50727
Cache-Control:private,max-age=0 Content-Length:559
<xmlversion="1.0"encoding="utf-8"
<responsewebsite="cedock/service.asmx/IPTV2"
<errortype="false"note=""servertime="2012-02-2410:07:59"/
<clienttype="ms58a"activatekey="rvCSY0zxbxsN3VhfBFiPr4PD6wXaqWpL"/
<serverlanguage="zh-"
<channeltype="update"url="cedock/update/no_update.xml"lasttime="2009-4-2710:20:25"/
</server
<serverlanguage="en"
<channeltype="update"url="cedock/update/no_update.xml"lasttime="2009-4-2710:20:25"/
</server
</response
11、电视向DNS请求域名为service.cedock的IP,
回应IP(124.40.120.12),电视向
cedock/weather/Getweather.action的http端口发送一
个post请求,回应数据传输成功,而且从数据中可以读
取到近三天的气温
POST/weather/Getweather.actionHTTP/1.1
Host:service.cedock
Aept:*/*
User-Agent:Mozilla/4.0(patible;MSIE5.0;Windows98)
Pragma:no-cache
Cache-Control:no-cache
Content-Length:561
Content-Type:application/x-www-form-urlencoded
Connection:close
xmlString=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22utf-8%22%3F%3E%3Crequest+website%3D%22http%3A//service.cedock%22%3E%3Cparameter+type%3D%22Getweather%22+language%3D%22zh-CN%22%3E%3Cclient+type%3D%22MS58A%22+id%3D%22E019309481C9C04F38517EA44BD67C5EAB761890%22+keytoken%3D%221C916EA34211AA18C38C6E64DADE94761F40CE5A%22+keytype%3D%220%22/%3E%3Cuser+type%3D%22Normal%22+id%3D%221714829%22+keytoken%3D%22238B6C93C465E7254DCBECBC4DB6811E98116320%22+keytype%3D%220%22/%3E%3Ccity+name%3D%22%E5%8C%97%E4%BA%AC%22+id%3D%22010%22/%3E%3C/parameter%3E%3C/request%3E
HTTP/1.1200OK
Server:Apache-Coyote/1.1
Set-Cookie:JSESSIONID=7E264D6BF1E21B40F2142726B1302619;Path=/weather
Content-Type:text/xml;charset=utf-8
Content-Length:559
Date:Fri,24Feb201202:08:03GMT
Connection:close
<xmlversion="1.0"encoding="UTF-8"
<responsewebsite="cedock"<errorservertime="2012-02-2410:08:03.463"type="false"/<cityi
d="010"name="......"<weathermin="-2"max="5"date="2012-02-24"daynum="5"type="0302"moisture="48%"current="-1"/<weathermin="-4"max="6"date="2012-02-25"daynum="6"type="01"moisture=""current=""/<weathermin="-3"max="6"date="2012-02-26"daynum="7"type="01"moisture=""current=""/<weathermin="-2"max="7"date="2012-02-27"daynum="1"type="0102"moisture=""current=""/</city</response
上面分享,谢绝转载,个人制作,不作考究!