PKT 3.0 (English)

Материал из YTDB DataBase

Версия от 17:22, 15 августа 2011; LordJZ (Обсуждение | вклад)
(разн.) ← Предыдущая | Текущая версия (разн.) | Следующая → (разн.)
Перейти к: навигация, поиск

PKT 3.0 is the first universal version of PKT network packet dump file format.

The specification consists of two file formats to contain decrypted and encrypted network packets of World of Warcraft, with .pkt and .raw extensions respectively.

Содержание

PKT Spec

First goes the Main Header. The Main Header contains meta data about the packet dump. Fragments of the network stream go afterwards.

For fields longer than 1 byte, little-endian byte order is used by default.

File Naming

FieldValue
File NameAny
File ExtensionMandatory .pkt

Main Header

FieldLengthContents
File Signature3 bytes'PKT' in ASCII, sequently
Format Version2 bytesFirst minor, than major version bytes. For PKT 3.0 it is 0x00, 0x03
Sniffer Id1 byteSee Sniffer Id in PKT
Client Build Number4 bytes
Client Language4 bytesLanguage code bytes in ASCII, sequently, i.g. 'enGB'
Session Key40 bytesOptional. Can be filled with zeros.
Optional Data Length4 bytes
Optional DataLength is in previous field.

Network Stream Fragment

FieldLengthContents
Packet Direction4 bytes4 chars in ASCII sequently, 'SMSG' for server-to-client packets, 'CMSG' for client-to-server packets.
Packet Arrival Time4 bytesNumber of seconds passed since the UTC Unix Epoch
Packet Arrival Ticks4 bytesNumber of milliseconds passed since the system start
Optional Data Length4 bytes
Packet Data Length4 bytesAt least 4 bytes
Optional DataOnly the sniffer's developer controls what data is contained in this field.
Length is in "Optional Data Length"
Packet DataData of a single World of Warcraft packet.
Length is in "Packet Data Length". First 4 bytes of the field are the opcode.

RAW Spec

First goes the Main Header. The Main Header contains meta data about the packet dump. Fragments of the network stream go afterwards.

For fields longer than 1 byte, little-endian byte order is used by default.

File Naming

FieldValue
File NameAny
File ExtensionMandatory .raw

Main Header

FieldLengthContents
File Signature3 bytes'RAW' in ASCII, sequently
Format Version2 bytesFirst minor, than major version bytes. For PKT 3.0 it is 0x00, 0x03
Sniffer Id1 byteSee Sniffer Id in PKT
Client Build Number4 bytes
Client Language4 bytesLanguage code bytes in ASCII, sequently, i.g. 'enGB'
Session Key40 bytes
Optional Data Length4 bytes
Optional DataLength is in previous field.

Network Stream Fragment

FieldLengthContents
Packet Direction4 bytes4 chars in ASCII sequently, 'SMSG' for server-to-client packets, 'CMSG' for client-to-server packets.
Packet Arrival Time4 bytesNumber of seconds passed since the UTC Unix Epoch
Packet Arrival Ticks4 bytesNumber of milliseconds passed since the system start
Optional Data Length4 bytes
Packet Data Length4 bytesAt least 4 bytes
Optional DataOnly the sniffer's developer controls what data is contained in this field.
Length is in "Optional Data Length"
Packet DataData of a single TCP packet.
Length is in "Packet Data Length".

Links

Личные инструменты