投放屏幕upnp协议探究抓包

要了解DLNA需要了解upnp,因为DLNA在upnp之上

whireshark 抓包工具准备

先把whireshark打开 使用过滤器把网关的包去掉，不然干扰太多，首先说明，只要发包网关一定会发很多包回应，这一步时通过ssdp协议回应的： 分析所有包但是除了网关 udp port 1900 and (!host 192.168.1.1)

//只分析116的包 udp and host 192.168.1.108

kodi

首先分析kodi的探测search包

M-SEARCH * HTTP/1.1 MX: 5 ST: upnp:rootdevice MAN: “ssdp:discover” User-Agent: UPnP/1.0 DLNADOC/1.50 Kodi Connection: close Host: 239.255.255.250:1900

chrome

因为我打开着chrome，所以接下去又找到了chrome的包，我们都知道大名鼎鼎的chromecast，也是一样正在往网络上发探测搜索包，kodi 这样的软件也是一样正在网络里面发包。 M-SEARCH * HTTP/1.1 HOST: 239.255.255.250:1900 MAN: “ssdp:discover” MX: 1 ST: urn:dial-multiscreen-org:service:dial:1 USER-AGENT: Google Chrome/89.0.4389.90 Windows

手机发送

在局域网里面有手机开着看电影的时候，无一例外在里面会受到手机不断发送的消息，这样手机会收到设备返回的单播包，手机在里面找到自己的render，显示在界面上，由播放者选择投屏。

单播回送包

这是一个单播回送的信息 HTTP/1.1 200 OK Location: http://192.168.1.144:1350/DeviceDescription.xml Cache-Control: max-age=1800 Server: UPnP/1.0 DLNADOC/1.50 Kodi EXT: BOOTID.UPNP.ORG: 0 CONFIGID.UPNP.ORG: 9678 USN: uuid:97aa0fa5-1810-10f8-edcc-5a1a3e8aa358::upnp:rootdevice ST: upnp:rootdevice Date: Wed, 05 May 2021 13:39:43 GMT

notify信息

协议拥有者也会发送notify信息，表明自己是什么！如以下包

mediarender的信息 NOTIFY * HTTP/1.1 Host: 239.255.255.250:1900 Location: http://192.168.1.108:1294/ Cache-Control: max-age=1800 Server: UPnP/1.0 DLNADOC/1.50 Kodi NTS: ssdp:alive USN: uuid:01820fcf-4611-f824-9f1b-e44c7f0d909e::upnp:rootdevice NT: upnp:rootdevice

NOTIFY * HTTP/1.1 Host: 239.255.255.250:1900 Location: http://192.168.1.108:1294/ Cache-Control: max-age=1800 Server: UPnP/1.0 DLNADOC/1.50 Kodi NTS: ssdp:alive USN: uuid:01820fcf-4611-f824-9f1b-e44c7f0d909e NT: uuid:01820fcf-4611-f824-9f1b-e44c7f0d909e

NOTIFY * HTTP/1.1 Host: 239.255.255.250:1900 Location: http://192.168.1.108:1294/ Cache-Control: max-age=1800 Server: UPnP/1.0 DLNADOC/1.50 Kodi NTS: ssdp:alive USN: uuid:01820fcf-4611-f824-9f1b-e44c7f0d909e::urn:schemas-upnp-org:device:MediaRenderer:1 NT: urn:schemas-upnp-org:device:MediaRenderer:1

NOTIFY * HTTP/1.1 Host: 239.255.255.250:1900 Location: http://192.168.1.108:1294/ Cache-Control: max-age=1800 Server: UPnP/1.0 DLNADOC/1.50 Kodi NTS: ssdp:alive USN: uuid:01820fcf-4611-f824-9f1b-e44c7f0d909e::urn:schemas-upnp-org:service:AVTransport:1 NT: urn:schemas-upnp-org:service:AVTransport:1

NOTIFY * HTTP/1.1 Host: 239.255.255.250:1900 Location: http://192.168.1.108:1294/ Cache-Control: max-age=1800 Server: UPnP/1.0 DLNADOC/1.50 Kodi NTS: ssdp:alive USN: uuid:01820fcf-4611-f824-9f1b-e44c7f0d909e::urn:schemas-upnp-org:service:ConnectionManager:1 NT: urn:schemas-upnp-org:service:ConnectionManager:1

NOTIFY * HTTP/1.1 Host: 239.255.255.250:1900 Location: http://192.168.1.108:1294/ Cache-Control: max-age=1800 Server: UPnP/1.0 DLNADOC/1.50 Kodi NTS: ssdp:alive USN: uuid:01820fcf-4611-f824-9f1b-e44c7f0d909e::urn:schemas-upnp-org:service:RenderingControl:1 NT: urn:schemas-upnp-org:service:RenderingControl:1

//以上为ssdp发现协议的过程

下面说到控制和事件

SOAP协议

简单对象访问协议（Simple Object Access Protocol：SOAP）定义如何使用XML与HTTP来执行远程过程调用（Remote Procedure Call）。包括控制点如何发送命令消息给设备，设备收到命令消息后如何发送响应消息给控制点。该协议运用在UPnP工作流程的设备控制部分。抓包会发现一堆的soap控制信息。 以下为推送端和kodi的交互过程

GET / HTTP/1.1 Host: 192.168.1.144:1551 User-Agent: Go-http-client/1.1 Accept-Encoding: gzip

HTTP/1.1 200 OK Date: Wed, 05 May 2021 14:18:51 GMT Content-Length: 3369 Content-Type: text/xml; charset=“utf-8” Server: UPnP/1.0 DLNADOC/1.50 Kodi

1 1 urn:schemas-upnp-org:device:MediaRenderer:1 Kodi (MS-BXGVPAQUGSSC) XBMC Foundation http://kodi.tv/ Kodi - Media Renderer Kodi 18.9 (18.9.0) Git:20201023-0655c2c718 http://kodi.tv/ uuid:cff47b40-2475-7ff1-7459-318ec45c9853 http://192.168.1.144:8080/ DMR-1.50 image/png 256 256 8 /icon256x256.png image/png 120 120 8 /icon120x120.png image/png 48 48 8 /icon48x48.png image/png 32 32 8 /icon32x32.png image/png 16 16 8 /icon16x16.png urn:schemas-upnp-org:service:AVTransport:1 urn:upnp-org:serviceId:AVTransport /AVTransport/cff47b40-2475-7ff1-7459-318ec45c9853/scpd.xml /AVTransport/cff47b40-2475-7ff1-7459-318ec45c9853/control.xml /AVTransport/cff47b40-2475-7ff1-7459-318ec45c9853/event.xml urn:schemas-upnp-org:service:ConnectionManager:1 urn:upnp-org:serviceId:ConnectionManager /ConnectionManager/cff47b40-2475-7ff1-7459-318ec45c9853/scpd.xml /ConnectionManager/cff47b40-2475-7ff1-7459-318ec45c9853/control.xml /ConnectionManager/cff47b40-2475-7ff1-7459-318ec45c9853/event.xml urn:schemas-upnp-org:service:RenderingControl:1 urn:upnp-org:serviceId:RenderingControl /RenderingControl/cff47b40-2475-7ff1-7459-318ec45c9853/scpd.xml /RenderingControl/cff47b40-2475-7ff1-7459-318ec45c9853/control.xml /RenderingControl/cff47b40-2475-7ff1-7459-318ec45c9853/event.xml SUBSCRIBE /AVTransport/cff47b40-2475-7ff1-7459-318ec45c9853/event.xml HTTP/1.1 Host: 192.168.1.144:1551 User-Agent: Go-http-client/1.1 CALLBACK:

HTTP/1.1 200 OK SID: uuid:7b7b6be2-c7db-41e4-c966-0e13962c2f96 TIMEOUT: Second-1800 Date: Wed, 05 May 2021 14:18:51 GMT Content-Length: 0 Connection: close Server: UPnP/1.0 DLNADOC/1.50 Kodi

以上的交互过程非常清楚，简单，upnp协议是非常方便的，多分析，多抓包，可以获取很多软件使用的方法。 未完待续，继续补充