NetPro: Packet Analysis and Visualization tool

Have you created a useful tool? or Do you want to get help building one? This is the right place!
Forum rules
READ NOW: L2j Forums Rules of Conduct
Post Reply
User avatar
CubAfull
Posts: 37
Joined: Wed Feb 03, 2010 9:02 pm

Re: NetPro: Packet Analysis and Visualization tool

Post by CubAfull »

Great explanation Sr. Now everything is working fine.

At this moment I just can say WOW! What a great tool you have made!

Thank you very much.
I Cuba...
michael1414
Posts: 10
Joined: Sun Apr 27, 2014 12:17 pm

Re: NetPro: Packet Analysis and Visualization tool

Post by michael1414 »

SaveGame wrote:New release of 0.8-SNAPSHOT. Most (non-script/definition) changes are cosmetical, so there's no version increment.
This release should directly benefit those that voiced their opinions. I am sorry, I still did not have time to prepare any guides :(
Hello again. For start You made very good tool. Gratulations. For mow still I only taking packets and I still don't do any scripts but GUI is very nice.
I have few new questions for this tool ?
1) Could be added option to search specific opcode or packet names from all of the files ? For example if I have 137 plog files with packets and some specific packets are only in files: 1.plog, 20.plog, 45.plog. That could be grid with file names only and nothing more for now.
2) Could be option to actual packets synchronization ? For example if will be new chronicle and someone will be know bytes what means could be send to server and any of using this sniffer could be have option to sync packet files in new files are on server side.

For now I have only this questions. And very thx for this sniffer.

Best Regards
michael1414
SaveGame
Posts: 121
Joined: Thu Oct 30, 2014 9:54 pm

Re: NetPro: Packet Analysis and Visualization tool

Post by SaveGame »

michael1414 wrote:1) Could be added option to search specific opcode or packet names from all of the files ? For example if I have 137 plog files with packets and some specific packets are only in files: 1.plog, 20.plog, 45.plog. That could be grid with file names only and nothing more for now.
Since obviously all the packet logs you have were made by NP 0.8, I will not cover additional steps required when dealing with packet logs created by old versions of the tool.

For each protocol you have packet logs of (currently, they all should be 606, if you were testing on NA)
1. Open the packet display configuration:
Image
2. Select packet(s) you want to search for:
Image
3. Open the file selection dialog and tick 'Contains displayable packets':
Image

If you have already navigated to a specific subdirectory where packet log files reside, you might need to wait for a second or so; otherwise files will be filtered out as you enter a directory. While filtering, only the packet log header is being read, so it will not take long nor will it cause heavy I/O (even if you have several GB of logs in a directory).

A few points worth noting:
1. By default, packet display configurations have all their packets selected. So if you have logs recorded with different protocols in the same directory, and have only set a packet display configuration for a single protocol, selecting 'Contains displayable packets' will still show all files that use a different protocol. You can use the date in the filename to distinguish which packet logs you should ignore in this case.
2. You can force NetPro to load a specific packet display config on startup automatically by naming it [protocol number].pdc and exporting to the default directory.
3. Selecting '???/Unknown' packet will cause you to see any packet logs that have packets with opcodes that are missing in a specific protocol's opcode_mapping.xml file. You cannot filter by concrete unknown opcodes.

michael1414 wrote:2) Could be option to actual packets synchronization ? For example if will be new chronicle and someone will be know bytes what means could be send to server and any of using this sniffer could be have option to sync packet files in new files are on server side.
I guess it would be easiest to just make a git repository for that. The question is, who will maintain it?
The guessing game is easiest when you are familiar (that is, spent some time) with newly added features. And new features sometimes require not only a super rich lvl 100 char (possible via NC-endorsed RWT, such as converting EUR to 2b worth brooches), but two clans of lvl 100 chars, where one owns a castle and a physical CH, while the other owns a fort and a residential CH, etc.

In any case, I could easily add a configuration option that would allow to load definitions from a specific directory (essentially, from that global public repository). But we'd need someone [a team, basically] who is interested in finding out each and every single field of each new/updated packet. As you can see, newest packets are far from perfect, having unk/0/1 as field descriptions. This is really bad, because structure can be easily deduced with little time investment; the meaning of each field is the only thing that matters.

In short: syncing files should be delegated to software that specializes in that, as it provides merging and easy conflict resolution capabilities. In fact, if a global definition repository existed, you could just symlink ./config/packets to your local copy.
If anyone is interested in maintaining such a repository, contact me or write in this thread – it can be created.
Image
User avatar
jurchiks
Posts: 6769
Joined: Sat Sep 19, 2009 4:16 pm
Location: Eastern Europe

Re: NetPro: Packet Analysis and Visualization tool

Post by jurchiks »

There's no harm in creating a github repo for those packet definitions anyway, but you don't need a team to work on it; if you make the tool popular enough, there will be people making pull requests for it.
If you have problems, FIRST TRY SOLVING THEM YOURSELF, and if you get errors, TRY TO ANALYZE THEM, and ONLY if you can't help it, THEN ask here.
Otherwise you will never learn anything if all you do is copy-paste!
Discussion breeds innovation.
Propek
Posts: 1
Joined: Fri Jan 03, 2014 11:23 am

Re: NetPro: Packet Analysis and Visualization tool

Post by Propek »

Any idea how to solve this?

Image
Image

Code: Select all

INFO [2015-02-18 16:25:19.371 +0100] L2JFreeConfig: Logging initialized.
INFO [2015-02-18 16:25:19.635 +0100] ProxyInfo: ___      ___                ________      .__________.
INFO [2015-02-18 16:25:19.635 +0100] ProxyInfo: `MM\     `M'                `MMMMMMMb.    |   3889   |
INFO [2015-02-18 16:25:19.636 +0100] ProxyInfo:  MMM\     M           /      MM    `Mb    |__________|
INFO [2015-02-18 16:25:19.636 +0100] ProxyInfo:  M\MM\    M   ____   /M      MM     MM ___  __   _____
INFO [2015-02-18 16:25:19.636 +0100] ProxyInfo:  M \MM\   M  6MMMMb /MMMMM   MM     MM `MM 6MM  6MMMMMb
INFO [2015-02-18 16:25:19.637 +0100] ProxyInfo:  M  \MM\  M 6M'  `Mb MM      MM    .M9  MM69 " 6M'   `Mb
INFO [2015-02-18 16:25:19.637 +0100] ProxyInfo:  M   \MM\ M MM    MM MM      MMMMMMM9'  MM'    MM     MM
INFO [2015-02-18 16:25:19.638 +0100] ProxyInfo:  M    \MM\M MMMMMMMM MM      MM         MM     MM     MM
INFO [2015-02-18 16:25:19.638 +0100] ProxyInfo:  M     \MMM MM       MM      MM         MM     MM     MM
INFO [2015-02-18 16:25:19.638 +0100] ProxyInfo:  M      \MM YM    d9 YM.  ,  MM         MM     YM.   ,M9
INFO [2015-02-18 16:25:19.639 +0100] ProxyInfo: _M_      \M  YMMMM9   YMMM9 _MM_       _MM_     YMMMMM9
-----------------------------------------------------------------------------------------------------------------------------------------------------={ Config }
INFO [2015-02-18 16:25:19.996 +0100] L2JFreeConfig$ConfigFileLoader: loading 'config\proxy.properties'
------------------------------------------------------------------------------------------------------------------------------------------------={ Thread Pool }
INFO [2015-02-18 16:25:20.046 +0100] L2ThreadPool: No scheduled thread pool has been manually initialized, so initializing default one.
INFO [2015-02-18 16:25:20.049 +0100] L2ThreadPool: No instant thread pool has been manually initialized, so initializing default one.
INFO [2015-02-18 16:25:20.051 +0100] L2ThreadPool: No long running thread pool has been manually initialized, so initializing default one.
INFO [2015-02-18 16:25:20.233 +0100] L2ThreadPool: L2ThreadPool: Initialized with
INFO [2015-02-18 16:25:20.233 +0100] L2ThreadPool: 	... 4/2147483647 scheduler,
INFO [2015-02-18 16:25:20.233 +0100] L2ThreadPool: 	... 0/2147483647 instant,
INFO [2015-02-18 16:25:20.234 +0100] L2ThreadPool: 	... 0/2147483647 long running thread(s).
----------------------------------------------------------------------------------------------------------------------------------------------------={ Utility }
INFO [2015-02-18 16:25:20.255 +0100] Shutdown: ShutdownHook: Initialized.
INFO [2015-02-18 16:25:20.259 +0100] DeadlockDetector: DeadlockDetector: Initialized.
INFO [2015-02-18 16:25:28.207 +0100] Loader: The system Java compiler is missing. Please run via a JDK executable or add tools.jar to classpath.
---------------------------------------------------------------------------------------------------------------------------------------------------={ Shutdown }
SaveGame
Posts: 121
Joined: Thu Oct 30, 2014 9:54 pm

Re: NetPro: Packet Analysis and Visualization tool

Post by SaveGame »

Propek wrote:Any idea how to solve this?

Image
Image
Ah great, I see that the warning I've put in since the last report came in handy.

Well, to put it blunt, you must install the Java JDK first.

Unlike various l2j serverpacks, NetPro does NOT make use of 3rd party libraries when compiling script source files (and therefore does not bundle such library JARs with itself). [ECJ/Eclipse Compiler for Java is the typical choice in l2j serverpacks, which may be identified by the ecj[..].jar library/-ies].

Therefore, the "system" Java compiler will be used; in a typical Sun's Java binary distribution, a "system" java compiler resides in the tools.jar file, which is not available in a JRE.

After all, I expect this application will primarily be used by l2j developers, and they should have the JDK by default, at least for the standard library source... right?


On the other hand, I could make it that NP would allow itself to run on a JRE, as the scripts can be precompiled into a cache. Naturally, you will not be able to load/reload scripts when running via a JRE.
I've been planning to do a new release, but there are still some things to take care of. However, I will look into making NP JRE-friendly by default. Thanks for the report.



P.S. To run NP right now, you must download and install a Java Development Kit (JRE/Java Runtime Environment will not suffice).
http://www.oracle.com/technetwork/java/ ... index.html
Image
Image
Reavourz
Posts: 2
Joined: Fri Feb 20, 2015 6:28 am

Re: NetPro: Packet Analysis and Visualization tool

Post by Reavourz »

Can i use NETPRO + PROXIFIER???, i try use NetPro with l2.ini edit, but the system have a protection against modifications "L2.ini" ? Do you undestand me? I got disconnect, waiting for you asnwer. Thanks for share.
SaveGame
Posts: 121
Joined: Thu Oct 30, 2014 9:54 pm

Re: NetPro: Packet Analysis and Visualization tool

Post by SaveGame »

Reavourz wrote:Can i use NETPRO + PROXIFIER???, i try use NetPro with l2.ini edit, but the system have a protection against modifications "L2.ini" ? Do you undestand me? I got disconnect, waiting for you asnwer. Thanks for share.
The way you direct the L2 client to connect to NetPro is not really relevant.

I haven't used this Proxifier software myself, but I can tell you a somewhat more sophisticated way to use a clean client WITHOUT command line arguments when l2.ini contains an IPv4 address instead of a hostname (like KR retail client).

You will need two computers, unfortunately. One to run NetPro and the other to run L2. Also, you will need a basic proxy app to redirect the client to NetPro.
On the computer to run L2, create a new loopback adapter and assign it the IP found in the l2.ini. Set up the basic proxy to listen on 'localhost:port in l2 ini' and to forward to 'computer with NetPro:NetPro listen port'.
This is necessary because you cannot selectively bypass the loopback adapter once it is installed.


Though it technically WOULD be possible to avoid the '2nd computer' part, if NetPro could delay the connection to the remote IP for a few seconds, required to disable the loopback adapter (after the client was forced to connect to NetPro locally, instead of the remote server). I'll certainly check if this is possible, and make a config option for it if so (as it only involves using OS tools instead of 3rd party software).
Image
Reavourz
Posts: 2
Joined: Fri Feb 20, 2015 6:28 am

Re: NetPro: Packet Analysis and Visualization tool

Post by Reavourz »

Hello, thanks for reply, i have be tryed with every type, proxy,loopback,
PC1 -> NET PRO adversedip 192.xxx.xxx.xxx
PC2 -> LINEAGE system edited for ip 192.xxx.xxx.xxx
I have been connected, but when i press for enter into gameserver list ( Disconnect message )
please give me a light, I don't understand your method or i do it very wrong.
SaveGame
Posts: 121
Joined: Thu Oct 30, 2014 9:54 pm

Re: NetPro: Packet Analysis and Visualization tool

Post by SaveGame »

Reavourz wrote:Hello, thanks for reply, i have be tryed with every type, proxy,loopback,
PC1 -> NET PRO adversedip 192.xxx.xxx.xxx
PC2 -> LINEAGE system edited for ip 192.xxx.xxx.xxx
I have been connected, but when i press for enter into gameserver list ( Disconnect message )
please give me a light, I don't understand your method or i do it very wrong.
Suspiciously enough, this sounds very much like a frost-tunneled game server connection. If this is not the case, I will require more information (at least a .log file (console), though additional screens with both ServerList packets would be nice).

IF this is the case, and game server connection IS tunneled by Frost or whatever else proprietary encryption scheme on top of the standard network protocol, it is actually not within the scope of this application to deal with. And this forum is not the right place to start a discussion about it, I'm afraid.
Image
SaveGame
Posts: 121
Joined: Thu Oct 30, 2014 9:54 pm

Re: NetPro: Packet Analysis and Visualization tool

Post by SaveGame »

A new release is out. Running on a JRE is now supported, but script (re)load functionality will be disabled (only precompiled scripts are supported). Other changes are listed in changelog.txt. Once again, your suggestions are welcome

I have some important changes in mind atm, and I didn't want to delay a release further away, so here it is. Next release will be bundled with JavaDoc and might be the candidate release for 1.0.
Image
michael1414
Posts: 10
Joined: Sun Apr 27, 2014 12:17 pm

Re: NetPro: Packet Analysis and Visualization tool

Post by michael1414 »

SaveGame wrote:A new release is out. Running on a JRE is now supported, but script (re)load functionality will be disabled (only precompiled scripts are supported). Other changes are listed in changelog.txt. Once again, your suggestions are welcome

I have some important changes in mind atm, and I didn't want to delay a release further away, so here it is. Next release will be bundled with JavaDoc and might be the candidate release for 1.0.
Hi.

I run today latest version and I haven't got any server packets. This troubles can be with new released l2 system version (610) ?
Last edited by michael1414 on Wed Mar 11, 2015 12:38 pm, edited 2 times in total.
SaveGame
Posts: 121
Joined: Thu Oct 30, 2014 9:54 pm

Re: NetPro: Packet Analysis and Visualization tool

Post by SaveGame »

michael1414 wrote:
SaveGame wrote:A new release is out. Running on a JRE is now supported, but script (re)load functionality will be disabled (only precompiled scripts are supported). Other changes are listed in changelog.txt. Once again, your suggestions are welcome

I have some important changes in mind atm, and I didn't want to delay a release further away, so here it is. Next release will be bundled with JavaDoc and might be the candidate release for 1.0.
Hi.

I run today latest version and I haven't got any server packets. This troubles can be with new released l2 system version (610) ?
You should see (at the bottom of the window) that it is using IO/classic definitions for packets, so some of the definitions might have become incorrect.
However, if you see only client packets, then I guess you should check the associated packet display configuration (IO in this case).

However, if the bottom of the window shows 6xx/6xx and not 0/6xx, then it is a different issue entirely.

Anyway, I'll make a release today, so that you don't have to add the protocol manually.
Image
michael1414
Posts: 10
Joined: Sun Apr 27, 2014 12:17 pm

Re: NetPro: Packet Analysis and Visualization tool

Post by michael1414 »

SaveGame wrote: You should see (at the bottom of the window) that it is using IO/classic definitions for packets, so some of the definitions might have become incorrect.
However, if you see only client packets, then I guess you should check the associated packet display configuration (IO in this case).
However, if the bottom of the window shows 6xx/6xx and not 0/6xx, then it is a different issue entirely.
Anyway, I'll make a release today, so that you don't have to add the protocol manually.
Thx very much.
And in USAGE.txt in QUICKSTART on NA probably in line:

Code: Select all

2. Open config/proxy.properties
should be:

Code: Select all

2. Open serviceconfig.xml
PS:
Thx for your very good work :)
SaveGame
Posts: 121
Joined: Thu Oct 30, 2014 9:54 pm

Re: NetPro: Packet Analysis and Visualization tool

Post by SaveGame »

Yes, thanks for noticing :)

The release for 610 support is now uploaded and the first post has been updated accordingly.

P.S. Since there are no new packets, it is just a direct copypaste of the earlier one in all_known_protocols.xml
Image
Post Reply