DrCom 5.2.1(X) 版协议分析 —— EAP 协议
通过 Wireshark 抓包可以得到几个重要的包,其中一个包是客户端在启动时向网关 Nearest 发送 Logoff 包:
Clevo_18:5f:14 Nearest EAPOL 96 Logoff 0000 01 80 c2 00 00 03 80 fa 5b 18 5f 14 88 8e 01 02 ........[._..... 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
协议类型为 0x888e,即 EAP,可扩展身份验证协议,是 802.1x 认证机制的核心。而 EAPOL 则是基于局域网的 EAP。通过 EAP 包追踪到的IP发现还有 UDP 心跳包,所以可以确定 DrCom 5.2.1(X) 使用 EAP 协议完成内网认证,随后通过 UDP 协议发送心跳包保持登录状态。 继续阅读 “DrCom 5.2.1(X) 版协议分析 —— EAP 协议”