View previous topic :: View next topic |
Author |
Message |
souleaper Newbie cheater Reputation: 0
Joined: 08 Jul 2012 Posts: 24
|
Posted: Thu Aug 16, 2018 10:55 pm Post subject: Question about packets. |
|
|
Hi, I am quite new to programming proxy. I made a simple packet sniffer.
When i compare the packet from my own packet sniffer and the one I retrieve using wpe pro.
There are additional packets.
These are in my own packet sniffer
DATA: SEGMENT: BYTES: ASCII:
DATA: --------------------------------------------------------------------------
DATA: 0000 50 C7 BF 65 B5 CA 70 F3 95 00 A0 AF 08 00 45 00 P..E..P. ......E.
DATA: 0010 00 2D 4E 84 40 00 80 06 00 00 C0 A8 01 A3 D2 F2 .-N.@... ........
DATA: 0020 F3 65 E4 16 1A 4C 2A 39 CB 75 3B 16 6A FD 50 18 .E...L*9 .U;.J.P.
DATA: 0030 40 19 88 C3 00 00 C7 77 36 45 30 @......W 6E0
and
in WPE pro there are .
only C7 77 36 45 30
if you look at the picture above (nvm i can't post img yet).. if i want to send the same packet to server programmically using Sharpcap or winpcap. How do i deal with the data segment from 0000 to 0030. The only data i see relevance is C7 77 36 45 30, which is the what i need to do.
Thanks.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
|
Back to top |
|
|
souleaper Newbie cheater Reputation: 0
Joined: 08 Jul 2012 Posts: 24
|
Posted: Fri Aug 17, 2018 6:21 am Post subject: |
|
|
Thanks,
Is there a quick way to generate this header per individual pc?
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Fri Aug 17, 2018 2:04 pm Post subject: |
|
|
You would need to create a parser for it as the header is built dynamically, in parts.
The first chunk is the 'Link Level' of the packet. Which will have:
- Destination
- Source
- Type
The type field determines what the next chunk in the packet will be.
In the case of the packet you gave above, the Type would be: 0x0800
That states that the next chunk in the packet is going to be an IP Layer 3 'Network Level' chunk/header. So then you would read out the network level chunk from the packet until you hit the next part.
You can lookup information for things like this on sites like:
https://en.wikipedia.org/wiki/Network_packet
https://en.wikipedia.org/wiki/IPv4
http://www.cs.miami.edu/home/burt/learning/Csc524.092/notes/ip_example.html
and so on.
Google has everything you need to walk the packet data.
Each section has a marker in it that tells you what to expect in the section after it. So it makes it pretty easy to follow.
_________________
- Retired. |
|
Back to top |
|
|
souleaper Newbie cheater Reputation: 0
Joined: 08 Jul 2012 Posts: 24
|
Posted: Sat Aug 18, 2018 3:39 am Post subject: |
|
|
The last link u showed, was for UDP protocol. Is there a difference in TCP?
i kinda vaguely understand the structure of the packet now.. from link level, to network level, transport layer then application level.
How do normal proxy developer build these structures programmatically ? in c#?
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Sat Aug 18, 2018 12:53 pm Post subject: |
|
|
souleaper wrote: | The last link u showed, was for UDP protocol. Is there a difference in TCP?
i kinda vaguely understand the structure of the packet now.. from link level, to network level, transport layer then application level.
How do normal proxy developer build these structures programmatically ? in c#? |
Most of the header stuff is handled for you when you use a networking library of some sort. The only time you personally have to build those headers is if you are working with raw sockets.
_________________
- Retired. |
|
Back to top |
|
|
souleaper Newbie cheater Reputation: 0
Joined: 08 Jul 2012 Posts: 24
|
Posted: Sun Aug 19, 2018 4:23 am Post subject: |
|
|
Ok, I got most info down to form the packet header..
How do i get the identification number, checksum number? sequence number?
|
|
Back to top |
|
|
souleaper Newbie cheater Reputation: 0
Joined: 08 Jul 2012 Posts: 24
|
Posted: Thu Aug 23, 2018 4:09 am Post subject: |
|
|
I will answer my own question.
In order to get the follows
1. Identification number - I need to get the last packet send from adapter to network and extract the identification number and increment by 1.
2. sequence number - I need to get the last packet send from local ip to the game server and according to that packet's payload size.. I have to increase that number by it.
3. Acknowledge number - Is from the last packet coming from the game server and add with it the payload size of that packet.. will be new acknowledge number..
Is that right?
|
|
Back to top |
|
|
|