|
|
|
|
|
|
by Aissen
1044 days ago
|
|
|
They even have a nice comment explaining the heuristic: https://github.com/wireshark/wireshark/blob/ef9c79ae81b00a63... * Heuristics to detect the WireGuard protocol:
* - The first byte must be one of the valid four messages.
* - The total packet length depends on the message type, and is fixed for
* three of them. The Data type has a minimum length however.
* - The next three bytes are reserved and zero in the official protocol.
* Cloudflare's implementation however uses this field for load balancing
* purposes, so this condition is not checked here for most messages.
* It is checked for data messages to avoid false positives.
|
|
|