I hope it's ok to post sniffer questions in this forum. Wasn't really sure if these are more appropriate here (Sniffer util forum) or the help (SEQ help forum). Anyway, if Ratt or Fee or someone wants to move this, feel free.

I've been browsing through a ton of the threads here but haven't really been able to understand a few things. So I ask these questions...


1. I'm thinking of using Baelang's Keyring 2.0. I noticed the readme for it (and other sniffers) requires you to choose a port, recommending something other than the default 10000. Why is the 10000 port a bad idea and how do I know what port number to choose?


2. Once installed and running EQ, Keyring and SEQ, does SEQ automatically grab the code sent from Keyring and apply it? I.E. - Do I need to do anything once I've started all three programs? It *looks* like it is all automatic but if there is more to it I'd like to know before I start trying to use it. (Trying to be prepared BEFORE hand.)

3. I've read several things about having to get the offsets and such, including this thread from today. http://seq.sourceforge.net/showthread.php?s=&threadid=2473 I presume the offset is the location in memory where the key code exists. Is this correct? If so, how do I use and apply the offset to make the sniffer work?



My apologies in advance if these questions seem simple but from my perspective they are all part of the learning curve.

Thanks!

Hobo

Why is the 10000 port a bad idea and how do I know what port number to choose?

The more the installation differs the better it is - choose you own portnr to make it more difficult to detect.

usage:

keyring.exe

-h print output help information (but you knew that, didn't you.)
-f <path/to/config/file> specifies the path to some config file
-v run in verbose mode (copious debug information)


It *looks* like it is all automatic but if there is more to it I'd like to know before I start trying to use it

-i <interval> specify the send interval in seconds.

-a <address> send-to ip address
-p <port> send-to udp port
-n <name> name of program to search for (i.e. eqgame or testeqgame)

If so, how do I use and apply the offset to make the sniffer work?
-o <offset> key location

-e run once and Exit. (no looping)



- I dont use it, but that should the options to use ...

OK, a couple more things. Did some more searching and found Fee's announcement thread http://seq.sourceforge.net/showthread.php?s=&threadid=2372&highlight=port which explains a little more about the port thing. I'm still wondering HOW to choose a port number. Should I just randomly pick a number over 10000 (or 16000 after reading Fee's comments)?

Also while I really appreciate your reply LC, I'm even more confused.

Should I start kingring with a command that looks like this:


C:\ keyring.exe -i <some number to indicate how often it sends the key?> and then - o <78AAD0>

So my final command might look like this:

C:\ keyring.exe -i 30 -o 78AAD0


Am I gettting this right or am I all fucked up? :)


Again, thanks for educating me,


Hobo

Originally posted by Hobo

Should I start kingring with a command that looks like this:


C:\ keyring.exe -i <some number to indicate how often it sends the key?> and then - o <78AAD0>

So my final command might look like this:

C:\ keyring.exe -i 30 -o 78AAD0



if you specify the send interval and offset in the config file, you don't need to put anything on the command line.

command line options are just for overriding the values in the config file. this is useful, for example, if you normally play on a live server but want to run on test for just this session.