Jump to content

Archived

This topic is now archived and is closed to further replies.

Pwnd2Pwnr

Sniff Xbox Live Packets with Wireshark and Ettercap -G

Recommended Posts

I am not sure if anyone in this thread (or a lot of other threads) have sniffed xbox live packets through a Linux distro. Well, I have figured it out.

Ubuntu 12.04

In terminal:

$ sudo wireshark

open new tab/new terminal

$ sudo ettercap -G

Using the GTK UI for ettercap, click on the 'Hosts' button and scan for your hosts. (My xbox was on port 192.168.1.66).

Add your xbox IP to 'Target 1' and 'Target 2'. Next, click on the 'MITM' button and click on port stealing (both options together, have not tested singular filters). This will enable

wireshark to pick up those damned pesky packets from XBL.

Now, go to your Wireshark and sniff eth0. Add 'UDP' to the filter expression and watch the packets fly. :)

Hope this helps anyone who wants to look at xbox live packets in depth. AS A BONUS = you get SIP requests too... pick up your VoIP and make some recorded calls.... :) 278 1.126648 192.168.1.x 69.59.x.x SIP 800 Request: REGISTER sip:e.voncp.com:10000

post-40609-0-47037400-1356192603_thumb.p

Share this post


Link to post
Share on other sites

Well, it looks semi promising... you should try and replicate... a lot of interesting packets, that is for sure.

17 0.054448 71.225.152.188 192.168.1.66 UDP 1322 Source port: xbox Destination port: xbox

Share this post


Link to post
Share on other sites

Still don't have a 360 but planning on buying one. I've actually been trying to encourage someone with a WiiU to do the same thing....

Share this post


Link to post
Share on other sites

Hmmm... I wonder what could be sniffed from that. I was thinking of an Arduino RF sensor and trying to see what type of transmission those send. Hmmm...

Share this post


Link to post
Share on other sites

I think i'll be trying some port mirroring tonight while gaming. I've always wanted to see what's being relayed.

Share this post


Link to post
Share on other sites

Because I don't have a wired connection to my Xbox or a wireless adapter for it, I've used my laptop to bridge my Xbox to the network, and ran Wireshark as well, for the fun of it. Here's what I've discovered:

The 360 uses Kerberos to authenticate you on Xbox LIVE (on the PASSPORT.NET domain). Your username is your gamertag. The images on the Dashboard are downloaded over HTTP from, if I remember correctly, the Limelight Networks CDN. Downloads from the marketplace (games, game updates, apps, etc.) come from that same CDN. All over unencypted HTTP. (Man In the Middle fun is certainly possible, but the 360 will only run signed code. You could maybe replace the images on the dash if you're lucky.)

Games are locked to communicating for multiplayer using whatever UDP port the Xbox thinks is open. Its' preferred port is 3074 (which is registered as xbox, as shown in the original post). Private and Party Chats also work over the UDP port that the Xbox chose on startup.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...