Pwnd2Pwnr Posted December 22, 2012 Posted December 22, 2012 (edited) I am not sure if anyone in this thread (or a lot of other threads) have sniffed xbox live packets through a Linux distro. Well, I have figured it out. Ubuntu 12.04 In terminal: $ sudo wireshark open new tab/new terminal $ sudo ettercap -G Using the GTK UI for ettercap, click on the 'Hosts' button and scan for your hosts. (My xbox was on port 192.168.1.66). Add your xbox IP to 'Target 1' and 'Target 2'. Next, click on the 'MITM' button and click on port stealing (both options together, have not tested singular filters). This will enable wireshark to pick up those damned pesky packets from XBL. Now, go to your Wireshark and sniff eth0. Add 'UDP' to the filter expression and watch the packets fly. :) Hope this helps anyone who wants to look at xbox live packets in depth. AS A BONUS = you get SIP requests too... pick up your VoIP and make some recorded calls.... :) 278 1.126648 192.168.1.x 69.59.x.x SIP 800 Request: REGISTER sip:e.voncp.com:10000 Edited December 22, 2012 by Pwnd2Pwnr Quote
Pwnd2Pwnr Posted December 22, 2012 Author Posted December 22, 2012 (edited) Well, it looks semi promising... you should try and replicate... a lot of interesting packets, that is for sure. 17 0.054448 71.225.152.188 192.168.1.66 UDP 1322 Source port: xbox Destination port: xbox Edited December 22, 2012 by Pwnd2Pwnr Quote
murder_face Posted December 22, 2012 Posted December 22, 2012 Still don't have a 360 but planning on buying one. I've actually been trying to encourage someone with a WiiU to do the same thing.... Quote
Pwnd2Pwnr Posted December 22, 2012 Author Posted December 22, 2012 Hmmm... I wonder what could be sniffed from that. I was thinking of an Arduino RF sensor and trying to see what type of transmission those send. Hmmm... Quote
murder_face Posted December 22, 2012 Posted December 22, 2012 I've always wanted to try this: http://freaklabs.org/index.php/Tutorials/Software/Feeding-the-Shark-Turning-the-Freakduino-into-a-Realtime-Wireless-Protocol-Analyzer-with-Wireshark.html Quote
Infatuas Posted December 28, 2012 Posted December 28, 2012 I think i'll be trying some port mirroring tonight while gaming. I've always wanted to see what's being relayed. Quote
Darren VanBuren Posted December 28, 2012 Posted December 28, 2012 Because I don't have a wired connection to my Xbox or a wireless adapter for it, I've used my laptop to bridge my Xbox to the network, and ran Wireshark as well, for the fun of it. Here's what I've discovered: The 360 uses Kerberos to authenticate you on Xbox LIVE (on the PASSPORT.NET domain). Your username is your gamertag. The images on the Dashboard are downloaded over HTTP from, if I remember correctly, the Limelight Networks CDN. Downloads from the marketplace (games, game updates, apps, etc.) come from that same CDN. All over unencypted HTTP. (Man In the Middle fun is certainly possible, but the 360 will only run signed code. You could maybe replace the images on the dash if you're lucky.) Games are locked to communicating for multiplayer using whatever UDP port the Xbox thinks is open. Its' preferred port is 3074 (which is registered as xbox, as shown in the original post). Private and Party Chats also work over the UDP port that the Xbox chose on startup. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.