|
Hi-Performance Protocol Identification Engine |
|
Protocols > Xunlei P2PHiPPIE Name: xunleiProtocol Category: Peer-to-Peer Protocols Protocol Classification: Testing Xunlei (a Chinese word meaning Thunder), is an application that is heavily used, but not heavily used outside Japan because of the simple fact that the application is only available in Japanese. This protocol is not that disparate functionally from other protocols from what I can understand of it, but then again, the application is all in Japanese, so I'm not 100% sure. However, I can with very high confidence identify the traffic of this application. Opcodes The sessions for Xunlei all start (in my somewhat limited observation) with a very limited set of opcodes, followed by some data, including a data length field, which makes these packets pretty easy to calculatably identify. Packets starting with these op codes and whose length fields match up are readily identified as operating on this protocol. The only caveat is that in some of these occasions, the length field is shifted by 4 bytes from where it is to the rest. Here are the observed opcodes:
Length Field For the 0x02 opcode and the 0x29 opcode, the data length field falls at bytes 8-11 (in little endian), while in the 0x38 opcode, this occurs at bytes 4-7 (in little endian). If the amount of remaining bytes of the packet line up to these length fields, then it is identifiable as a Xunlei packet. Back to Protocol List. |
File hosting and other features supplied by: