SCZ is posted in the Irrigation Paradise at 12:17:39 at 00-5-9:
Title: NetXray instructions (6) ---- Capture OICQ Message Packet NetXray Before editing, Sniffer Pro 2.6 is not as good as Netxray, can only carry binary editing. The Tab keys in the add pattern in the Sniffer Pro are extremely mixed, and Decode support is also available here. Always understand these places. However, the cracked version of NetXray is in some places when Decode, the menu Window fails. Texture (back to make up, no time) tells the capture of OICQ Message packets today. 1. First set the IP / UDP packet filtering, IP / TCP is not necessary, because the OICQ Message packet is mostly IP / UDP packet, I have not seen IP / TCP, it should be not. 2. Set the IP of the communication between communication in Address / IP Include, assuming that we need to capture all OICQ Message packets that communicate with this unit OICQ.exe, set to myip <----> any3. Go to the Data Pattern setting page Designated by << Netxray instructions (2) >> ((srcport == 4000) && (Dstport! = 8000)) || ((Srcport! = 8000) && (dstport == 4000)) One means that this unit sent a message to others, and the second is that someone else sent a message to this machine, and the reason why the 8000 is excluded, you can enter the port involved at this time. So why not specify two heads are 4000, because if it passes the transparent gateway, the UDP RELAY will change the source port, usually will not be 4000. In turn, if you find a source port of a package is not 4000, he / she should be behind the agent like Sygate. But at this time, UDP Data Pipe has been established, even if he / she is behind Sygate, I can use the IP / port and his / her communications just caught, mean that many things may happen. It is assumed here to communicate through OICQ.exe, if you write with OICQ.EXE, the source port does not have to be 4000, which can be arbitrarily specified.
