0

I have run a mahjong robot download from https://github.com/MahjongRepository/tenhou-python-bot to play in http://tenhou.net. The codes showed that it connected to server with a TCP socket while the WireShark indicated that there were UDP packets sent/received. Furthermore, the codes indicated that the messages are plain text and could be treated as ascii string while WireShark said it was not able to recognize the payload.

What happened here? Was there a proxy? Was there a encrypted tunnel? How can I catch INIT message by only sniffered packets? Thank you very much!

The codes in client.py:

    def connect(self):
        self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.socket.connect((settings.TENHOU_HOST, 10080))

    def _read_message(self):
        message = self.socket.recv(2048)
        return message.decode('utf-8')

    def _send_message(self, message):
        # tenhou requires an empty byte in the end of each sending message
        message += '\0'
        self.socket.sendall(message.encode())

    def authenticate(self):
        self._send_message('<HELO name="{}" tid="f0" sx="M" />'.format(quote(settings.USER_ID)))
        messages = self._get_multiple_messages()
        auth_message = messages[0]
        # Several blocks ommitted

The WireShark PrintScreen

user3059627
  • 89
  • 7
  • Wireshark will, in general, capture *all* network traffic on the interface it is listening on. This will include the traffic of the TCP connection you are interested in, plus all other network traffic from/to other client/services. So the UDP packets may be from another process that you aren't interested in. – President James K. Polk Apr 30 '18 at 17:48
  • Yes, you saved me. The TCP connection was between a local proxy through interface lo. The UDP packets were corresponding communication between client and the remote server through an encrypted(maybe https or QUIC) tunnel. Thank you very much! – user3059627 May 01 '18 at 11:34

0 Answers0