Shoutbox

I'm trying to detect file transfers using the Xniff OCX, but can only detect the invitation and parts of the file being transfered. It does not seem to be sending the filename or filesize. Am I missing something? I've even tried looking at EVERY message sent during the invitation/sending of a file and not found anything Please help? lol

Maybe check the hypothetic.org docs on file transfers.

EDIT: The name's sent in the invitation as one of the little parameter thingies, under "Application-File". Filesize is under "Application-Size". (note that this is not extremely up to date, there may have been changes but it is likely to be the same or very similar)

Example invitation:

code:

---

>>> MSG 12 N 294
    MIME-Version: 1.0
    Content-Type: text/x-msmsgsinvite; charset=UTF-8
   
    Application-Name: File Transfer
    Application-GUID: {5D3E02AB-6190-11d3-BBBB-00C04F795683}
    Invitation-Command: INVITE
    Invitation-Cookie: 85366
    Application-File: Autoexec.bat
    Application-FileSize: 187
    Connectivity: N

---

Source: Hypothetic Documentation

I looked at the Hypothetic website before posting as I wanted as little "forum help" as possible (wanted to try something on my own for once) However, upon looking through the code for File Transfers, it states information that simply does not appear to be sent in that message. I don't get any info regarding the filename or filesize

quote:

---

Originally posted by SpunkyLoveMuff
I looked at the Hypothetic website before posting as I wanted as little "forum help" as possible (wanted to try something on my own for once) However, upon looking through the code for File Transfers, it states information that simply does not appear to be sent in that message. I don't get any info regarding the filename or filesize

---

its the Context: part of the invite message that is the filename (probably ends in a long string of A's), you just need to base64 decode it.

Right, I've spent some time today looking at base64 encoding and decoding and not been able to find a way to retrieve the name of the file being sent. If I decoded it using a web site, it would have wierd symbols at the start of the file name (at first it says it's an invalid length to be decoded) so I trimmed the symbols of by removing some of the encoded string.

I tried using a dll to decode it, but the sample code given was written for VB and I had a hard time translating it to JScript. The code I used gave a different result for the same string every time it returned a value... Is there a simple JScript function that could be made to do it?

Also, the file size is the main thing I really want to try and get so how is it sent (it must still be sent somehow as the contacts messenger know what file size it is)

quote:

---

Originally posted by SpunkyLoveMuff
Right, I've spent some time today looking at base64 encoding and decoding and not been able to find a way to retrieve the name of the file being sent. If I decoded it using a web site, it would have wierd symbols at the start of the file name (at first it says it's an invalid length to be decoded) so I trimmed the symbols of by removing some of the encoded string.

---

The FileName isn't the whole of the Context: section, it's only bytes 19 to 639.

Read More:  Context field of P2P File Transfers (MSWord)

May I also note that you wont be able to detect all file transfers like that with Xniff. The protocol has changed a lot in places since what has been written on Hypothetic.

eg: Here, when sniffing all incomming and outgoing packets from the switchboard with Xniff, it detects absolutely no protocol msgs like that. The file transfers go directly.

quote:

---

Originally posted by CookieRevised
eg: Here, when sniffing all incomming and outgoing packets from the switchboard with Xniff, it detects absolutely no protocol msgs like that. The file transfers go directly.

---

Not sure if you're only lookin at port 1463 or whatever it is, but transfers use a different port range.

quote:

---

Originally posted by Dempsey

quote:

---

Originally posted by CookieRevised
eg: Here, when sniffing all incomming and outgoing packets from the switchboard with Xniff, it detects absolutely no protocol msgs like that. The file transfers go directly.

---

Not sure if you're only lookin at port 1463 or whatever it is, but transfers use a different port range.

---

all ports

(I said Xniff, but actually used a prof. packet sniffer (on all ports))

File transfers depend on many things, it even did back when MSN Messenger 6.2 was the latest version (old post). Now it is way more complicated than just sniffing for that specific MSG message.

So is there no way to detect when a file transfer has been initiated (or even just the invitation sent)? The protocol kinda goes over my head, but I wanna learn to interact with it which is why I decided to have a go at this...