Sign in to follow this  
Followers 0
ragnarok775

UDP Source Port

12 posts in this topic

Hey, im very unfamiliar with the workings of UDP protocol, but ive been messing with it for a couple of days now.

I decided id like to see if i could read a packet incoming from a game server. So I opened up a game and connected to

a server while running a Network Analyzer called 'WireShark'. I chose one of the captured packets, saved the data in the

packet to a file and proceeded to send that packet to the same IP and port that WireShark specified with AutioIt's UDPSend()

command. Still monitoring WireShark when i sent this packet using AutoIt, I saw that it was succesfull, WireShark picked up

a recieving packet that contained some data saying "Welcome Player #: 23987502" or somthing of the sort.

Now with my problem... when doing this with the game, I noticed the packet's Source Port was ALWAYS 20111 (same as destination port)

when using UDPSend() WireShark picked up random Source Ports usually ranging between 1000-9000 I think...

I would like to be able to send this packet and read the incoming data all with Autoit, but I never know what port the packet

was sent on, so I dont know what port the packet will be recieved on, therefore i cannot specify a port for UDPBind.

Is there a way to specify a Source Port using UDPSend() ?

--Thanks ... (sorry about the wall of text)

Share this post


Link to post
Share on other sites



Ports 1024 through 49,151 are registered ports. Ports 49,152 through 65,535 are used as temporary ports primarily by clients when communicating to servers. So you do know they have to port scan at times in order to do a task. However you should be able to find out the exact port number by checking your connection to the game. This is done by netstat (start -> command -> netstat), with this to make it smaller I would use '-p UDP'.

As for UDPSend() you can specify a port to send to before to ever send the UDPSend() command. It is UDPOpen( source, source port ) and then you'll be sending that source that information along the program route.


0x576520616C6C206469652C206C697665206C69666520617320696620796F75207765726520696E20746865206C617374207365636F6E642E

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

I could be wrong but i'm fairly positive UDPOpen() specifies the port that will receive the data.

Global $hSocket, $data

UDPStartUp()
$hSocket = UDPOpen("63.146.124.45", "20111")
$data = FileRead("getmotd")
UDPSend($hSocket, $data)

after executing that code, this is what WireShark gets:

Posted Image

this is more info about the Sent packet:

Posted Image

the port that says 'pharos' changes virtually every time I try it.

I would like for both Source and Destination ports to be 20111

Edited by ragnarok775

Share this post


Link to post
Share on other sites

I believe your computer name is pharos and it is opening a port on 4443 because UDP can send information from any port to a specified address so why would you need to tell it to go through a port? The address your sending to would be 63.146.124.45 port number 20111 that is all you need to complete your transfer


0x576520616C6C206469652C206C697665206C69666520617320696620796F75207765726520696E20746865206C617374207365636F6E642E

Share this post


Link to post
Share on other sites

The source port is not important. You can think of it like a mail system. You set the letter in your mailbox (port 1) and it gets to the address on the letter (port 2). You could bring the letter to the post office (port 3) and they will still deliver it to the address (port 2). In the end, no matter the source, the destination is all that matters.

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

@TerarinK

my computers name is not 'pharos', as i said before, that port number changes every time i send the packet. that name that appears there just corresponds to the port number.

here is 3 more sent packets to show u what i mean

Posted Image

@Richard Robertson & TerarinK

the reason that i want to know the source port is because i want to use UPDBind to read the Response packet that is sent back from the server. In order to read that packet, i need to know what port to Bind and so far I do not know how to do that because it chooses a random port.

Before i said i want both source and destination ports to be 20111, but really what i mean is, i just want to be able to recieve that packet so any port will due aslong as i know what port it is.

EDIT

I just did a test sending the packet 3 times with the same UDPOpen information and it used the same port all 3 times

Global $hSocket, $data, $i = 0

UDPStartUp()
$hSocket = UDPOpen("63.146.124.45", "20111")
$data = FileRead("getmotd")

While $i < 3
    UDPSend($hSocket, $data)
    Sleep(1000)
    $i += 1
WEnd

so fidning the Source Port does have somthing to do with UDPOpen, but when i view the Array Contents of $hSocket, nothing useful comes up.

Edited by ragnarok775

Share this post


Link to post
Share on other sites

shameless bump :)

Share this post


Link to post
Share on other sites

UDP = connectionless

TCP = connection oriented

A UDP port would be impossible to send something from as it just opens and hopefully send out its data to you. The games server is only read only from what I'm getting so all the data is kepted on their side, making hacking near impossible. But you can still send packets and modify them to do your bidding


0x576520616C6C206469652C206C697665206C69666520617320696620796F75207765726520696E20746865206C617374207365636F6E642E

Share this post


Link to post
Share on other sites

As for $hSocket it did produce something your source and port you plan on sending to.


0x576520616C6C206469652C206C697665206C69666520617320696620796F75207765726520696E20746865206C617374207365636F6E642E

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

Ragnarok, listen to the people in this thread. The source port is not important and is randomly calculated each time you create a new connection. You're worrying about a networking layer you've been completely abstracted from by using UDP. There's really no way you can control that and you shouldn't even want to control that layer!

Please descibe the problem you are having more globally, so not:

"I need to paint my grass green. What is good paint?"

but ..

"How does I make my grass greener?"

Edited by Manadar

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

@TerarinK

$hSocket contained the Destination IP and Port, not source. Also my intent is not hacking, I'm not quite sure how you go that idea.

@Manadar

The Source port in my case actually is important because the server received the packet FROM this 'Source Port' and then in return SENDS a packet back to me With a destination of the original Source port.

So.... lets say I send a "Packet A" with destination xxx.xxx.xxx.xxx port 1234. This works great and I have not had a problem with that. The Issue is "Packet A's" SOURCE PORT now becomes "Packet B's" DESTINATION PORT. I want to read "Packet B" with Autoit... and correct me if im wrong... but I need to know the PORT to listen on, no?

And as for

Please descibe the problem you are having more globally, so not:

"I need to paint my grass green. What is good paint?"

but ..

"How does I make my grass greener?"

Im not sure what you meant by that, because I stated my problem very clearly.

ANYWHO... if the Source Port cannot be defined then my question is answered and I thank you all for your help.

Edited by ragnarok775

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

hey guys

i found some threads for this topic, like this one, but unfortunately none with an answer ;)

i try to query gamespy protocol II servers with udp, but i cant read the answer because the port is always random

the port i receive the answer to, is the same port i send it from, so its the sending port i start the query with, unfortunately i couldnt find a way to read my sending port.

and yes, there is definately an answer because i read it with wireshark >.<

any solution?

regards

edit: sorry for pushing the old thread, found out that the message i wanted to receive was too long (for autoit?) and could only be read through wireshark then ^^

Edited by nuki

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0