xboxscene.org forums

Pages: 1 ... 3 4 [5] 6 7 8

Author Topic: Question Regarding Live  (Read 362 times)

b01

  • Archived User
  • Full Member
  • *
  • Posts: 122
Question Regarding Live
« Reply #60 on: August 31, 2004, 04:50:00 AM »

ph34r.gif

Ever since I used XB Connect, then later Xlink, I have always wondered y they did not make it so you could play game that are Live only. I felt like it was only some swicth they had to activate, and BAM! Instant live action.

and you can't tell me with the ability to link XBOX, GC, and PS2 that some1 on  the Kai team doesn't know something about how to implement a bootleg Live server.

Enough of my ranting: all I'm saying is despite the complications it is very likely to implement this bootleg Live service. In fact I say we brainstorm on a name for remedee service. I'll go first!

I choose the name: BootLeg LIVE or RB Live (remedee's Bootleg Live service)

I just luv da word bootleg, it the greetest thing since boxer briefs (no more chafing briefs for me). ph34r.gif
Logged

SargeZT

  • Archived User
  • Jr. Member
  • *
  • Posts: 86
Question Regarding Live
« Reply #61 on: August 31, 2004, 01:57:00 PM »

Ok.  Time to clarify some shit.  First, XBConnect and Kai are tunneling applications.  However, live is an actual server which handles the data between the two, not just tunnels.  Secondly, not everything is encrypted.  Simply encrypting data is a bad idea.  At this point, I think the encrypted data is simply a checksum of the data up to that point.

So, where am I?  Until I can figure what the fuck is up with the encrypted data, I'm lost.
Logged

mezzo

  • Archived User
  • Newbie
  • *
  • Posts: 2
Question Regarding Live
« Reply #62 on: August 31, 2004, 04:59:00 PM »

Hey folks,

I do not know much about live etc. actually never played online, but...

I think it is a good start to capture the traffic, and using dns is a great idea (actually it might be enough to connect via a pc with ICS and  an adjusted lmhosts file, no xbox modifications necessary)

to get to the point:
first we have to find out, what data is modified by the live servers.  So it would be nice, if somebody could do the following:
1. Have two xboxes play a game against each othe via xbox live (important: just the two, no one else, hope its possible)
2. Capture all the traffic between these two (simultaneously on both connections of course, don't bother about authentication)
3.  Have a look how much of this traffic is just passed through, and how much is modified
4.  We do not need to understand the data, its just to know, if live is just distributing the information or doing more.  

In the case that live is doing some game specific processing, i think we can forget about the whole thing, but else a slight chance might exist to get things going

so maybe find these things out first
Logged

neimod

  • Archived User
  • Newbie
  • *
  • Posts: 3
Question Regarding Live
« Reply #63 on: September 01, 2004, 06:09:00 AM »

CODE

No.     Time        Source                Destination           Protocol Info
     1 0.000000    192.168.123.152       Broadcast             ARP      Who has 192.168.123.152?  Gratuitous ARP

Frame 1 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: ff:ff:ff:ff:ff:ff
   Destination: ff:ff:ff:ff:ff:ff (Broadcast)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: ARP (0x0806)
   Trailer: 00000000000000000000000000000000...
Address Resolution Protocol (request/gratuitous ARP)
   Hardware type: Ethernet (0x0001)
   Protocol type: IP (0x0800)
   Hardware size: 6
   Protocol size: 4
   Opcode: request (0x0001)
   Sender MAC address: 00:0d:3a:57:fd:87 (192.168.123.152)
   Sender IP address: 192.168.123.152 (192.168.123.152)
   Target MAC address: 00:00:00:00:00:00 (00:00:00_00:00:00)
   Target IP address: 192.168.123.152 (192.168.123.152)

No.     Time        Source                Destination           Protocol Info
     2 1.007122    192.168.123.152       Broadcast             ARP      Who has 192.168.123.152?  Gratuitous ARP

Frame 2 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: ff:ff:ff:ff:ff:ff
   Destination: ff:ff:ff:ff:ff:ff (Broadcast)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: ARP (0x0806)
   Trailer: 00000000000000000000000000000000...
Address Resolution Protocol (request/gratuitous ARP)
   Hardware type: Ethernet (0x0001)
   Protocol type: IP (0x0800)
   Hardware size: 6
   Protocol size: 4
   Opcode: request (0x0001)
   Sender MAC address: 00:0d:3a:57:fd:87 (192.168.123.152)
   Sender IP address: 192.168.123.152 (192.168.123.152)
   Target MAC address: 00:00:00:00:00:00 (00:00:00_00:00:00)
   Target IP address: 192.168.123.152 (192.168.123.152)

No.     Time        Source                Destination           Protocol Info
     3 2.010033    192.168.123.152       Broadcast             ARP      192.168.123.152 is at 00:0d:3a:57:fd:87

Frame 3 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: ff:ff:ff:ff:ff:ff
   Destination: ff:ff:ff:ff:ff:ff (Broadcast)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: ARP (0x0806)
   Trailer: 00000000000000000000000000000000...
Address Resolution Protocol (reply)
   Hardware type: Ethernet (0x0001)
   Protocol type: IP (0x0800)
   Hardware size: 6
   Protocol size: 4
   Opcode: reply (0x0002)
   Sender MAC address: 00:0d:3a:57:fd:87 (192.168.123.152)
   Sender IP address: 192.168.123.152 (192.168.123.152)
   Target MAC address: 00:00:00:00:00:00 (00:00:00_00:00:00)
   Target IP address: 192.168.123.152 (192.168.123.152)


Where 192.168.123.152 is XBOX, and 192.168.123.254 is ROUTER.

Basically, I think its broadcasting to my home network if address .152 is taken, and it tries to let the router know this is the XBOX ip.
Logged

neimod

  • Archived User
  • Newbie
  • *
  • Posts: 3
Question Regarding Live
« Reply #64 on: September 01, 2004, 06:15:00 AM »

CODE

No.     Time        Source                Destination           Protocol Info
     7 295.177471  192.168.123.152       239.255.255.250       SSDP     M-SEARCH * HTTP/1.1

Frame 7 (170 bytes on wire, 170 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 01:00:5e:7f:ff:fa
   Destination: 01:00:5e:7f:ff:fa (01:00:5e:7f:ff:fa)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 239.255.255.250 (239.255.255.250)
User Datagram Protocol, Src Port: 1024 (1024), Dst Port: 1900 (1900)
   Source port: 1024 (1024)
   Destination port: 1900 (1900)
   Length: 136
   Checksum: 0x07c5 (correct)
Hypertext Transfer Protocol
   M-SEARCH * HTTP/1.1\r\n
       Request Method: M-SEARCH
   Host:239.255.255.250:1900\r\n
   ST:urn:schemas-upnp-org:service:WANIPConnection:1\r\n
   Man:"ssdp:discover"\r\n
   MX:2\r\n
   \r\n

No.     Time        Source                Destination           Protocol Info
     8 295.177626  192.168.123.152       239.255.255.250       SSDP     M-SEARCH * HTTP/1.1

Frame 8 (171 bytes on wire, 171 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 01:00:5e:7f:ff:fa
   Destination: 01:00:5e:7f:ff:fa (01:00:5e:7f:ff:fa)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 239.255.255.250 (239.255.255.250)
User Datagram Protocol, Src Port: 1024 (1024), Dst Port: 1900 (1900)
   Source port: 1024 (1024)
   Destination port: 1900 (1900)
   Length: 137
   Checksum: 0xf280 (correct)
Hypertext Transfer Protocol
   M-SEARCH * HTTP/1.1\r\n
       Request Method: M-SEARCH
   Host:239.255.255.250:1900\r\n
   ST:urn:schemas-upnp-org:service:WANPPPConnection:1\r\n
   Man:"ssdp:discover"\r\n
   MX:2\r\n
   \r\n

No.     Time        Source                Destination           Protocol Info
     9 295.201491  192.168.123.254       Broadcast             ARP      Who has 192.168.123.152?  Tell 192.168.123.254

Frame 9 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: ff:ff:ff:ff:ff:ff
   Destination: ff:ff:ff:ff:ff:ff (Broadcast)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: ARP (0x0806)
   Trailer: 2020202020202020202020202020212B...
Address Resolution Protocol (request)
   Hardware type: Ethernet (0x0001)
   Protocol type: IP (0x0800)
   Hardware size: 6
   Protocol size: 4
   Opcode: request (0x0001)
   Sender MAC address: 00:c0:49:a8:2e:19 (192.168.123.254)
   Sender IP address: 192.168.123.254 (192.168.123.254)
   Target MAC address: 00:0d:3a:57:fd:87 (192.168.123.152)
   Target IP address: 192.168.123.152 (192.168.123.152)

No.     Time        Source                Destination           Protocol Info
    10 295.201574  192.168.123.152       192.168.123.254       ARP      192.168.123.152 is at 00:0d:3a:57:fd:87

Frame 10 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: ARP (0x0806)
   Trailer: 00000000000000000000000000000000...
Address Resolution Protocol (reply)
   Hardware type: Ethernet (0x0001)
   Protocol type: IP (0x0800)
   Hardware size: 6
   Protocol size: 4
   Opcode: reply (0x0002)
   Sender MAC address: 00:0d:3a:57:fd:87 (192.168.123.152)
   Sender IP address: 192.168.123.152 (192.168.123.152)
   Target MAC address: 00:c0:49:a8:2e:19 (192.168.123.254)
   Target IP address: 192.168.123.254 (192.168.123.254)

No.     Time        Source                Destination           Protocol Info
    11 295.202694  192.168.123.254       192.168.123.152       SSDP     HTTP/1.1 200 OK

Frame 11 (328 bytes on wire, 328 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.123.254 (192.168.123.254), Dst Addr: 192.168.123.152 (192.168.123.152)
User Datagram Protocol, Src Port: 1900 (1900), Dst Port: 1024 (1024)
   Source port: 1900 (1900)
   Destination port: 1024 (1024)
   Length: 294
   Checksum: 0x6ed9 (correct)
Hypertext Transfer Protocol
   HTTP/1.1 200 OK\r\n
       Response Code: 200
   ST:urn:schemas-upnp-org:service:WANIPConnection:1\r\n
   USN:uuid:00-C0-49-A8-2E-19-FE7BA8C02::urn:schemas-upnp-org:service:WANIPConnection:1\r\n
   Location:http://192.168.123.254:80/desc.xml\r\n
   Cache-Control:max-age=1800\r\n
   Server:IGD-HTTP/1.1 UPnP/1.0 UPnP-Device-Host/1.0\r\n
   Ext:\r\n
   \r\n

No.     Time        Source                Destination           Protocol Info
    12 295.217460  192.168.123.152       192.168.123.254       TCP      1025 > http [SYN] Seq=0 Ack=0 Win=16952 Len=0 MSS=1304

Frame 12 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
   Trailer: 0000
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 192.168.123.254 (192.168.123.254)
Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: http (80), Seq: 0, Ack: 0, Len: 0
   Source port: 1025 (1025)
   Destination port: http (80)
   Sequence number: 0    (relative sequence number)
   Header length: 24 bytes
   Flags: 0x0002 (SYN)
   Window size: 16952
   Checksum: 0x2843 (correct)
   Options: (4 bytes)

No.     Time        Source                Destination           Protocol Info
    13 295.218199  192.168.123.254       192.168.123.152       TCP      http > 1025 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460

Frame 13 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
   Trailer: 6439
Internet Protocol, Src Addr: 192.168.123.254 (192.168.123.254), Dst Addr: 192.168.123.152 (192.168.123.152)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1025 (1025), Seq: 0, Ack: 1, Len: 0
   Source port: http (80)
   Destination port: 1025 (1025)
   Sequence number: 0    (relative sequence number)
   Acknowledgement number: 1    (relative ack number)
   Header length: 24 bytes
   Flags: 0x0012 (SYN, ACK)
   Window size: 5840
   Checksum: 0x961f (correct)
   Options: (4 bytes)
   SEQ/ACK analysis

No.     Time        Source                Destination           Protocol Info
    14 295.218286  192.168.123.152       192.168.123.254       TCP      1025 > http [ACK] Seq=1 Ack=1 Win=16952 Len=0

Frame 14 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
   Trailer: 000000000000
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 192.168.123.254 (192.168.123.254)
Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
   Source port: 1025 (1025)
   Destination port: http (80)
   Sequence number: 1    (relative sequence number)
   Acknowledgement number: 1    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0010 (ACK)
   Window size: 16952
   Checksum: 0x8274 (correct)
   SEQ/ACK analysis

No.     Time        Source                Destination           Protocol Info
    15 295.237481  192.168.123.152       192.168.123.254       HTTP     GET /desc.xml HTTP/1.1

Frame 15 (159 bytes on wire, 159 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 192.168.123.254 (192.168.123.254)
Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: http (80), Seq: 1, Ack: 1, Len: 105
   Source port: 1025 (1025)
   Destination port: http (80)
   Sequence number: 1    (relative sequence number)
   Next sequence number: 106    (relative sequence number)
   Acknowledgement number: 1    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0018 (PSH, ACK)
   Window size: 16952
   Checksum: 0x06cd (correct)
Hypertext Transfer Protocol
   GET /desc.xml HTTP/1.1\r\n
       Request Method: GET
   User-Agent: ffffffff/0.00.5849\r\n
   HOST: 192.168.123.254:80\r\n
   ACCEPT-LANGUAGE: en\r\n
   \r\n

No.     Time        Source                Destination           Protocol Info
    16 295.237535  192.168.123.152       192.168.123.254       TCP      1025 > http [FIN, ACK] Seq=106 Ack=1 Win=16952 Len=0

Frame 16 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
   Trailer: 000000000000
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 192.168.123.254 (192.168.123.254)
Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: http (80), Seq: 106, Ack: 1, Len: 0
   Source port: 1025 (1025)
   Destination port: http (80)
   Sequence number: 106    (relative sequence number)
   Acknowledgement number: 1    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0011 (FIN, ACK)
   Window size: 16952
   Checksum: 0x820a (correct)

No.     Time        Source                Destination           Protocol Info
    17 295.238651  192.168.123.254       192.168.123.152       TCP      http > 1025 [ACK] Seq=1 Ack=107 Win=5735 Len=0

Frame 17 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
   Trailer: 000085E99A01
Internet Protocol, Src Addr: 192.168.123.254 (192.168.123.254), Dst Addr: 192.168.123.152 (192.168.123.152)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1025 (1025), Seq: 1, Ack: 107, Len: 0
   Source port: http (80)
   Destination port: 1025 (1025)
   Sequence number: 1    (relative sequence number)
   Acknowledgement number: 107    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0010 (ACK)
   Window size: 5735
   Checksum: 0xaddb (correct)
   SEQ/ACK analysis

No.     Time        Source                Destination           Protocol Info
    18 295.265668  192.168.123.254       192.168.123.152       HTTP     HTTP/1.1 200 OK

Frame 18 (116 bytes on wire, 116 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.123.254 (192.168.123.254), Dst Addr: 192.168.123.152 (192.168.123.152)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1025 (1025), Seq: 1, Ack: 107, Len: 62
   Source port: http (80)
   Destination port: 1025 (1025)
   Sequence number: 1    (relative sequence number)
   Next sequence number: 63    (relative sequence number)
   Acknowledgement number: 107    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0010 (ACK)
   Window size: 5840
   Checksum: 0x72cc (correct)
Hypertext Transfer Protocol
   HTTP/1.1 200 OK\r\n
       Response Code: 200
   Content-Type: text/xml\r\n
   Connection: close\r\n
   \r\n

No.     Time        Source                Destination           Protocol Info
    19 295.288536  192.168.123.254       192.168.123.152       HTTP     Continuation

Frame 19 (1054 bytes on wire, 1054 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.123.254 (192.168.123.254), Dst Addr: 192.168.123.152 (192.168.123.152)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1025 (1025), Seq: 63, Ack: 107, Len: 1000
   Source port: http (80)
   Destination port: 1025 (1025)
   Sequence number: 63    (relative sequence number)
   Next sequence number: 1063    (relative sequence number)
   Acknowledgement number: 107    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0010 (ACK)
   Window size: 5840
   Checksum: 0xbfac (correct)
Hypertext Transfer Protocol
   Data (1000 bytes)

0000  3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31   0010  2e 30 22 3f 3e 0a 3c 72 6f 6f 74 20 78 6d 6c 6e   .0"?>.0020  73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75   s="urn:schemas-u
0030  70 6e 70 2d 6f 72 67 3a 64 65 76 69 63 65 2d 31   pnp-org:device-1
0040  2d 30 22 3e 0a 3c 73 70 65 63 56 65 72 73 69 6f   -0">.0050  6e 3e 0a 3c 6d 61 6a 6f 72 3e 31 3c 2f 6d 61 6a   n>.10060  6f 72 3e 0a 3c 6d 69 6e 6f 72 3e 30 3c 2f 6d 69   or>.00070  6e 6f 72 3e 0a 3c 2f 73 70 65 63 56 65 72 73 69   nor>.0080  6f 6e 3e 0a 3c 64 65 76 69 63 65 3e 0a 3c 64 65   on>..0090  76 69 63 65 54 79 70 65 3e 75 72 6e 3a 73 63 68   viceType>urn:sch
00a0  65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 64 65   emas-upnp-org:de
00b0  76 69 63 65 3a 49 6e 74 65 72 6e 65 74 47 61 74   vice:InternetGat
00c0  65 77 61 79 44 65 76 69 63 65 3a 31 3c 2f 64 65   ewayDevice:1
00d0  76 69 63 65 54 79 70 65 3e 0a 3c 66 72 69 65 6e   viceType>.00e0  64 6c 79 4e 61 6d 65 3e 55 53 52 20 42 72 6f 61   dlyName>USR Broa
00f0  64 62 61 6e 64 20 52 6f 75 74 65 72 3c 2f 66 72   dband Router0100  69 65 6e 64 6c 79 4e 61 6d 65 3e 0a 3c 6d 61 6e   iendlyName>.0110  75 66 61 63 74 75 72 65 72 3e 55 2e 53 2e 20 52   ufacturer>U.S. R
0120  6f 62 6f 74 69 63 73 3c 2f 6d 61 6e 75 66 61 63   obotics0130  74 75 72 65 72 3e 0a 3c 6d 61 6e 75 66 61 63 74   turer>.0140  75 72 65 72 55 52 4c 3e 68 74 74 70 3a 2f 2f 77   urerURL>http://w
0150  77 77 2e 75 73 72 2e 63 6f 6d 2f 3c 2f 6d 61 6e   ww.usr.com/
0160  75 66 61 63 74 75 72 65 72 55 52 4c 3e 0a 3c 6d   ufacturerURL>.0170  6f 64 65 6c 44 65 73 63 72 69 70 74 69 6f 6e 3e   odelDescription>
0180  34 2d 50 6f 72 74 20 31 30 2f 31 30 30 20 45 74   4-Port 10/100 Et
0190  68 65 72 6e 65 74 20 42 72 6f 61 64 62 61 6e 64   hernet Broadband
01a0  20 52 6f 75 74 65 72 3c 2f 6d 6f 64 65 6c 44 65    Router01b0  73 63 72 69 70 74 69 6f 6e 3e 0a 3c 6d 6f 64 65   scription>.01c0  6c 4e 61 6d 65 3e 42 72 6f 61 64 62 61 6e 64 20   lName>Broadband
01d0  52 6f 75 74 65 72 3c 2f 6d 6f 64 65 6c 4e 61 6d   Router01e0  65 3e 0a 3c 6d 6f 64 65 6c 4e 75 6d 62 65 72 3e   e>.
01f0  38 30 30 30 2d 30 32 3c 2f 6d 6f 64 65 6c 4e 75   8000-020200  6d 62 65 72 3e 0a 3c 55 44 4e 3e 75 75 69 64 3a   mber>.uuid:
0210  30 30 2d 43 30 2d 34 39 2d 41 38 2d 32 45 2d 31   00-C0-49-A8-2E-1
0220  39 2d 46 45 37 42 41 38 43 30 30 3c 2f 55 44 4e   9-FE7BA8C000230  3e 0a 3c 70 72 65 73 65 6e 74 61 74 69 6f 6e 55   >.0240  52 4c 3e 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36   RL>http://192.16
0250  38 2e 31 32 33 2e 32 35 34 3a 38 30 2f 3c 2f 70   8.123.254:80/0260  72 65 73 65 6e 74 61 74 69 6f 6e 55 52 4c 3e 0a   resentationURL>.
0270  3c 73 65 72 76 69 63 65 4c 69 73 74 3e 0a 3c 73   .0280  65 72 76 69 63 65 3e 0a 3c 73 65 72 76 69 63 65   ervice>.0290  54 79 70 65 3e 75 72 6e 3a 73 63 68 65 6d 61 73   Type>urn:schemas
02a0  2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63   -upnp-org:servic
02b0  65 3a 4c 61 79 65 72 33 46 6f 72 77 61 72 64 69   e:Layer3Forwardi
02c0  6e 67 3a 31 3c 2f 73 65 72 76 69 63 65 54 79 70   ng:102d0  65 3e 0a 3c 73 65 72 76 69 63 65 49 64 3e 75 72   e>.ur
02e0  6e 3a 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69   n:upnp-org:servi
02f0  63 65 49 64 3a 4c 33 46 6f 72 77 61 72 64 69 6e   ceId:L3Forwardin
0300  67 31 3c 2f 73 65 72 76 69 63 65 49 64 3e 0a 3c   g1
.<
0310  63 6f 6e 74 72 6f 6c 55 52 4c 3e 2f 75 70 6e 70   controlURL>/upnp
0320  2f 63 6f 6e 74 72 6f 6c 31 3c 2f 63 6f 6e 74 72   /control10330  6f 6c 55 52 4c 3e 0a 3c 65 76 65 6e 74 53 75 62   olURL>.0340  55 52 4c 3e 2f 4c 61 79 65 72 33 46 6f 72 77 61   URL>/Layer3Forwa
0350  72 64 69 6e 67 3c 2f 65 76 65 6e 74 53 75 62 55   rding0360  52 4c 3e 0a 3c 53 43 50 44 55 52 4c 3e 68 74 74   RL>.htt
0370  70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 32 33 2e   p://192.168.123.
0380  32 35 34 3a 38 30 2f 73 65 72 76 31 2e 78 6d 6c   254:80/serv1.xml
0390  3c 2f 53 43 50 44 55 52 4c 3e 0a 3c 2f 73 65 72  
.03a0  76 69 63 65 3e 0a 3c 2f 73 65 72 76 69 63 65 4c   vice>.03b0  69 73 74 3e 0a 3c 64 65 76 69 63 65 4c 69 73 74   ist>.03c0  3e 0a 3c 64 65 76 69 63 65 3e 0a 3c 64 65 76 69   >..03d0  63 65 54 79 70 65 3e 75 72 6e 3a 73 63 68 65 6d   ceType>urn:schem
03e0  61 73 2d 75 70 6e 70 2d                           as-upnp-

No.     Time        Source                Destination           Protocol Info
    20 295.295349  192.168.123.254       192.168.123.152       HTTP     Continuation

Frame 20 (1054 bytes on wire, 1054 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.123.254 (192.168.123.254), Dst Addr: 192.168.123.152 (192.168.123.152)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1025 (1025), Seq: 1063, Ack: 107, Len: 1000
   Source port: http (80)
   Destination port: 1025 (1025)
   Sequence number: 1063    (relative sequence number)
   Next sequence number: 2063    (relative sequence number)
   Acknowledgement number: 107    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0010 (ACK)
   Window size: 5840
   Checksum: 0x44b0 (correct)
Hypertext Transfer Protocol
   org:device:WANDevice:1\n
   Data (964 bytes)

0000  3c 66 72 69 65 6e 64 6c 79 4e 61 6d 65 3e 57 41   WA
0010  4e 20 44 65 76 69 63 65 3c 2f 66 72 69 65 6e 64   N Device0020  6c 79 4e 61 6d 65 3e 0a 3c 6d 61 6e 75 66 61 63   lyName>.0030  74 75 72 65 72 3e 55 2e 53 2e 20 52 6f 62 6f 74   turer>U.S. Robot
0040  69 63 73 3c 2f 6d 61 6e 75 66 61 63 74 75 72 65   ics0050  72 3e 0a 3c 6d 61 6e 75 66 61 63 74 75 72 65 72   r>.0060  55 52 4c 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 75   URL>http://www.u
0070  73 72 2e 63 6f 6d 2f 3c 2f 6d 61 6e 75 66 61 63   sr.com/
0080  74 75 72 65 72 55 52 4c 3e 0a 3c 6d 6f 64 65 6c   turerURL>.0090  44 65 73 63 72 69 70 74 69 6f 6e 3e 52 65 73 69   Description>Resi
00a0  64 65 6e 74 69 61 6c 20 47 61 74 65 77 61 79 3c   dential Gateway<
00b0  2f 6d 6f 64 65 6c 44 65 73 63 72 69 70 74 69 6f   /modelDescriptio
00c0  6e 3e 0a 3c 6d 6f 64 65 6c 4e 61 6d 65 3e 52 65   n>.Re
00d0  73 69 64 65 6e 74 69 61 6c 20 47 61 74 65 77 61   sidential Gatewa
00e0  79 20 44 65 76 69 63 65 3c 2f 6d 6f 64 65 6c 4e   y Device00f0  61 6d 65 3e 0a 3c 6d 6f 64 65 6c 4e 75 6d 62 65   ame>.0100  72 3e 38 30 30 30 2d 30 32 3c 2f 6d 6f 64 65 6c   r>8000-02
0110  4e 75 6d 62 65 72 3e 0a 3c 55 44 4e 3e 75 75 69   Number>.uui
0120  64 3a 30 30 2d 43 30 2d 34 39 2d 41 38 2d 32 45   d:00-C0-49-A8-2E
0130  2d 31 39 2d 46 45 37 42 41 38 43 30 31 3c 2f 55   -19-FE7BA8C010140  44 4e 3e 0a 3c 73 65 72 76 69 63 65 4c 69 73 74   DN>.0150  3e 0a 3c 73 65 72 76 69 63 65 3e 0a 3c 73 65 72   >..0160  76 69 63 65 54 79 70 65 3e 75 72 6e 3a 73 63 68   viceType>urn:sch
0170  65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65   emas-upnp-org:se
0180  72 76 69 63 65 3a 57 41 4e 43 6f 6d 6d 6f 6e 49   rvice:WANCommonI
0190  6e 74 65 72 66 61 63 65 43 6f 6e 66 69 67 3a 31   nterfaceConfig:1
01a0  3c 2f 73 65 72 76 69 63 65 54 79 70 65 3e 0a 3c   .<
01b0  73 65 72 76 69 63 65 49 64 3e 75 72 6e 3a 75 70   serviceId>urn:up
01c0  6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 49 64   np-org:serviceId
01d0  3a 57 41 4e 43 6f 6d 6d 6f 6e 49 6e 74 65 72 66   :WANCommonInterf
01e0  61 63 65 43 6f 6e 66 69 67 3c 2f 73 65 72 76 69   aceConfig01f0  63 65 49 64 3e 0a 3c 63 6f 6e 74 72 6f 6c 55 52   ceId>.0200  4c 3e 2f 75 70 6e 70 2f 63 6f 6e 74 72 6f 6c 32   L>/upnp/control2
0210  3c 2f 63 6f 6e 74 72 6f 6c 55 52 4c 3e 0a 3c 65   .0220  76 65 6e 74 53 75 62 55 52 4c 3e 2f 57 41 4e 43   ventSubURL>/WANC
0230  6f 6d 6d 6f 6e 49 6e 74 65 72 66 61 63 65 43 6f   ommonInterfaceCo
0240  6e 66 69 67 3c 2f 65 76 65 6e 74 53 75 62 55 52   nfig0250  4c 3e 0a 3c 53 43 50 44 55 52 4c 3e 68 74 74 70   L>.http
0260  3a 2f 2f 31 39 32 2e 31 36 38 2e 31 32 33 2e 32   ://192.168.123.2
0270  35 34 3a 38 30 2f 73 65 72 76 32 2e 78 6d 6c 3c   54:80/serv2.xml<
0280  2f 53 43 50 44 55 52 4c 3e 0a 3c 2f 73 65 72 76   /SCPDURL>.0290  69 63 65 3e 0a 3c 2f 73 65 72 76 69 63 65 4c 69   ice>.02a0  73 74 3e 0a 3c 64 65 76 69 63 65 4c 69 73 74 3e   st>.
02b0  0a 3c 64 65 76 69 63 65 3e 0a 3c 64 65 76 69 63   ..02c0  65 54 79 70 65 3e 75 72 6e 3a 73 63 68 65 6d 61   eType>urn:schema
02d0  73 2d 75 70 6e 70 2d 6f 72 67 3a 64 65 76 69 63   s-upnp-org:devic
02e0  65 3a 57 41 4e 43 6f 6e 6e 65 63 74 69 6f 6e 44   e:WANConnectionD
02f0  65 76 69 63 65 3a 31 3c 2f 64 65 76 69 63 65 54   evice:10300  79 70 65 3e 0a 3c 66 72 69 65 6e 64 6c 79 4e 61   ype>.0310  6d 65 3e 57 41 4e 20 43 6f 6e 6e 65 63 74 69 6f   me>WAN Connectio
0320  6e 20 44 65 76 69 63 65 3c 2f 66 72 69 65 6e 64   n Device0330  6c 79 4e 61 6d 65 3e 0a 3c 6d 61 6e 75 66 61 63   lyName>.0340  74 75 72 65 72 3e 55 2e 53 2e 20 52 6f 62 6f 74   turer>U.S. Robot
0350  69 63 73 3c 2f 6d 61 6e 75 66 61 63 74 75 72 65   ics0360  72 3e 0a 3c 6d 61 6e 75 66 61 63 74 75 72 65 72   r>.0370  55 52 4c 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 75   URL>http://www.u
0380  73 72 2e 63 6f 6d 2f 3c 2f 6d 61 6e 75 66 61 63   sr.com/
0390  74 75 72 65 72 55 52 4c 3e 0a 3c 6d 6f 64 65 6c   turerURL>.03a0  44 65 73 63 72 69 70 74 69 6f 6e 3e 52 65 73 69   Description>Resi
03b0  64 65 6e 74 69 61 6c 20 47 61 74 65 77 61 79 3c   dential Gateway<
03c0  2f 6d 6f 64                                       /mod

No.     Time        Source                Destination           Protocol Info
    21 295.360470  192.168.123.152       192.168.123.254       TCP      1025 > http [ACK] Seq=107 Ack=2063 Win=16952 Len=0

Frame 21 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
   Trailer: 000000000000
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 192.168.123.254 (192.168.123.254)
Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: http (80), Seq: 107, Ack: 2063, Len: 0
   Source port: 1025 (1025)
   Destination port: http (80)
   Sequence number: 107    (relative sequence number)
   Acknowledgement number: 2063    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0010 (ACK)
   Window size: 16952
   Checksum: 0x79fc (correct)
   SEQ/ACK analysis

No.     Time        Source                Destination           Protocol Info
    22 295.362383  192.168.123.254       192.168.123.152       HTTP     Continuation

Frame 22 (589 bytes on wire, 589 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.123.254 (192.168.123.254), Dst Addr: 192.168.123.152 (192.168.123.152)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1025 (1025), Seq: 2063, Ack: 107, Len: 535
   Source port: http (80)
   Destination port: 1025 (1025)
   Sequence number: 2063    (relative sequence number)
   Next sequence number: 2598    (relative sequence number)
   Acknowledgement number: 107    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0010 (ACK)
   Window size: 5840
   Checksum: 0xbf9c (correct)
Hypertext Transfer Protocol
   Data (535 bytes)

0000  65 6c 44 65 73 63 72 69 70 74 69 6f 6e 3e 0a 3c   elDescription>.<
0010  6d 6f 64 65 6c 4e 61 6d 65 3e 52 65 73 69 64 65   modelName>Reside
0020  6e 74 69 61 6c 20 47 61 74 65 77 61 79 20 44 65   ntial Gateway De
0030  76 69 63 65 3c 2f 6d 6f 64 65 6c 4e 61 6d 65 3e   vice
0040  0a 3c 6d 6f 64 65 6c 4e 75 6d 62 65 72 3e 38 30   .80
0050  30 30 2d 30 32 3c 2f 6d 6f 64 65 6c 4e 75 6d 62   00-020060  65 72 3e 0a 3c 55 44 4e 3e 75 75 69 64 3a 30 30   er>.uuid:00
0070  2d 43 30 2d 34 39 2d 41 38 2d 32 45 2d 31 39 2d   -C0-49-A8-2E-19-
0080  46 45 37 42 41 38 43 30 32 3c 2f 55 44 4e 3e 0a   FE7BA8C02
.
0090  3c 73 65 72 76 69 63 65 4c 69 73 74 3e 0a 3c 73   .00a0  65 72 76 69 63 65 3e 0a 3c 73 65 72 76 69 63 65   ervice>.00b0  54 79 70 65 3e 75 72 6e 3a 73 63 68 65 6d 61 73   Type>urn:schemas
00c0  2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63   -upnp-org:servic
00d0  65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f   e:WANIPConnectio
00e0  6e 3a 31 3c 2f 73 65 72 76 69 63 65 54 79 70 65   n:100f0  3e 0a 3c 73 65 72 76 69 63 65 49 64 3e 75 72 6e   >.urn
0100  3a 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63   :upnp-org:servic
0110  65 49 64 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74   eId:WANIPConnect
0120  69 6f 6e 3c 2f 73 65 72 76 69 63 65 49 64 3e 0a   ion
.
0130  3c 63 6f 6e 74 72 6f 6c 55 52 4c 3e 2f 75 70 6e   /upn
0140  70 2f 63 6f 6e 74 72 6f 6c 33 3c 2f 63 6f 6e 74   p/control30150  72 6f 6c 55 52 4c 3e 0a 3c 65 76 65 6e 74 53 75   rolURL>.0160  62 55 52 4c 3e 2f 57 41 4e 49 50 43 6f 6e 6e 65   bURL>/WANIPConne
0170  63 74 69 6f 6e 3c 2f 65 76 65 6e 74 53 75 62 55   ction0180  52 4c 3e 0a 3c 53 43 50 44 55 52 4c 3e 68 74 74   RL>.htt
0190  70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 32 33 2e   p://192.168.123.
01a0  32 35 34 3a 38 30 2f 73 65 72 76 33 2e 78 6d 6c   254:80/serv3.xml
01b0  3c 2f 53 43 50 44 55 52 4c 3e 0a 3c 2f 73 65 72  
.
01c0  76 69 63 65 3e 0a 3c 2f 73 65 72 76 69 63 65 4c   vice>.01d0  69 73 74 3e 0a 3c 2f 64 65 76 69 63 65 3e 0a 3c   ist>.
.<
01e0  2f 64 65 76 69 63 65 4c 69 73 74 3e 0a 3c 2f 64   /deviceList>.01f0  65 76 69 63 65 3e 0a 3c 2f 64 65 76 69 63 65 4c   evice>.0200  69 73 74 3e 0a 3c 2f 64 65 76 69 63 65 3e 0a 3c   ist>.
.<
0210  2f 72 6f 6f 74 3e 0a                              /root>.

No.     Time        Source                Destination           Protocol Info
    23 295.362443  192.168.123.254       192.168.123.152       TCP      http > 1025 [FIN, ACK] Seq=2598 Ack=107 Win=5840 Len=0

Frame 23 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
   Trailer: 0000FD5BF376
Internet Protocol, Src Addr: 192.168.123.254 (192.168.123.254), Dst Addr: 192.168.123.152 (192.168.123.152)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1025 (1025), Seq: 2598, Ack: 107, Len: 0
   Source port: http (80)
   Destination port: 1025 (1025)
   Sequence number: 2598    (relative sequence number)
   Acknowledgement number: 107    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0011 (FIN, ACK)
   Window size: 5840
   Checksum: 0xa34c (correct)

No.     Time        Source                Destination           Protocol Info
    24 295.362515  192.168.123.152       192.168.123.254       TCP      1025 > http [ACK] Seq=107 Ack=2599 Win=16417 Len=0

Frame 24 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
   Trailer: 000000000000
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 192.168.123.254 (192.168.123.254)
Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: http (80), Seq: 107, Ack: 2599, Len: 0
   Source port: 1025 (1025)
   Destination port: http (80)
   Sequence number: 107    (relative sequence number)
   Acknowledgement number: 2599    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0010 (ACK)
   Window size: 16417
   Checksum: 0x79fb (correct)
   SEQ/ACK analysis

No.     Time        Source                Destination           Protocol Info
    25 295.397589  192.168.123.152       192.168.123.254       TCP      1026 > http [SYN] Seq=0 Ack=0 Win=16952 Len=0 MSS=1304

Frame 25 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
   Trailer: 0000
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 192.168.123.254 (192.168.123.254)
Transmission Control Protocol, Src Port: 1026 (1026), Dst Port: http (80), Seq: 0, Ack: 0, Len: 0
   Source port: 1026 (1026)
   Destination port: http (80)
   Sequence number: 0    (relative sequence number)
   Header length: 24 bytes
   Flags: 0x0002 (SYN)
   Window size: 16952
   Checksum: 0xe1ff (correct)
   Options: (4 bytes)

No.     Time        Source                Destination           Protocol Info
    26 295.398338  192.168.123.254       192.168.123.152       TCP      http > 1026 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460

Frame 26 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
   Trailer: 7A0D
Internet Protocol, Src Addr: 192.168.123.254 (192.168.123.254), Dst Addr: 192.168.123.152 (192.168.123.152)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1026 (1026), Seq: 0, Ack: 1, Len: 0
   Source port: http (80)
   Destination port: 1026 (1026)
   Sequence number: 0    (relative sequence number)
   Acknowledgement number: 1    (relative ack number)
   Header length: 24 bytes
   Flags: 0x0012 (SYN, ACK)
   Window size: 5840
   Checksum: 0x4f46 (correct)
   Options: (4 bytes)
   SEQ/ACK analysis

No.     Time        Source                Destination           Protocol Info
    27 295.398427  192.168.123.152       192.168.123.254       TCP      1026 > http [ACK] Seq=1 Ack=1 Win=16952 Len=0

Frame 27 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
   Trailer: 000000000000
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 192.168.123.254 (192.168.123.254)
Transmission Control Protocol, Src Port: 1026 (1026), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
   Source port: 1026 (1026)
   Destination port: http (80)
   Sequence number: 1    (relative sequence number)
   Acknowledgement number: 1    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0010 (ACK)
   Window size: 16952
   Checksum: 0x3b9b (correct)
   SEQ/ACK analysis

No.     Time        Source                Destination           Protocol Info
    28 295.418184  192.168.123.152       192.168.123.254       HTTP     POST /upnp/control3 HTTP/1.1 (text/xml)

Frame 28 (981 bytes on wire, 981 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 192.168.123.254 (192.168.123.254)
Transmission Control Protocol, Src Port: 1026 (1026), Dst Port: http (80), Seq: 1, Ack: 1, Len: 927
   Source port: 1026 (1026)
   Destination port: http (80)
   Sequence number: 1    (relative sequence number)
   Next sequence number: 928    (relative sequence number)
   Acknowledgement number: 1    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0018 (PSH, ACK)
   Window size: 16952
   Checksum: 0xc833 (correct)
Hypertext Transfer Protocol
   POST /upnp/control3 HTTP/1.1\r\n
       Request Method: POST
   User-Agent: ffffffff/0.00.5849\r\n
   Content-Length: 700\r\n
   HOST: 192.168.123.254:80\r\n
   CONTENT-TYPE: text/xml; charset="utf-8"\r\n
   SOAPACTION: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping\r\n
   \r\n
Line-based text data: text/xml

No.     Time        Source                Destination           Protocol Info
    29 295.437381  192.168.123.152       192.168.123.254       TCP      1026 > http [FIN, ACK] Seq=928 Ack=1 Win=16952 Len=0

Frame 29 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
   Trailer: 000000000000
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 192.168.123.254 (192.168.123.254)
Transmission Control Protocol, Src Port: 1026 (1026), Dst Port: http (80), Seq: 928, Ack: 1, Len: 0
   Source port: 1026 (1026)
   Destination port: http (80)
   Sequence number: 928    (relative sequence number)
   Acknowledgement number: 1    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0011 (FIN, ACK)
   Window size: 16952
   Checksum: 0x37fb (correct)

No.     Time        Source                Destination           Protocol Info
    30 295.452071  192.168.123.254       192.168.123.152       HTTP     HTTP/1.1 200 OK

Frame 30 (212 bytes on wire, 212 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.123.254 (192.168.123.254), Dst Addr: 192.168.123.152 (192.168.123.152)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1026 (1026), Seq: 1, Ack: 928, Len: 158
   Source port: http (80)
   Destination port: 1026 (1026)
   Sequence number: 1    (relative sequence number)
   Next sequence number: 159    (relative sequence number)
   Acknowledgement number: 928    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0010 (ACK)
   Window size: 5840
   Checksum: 0xf5b1 (correct)
   SEQ/ACK analysis
Hypertext Transfer Protocol
   HTTP/1.1 200 OK\r\n
       Response Code: 200
   CONTENT-LENGTH: 265\r\n
   CONTENT-TYPE: text/xml; charset="utf-8"\r\n
   EXT:\r\n
   Connection: close\r\n
   SERVER: IGD-HTTP/1.1 UPnP/1.0 UPnP-Device-Host/1.0\r\n
   \r\n

No.     Time        Source                Destination           Protocol Info
    31 295.452611  192.168.123.254       192.168.123.152       TCP      http > 1026 [ACK] Seq=159 Ack=929 Win=5840 Len=0

Frame 31 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
   Trailer: 0000BDB4811D
Internet Protocol, Src Addr: 192.168.123.254 (192.168.123.254), Dst Addr: 192.168.123.152 (192.168.123.152)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1026 (1026), Seq: 159, Ack: 929, Len: 0
   Source port: http (80)
   Destination port: 1026 (1026)
   Sequence number: 159    (relative sequence number)
   Acknowledgement number: 929    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0010 (ACK)
   Window size: 5840
   Checksum: 0x62c5 (correct)
   SEQ/ACK analysis

No.     Time        Source                Destination           Protocol Info
    32 295.453571  192.168.123.254       192.168.123.152       HTTP     Continuation

Frame 32 (319 bytes on wire, 319 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.123.254 (192.168.123.254), Dst Addr: 192.168.123.152 (192.168.123.152)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1026 (1026), Seq: 159, Ack: 929, Len: 265
   Source port: http (80)
   Destination port: 1026 (1026)
   Sequence number: 159    (relative sequence number)
   Next sequence number: 424    (relative sequence number)
   Acknowledgement number: 929    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0010 (ACK)
   Window size: 5840
   Checksum: 0x7a13 (correct)
Hypertext Transfer Protocol
   Data (265 bytes)

0000  3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31   0010  2e 30 22 3f 3e 0d 0a 3c 73 3a 45 6e 76 65 6c 6f   .0"?>..0020  70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70   pe xmlns:s="http
0030  3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f   ://schemas.xmlso
0040  61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65   ap.org/soap/enve
0050  6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e   lope/" s:encodin
0060  67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73   gStyle="http://s
0070  63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f   chemas.xmlsoap.o
0080  72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67   rg/soap/encoding
0090  2f 22 3e 0d 0a 3c 73 3a 42 6f 64 79 3e 3c 6d 3a   /">..00a0  41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 52 65   AddPortMappingRe
00b0  73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3a 6d 3d 22   sponse xmlns:m="
00c0  75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70   urn:schemas-upnp
00d0  2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e   -org:service:WAN
00e0  49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 2f   IPConnection:1"/
00f0  3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e   >
0100  76 65 6c 6f 70 65 3e 0d 0a                        velope>..

No.     Time        Source                Destination           Protocol Info
    33 295.453638  192.168.123.254       192.168.123.152       TCP      http > 1026 [FIN, ACK] Seq=424 Ack=929 Win=5840 Len=0

Frame 33 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
   Trailer: 3C3FD0930987
Internet Protocol, Src Addr: 192.168.123.254 (192.168.123.254), Dst Addr: 192.168.123.152 (192.168.123.152)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1026 (1026), Seq: 424, Ack: 929, Len: 0
   Source port: http (80)
   Destination port: 1026 (1026)
   Sequence number: 424    (relative sequence number)
   Acknowledgement number: 929    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0011 (FIN, ACK)
   Window size: 5840
   Checksum: 0x61bb (correct)

No.     Time        Source                Destination           Protocol Info
    34 295.453723  192.168.123.152       192.168.123.254       TCP      1026 > http [ACK] Seq=929 Ack=425 Win=16529 Len=0

Frame 34 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
   Trailer: 000000000000
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 192.168.123.254 (192.168.123.254)
Transmission Control Protocol, Src Port: 1026 (1026), Dst Port: http (80), Seq: 929, Ack: 425, Len: 0
   Source port: 1026 (1026)
   Destination port: http (80)
   Sequence number: 929    (relative sequence number)
   Acknowledgement number: 425    (relative ack number)
   Header length: 20 bytes
   Flags: 0x0010 (ACK)
   Window size: 16529
   Checksum: 0x37fa (correct)
   SEQ/ACK analysis


I think here the XBOX is querying my USR Broadband router for what kind of connection it has, you can see it sending IP and PPP requests.
Logged

neimod

  • Archived User
  • Newbie
  • *
  • Posts: 3
Question Regarding Live
« Reply #65 on: September 01, 2004, 06:21:00 AM »

CODE

No.     Time        Source                Destination           Protocol Info
    35 295.458877  192.168.123.152       207.46.246.6          UDP      Source port: 32430  Destination port: 3074

Frame 35 (1378 bytes on wire, 1378 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 207.46.246.6 (207.46.246.6)
User Datagram Protocol, Src Port: 32430 (32430), Dst Port: 3074 (3074)
   Source port: 32430 (32430)
   Destination port: 3074 (3074)
   Length: 1344
   Checksum: 0x15fa (correct)
Data (1336 bytes)

0000  00 00 00 00 02 58 18 00 00 00 00 00 00 26 cb 00   .....X.......&..
0010  5a 8e df 28 35 2d c0 16 00 00 00 00 80 58 64 00   Z..(5-.......Xd.
0020  22 be 6c 8d 66 55 20 70 0e 05 f7 b5 dc 65 e2 ec   ".l.fU p.....e..
0030  4a f6 1d f9 99 ce fd 62 57 0b 5a 92 ee 72 04 f6   J......bW.Z..r..
0040  80 d9 58 cf 5f ee d4 ce dd 4a 1d 99 dc be 75 dc   ..X._....J....u.
0050  a4 70 a7 8c 4f 1f 95 84 78 49 ea c1 d3 20 5e cb   .p..O...xI... ^.
0060  96 b7 0e 5a 53 15 da a6 71 d8 ec 6b fd 8d c1 05   ...ZS...q..k....
0070  52 4b d2 1e ed 8a 63 d4 1c a0 81 ee 16 9b ca 84   RK....c.........
0080  82 58 d2 02 6e 82 02 ca 30 82 02 c6 a0 03 02 01   .X..n...0.......
0090  05 a1 03 02 01 0e a2 07 03 05 00 20 00 00 00 a3   ........... ....
00a0  82 01 f5 61 82 01 f1 30 82 01 ed a0 03 02 01 05   ...a...0........
00b0  a1 0a 1b 08 58 42 4f 58 2e 43 4f 4d a2 16 30 14   ....XBOX.COM..0.
00c0  a0 03 02 01 02 a1 0d 30 0b 1b 02 73 67 1b 05 73   .......0...sg..s
00d0  69 74 65 31 a3 82 01 c0 30 82 01 bc a0 03 02 01   ite1....0.......
00e0  17 a1 03 02 01 01 a2 82 01 ae 04 82 01 aa cd 30   ...............0
00f0  6f c4 80 66 fd 78 18 c2 59 c6 19 78 6a d4 0b 19   o..f.x..Y..xj...
0100  ae 2f 4f 28 19 2e a7 b0 26 6c 41 24 ae 17 15 f2   ./O(....&lA$....
0110  8b 7b 98 15 09 34 20 62 09 88 fb c1 f9 d9 c2 77   .{...4 b.......w
0120  24 65 89 59 92 30 5c d9 58 80 1d c9 1b d1 3a 6b   $e.Y.0\.X.....:k
0130  b9 20 5a b1 90 61 5b 40 d3 86 f4 54 ba 07 86 97   . Z..a[@...T....
0140  ca 3c 33 2e 44 15 a7 4c 80 38 79 ef 34 4b 1d 9e   .<3.D..L.8y.4K..
0150  7f a4 bb 66 19 f4 cc 1f 9a 8b 3b 5c 3a f5 f5 5a   ...f......;\:..Z
0160  f5 a6 04 a2 97 3a d1 4d 0c c4 25 4d a9 37 c0 a4   .....:.M..%M.7..
0170  12 13 f9 c4 ea 16 72 92 19 7f 66 1d 01 bd f8 84   ......r...f.....
0180  0a 5f 4e 9d cd 4d 9a af 35 4d 71 ca 14 f4 49 76   ._N..M..5Mq...Iv
0190  0a 43 74 f7 34 58 2c 8d 89 64 e3 5c 90 9f 73 d4   .Ct.4X,..d.\..s.
01a0  ae d2 ea 28 ec cc 4a 18 0a 1b 50 ca c3 51 01 4d   ...(..J...P..Q.M
01b0  d0 b5 ae 4b 94 c1 67 2e b0 ff 09 26 08 22 61 b5   ...K..g....&."a.
01c0  79 e9 5c 4d 5e 92 1f 5c a9 93 1d b3 ff 5e 33 f3   y.\M^..\.....^3.
01d0  61 81 4d 32 f2 d7 fe bd 20 24 2f dd e0 45 a7 84   a.M2.... $/..E..
01e0  cc fd 54 2f c8 5c 21 8e 95 ac 1c 75 3d 52 f1 b8   ..T/.\!....u=R..
01f0  20 8b 20 17 1b 2a 8f 7b 46 d6 18 e6 2b f4 ee 24    . ..*.{F...+..$
0200  30 1a 3a 77 4f 04 a9 53 04 d2 fb e0 e6 52 ac 46   0.:wO..S.....R.F
0210  95 75 27 e8 85 7a da ac cb c0 68 28 d3 49 80 a7   .u'..z....h(.I..
0220  68 68 13 13 21 b9 10 83 65 a2 83 a5 03 9f f5 62   hh..!...e......b
0230  c1 30 00 d5 e9 01 2d bd e4 44 69 61 53 24 b4 bc   .0....-..DiaS$..
0240  8f 8f 2c fc de da 1a 9e e8 9c c2 77 8e d6 3b 15   ..,........w..;.
0250  cc 84 e4 ed 2c 66 e8 15 87 cd f2 68 82 3a fb 10   ....,f.....h.:..
0260  04 3d ca 03 03 cf 17 67 88 0e 08 d1 2b 80 e6 46   .=.....g....+..F
0270  93 3a 87 17 99 59 e2 01 05 96 b0 ed 3b 9e 0d 0b   .:...Y......;...
0280  c7 a2 b2 b0 90 18 7b db 07 12 18 ae 50 9a 6d 9c   ......{.....P.m.
0290  d6 46 02 84 82 19 39 38 a4 81 b7 30 81 b4 a0 03   .F....98...0....
02a0  02 01 17 a2 81 ac 04 81 a9 72 16 7e 9a 09 84 6a   .........r.~...j
02b0  b3 46 37 61 6d 26 36 db ef 6b 52 19 93 60 7c d5   .F7am&6..kR..`|.
02c0  0a 8d d4 fe 58 d0 e9 f8 d5 76 e3 13 a9 35 45 b2   ....X....v...5E.
02d0  77 d1 53 bb e3 9b a0 ed ad f1 ea 16 83 a4 25 f2   w.S...........%.
02e0  e3 dd aa 48 c5 15 60 b3 8a ea 41 aa 7b 15 04 87   ...H..`...A.{...
02f0  61 b4 97 9a 45 6e b4 1e e3 d6 e6 a2 85 a8 82 45   a...En.........E
0300  1a 5a 71 b1 a8 b0 f7 d4 9a a0 08 b5 52 2e c5 22   .Zq.........R.."
0310  3d 42 a1 7f 08 1a 8e e3 05 25 9a 77 c7 76 7f a7   =B.......%.w.v..
0320  e8 8f 53 e0 b0 e1 b4 65 86 9c 29 ec 31 06 dc db   ..S....e..).1...
0330  1e c3 17 2c 25 35 b4 26 f7 21 d6 74 1f 19 97 68   ...,%5.&.!.t...h
0340  df 67 bc 20 ba c2 b6 cd ad 26 76 51 f0 0a 44 1c   .g. .....&vQ..D.
0350  05 8a 86 58 e6 01 40 76 a1 c5 30 b2 62 d0 33 d2   [email protected].
0360  d7 24 d4 ac e1 22 6b 7d 82 92 3d b7 b3 42 0f 1f   .$..."k}..=..B..
0370  32 b2 ae 59 4e 57 40 b5 88 8b d9 b0 c5 9c e3 4a   [email protected]
0380  49 f9 49 60 7c ee da 61 4e a6 c1 47 0f 60 c3 51   I.I`|..aN..G.`.Q
0390  1b 9d 10 c9 08 a4 b4 58 88 7c 00 a5 96 18 11 91   .......X.|......
03a0  0f 52 d0 09 e0 a9 ad 4f 5f 3a e9 cb 50 d5 a0 74   .R.....O_:..P..t
03b0  5a 77 3f 17 99 05 d5 93 e3 1e 87 fc a2 62 ab fe   Zw?..........b..
03c0  fe b9 f1 31 00 1d ac 21 00 7d 57 04 53 bc 17 a3   ...1...!.}W.S...
03d0  df 87 3a 05 1b d9 72 5c ea f5 4f 4e ac 28 f9 e3   ..:...r\..ON.(..
03e0  ad b8 80 ed f7 b8 3c 28 b9 d5 7c 8b 6d 1a 54 32   ......<(..|.m.T2
03f0  9b f9 77 ec a4 27 fd b5 c6 bc 20 d5 5e d6 51 ee   ..w..'.... .^.Q.
0400  ea 04 46 7e eb 68 f8 05 cf 9d 0f 64 3f ae 03 3e   ..F~.h.....d?..>
0410  05 9c 32 51 e5 2a 2f 02 3f a8 c8 1b ba f4 dc 8c   ..2Q.*/.?.......
0420  cc 3f 87 71 6a b7 86 79 72 ce 5a a9 82 82 16 55   .?.qj..yr.Z....U
0430  bd f9 a0 3e 01 76 8d f5 33 c8 94 35 0a 85 cc 19   ...>.v..3..5....
0440  32 1d e4 52 64 3e 0f 97 7f 00 ef cc e4 ec 7b 7a   2..Rd>........{z
0450  e2 46 32 91 ec 2c ad 5c 75 c5 18 d1 6a d0 95 d4   .F2..,.\u...j...
0460  ef 26 fb 7f 49 ea a3 bb 06 1c 7c 37 48 8d 85 0a   .&..I.....|7H...
0470  ea b2 79 1e d4 23 c2 b6 ca dd 6e 57 15 55 36 0f   ..y..#....nW.U6.
0480  5f 3d 61 4c 45 23 19 e4 85 7b 9c d4 79 02 57 40   _=aLE#...{..y.W@
0490  85 a6 16 9a 43 9d 18 ae ae 97 c3 07 af ce 0d 26   ....C..........&
04a0  42 75 3e 74 9f 78 3e 10 32 8c b4 d5 cc 69 af a8   Bu>t.x>.2....i..
04b0  d3 46 50 e5 d1 00 4b ca 75 a7 78 03 96 ca d2 eb   .FP...K.u.x.....
04c0  23 2a 9d df 32 90 0d 0a 12 5e f7 d0 99 dd c6 bb   #*..2....^......
04d0  1a 61 48 b5 59 e5 a1 b6 6d 72 0e 02 dc 42 b1 1c   .aH.Y...mr...B..
04e0  cf 86 cd f9 8f d2 b9 3e 1c 49 f2 9c 76 5e 30 38   .......>.I..v^08
04f0  29 17 0b 71 14 21 41 c3 30 85 63 fb 9e 38 97 e6   )..q.!A.0.c..8..
0500  93 59 5d 9d a8 e5 63 41 d1 4f 8b f2 80 f2 98 2f   .Y]...cA.O...../
0510  4b 71 4d ed 43 88 46 6d f4 91 84 82 8c 58 cf 89   KqM.C.Fm.....X..
0520  c3 60 7a 90 81 64 76 5b 65 6f cd bb 9a 39 d1 3e   .`z..dv[eo...9.>
0530  88 78 a1 68 b3 59 28 5f                           .x.h.Y(_

No.     Time        Source                Destination           Protocol Info
    36 295.667260  207.46.246.6          192.168.123.152       UDP      Source port: 3074  Destination port: 32430

Frame 36 (329 bytes on wire, 329 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 207.46.246.6 (207.46.246.6), Dst Addr: 192.168.123.152 (192.168.123.152)
User Datagram Protocol, Src Port: 3074 (3074), Dst Port: 32430 (32430)
   Source port: 3074 (3074)
   Destination port: 32430 (32430)
   Length: 295
   Checksum: 0xa124 (correct)
Data (287 bytes)

0000  00 00 00 00 03 58 40 00 00 00 02 00 00 26 cb 00   .....X@......&..
0010  00 73 d6 e1 5a 8e df 28 35 2d c0 16 89 91 5c fc   .s..Z..(5-....\.
0020  08 62 92 e5 aa 03 53 08 17 ff 04 86 5b 40 e3 fb   .b....S.....[@..
0030  86 94 e5 17 56 ec d6 e9 39 29 12 9b 47 10 cf fb   ....V...9)..G...
0040  80 5b 69 a7 80 58 64 00 35 6a 5f 09 1e 51 21 dd   .[i..Xd.5j_..Q!.
0050  52 a1 aa cb d4 bb c2 3d db cf 93 a8 39 48 27 7a   R......=....9H'z
0060  e5 ab da 47 d1 f3 8e 13 fd ec 42 bb 00 24 25 d9   ...G......B..$%.
0070  3a f0 cf a4 63 25 32 f1 ee 96 ea 17 d9 47 d6 19   :...c%2......G..
0080  ff f2 a7 9e 4e 1f 90 7d 3a 87 32 f2 a9 a8 44 5f   ....N..}:.2...D_
0090  5d a2 cc 4b 9f 4c 38 51 c6 27 21 41 43 b8 fa 67   ]..K.L8Q.'!AC..g
00a0  1d 37 84 94 82 c5 ae cb 83 58 77 00 6f 71 30 6f   .7.......Xw.oq0o
00b0  a0 03 02 01 05 a1 03 02 01 0f a2 63 30 61 a0 03   ...........c0a..
00c0  02 01 17 a2 5a 04 58 1a cf ee 9c e0 76 08 5c d6   ....Z.X.....v.\.
00d0  51 c5 b1 73 f7 f2 fa 4a f5 a2 4c 0c 33 8a f9 b6   Q..s...J..L.3...
00e0  fc ef 0d 17 73 68 42 7c 6e ce 0c c4 da 1d b9 96   ....shB|n.......
00f0  9b 8b 89 d2 f2 da 68 07 0e e0 53 90 8a 13 9e 17   ......h...S.....
0100  0e 54 c0 66 d1 10 06 2f 7d eb 29 1a f2 d2 03 db   .T.f.../}.).....
0110  fb da 52 5f 6d c7 57 a9 d3 39 7f f6 15 49 8d      ..R_m.W..9...I.

No.     Time        Source                Destination           Protocol Info
    37 295.680803  192.168.123.152       207.46.246.6          UDP      Source port: 32430  Destination port: 3074

Frame 37 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:0d:3a:57:fd:87, Dst: 00:c0:49:a8:2e:19
   Destination: 00:c0:49:a8:2e:19 (192.168.123.254)
   Source: 00:0d:3a:57:fd:87 (192.168.123.152)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.123.152 (192.168.123.152), Dst Addr: 207.46.246.6 (207.46.246.6)
User Datagram Protocol, Src Port: 32430 (32430), Dst Port: 3074 (3074)
   Source port: 32430 (32430)
   Destination port: 3074 (3074)
   Length: 32
   Checksum: 0xef16 (correct)
Data (24 bytes)

0000  80 73 d6 e1 c5 ee 18 4a 45 8a 9f f9 01 00 6a cb   .s.....JE.....j.
0010  07 0c 82 8c 3b c7 38 33                           ....;.83

No.     Time        Source                Destination           Protocol Info
    38 296.262228  207.46.246.6          192.168.123.152       UDP      Source port: 3074  Destination port: 32430

Frame 38 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 00:c0:49:a8:2e:19, Dst: 00:0d:3a:57:fd:87
   Destination: 00:0d:3a:57:fd:87 (192.168.123.152)
   Source: 00:c0:49:a8:2e:19 (192.168.123.254)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 207.46.246.6 (207.46.246.6), Dst Addr: 192.168.123.152 (192.168.123.152)
User Datagram Protocol, Src Port: 3074 (3074), Dst Port: 32430 (32430)
   Source port: 3074 (3074)
   Destination port: 32430 (32430)
   Length: 32
   Checksum: 0xd0be (correct)
Data (24 bytes)

0000  00 26 cb 00 61 39 80 7a 03 00 48 04 01 00 70 0d   .&..a9.z..H...p.
0010  96 cd 53 56 a3 cf ab e8                           ..SV....


Noticed the XBOX.COM in the data section?
Logged

Flame2k

  • Archived User
  • Full Member
  • *
  • Posts: 152
Question Regarding Live
« Reply #66 on: September 01, 2004, 07:02:00 AM »

hm xbox.com  do u think that could be ms spying?
Logged

fghjj

  • Archived User
  • Sr. Member
  • *
  • Posts: 288
Question Regarding Live
« Reply #67 on: September 01, 2004, 08:36:00 AM »

CODE

byte | data | meaning
0 | 00 | flags set to key exchange and 0 bytes padding
1-3 | 00 00 00 | no security parameters yet (no key)
4-1307 | 02 58 18 **** 82 8c 58 | payload
1308-1309 | 8c 58 | tcp src port (35928)
1310-1311 | cf 89 | tcp dst port (53129 makes no sense)
1312-1315 | c3 60 7a 90 | tcp seq num (makes no sense)
1316-1319 | 81 64 76 5b | tcp ack num (?)
1320-1323 | 65 6f cd bb | tcp header & window (?)
1324-1325 | 9a 39 | packet seq num (makes no sense)
1326-1335 | d1 3e 88 78 a1 68 b3 59 28 5f | packet signature

This is obviously no Xbox TCP. That's logic cause Xbox uses some custom protocol for key exchange (based on Diffie-Hellman). It would be nice if someone could try capturing data when Xbox is connected directly to the internet (no NAT). Would Xbox still be encapsulating then?
Logged

remedee

  • Archived User
  • Jr. Member
  • *
  • Posts: 81
Question Regarding Live
« Reply #68 on: September 10, 2004, 05:21:00 AM »

blink.gif
Logged

upup

  • Archived User
  • Jr. Member
  • *
  • Posts: 62
Question Regarding Live
« Reply #69 on: September 11, 2004, 10:02:00 PM »

just wondering how things were coming along.
Logged

ch0p5

  • Archived User
  • Newbie
  • *
  • Posts: 35
Question Regarding Live
« Reply #70 on: September 13, 2004, 08:44:00 PM »

laugh.gif laugh if u must cos im a total noob to all this and iwas just taking interest
in what the xbox sends out  
      00a0  41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 52 65   AddPortMappingRe
      00b0  73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3a 6d 3d 22   sponse xmlns:m="
      00c0  75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70   urn:schemas-upnp
      00d0  2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e   -org:service:WAN
and it refers to correct me if im wrong upnp.org  check it out  and its some sort of communications company and i think it somthing to do with MS i just thought id put that in in case it was any use  o and  u can ftp into the site but need user name  and pass  dry.gif
 
Logged

Chicken Scratch Boy

  • Archived User
  • Hero Member
  • *
  • Posts: 1054
Question Regarding Live
« Reply #71 on: September 13, 2004, 08:51:00 PM »

looks like some network setup info

upnp = universal plug and play....
Logged

Trisman

  • Archived User
  • Full Member
  • *
  • Posts: 152
Question Regarding Live
« Reply #72 on: September 15, 2004, 02:02:00 AM »

neimod's first two posts are just his router setting up the private network with his xbox.  

But when does the third post occur, directly after the second post?  Or does it occur later?  neimod?

And on another note, lets not let ths thread get on the tenth page again, ok.
Logged

John Hoek

  • Archived User
  • Jr. Member
  • *
  • Posts: 84
Question Regarding Live
« Reply #73 on: September 15, 2004, 03:40:00 PM »

I've found out that programs just use standaard call_procedures, for init XboxLive.

All data is encrypted with a unique hash, each session different.

one of the first cals; is checking hardware & routing
then the next is xbox_live_autorise;  MS respons with a unique session Hash .

This hash is used by a game to encrypt all data.

But we don't know the hash, aren't we?

No. it's changed everytime.

-> But when we make several logs on the input and output of the datapackets; one of the first returned of MS should be having the key.
If we then just try to get the REAL key by pusching this data inside the encryption algoritm; then it must be possible to get the exact starting location of the MS supplied  hash.

If we can extract the hash from the first 1 - 3 packets maximum i'll think; then Xboxlive is broken.
MS can't change the protocol of Xboxlive; otherwise old programs don'ty work anymore. the hash must be always at the same packet & startinglocation.
Logged

Makhno

  • Archived User
  • Newbie
  • *
  • Posts: 33
Question Regarding Live
« Reply #74 on: September 16, 2004, 08:04:00 PM »

why not attempt to write an xbox program that would send the official BIOS when queried by AS.XBOXLIVE.COM instead of the modded one?

Also, if we're sure the the way the XBL detects our users through BIOS versions, why are softmodders still banned? There must be some other things that need ot be faked that we are unaware of
Logged
Pages: 1 ... 3 4 [5] 6 7 8