嘟嘟社区

wireguard的流量怎么被wireshark分辨出来的?


所以不用考虑fq的问题啊 wireshark 都能直接区分出是不是wg的流量

墙肯定也能。。。。。
看代码也没哪个地方暴露什么特征啊

  1.                 fieldType := header[0:4]
  2.                 fieldReceiver := header[4:8]
  3.                 fieldNonce := header[8:16]
  4.                 binary.LittleEndian.PutUint32(fieldType, MessageTransportType)
  5.                 binary.LittleEndian.PutUint32(fieldReceiver, elem.keypair.remoteIndex)
  6.                 binary.LittleEndian.PutUint64(fieldNonce, elem.nonce)
  7.                 // pad content to multiple of 16
  8.                 paddingSize := calculatePaddingSize(len(elem.packet), int(atomic.LoadInt32(&device.tun.mtu)))
  9.                 elem.packet = append(elem.packet, paddingZeros[:paddingSize]…)
  10.                 // encrypt content and release to consumer
  11.                 binary.LittleEndian.PutUint64(nonce[4:], elem.nonce)
  12.                 elem.packet = elem.keypair.send.Seal(
  13.                         header,
  14.                         nonce[:],
  15.                         elem.packet,
  16.                         nil,
  17.                 )
  18.                 elem.Unlock()

复制代码

//————

err := peer.SendBuffer(elem.packet)

udp就卡斯特罗,刚刚出来时用k2跑过,轻松跑满百兆,诶,强国梦
https://lists.zx2c4.com/pipermail/wireguard/2016-July/000185.html

Generally speaking, WireGuard does not aim to evade DPS, unfortunately. There are several things that prevent this from occurring:

a) The first byte, which is a fixed type value. b) The fact that mac2 is most often all zeros. c) The fixed length of handshake messages. d) The unencrypted ephemeral public key.

https://wiki.wireshark.org/WireGuard
看下这篇邮件,里面有提到为什么wireguard容易被识别

https://lists.zx2c4.com/pipermail/wireguard/2018-September/003289.html