Author | Message | Time |
---|---|---|
Arta | This tool displays BNCS traffic in realtime as it passes over your network interface. Some of the more common and/or important packets are processed and their contents displayed. Some possible uses: - Running a trace in the background to monitor all BNCS traffic on your computer or network, - Diagnosing problems during developments of BNCS clients, - Analysing out the sequence in which packets are sent & recieved during logons and other mechanisms, - Checking the contents of specific packets (perhaps following protocol changes) without having to write custom tools or modify existing clients. I'm sure more uses could be found. The is a console application and must be run from a command line. Using no options, the program will monitor the first network interface it finds and display any traffic it finds. There are other options. Read about them by passing -h on the command line: [code] X:\bncsmon -h [/code] This program requires WinPcap 3 to run. If you use Ethereal, you should have this already. Download | January 4, 2004, 9:33 PM |
hismajesty | Arta gave me this earlier, it's really neat! ;D | January 4, 2004, 9:41 PM |
Stealth | Wow! Thank you. :) | January 4, 2004, 11:00 PM |
UserLoser. | [quote author=hismajesty link=board=17;threadid=4594;start=0#msg38366 date=1073252482] Arta gave me this earlier, it's really neat! ;D [/quote] I thought I sent it to you? :P | January 5, 2004, 12:42 AM |
R.a.B.B.i.T | -h kills it upon start :*( | January 21, 2004, 1:35 AM |
Yoni | Very nice! :) A feature suggestion: Use two different colors (Win32 SetConsoleTextAttribute) to differentiate between sent and received packets. | January 21, 2004, 11:41 AM |
DarkMinion | Suggestion: Make it work properly :P After I sent SID_GETLADDERDATA and SID_GETADVLISTEX it stopped producing any output. | January 22, 2004, 9:52 AM |
Arta | Thanks for the feedback - I shall do both of these things, and post a new version. Edit: New version: Download. DM, I can request ladder data and game lists fine - if you still get this problem with the new version, let me know. | February 17, 2004, 5:59 PM |
Hamtaro | if ur still looking for feedback, i'd like to suggest displaying the time each packet was sent. | February 17, 2004, 6:40 PM |
Ersan | Yeah also, it doesn't work worth a damn with dial-up modems (all the computers I tested on at least) | February 18, 2004, 2:26 AM |
Myndfyr | [quote author=Ersan link=board=17;threadid=4594;start=0#msg44837 date=1077071170] Yeah also, it doesn't work worth a damn with dial-up modems (all the computers I tested on at least) [/quote] I believe that has something to do with WinPcap itself, not BncsMon. IIRC, it might work with A0L on Win9x for all you 1337 people out there (I think AOL creates a virtual network adapter that would be visible to WinPcap). | February 18, 2004, 2:36 AM |
Arta | Yes, I couldn't get WinPcap to work properly when I was on dial-up either. I'll add times at some point, that's a good idea. | February 18, 2004, 10:01 AM |
FuzZ | I'm using earthlink 56k and didn't have a problem. I had to switch the adapter in the parameters for BNCSMon though. | February 23, 2004, 4:52 PM |
FuzZ | 2 things #1: When I run BNCSMon on D2XP whenever I log into realm it locks up. Last packet I recieved both times I tested. [pre] Rcvd packet 0x00, Length 257: 0000 49 00 01 01 00 00 00 AE 9B 5C A8 3F F0 CA 78 5D I......®›\¨?ðÊx] 0010 BF 54 00 00 00 00 00 D8 C0 A3 06 10 FF 77 9B 50 ¿T.....ØÀ£..ÿw›P 0020 58 32 44 36 38 58 49 3F F0 CA 78 09 04 00 00 19 X2D68XI?ðÊx..... 0030 A2 78 D0 16 DF 0E EE AE 15 15 FF F4 04 73 B5 37 ¢xÐ.ß.î®..ÿô.sµ7 0040 8C 8E 50 46 75 7A 5A 2E 00 07 00 01 00 00 00 00 ŒŽPFuzZ......... 0050 07 00 19 08 00 00 00 06 01 19 08 00 05 00 00 00 ................ 0060 05 00 21 72 CB 40 44 65 61 74 68 54 6F 46 72 61 ..!rË@DeathToFra 0070 69 7A 65 72 00 84 80 FF FF FF FF FF 0D FF 4F FF izer.„€ÿÿÿÿÿ.ÿ [/pre] And the second time [pre] Rcvd packet 0x00, Length 257: 0000 49 00 01 01 00 00 00 2E 6A 42 24 3F F0 CA 81 B9 I.......jB$?ðÊ?¹ 0010 5A 55 00 00 00 00 00 D8 C0 A3 06 10 FF 77 9B 50 ZU.....ØÀ£..ÿw›P 0020 58 32 44 36 38 58 49 3F F0 CA 81 09 04 00 00 E3 X2D68XI?ðÊ?....ã 0030 2C 96 9D 48 64 63 62 58 ED F1 7A EB 76 80 71 71 ,–?HdcbXíñzëv€qq 0040 0C A9 AE 46 75 7A 5A 2E 00 07 00 01 00 00 00 00 .©®FuzZ......... 0050 07 00 19 08 00 00 00 06 01 19 08 00 05 00 00 00 ................ 0060 05 00 8B 72 CB 40 44 65 61 74 68 54 6F 46 72 61 ..‹rË@DeathToFra 0070 69 7A 65 72 00 84 80 FF FF FF FF FF 0D FF 4F FF izer.„€ÿÿÿÿÿ.ÿOÿ [/pre] I was trying to logon to the char by the name of "DeathToFraizer" (if you couldn't tell) #2 Would it be possible to select a connection to battle.net (I run several bots on this computer), i'm not sure if this is even possible, but I just thought I would ask. | March 11, 2004, 9:24 PM |
Kp | [quote author=FuzZ link=board=17;threadid=4594;start=0#msg48953 date=1079040248]Would it be possible to select a connection to battle.net (I run several bots on this computer), i'm not sure if this is even possible, but I just thought I would ask.[/quote] It should be possible to specify a filter to only one TCP stream (i.e. one connection). However, since I've never used WinPCap, I don't know how easily it can correlate the streams. So, it's possible that even once Arta adds filtering, you'd have to do some trial and error to figure out which of the connections is the one you want to watch. You're probably better off just not running so many bots. :) | March 11, 2004, 10:25 PM |
ChR0NiC | When using BNCSMon (the latest) it crashed on me several times when logging my client..and also starting going into spasms kept writing SID_NILL Received....and it just got angry.... | March 17, 2004, 2:43 AM |
UserLoser. | [quote author=ChR0NiC link=board=17;threadid=4594;start=15#msg49968 date=1079491434] When using BNCSMon (the latest) it crashed on me several times when logging my client..and also starting going into spasms kept writing SID_NILL Received....and it just got angry.... [/quote] If i'm not mistaken, isn't your client the one that sends a bunch of SID_NULLs to 'spoof' your ping? | March 17, 2004, 2:53 AM |
ChR0NiC | [quote author=ChR0NiC link=board=17;threadid=4594;start=15#msg49968 date=1079491434] When using BNCSMon (the latest) it crashed on me several times when logging my client..and also starting going into spasms kept writing SID_NILL Received....and it just got angry.... [/quote] [quote author=UserLoser. link=board=17;threadid=4594;start=15#msg49971 date=1079492031] If i'm not mistaken, isn't your client the one that sends a bunch of SID_NULLs to 'spoof' your ping? [/quote] If you are talking about 0ms then I suppose but I am talking about using the game client Brood War....and the logger filled up 900kb worth of SID_NULL in my capture log... | March 17, 2004, 3:53 AM |
FuzZ | I've had 25MB files (would've been larger but i killed BNCSMON) from the same thing. Not sure what it is. IIRC, it was only on Diablo II. | March 17, 2004, 4:50 AM |
Stealth | This happened to me while I logged a Diablo II Realm login in an attempt to see a valid 0x3E packet. | March 22, 2004, 8:38 PM |
ChR0NiC | *takes notes on what might be a part of Stealth's new version of Stealth Bot* :P | March 23, 2004, 6:54 AM |
Arta | hmm. Is this reproducable? Could someone with the wherewithall possibly make a BNCSMon log and take a packet capture at the same and send me the logs from both? I've never seen this problem. | March 23, 2004, 9:29 AM |
ChR0NiC | It's not very common for this to occur......but next time it happens I will do just that :) Edit: When logging D2 and sometimes BW, the BNCSMon will crash on me. I am not quite sure what causes this, but perhaps an overflow of some sort. | March 29, 2004, 3:08 AM |
Spht | Bump. | June 7, 2004, 6:29 PM |