Jump to content

Sniff Xbox Live Packets with Wireshark and Ettercap -G


Recommended Posts

I am not sure if anyone in this thread (or a lot of other threads) have sniffed xbox live packets through a Linux distro. Well, I have figured it out.

Ubuntu 12.04

In terminal:

$ sudo wireshark

open new tab/new terminal

$ sudo ettercap -G

Using the GTK UI for ettercap, click on the 'Hosts' button and scan for your hosts. (My xbox was on port

Add your xbox IP to 'Target 1' and 'Target 2'. Next, click on the 'MITM' button and click on port stealing (both options together, have not tested singular filters). This will enable

wireshark to pick up those damned pesky packets from XBL.

Now, go to your Wireshark and sniff eth0. Add 'UDP' to the filter expression and watch the packets fly. :)

Hope this helps anyone who wants to look at xbox live packets in depth. AS A BONUS = you get SIP requests too... pick up your VoIP and make some recorded calls.... :) 278 1.126648 192.168.1.x 69.59.x.x SIP 800 Request: REGISTER sip:e.voncp.com:10000


Edited by Pwnd2Pwnr
Link to comment
Share on other sites

Well, it looks semi promising... you should try and replicate... a lot of interesting packets, that is for sure.

17 0.054448 UDP 1322 Source port: xbox Destination port: xbox

Edited by Pwnd2Pwnr
Link to comment
Share on other sites

Because I don't have a wired connection to my Xbox or a wireless adapter for it, I've used my laptop to bridge my Xbox to the network, and ran Wireshark as well, for the fun of it. Here's what I've discovered:

The 360 uses Kerberos to authenticate you on Xbox LIVE (on the PASSPORT.NET domain). Your username is your gamertag. The images on the Dashboard are downloaded over HTTP from, if I remember correctly, the Limelight Networks CDN. Downloads from the marketplace (games, game updates, apps, etc.) come from that same CDN. All over unencypted HTTP. (Man In the Middle fun is certainly possible, but the 360 will only run signed code. You could maybe replace the images on the dash if you're lucky.)

Games are locked to communicating for multiplayer using whatever UDP port the Xbox thinks is open. Its' preferred port is 3074 (which is registered as xbox, as shown in the original post). Private and Party Chats also work over the UDP port that the Xbox chose on startup.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...