Sasami's Ragnarok World Forums
Register | Login | Logout | Edit profile | Avatars
Views: 410016
Main | Memberlist | Member pages | Online users
Ranks | Chat | New Chat | FAQ | Search | Photo album
11-21-24 11:33 PM
Sasami's Ragnarok World Forums (LOCKED) - Programming/reverse engineering discussion - How to Packet Filter |
Next newer thread | Next older thread
User
Post
Sasami

Goddess in Training








Since: 02-18-02
From: Back in texas! YAY! college sucked!
Rating: 10 (1030 pts)

Since last post: 7567 days
Last activity: 7567 days
Posted on 05-11-02 02:32 PMQuote | Edit | Delete
Ok, packet filtering is very easy, and I'm tired of being asked how. So here’s how.
There are 2 programs you can use, Iris found at www.eeye.com and WPE (windows packet editor) that I have linked on my site.

Now, to use windows packet editor, open Ragnarok, then click target program in WPE and select ragexe.exe, whenever you want to start capturing packets, click the start button, when you want to look at them/stop, hit the stop button and read the packets.

Iris: first you need to find your IP and the Ragnarok servers IP that you are on, hit the play button and watch for an IP from 66.something then hit the stop button. Write down that IP and the one that goes with it on the same record (which is your IP). Go to the filter menu, edit filters, IP addresses, then put the Ragnarok servers IP in "address 1" and your IP into "address 2" and make the direction arrow in between them "both way". Make sure to do this all on record one. Now click the ok button. Now when you click the play button it only shows you packets from Ragnarok. To read the data from a packet, click the packet, then under "Packet Decoder" which is directly left of it, open TCP header, and go to the last option, "Data" and select it, if data is > 0 then the data section will be highlighted in blue, and there you have it, the packet data. Some packets contain no data.

I will not give out my list of all the packets b/c that would be a real security risk b/c of all the exploits still in Ragnarok, once gravity gets all of them fixed that I have reported and told them how to fix, I won't mind releasing it and my program to send packets through Ragnarok. There is not an easy way to send packets back through Ragnarok, unless you filter properly in WPE, which doesn't work to well, or make a program yourself to do it.

In the filters, On Layers 2 and 3, do not select anything. Layers 2 and 3 are referring to the OSI reference model standard made by IEEE, which is, the network and data link layer. If you have no idea what I’m talking about, don't touch anything else anywhere in Iris except what I mentioned 2 paragraphs above.
SlymShady









Since: 05-17-02
From: Canada

Since last post: 8213 days
Last activity: 8213 days
Posted on 05-18-02 07:22 PMQuote | Edit | Delete
Sasami, is there any WPE that will work for Window ME??
Sasami

Goddess in Training








Since: 02-18-02
From: Back in texas! YAY! college sucked!
Rating: 10 (1030 pts)

Since last post: 7567 days
Last activity: 7567 days
Posted on 05-19-02 03:37 AMQuote | Edit | Delete
yeah, .7 should and i think 1.3 should.
SlymShady









Since: 05-17-02
From: Canada

Since last post: 8213 days
Last activity: 8213 days
Posted on 05-19-02 05:45 AMQuote | Edit | Delete
It didnt work.... It said dll injection failed
Sasami

Goddess in Training








Since: 02-18-02
From: Back in texas! YAY! college sucked!
Rating: 10 (1030 pts)

Since last post: 7567 days
Last activity: 7567 days
Posted on 05-19-02 06:53 AMQuote | Edit | Delete
then use .7a
SlymShady









Since: 05-17-02
From: Canada

Since last post: 8213 days
Last activity: 8213 days
Posted on 05-19-02 07:03 AMQuote | Edit | Delete
It says dll injection failed
Sasami

Goddess in Training








Since: 02-18-02
From: Back in texas! YAY! college sucked!
Rating: 10 (1030 pts)

Since last post: 7567 days
Last activity: 7567 days
Posted on 05-19-02 02:48 PMQuote | Edit | Delete
oh, well, that's win ME for you, sorry
SlymShady









Since: 05-17-02
From: Canada

Since last post: 8213 days
Last activity: 8213 days
Posted on 05-19-02 11:51 PMQuote | Edit | Delete
does iris work with win me?
KaworuShiro









Since: 06-05-02
From: Palo Alto, California

Since last post: 7749 days
Last activity: 7749 days
Posted on 06-05-02 06:56 AMQuote | Edit | Delete
a good packet sniffer to try would be:
http://www.ethereal.com/

may seem daunting for people unfamiliar with networking, but with time and dedication... you get the picture...

--------------------
~_~
Sasami

Goddess in Training








Since: 02-18-02
From: Back in texas! YAY! college sucked!
Rating: 10 (1030 pts)

Since last post: 7567 days
Last activity: 7567 days
Posted on 08-07-02 06:12 PMQuote | Edit | Delete
I never liked etherreal much, I saw it a number of years ago, I find Iris much more advanced and user friendly, and I havn't even seen the registered version
Kaz









Since: 06-24-02
From: I'm not paranoid...
Rating: 10 (400 pts)

Since last post: 7716 days
Last activity: 7790 days
Posted on 08-10-02 03:15 AMQuote | Edit | Delete
Does anybody know how to get pasted the "no protocol found" if a person is using AOL (help me... No seriously, I'll be grateful if somebody designs a worm for an AOL program and infects my sister with it so she sees why it's bad). AOL doesn't list their protocol in "network connections" but I can use 0.7a (just not for outgoing packets). It also doesn't allow me to use the XP version of tracert (either one) or Iris (it works, just can't find a protocol).
Next newer thread | Next older thread
Sasami's Ragnarok World Forums (LOCKED) - Programming/reverse engineering discussion - How to Packet Filter |
Edit/move/close/delete thread


Sasami's Ragnarok World

AcmlmBoard v1.7
© 2000-2001 Acmlm

Page rendered in 0.005 seconds.