Appearance
Skip to content
主机身份协议(HIP)
主机身份协议(HIP)是一种身份交换机制,可通过 ESP 等隧道协议实现安全通信。HIP 提供了一种将 IP 地址的端点标识符角色和定位符角色分离的方法。它引入了一个新的 Host Identity(HI)命名空间,该命名空间基于公钥,端点标识符从中取得。公钥通常是自生成的,但并非一定如此。HIP 使用现有 IP 地址和转发机制作为定位符并进行数据包传递。
协议依赖
TCP:通常,HIP 使用 TCP 作为其传输协议。
UDP:通常,HIP 使用 UDP 作为其传输协议。
注意:HIP 并不限于使用 TCP 和 UDP。
示例流量
No. Time Source Destination Protocol Info
1 0.000000 193.167.187.26 193.234.218.203 HIP HIP I1(HIP Initiator Packet)
... Host Identity Protocol
Payload Protocol: 59 Header Length: 4 Fixed P-bit: 0(始终为零)Packet Type: 1 Version: 1, Reserved: 0 Fixed S-bit: 1(HIP)Checksum: 0x3d4a(正确)HIP Controls: 0x0000
- ... .... .... ...0 = Anonymous(发送方的 HI 是匿名的):False
Sender's HIT: 2001001c009d1d347d57bd541d10a393 Receiver's HIT: 2001001e2c023cbf8e65ee2b05a42820
No. Time Source Destination Protocol Info
2 0.037852 193.234.218.203 193.167.187.26 HIP HIP R1(HIP Responder Packet)
... Host Identity Protocol
Payload Protocol: 59 Header Length: 74 Fixed P-bit: 0(始终为零)Packet Type: 2 Version: 1, Reserved: 0 Fixed S-bit: 1(HIP)Checksum: 0x9fb9(正确)HIP Controls: 0x0000
- ... .... .... ...0 = Anonymous(发送方的 HI 是匿名的):False
Sender's HIT: 2001001e2c023cbf8e65ee2b05a42820 Receiver's HIT: 2001001c009d1d347d57bd541d10a393 HIP Parameters
R1_COUNTER(type=128, length=12)
Reserved: 0x00000000 R1 Counter: 0000000000001045 PUZZLE(type=257, length=12)
Difficulty(K): 10 Lifetime: 37 Opaque Data: 0x0000 Random number(I): 23c8b08466518471 DIFFIE_HELLMAN(type=513, length=195)
3(1536-bit MODP group)Public Value Length: 192 Public Value: c6d90a4e31a12b297b00162e7ce87d4eac71f53e032a7088... HIP_TRANSFORM(type=577, length=4)
1(AES-CBC with HMAC-SHA1)2(3DES-CBC with HMAC-SHA1)ESP_TRANSFORM(type=4095, length=6)
Reserved: 0x0000 1(AES-CBC with HMAC-SHA1)2(3DES-CBC with HMAC-SHA1)HOST_ID(type=705, length=140)
Host Identity Length: 136 Domain Identifier Type: 0 Domain Identifier Length: 0 Host Identity flags: 0x0202ff05
0000 0010 0000 0010 .... .... .... .... = Host Identity Header Flags: Key is associated with non-zone entity(0x00000202)
... .... .... .... 1111 1111 .... .... = Host Identity Header Protocol: Key is valid for any protocol(0x000000ff)
... .... .... .... .... .... 0000 0101 = Host Identity Header Algorithm: RSA(0x00000005)RSA Host Identity exponent length(e_len): 3 RSA Host Identity exponent(e): 010001 RSA Host Identity public modulus(n): bb7af53ff1a61b2186c468e1680d46084af340ee252cb4ce... HIP_SIGNATURE_2(type=61633, length=129)
5(RSA)Signature: 5c942e27bfb3002c645902d8106780f96bc71c503f11b00b... ECHO_REQUEST_UNSIGNED(type=63661, length=20)
Opaque Data: d390247cef89e3a61d8775701b1452bae218f0c6
No. Time Source Destination Protocol Info
3 0.052798 193.167.187.26 193.234.218.203 HIP HIP I2(Second HIP Initiator Packet)
... Host Identity Protocol
Payload Protocol: 59 Header Length: 84 Fixed P-bit: 0(始终为零)Packet Type: 3 Version: 1, Reserved: 0 Fixed S-bit: 1(HIP)Checksum: 0x70ea(正确)HIP Controls: 0x0000
- ... .... .... ...0 = Anonymous(发送方的 HI 是匿名的):False
Sender's HIT: 2001001c009d1d347d57bd541d10a393 Receiver's HIT: 2001001e2c023cbf8e65ee2b05a42820 HIP Parameters
- ESP_INFO(type=65, length=12)
- Reserved: 0x0000 Keymaterial Index: 0x0048 Old SPI: 0x00000000 New SPI: 0xc1905228 R1_COUNTER(type=128, length=12)
- Reserved: 0x00000048 R1 Counter: 0000000000001045 SOLUTION(type=321, length=20)
- Difficulty(K): 10 Reserved: 0 Opaque Data: 0x0000 Random number(I): 23c8b08466518471 Solution(J): 4540f2538515f5d3 DIFFIE_HELLMAN(type=513, length=195)
- 3(1536-bit MODP group)Public Value Length: 192 Public Value: 579c9096ead9be2d39e59173d4d4985a15910ea8702f3b5b... HIP_TRANSFORM(type=577, length=2)
- 1(AES-CBC with HMAC-SHA1)ENCRYPTED(type=641, length=180)
- Reserved: 0x00000000 Encrypted Parameter Data(176 字节)ESP_TRANSFORM(type=4095, length=4)
- Reserved: 0x0000 1(AES-CBC with HMAC-SHA1)HMAC(type=61505, length=20)
- HMAC: 5357199e5c4251ff155a23479dbb1c813c4a7e5c HIP_SIGNATURE(type=61697, length=129)
- 5(RSA)Signature: 505f0ddc50bc9067147ab6cb00ab99b1c9f87f271712f875... ECHO_RESPONSE_UNSIGNED(type=63425, length=20)
- Opaque Data: d390247cef89e3a61d8775701b1452bae218f0c6
No. Time Source Destination Protocol Info
4 0.198993 193.234.218.203 193.167.187.26 HIP HIP R2(Second HIP Responder Packet)
... Host Identity Protocol
Payload Protocol: 59 Header Length: 26 Fixed P-bit: 0(始终为零)Packet Type: 4 Version: 1, Reserved: 0 Fixed S-bit: 1(HIP)Checksum: 0x5728(正确)HIP Controls: 0x0000
- ... .... .... ...0 = Anonymous(发送方的 HI 是匿名的):False
Sender's HIT: 2001001e2c023cbf8e65ee2b05a42820 Receiver's HIT: 2001001c009d1d347d57bd541d10a393 HIP Parameters
- ESP_INFO(type=65, length=12)
- Reserved: 0x0000 Keymaterial Index: 0x0048 Old SPI: 0x00000000 New SPI: 0x3b71d381 HMAC_2(type=61569, length=20)
- HMAC: abe35f9e9fc6e1ca12526eb4ed195a44f9e29dd1 HIP_SIGNATURE(type=61697, length=129)
- 5(RSA)Signature: 818c6d10afe29450f90159289948f55d3175ab94b514d947...
Wireshark
HIP dissector 功能完整,并符合以下规范:
RFC 5201、RFC 5202、RFC 5203、RFC 5204。RFC 5206、draft-ietf-hip-nat-traversal-09(RFC 5770)、draft-ietf-hip-cert-03
显示过滤器
HIP 显示过滤器字段的完整列表可以在显示过滤器参考中找到
只显示基于 HIP 的流量:
hip外部链接
RFC 4423Host Identity Protocol(HIP)架构。
RFC 5201Host Identity Protocol。
RFC 5202 将 Encapsulating Security Payload(ESP)传输格式与 Host Identity Protocol(HIP)一起使用。
RFC 5203Host Identity Protocol(HIP)注册扩展。
RFC 5204Host Identity Protocol(HIP)Rendezvous 扩展。
RFC 5206 使用 Host Identity Protocol 实现 End-Host Mobility 和 Multihoming。
RFC 5770 用于穿越 Network Address Translators 的 Basic Host Identity Protocol(HIP)扩展。
Draft HIP CERTHIP Certificates。
Imported from https://wiki.wireshark.org/HIP on 2020-08-11 23:14:40 UTC
相关 Wireshark Wiki 页面
- Wireshark Wiki 首页Home · 入门与使用
- TCPTCP · 协议参考
- UDPUDP · 协议参考