Results 1 to 7 of 7

Thread: Which tool is better for packet sniffing/modifying?

  1. #1
    RottenFish
    Guest

    Which tool is better for packet sniffing/modifying?

    hi all reverser gurus.

    Im reversing a multiplayer server of a very well known game.

    Im interested mainly in comunication protocol between client/server. I decoded almost 90% of protocol, now I want to change some packets and send it back to server to see what happens.

    Im using Clearsight for packet sniffing but Iīve found not too much useful cause I canīt modify packets, only watch them.

    So, here is the question, which tool should I use to sniff this thing??
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    if you want to modify packets on the fly and have it be very customizable like
    "if *(header+0x10) == 0x6E then *(header+0x4C) += 0x08", then you're probably best off coding your own tool with winpcap.

    if you're just looking for passive sniffers though, iris (www.eeye.com) and/or ethereal should suffice

  3. #3
    anormal
    Guest

    C0mmview

    hi!

    have you seen C0mmview of Tam0soft?, i 've used it for years and works great for me

    regards!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Lost in Lala Land peterg70's Avatar
    Join Date
    Oct 2001
    Location
    Down Under
    Posts
    195
    Best approach to modifing packets for those sort of games is to create a simple program that accepts input packets and passes them on to the internet

    That way you configure the game to connect to your interface which then handles the packets being transferred between client and server. Similiar to a Proxy Client. If the client won't let you connect to the local machine then use a lan and connect to another machine which has internet access. That way you can easily decompile the packets.

    Note that these packets typically have checksums associated with them. Best way is to slowly tweak the specifications as requried while recalculating the required checksum.

  5. #5
    anormal
    Guest
    umm, i forgot about an app called "PacketForge" by famous Aphex,

    try to find it in iamaphex.cjb.net

    regards friends!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    I recommend WPE PRO 0.9A (XP)

    You can get it here: http://membres.lycos.fr/tsearch/cheattools.html

    Don't use 1.3 if you have XP, 0.9A is the latest for XP.


    From the help file:

    If you have a packet like this :
    04 BB 04 00 00 00 06 00 08
    and you want increase or decrease for example the byte in position 7 (byte = 06) by one each time a packet is sent:
    -right mouse button on a packet logged,SEND
    -double click or press INSER on the byte at the position 7(it will be show in red) and press play as usually
    -wpe will send packet :
    04 BB 04 00 00 00 07 00 08
    04 BB 04 00 00 00 08 00 08
    04 BB 04 00 00 00 09 00 08
    etc...
    for decrease set the step at -1
    Last edited by Aquatic; April 11th, 2004 at 19:04.

  7. #7
    RottenFish
    Guest
    Thanks for all advices guys, it saved me lot of time!!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Find packet receive
    By Nefarel in forum The Newbie Forum
    Replies: 6
    Last Post: May 15th, 2012, 10:55
  2. sniffing a "serial" in j2me apps through emulator
    By funtikar in forum The Newbie Forum
    Replies: 3
    Last Post: September 29th, 2009, 00:12
  3. Encrypted packet decryption
    By Rhijaen in forum The Newbie Forum
    Replies: 3
    Last Post: January 11th, 2007, 22:51
  4. Advertising in IP-packet or virii??
    By evaluator in forum Off Topic
    Replies: 14
    Last Post: August 23rd, 2005, 13:20
  5. Scan the packet send to server
    By liew985 in forum OllyDbg Support Forums
    Replies: 2
    Last Post: June 23rd, 2005, 06:36

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •