New tool for bot developers: BNCSMon

Arta · January 04, 2004, 03:33 PM

This tool displays BNCS traffic in realtime as it passes over your network interface. Some of the more common and/or important packets are processed and their contents displayed. Some possible uses:

- Running a trace in the background to monitor all BNCS traffic on your computer or network,
- Diagnosing problems during developments of BNCS clients,
- Analysing out the sequence in which packets are sent & recieved during logons and other mechanisms,
- Checking the contents of specific packets (perhaps following protocol changes) without having to write custom tools or modify existing clients.

I'm sure more uses could be found.

The is a console application and must be run from a command line. Using no options, the program will monitor the first network interface it finds and display any traffic it finds. There are other options. Read about them by passing -h on the command line:

Code Select


X:\bncsmon -h

This program requires WinPcap 3 to run. If you use Ethereal, you should have this already.

Download

hismajesty · January 04, 2004, 03:41 PM

Arta gave me this earlier, it's really neat!

Stealth · January 04, 2004, 05:00 PM

Wow! Thank you.

UserLoser. · January 04, 2004, 06:42 PM

Quote from: hismajesty on January 04, 2004, 03:41 PM
Arta gave me this earlier, it's really neat!

I thought I sent it to you?

R.a.B.B.i.T · January 20, 2004, 07:35 PM

-h kills it upon start :*(

Yoni · January 21, 2004, 05:41 AM

Very nice!

A feature suggestion: Use two different colors (Win32 SetConsoleTextAttribute) to differentiate between sent and received packets.

DarkMinion · January 22, 2004, 03:52 AM

Suggestion: Make it work properly

After I sent SID_GETLADDERDATA and SID_GETADVLISTEX it stopped producing any output.

Arta · February 17, 2004, 11:59 AM

Thanks for the feedback - I shall do both of these things, and post a new version.

Edit:

New version: Download.

DM, I can request ladder data and game lists fine - if you still get this problem with the new version, let me know.

Hamtaro · February 17, 2004, 12:40 PM

if ur still looking for feedback, i'd like to suggest displaying the time each packet was sent.

Ersan · February 17, 2004, 08:26 PM

Yeah also, it doesn't work worth a damn with dial-up modems (all the computers I tested on at least)

MyndFyre · February 17, 2004, 08:36 PM

Quote from: Ersan on February 17, 2004, 08:26 PM
Yeah also, it doesn't work worth a damn with dial-up modems (all the computers I tested on at least)

I believe that has something to do with WinPcap itself, not BncsMon. IIRC, it might work with A0L on Win9x for all you 1337 people out there (I think AOL creates a virtual network adapter that would be visible to WinPcap).

Arta · February 18, 2004, 04:01 AM

Yes, I couldn't get WinPcap to work properly when I was on dial-up either.

I'll add times at some point, that's a good idea.

FuzZ · February 23, 2004, 10:52 AM

I'm using earthlink 56k and didn't have a problem. I had to switch the adapter in the parameters for BNCSMon though.

FuzZ · March 11, 2004, 03:24 PM

2 things
#1: When I run BNCSMon on D2XP whenever I log into realm it locks up.
Last packet I recieved both times I tested.


Rcvd packet 0x00, Length 257:
0000 49 00 01 01 00 00 00 AE 9B 5C A8 3F F0 CA 78 5D I......®›\¨?ðÊx]
0010 BF 54 00 00 00 00 00 D8 C0 A3 06 10 FF 77 9B 50 ¿T.....ØÀ£..ÿw›P
0020 58 32 44 36 38 58 49 3F F0 CA 78 09 04 00 00 19 X2D68XI?ðÊx.....
0030 A2 78 D0 16 DF 0E EE AE 15 15 FF F4 04 73 B5 37 ¢xÐ.ß.î®..ÿô.sµ7
0040 8C 8E 50 46 75 7A 5A 2E 00 07 00 01 00 00 00 00 ŒŽPFuzZ.........
0050 07 00 19 08 00 00 00 06 01 19 08 00 05 00 00 00 ................
0060 05 00 21 72 CB 40 44 65 61 74 68 54 6F 46 72 61 ..!rË@DeathToFra
0070 69 7A 65 72 00 84 80 FF FF FF FF FF 0D FF 4F FF izer.,,€ÿÿÿÿÿ.ÿ

And the second time


Rcvd packet 0x00, Length 257:
0000 49 00 01 01 00 00 00 2E 6A 42 24 3F F0 CA 81 B9 I.......jB$?ðÊ?¹
0010 5A 55 00 00 00 00 00 D8 C0 A3 06 10 FF 77 9B 50 ZU.....ØÀ£..ÿw›P
0020 58 32 44 36 38 58 49 3F F0 CA 81 09 04 00 00 E3 X2D68XI?ðÊ?....ã
0030 2C 96 9D 48 64 63 62 58 ED F1 7A EB 76 80 71 71 ,–?HdcbXíñzëv€qq
0040 0C A9 AE 46 75 7A 5A 2E 00 07 00 01 00 00 00 00 .©®FuzZ.........
0050 07 00 19 08 00 00 00 06 01 19 08 00 05 00 00 00 ................
0060 05 00 8B 72 CB 40 44 65 61 74 68 54 6F 46 72 61 ..‹rË@DeathToFra
0070 69 7A 65 72 00 84 80 FF FF FF FF FF 0D FF 4F FF izer.,,€ÿÿÿÿÿ.ÿOÿ

I was trying to logon to the char by the name of "DeathToFraizer" (if you couldn't tell)

#2
Would it be possible to select a connection to battle.net (I run several bots on this computer), i'm not sure if this is even possible, but I just thought I would ask.

Kp · March 11, 2004, 04:25 PM

Quote from: FuzZ on March 11, 2004, 03:24 PMWould it be possible to select a connection to battle.net (I run several bots on this computer), i'm not sure if this is even possible, but I just thought I would ask.

It should be possible to specify a filter to only one TCP stream (i.e. one connection). However, since I've never used WinPCap, I don't know how easily it can correlate the streams. So, it's possible that even once Arta adds filtering, you'd have to do some trial and error to figure out which of the connections is the one you want to watch. You're probably better off just not running so many bots.

New tool for bot developers: BNCSMon

hismajesty

UserLoser.

R.a.B.B.i.T

Hamtaro

FuzZ

FuzZ