So far I've seen the following types of ping-pong-packets:
Fast-ping-pong (0x08004002)
This packet contains 10 bytes of data. The first 4 bytes is the sequence number of the last packet seen from the server (e.g. the last packet from the server was 0x0000001F, so this byte sequence will be the four bytes).This is followed by 6 bytes which are currently unknown. The first four bytes always seem to be a number where only the first byte varies. Their purpose is completely unknown.
The last two bytes of these unknown bytes seem always to be increasing in small steps (between 1 and 4) so it might be the amount of seconds since the client started or even the sum of all bytes sent or something similar.
0x08004002 packets are (almost) always answered by the server with the same type of packet.
Full-ping-pong (0x0B004002)
This packet contains 22 bytes of data. The first 4 are againt the sequence number from the server. This is followed by a constant A§Úõ (at least during my capture) and a few other bytes. The byte at 0x1C always is the same value as the one at 0x28. The next 3 bytes are unknown, but the first always seems to be 0xA0. It might be that this might change once the last 2 bytes of the packet gets larger than 0xFF. Bytes 0x20 to 0x23 is an (increasing?) number that the server will have to put into his reply.Again the packet ends with 6 bytes, which seem to be the same as in the 0x08004002 packet.
This packet is answered by a 0x0C0040002 packet.
Keine Kommentare:
Kommentar veröffentlichen