forked from Nisalon/IntWars
-
Notifications
You must be signed in to change notification settings - Fork 44
PacketAnalysis
lightwind edited this page Jul 20, 2012
·
12 revisions
- Trace analysis
Packet analysis based on a single trace analysis. See below for inter-trace analysis
Op code Meaning Peer Channel Flag Size Nb seens Shape Variable ranges
Size: if size contains a single number, the size appears constant. Otherwise the min <> max is reported. Size in octets. Each space count as one. Shape: Fixed octet are reported. the ‘XX’ symbole indicates an octet which change from one packet to another.
00 | HandShake | C | 0 | 1 | 47 | 2 | 00 X0 X1 00 X2 00 00 00 X3 X4 X5 02 00 00 00 00 | X0: 0 <> 65 X1: 0 <> 93 X2: 0 <> 1 X3: 156 <> 189 X4: 3 <> 164 X5: 14 <> 17 |
01 | C | 0 | 1 | 47 | 1 | 01 F7 3A 03 01 00 00 00 9F BA EB BC EC F7 3A 03 | ||
08 | S | 2 | 0 | 47 | 70 | 08 00 00 00 00 00 00 00 00 X0 X1 X2 X3 X4 X5 X6 | X0: 0 <> 251 X1: 0 <> 254 X2: 0 <> 255 X3: 0 <> 68 X4: 0 <> 248 X5: 0 <> 255 X6: 0 <> 255 | |
09 | S | 1 | 0 | 17 | 1 | 09 19 00 00 40 80 | ||
0B | C | 3 | 1 | 20 | 1 | 0B 19 00 00 40 00 00 | ||
0D | C | 3 | 1 | 44 | 165 | 0D X0 00 00 40 X1 X2 00 40 X3 X4 X5 00 40 X6 | X0: 1 <> 26 X1: 0 <> 252 X2: 0 <> 49 X3: 123 <> 128 X4: 0 <> 255 X5: 2 <> 52 X6: 64 <> 65 | |
17 | QueryStatusReq | S | 1 | 0 | 14 | 12 | 17 00 00 00 00 | |
18 | SkillUp | C | 3 | 1 | 23 | 8 | 18 X0 00 00 40 X1 X2 X3 | X0: 25 <> 26 X1: 0 <> 1 X2: 1 <> 3 X3: 0 <> 3 |
19 | PingLoadInfo | S | 1 | 1 | 47 | 21 | 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
1D | C | 3 | 1 | 47 | 1755 | 1D X0 X1 00 40 X2 X3 00 40 X4 X5 X6 00 40 X7 X8 | X0: 0 <> 255 X1: 0 <> 50 X2: 0 <> 255 X3: 0 <> 49 X4: 116 <> 128 X5: 0 <> 255 X6: 0 <> 52 X7: 64 <> 66 X8: 0 <> 255 | |
24 | C | 3 | 1 | 47 | 1 | 24 19 00 00 40 1A 00 00 40 60 98 71 41 00 0A 01 | ||
2C | MasteryInfo | C | 3 | 1 | 47 | 2 | 2C X0 00 00 40 00 00 00 00 00 00 00 00 00 00 00 | X0: 25 <> 26 |
2E | C | 3 | 0 | 17 | 365 | 2E 00 00 00 00 X0 | X0: 0 <> 255 | |
30 | S | 1 | 1 | 47 | 365 | 30 00 00 00 00 X0 X1 X2 X3 90 88 BA 44 X4 X5 X6 | X0: 0 <> 254 X1: 0 <> 255 X2: 0 <> 252 X3: 67 <> 70 X4: 0 <> 253 X5: 2 <> 253 X6: 0 <> 254 | |
31 | C | 3 | 1 | 47 | 1 | 31 19 00 00 40 DC 38 CF 41 74 E8 53 43 A5 C6 83 | ||
39 | C | 3 | 1 | 17 | 549 | 39 X0 X1 00 40 X2 | X0: 0 <> 255 X1: 0 <> 50 X2: 0 <> 209 | |
3A | C | 3 | 1 | 14 | 42 | 3A X0 X1 X2 X3 | X0: 1 <> 241 X1: 0 <> 198 X2: 0 <> 249 X3: 64 <> 255 | |
3E | SkillUp | S | 1 | 0 | 17 | 5 | 3E 19 00 00 40 X0 | X0: 0 <> 1 |
4C | - | C | 3 | 1 | 47 | 2 | 4C 00 00 00 00 X0 00 00 00 00 00 00 00 00 01 00 | X0: 89 <> 90 |
52 | C | 3 | 1 | 47 | 1 | 52 00 00 00 00 1A 00 00 40 01 00 00 00 40 69 00 | ||
56 | C | 3 | 1 | 47 | 1 | 56 E0 03 00 40 21 C0 F5 3E 77 69 11 3B 26 95 60 | ||
57 | C | 3 | 1 | 14 | 15 | 57 X0 X1 00 40 | X0: 4 <> 214 X1: 0 <> 37 | |
58 | StartGame | S | 1 | 0 | 38 | 1 | 58 00 00 00 00 52 AF FE 4C CA EA 14 7A | |
5A | SynchVersion | C | 3 | 1 | 47 | 1 | 5A 00 00 00 00 01 01 00 00 00 9C A4 0E 02 00 00 | |
63 | S | 1 | 0 | 14 | 3 | 63 00 00 00 00 | ||
64 | ClientReady | S | 6 | 0 | 35 | 1 | 64 84 A9 00 00 00 00 00 64 00 00 00 | |
65 | LoadHero | C | 6 | 1 | 47 | 2 | 65 00 00 00 00 00 00 00 X0 X1 X2 02 00 00 00 00 | X0: 156 <> 189 X1: 3 <> 164 X2: 14 <> 17 |
66 | LoadName | C | 6 | 1 | 47 | 2 | 66 00 00 00 00 00 00 00 X0 X1 X2 02 00 00 00 00 | X0: 156 <> 189 X1: 3 <> 164 X2: 14 <> 17 |
67 | MoveAns | C | 6 | 1 | 47 | 1 | 67 00 00 00 06 00 00 00 06 00 00 00 9E 4E 6F 00 | |
67 | MoveAns | C | 4 | 2 | 47 | 3565 | 67 00 00 00 00 X0 X1 X2 00 X3 00 X4 X5 X6 00 40 | X0: 0 <> 255 X1: 0 <> 255 X2: 0 <> 2 X3: 1 <> 27 X4: 2 <> 26 X5: 0 <> 255 X6: 0 <> 50 |
6B | C | 3 | 1 | 47 | 42 | 6B 19 00 00 40 X0 19 00 00 40 X1 X2 00 40 X3 X4 | X0: 4 <> 132 X1: 4 <> 254 X2: 0 <> 50 X3: 25 <> 225 X4: 3 <> 244 | |
6E | C | 3 | 1 | 47 | 2 | 6E 00 00 00 00 0A 05 53 DC 04 00 00 00 00 00 00 | ||
70 | C | 3 | 1 | 26 | 7 | 70 X0 00 00 40 X1 X2 00 40 | X0: 1 <> 22 X1: 45 <> 136 X2: 4 <> 46 | |
71 | C | 3 | 1 | 17 <> 47 | 2 | 71 68 00 00 40 X0 05 00 00 00 69 64 6C 65 31 0C | X0: 0 <> 1 | |
75 | C | 3 | 1 | 35 | 3 | 75 19 00 00 40 X0 X1 00 00 X2 01 01 | X0: 28 <> 247 X1: 4 <> 7 X2: 0 <> 1 | |
78 | MoveReq | S | 1 | 0 | 47 | 443 | 78 19 00 00 40 X0 X1 X2 X3 X4 X5 X6 X7 X8 X9 X10 | X0: 2 <> 7 X1: 0 <> 254 X10: 1 <> 255 X2: 1 <> 254 X3: 0 <> 255 X4: 67 <> 194 X5: 0 <> 242 X6: 1 <> 254 X7: 4 <> 253 X8: 64 <> 194 X9: 0 <> 253 |
7C | C | 2 | 1 | 47 | 70 | 7C 00 00 00 00 X0 X1 X2 X3 X4 X5 X6 X7 X8 X9 X10 | X0: 0 <> 248 X1: 0 <> 255 X10: 2 <> 255 X2: 0 <> 255 X3: 0 <> 68 X4: 0 <> 83 X5: 0 <> 240 X6: 5 <> 231 X7: 61 <> 62 X8: 0 <> 244 X9: 2 <> 226 | |
7D | MoveConfirm | S | 1 | 2 | 29 | 3565 | 7D 00 00 00 00 X0 X1 X2 00 00 | X0: 0 <> 255 X1: 0 <> 255 X2: 0 <> 2 |
82 | C | 3 | 1 | 41 | 5 | 82 X0 X1 00 40 X2 X3 X4 X5 X6 00 00 00 00 | X0: 4 <> 96 X1: 0 <> 24 X2: 0 <> 2 X3: 5 <> 67 X4: 83 <> 172 X5: 5 <> 220 X6: 2 <> 12 | |
86 | C | 3 | 1 | 47 | 24 | 86 00 00 00 00 X0 00 X1 X2 00 40 X3 X4 X5 X6 X7 | X0: 1 <> 5 X1: 25 <> 205 X2: 0 <> 44 X3: 0 <> 60 X4: 0 <> 218 X5: 0 <> 254 X6: 24 <> 220 X7: 63 <> 66 | |
88 | S | 1 | 0 | 29 | 1 | 88 00 00 00 00 00 00 00 00 00 | ||
89 | ReqBuyItem | S | 1 | 0 | 26 | 3 | 89 19 00 00 40 X0 X1 00 00 | X0: 28 <> 247 X1: 4 <> 7 |
8E | C | 3 | 1 | 47 | 20 | 8E 00 00 00 00 X0 X1 X2 X3 X4 20 00 00 00 00 00 | X0: 1 <> 3 X1: 102 <> 210 X2: 11 <> 135 X3: 65 <> 211 X4: 5 <> 12 | |
96 | S | 1 | 0 | 14 | 1 | 96 00 00 00 00 | ||
9A | SendGameNumber | C | 3 | 1 | 47 | 1 | 9A 00 00 00 00 B6 76 FF 1A 00 00 00 00 4E 69 67 | |
9D | C | 3 | 1 | 47 | 1 | 9D 00 00 00 00 43 AC D4 0C 05 01 00 00 40 00 00 | ||
9F | PingLoadInfo | C | 4 | 0 | 47 | 37 | 9F 00 00 00 00 X0 00 00 00 X1 X2 X3 02 00 00 00 | X0: 0 <> 1 X1: 156 <> 189 X2: 3 <> 164 X3: 14 <> 17 |
A4 | S | 1 | 0 | 47 | 35 | A4 19 00 00 40 X0 X1 X2 X3 X4 X5 X6 X7 42 X8 X9 | X0: 0 <> 10 X1: 0 <> 255 X2: 2 <> 254 X3: 2 <> 250 X4: 69 <> 70 X5: 0 <> 224 X6: 6 <> 254 X7: 48 <> 59 X8: 0 <> 250 X9: 27 <> 255 | |
B2 | ConfirmStats | S | 1 | 2 | 26 | 2460 | B2 00 00 00 00 X0 X1 X2 00 | X0: 0 <> 255 X1: 0 <> 255 X2: 0 <> 2 |
B9 | C | 3 | 1 | 20 <> 44 | 92 | B9 X0 X1 X2 X3 00 00 X4 X5 X6 X7 X8 X9 X10 X11 | X0: 0 <> 254 X1: 0 <> 198 X10: 28 <> 252 X11: 66 <> 70 X2: 0 <> 235 X3: 64 <> 255 X4: 0 <> 164 X5: 0 <> 248 X6: 28 <> 252 X7: 67 <> 70 X8: 0 <> 231 X9: 0 <> 242 | |
BB | Click | S | 1 | 0 | 38 | 260 | BB 00 00 00 00 00 00 00 00 X0 X1 X2 X3 | X0: 0 <> 254 X1: 0 <> 198 X2: 0 <> 16 X3: 0 <> 255 |
C1 | C | 3 | 1 | 47 | 3 | C1 1A 00 00 40 X0 X1 00 00 00 X2 00 05 53 DC 04 | X0: 113 <> 248 X1: 104 <> 152 X2: 86 <> 154 | |
C3 | C | 3 | 1 | 47 | 14 | C3 X0 X1 00 40 X2 X3 01 00 X4 X5 X6 X7 X8 X9 X10 | X0: 1 <> 47 X1: 0 <> 24 X10: 0 <> 232 X2: 0 <> 5 X3: 1 <> 14 X4: 5 <> 149 X5: 83 <> 204 X6: 5 <> 232 X7: 4 <> 12 X8: 0 <> 231 X9: 0 <> 93 | |
C6 | C | 3 | 1 | 23 <> 47 | 157 | C6 X0 X1 X2 X3 X4 X5 X6 X7 X8 X9 X10 00 X11 X12 X13 | X0: 1 <> 255 X1: 0 <> 60 X10: 0 <> 50 X11: 2 <> 64 X12: 1 <> 255 X13: 0 <> 190 X2: 0 <> 235 X3: 64 <> 255 X4: 0 <> 77 X5: 0 <> 1 X6: 0 <> 75 X7: 0 <> 1 X8: 0 <> 105 X9: 0 <> 255 | |
C9 | SynchVersion | S | 1 | 0 | 47 | 1 | C9 00 00 00 00 00 00 00 00 00 00 00 00 56 65 72 | |
CA | S | 1 | 0 | 14 | 1 | CA 00 00 00 00 | ||
CC | C | 3 | 1 | 26 | 24 | CC X0 X1 00 40 X2 00 00 X3 | X0: 4 <> 252 X1: 0 <> 50 X2: 0 <> 25 X3: 0 <> 64 | |
CD | C | 3 | 1 | 26 | 40 | CD 00 00 00 00 X0 X1 X2 X3 | X0: 0 <> 235 X1: 56 <> 194 X2: 7 <> 255 X3: 65 <> 68 | |
D0 | StatUpdate | C | 4 | 2 | 47 | 2684 | D0 00 00 00 00 X0 X1 X2 00 X3 X4 X5 X6 X7 X8 X9 | X0: 0 <> 255 X1: 0 <> 255 X2: 0 <> 2 X3: 1 <> 22 X4: 1 <> 42 X5: 0 <> 255 X6: 0 <> 147 X7: 0 <> 230 X8: 64 <> 255 X9: 0 <> 255 |
FF | Batch | C | 3 | 1 | 29 <> 47 | 2790 | FF X0 X1 X2 X3 X4 X5 X6 X7 X8 X9 X10 X11 X12 X13 X14 | X0: 2 <> 25 X1: 5 <> 181 X10: 0 <> 255 X11: 0 <> 255 X12: 0 <> 255 X13: 0 <> 255 X14: 0 <> 255 X2: 7 <> 253 X3: 0 <> 255 X4: 0 <> 198 X5: 0 <> 147 X6: 0 <> 255 X7: 0 <> 255 X8: 0 <> 255 X9: 0 <> 255 |
Intline9 edit: There are dubble opcodes, where only the channels differ (00 is for key and chat, 67 is for loading and movement :end
Compare the shape of the packets accross multiples traces to see what change between various trace YY represent offets that change between traces but are fixed in a single trace. XX represents offset that change between packets from the same trace.
Op code | Meaning | Peer | Channel | Flag | Size | Nb seens | Variable ranges |
00 | HandShake | C | 0 | 1 | 47 | 2 | 00 YY YY 00 XX 00 00 00 XX XX XX 02 00 00 00 00 |
01 | C | 0 | 1 | 47 | 1 | 01 F7 3A 03 01 00 00 00 9F BA EB BC EC F7 3A 03 | |
08 | S | 2 | 0 | 47 | 70 | 08 00 00 00 00 0Y 00 00 00 X0 X1 X2 X3 X4 X5 X6 | |
09 | S | 1 | 0 | 17 | 1 | 09 19 00 00 40 80 | |
0B | C | 3 | 1 | 20 | 1 | 0B 19 00 00 40 00 00 | |
0D | C | 3 | 1 | 44 | 165 | 0D X0 00 00 40 X1 X2 00 40 X3 X4 X5 00 40 X6 | |
17 | QueryStatusReq | S | 1 | 0 | 14 | 12 | 17 00 00 00 00 |
18 | SkillUp | C | 3 | 1 | 23 | 8 | 18 X0 00 00 40 X1 X2 X3 |
19 | PingLoadInfo | S | 1 | 1 | 47 | 21 | 19 00 00 00 00 0Y 00 00 00 00 00 00 00 00 00 00 |
1D | C | 3 | 1 | 47 | 1755 | 1D X0 X1 00 40 X2 X3 00 40 X4 X5 X6 00 40 X7 X8 | |
24 | C | 3 | 1 | 47 | 1 | 24 19 00 00 40 1A 00 00 40 60 98 71 41 00 0A 01 | |
2C | MasteryInfo | C | 3 | 1 | 47 | 2 | 2C X0 00 00 40 00 00 00 00 00 00 00 00 00 00 00 |
2E | C | 3 | 0 | 17 | 365 | 2E 00 00 00 00 X0 | |
30 | S | 1 | 1 | 47 | 365 | 30 00 00 00 00 X0 X1 X2 X3 90 88 BA 44 X4 X5 X6 | |
31 | C | 3 | 1 | 47 | 1 | 31 1Y 00 00 40 YY YY YY 4Y YY Y8 Y3 43 YY YY YY | |
39 | C | 3 | 1 | 17 | 549 | 39 X0 X1 00 40 X2 | |
3A | C | 3 | 1 | 14 | 42 | 3A X0 X1 X2 X3 | |
3E | SkillUp | S | 1 | 0 | 17 | 5 | 3E 1Y 00 00 40 X0 |
4C | - | C | 3 | 1 | 47 | 2 | 4C 00 00 00 00 X0 00 00 00 00 00 00 00 00 01 00 |
52 | C | 3 | 1 | 47 | 1 | 52 00 00 00 00 1A 00 00 40 01 00 00 00 40 69 00 | |
56 | C | 3 | 1 | 47 | 1 | 56 Y0 YY 00 40 YY YY YY YY YY YY YY YY YYYYYYYY | |
57 | C | 3 | 1 | 14 | 15 | 57 X0 X1 00 40 | |
58 | StartGame | S | 1 | 0 | 38 | 1 | 58 00 00 00 00 YY YY YY 4Y YY EY YY YY |
5A | SynchVersion | C | 3 | 1 | 47 | 1 | 5A 00 00 00 00 01 01 00 00 00 9C A4 0E 02 00 00 |
63 | S | 1 | 0 | 14 | 3 | 63 00 00 00 00 | |
64 | ClientReady | S | 6 | 0 | 35 | 1 | 64 84 A9 00 0Y 00 00 00 64 00 00 00 |
65 | LoadHero | C | 6 | 1 | 47 | 2 | 65 00 00 00 00 00 00 00 X0 X1 X2 02 00 00 00 00 |
66 | LoadName | C | 6 | 1 | 47 | 2 | 66 00 00 00 00 00 00 00 X0 X1 X2 02 00 00 00 00 |
67 | MoveAns | C | 6 | 1 | 47 | 1 | 67 00 00 00 06 00 00 00 06 00 00 00 9E 4E 6F 00 |
67 | MoveAns | C | 4 | 2 | 47 | 3565 | 67 00 00 00 00 X0 X1 X2 00 X3 00 X4 X5 X6 00 40 |
6B | C | 3 | 1 | 47 | 42 | 6B YY YY 00 40 XX YY YY 00 40 XX XX 00 40 XX XX | |
6E | C | 3 | 1 | 47 | 2 | 6E 00 00 00 00 YY YY YY YY Y4 YY YY YY YY YY YY | |
70 | C | 3 | 1 | 26 | 7 | 70 X0 00 00 40 X1 YY 00 40 | |
71 | C | 3 | 1 | 17 <> 47 | 2 | 71 68 00 00 40 X0 05 00 00 00 69 64 6C 65 31 0C | |
75 | C | 3 | 1 | 35 | 3 | 75 1Y 00 00 40 X0 X1 00 00 X2 01 01 | |
78 | MoveReq | S | 1 | 0 | 47 | 443 | 78 1Y 00 00 40 X0 X1 X2 X3 X4 X5 X6 X7 X8 X9 X10 |
7C | C | 2 | 1 | 47 | 70 | 7C 00 00 00 00 X0 X1 X2 X3 X4 X5 X6 X7 X8 X9 X10 | |
7D | MoveConfirm | S | 1 | 2 | 29 | 3565 | 7D 00 00 00 00 X0 X1 X2 00 00 |
82 | C | 3 | 1 | 41 | 5 | 82 X0 X1 00 40 X2 X3 X4 X5 X6 00 00 00 00 | |
86 | C | 3 | 1 | 47 | 24 | 86 00 00 00 00 X0 00 X1 X2 00 40 X3 X4 X5 X6 X7 | |
88 | S | 1 | 0 | 29 | 1 | 88 00 00 00 00 00 0Y 00 00 00 | |
89 | ReqBuyItem | S | 1 | 0 | 26 | 3 | 89 1Y 00 00 40 X0 X1 00 00 |
8E | C | 3 | 1 | 47 | 20 | 8E 00 00 00 00 X0 X1 X2 X3 X4 YY 00 00 00 00 00 | |
96 | S | 1 | 0 | 14 | 1 | 96 00 00 00 00 | |
9A | SendGameNumber | C | 3 | 1 | 47 | 1 | 9A 00 00 00 00 B6 76 FF 1A 00 00 00 00 4Y 6Y 6Y |
9D | C | 3 | 1 | 47 | 1 | 9D 00 00 00 00 43 AC D4 0C 05 01 00 00 40 00 00 | |
9F | PingLoadInfo | C | 4 | 0 | 47 | 37 | 9F 00 00 00 00 X0 00 00 00 X1 X2 X3 02 00 00 00 |
A4 | S | 1 | 0 | 47 | 35 | A4 1Y 00 00 40 X0 X1 X2 X3 X4 X5 X6 X7 YY XX XX | |
B2 | ConfirmStats | S | 1 | 2 | 26 | 2460 | B2 00 00 00 00 X0 X1 X2 00 |
B9 | C | 3 | 1 | 20 <> 44 | 92 | B9 X0 X1 X2 X3 00 00 YY XX XX XX XX XX XXYYYY | |
BB | Click | S | 1 | 0 | 38 | 260 | BB 00 00 00 00 0Y 00 00 00 X0 X1 X2 X3 |
C1 | C | 3 | 1 | 47 | 3 | C1 1A 00 00 40 X0 X1 00 00 00 X2 00 05 53 DC 04 | |
C3 | C | 3 | 1 | 47 | 14 | C3 X0 X1 00 40 X2 X3 01 00 X4 X5 X6 X7 X8 X9 X10 | |
C6 | C | 3 | 1 | 23 <> 47 | 157 | C6 X0 X1 X2 X3 X4 YY XX YY XX XX XXYY0YYYYYYYYYYY | |
C9 | SynchVersion | S | 1 | 0 | 47 | 1 | C9 00 00 00 00 00 00 00 00 0Y 00 00 00 56 65 72 |
CA | S | 1 | 0 | 14 | 1 | CA 00 00 00 00 | |
CC | C | 3 | 1 | 26 | 24 | CC X0 X1 00 40 X2 00 00 X3 | |
CD | C | 3 | 1 | 26 | 40 | CD 00 00 00 00 X0 X1 X2 X3 | |
D0 | StatUpdate | C | 4 | 2 | 47 | 2684 | D0 00 00 00 00 X0 X1 X2 00 X3 X4 X5 X6 X7 X8 X9 |
FF | Batch | C | 3 | 1 | 29 <> 47 | 2790 | FF X0 X1 X2 X3 X4 X5 X6 X7 X8 X9 X10 X11 X12 X13 X14 |