我正在尝试使用 tshark 从 pacap 文件中获取未解码的部分,但它只显示了它可以解码的部分,其余的有效负载丢失了,有没有办法获取其余部分?记录如下。我需要获取 ESP SPI 和 ESP 序列“00 00 00 00 01 00 00 00 03”之后的 ESP 有效负载
tshark -r a.pcap -R "esp" -2 -V -x
....
Internet Protocol Version 6, Src: ::200:2000:0:1388 (::200:2000:0:1388), Dst: 2002:cccc::157 (2002:cccc::157)
0110 .... = Version: 6
[0110 .... = This field makes the filter "ip.version == 6" possible: 6]
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
.... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000)
.... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set
.... .... ...0 .... .... .... .... .... = ECN-CE: Not set
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 89
Next header: IPv6 hop-by-hop option (0)
Hop limit: 16
Source: ::200:2000:0:1388 (::200:2000:0:1388)
Destination: 2002:cccc::157 (2002:cccc::157)
[Destination 6to4 Gateway IPv4: 204.204.0.0 (204.204.0.0)]
[Destination 6to4 SLA ID: 0]
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Hop-by-Hop Option
Next header: ESP (50)
Length: 0 (8 bytes)
IPv6 Option (RPL Option)
Type: RPL Option (99)
Length: 4
Flag: 0
0... .... = Down: False
.0.. .... = Rank Error: False
..0. .... = Forwarding Error: False
...0 0000 = Reserved: 0x00
RPLInstanceID: 0x00
Sender Rank: 0x0100
Encapsulating Security Payload
ESP SPI: 0x00000001 (1)
ESP Sequence: 3
Frame (132 bytes):
0000 61 dc c3 00 00 0a 00 00 00 00 20 00 00 88 13 00 a......... .....
0010 00 00 20 00 00 7c 70 10 20 02 cc cc 00 00 00 00 .. ..|p. .......
0020 00 00 00 00 00 00 01 57 e0 32 06 63 04 00 00 01 .......W.2.c....
0030 00 00 00 00 01 00 00 00 03 9b c8 52 7a 9b 6c 36 ...........Rz.l6
0040 64 e1 f7 1b aa 12 66 ed 2d 6e 8b 9e d5 8e 0c ba d.....f.-n......
0050 ef 15 e6 17 2a 68 70 69 b6 55 1a c1 55 2f 63 fc ....*hpi.U..U/c.
0060 00 f4 72 78 3a c8 a0 af 34 1c 0a ec e3 1e 9a cc ..rx:...4.......
0070 58 89 7d 88 2c 7c 4b 03 fe 6f d8 d6 8b 07 9f d8 X.}.,|K..o......
0080 f0 46 ce 80 .F..
F