PKT 3.1 (English)
Материал из YTDB DataBase
PKT 3.1 — a format of PKT network packet dump files, successor of PKT 3.0.
The main reason for creating PKT 3.1 is the inability of PKT 3.0 to store multiple World of Warcraft TCP/IP connections in a single RAW file. [1][2]
The spec consists of two file formats that are used to keep decrypted and encrypted World of Warcraft packets, with extensions .pkt and .raw respectively.
Содержание |
PKT spec
Inside a .pkt file, first there goes the main header. It contains general information about the packet dump. After the main header, there are packet stream fragments with headers.
Fields longer than 1 byte use little-endian byte order by default.
File Name
| Field | Value |
| File name | any |
| File extension | Always .pkt |
Main Header
| Field | Length | Content |
| Signature | 3 bytes | Symbols 'PKT' in ASCII |
| Format version | 2 bytes | 0x01, 0x03 for PKT 3.1 |
| Sniffer ID | 1 bytes | See PKT Sniffer ID |
| Client Build Number | 4 bytes | |
| Client Language Code | 4 bytes | i.g. 'enGB' in ASCII |
| Session Key | 40 bytes | Optional. Can be filled with zeros. |
| Dump started unix time[3] | 4 bytes | Number of seconds passed since the Unix Epoch (UTC) |
| Dump started tick count[3] | 4 bytes | Number of milliseconds passed since the OS start |
| Optional data length | 4 bytes | |
| Optional data | Length of this field is in the previous field |
Network Stream Fragments
| Field | Length | Content |
| Packet Direction | 4 bytes | 'SMSG' or 'CMSG' in ASCII for S->C and C->S packets respectively |
| Connection ID[3][4] | 4 bytes | Packet's TCP/IP connection's unique identifier |
| Packet arrival ticks | 4 bytes | Number of milliseconds passed since the OS start |
| Optional data length | 4 bytes | |
| Data length | 4 bytes | At least 4 bytes |
| Optional data | Content of this field is controlled by the sniffer's developer. Length is in the "Optional data length" field. | |
| Data | Contains data of one World of Warcraft packet. Opcode is included into the data and is aligned to 4 bytes. Length is in the "Data length" field. |
RAW spec
Not Yet Translated
Links
References
- ↑ LordJZ says about the inability to store packets from multiple connections with PKT 3.0
- ↑ RomanRom2 says that a new format is needed
- ↑ 3,0 3,1 3,2 New in PKT 3.1
- ↑ Field "Packet arrival unix time" was replaced with "Connection ID" in PKT 3.1
