Re: problem analysing the raw rfb packets

Wed, 04 Oct 2006 23:47:17 -0700 

On Wed, Oct 04, 2006 at 02:05:26AM -0700, rama krishna wrote:
> hi all,
> 
>  Iam trying to analyse raw rfb packets. Iam capturing
> the raw packets while vnc server and client are
> communicating  .Iam doing this on a different
> system.After capturing iam decoding the packets as per
> the rfb protocol.
> 
> while analysing the captured packets i could
> understand the initial communication. The version
> message,secutity handshake,client init message and the
> server init message.
> 
> The server sends its init msg with following values
> 
> frame buffer width(fbw)=4
> fbh=3

You need to byteswap those. 4==0x0004 -> 0x0400==1024
3==0x0003 -> 0x0300==768

> bpp=16
> depth=16
> bend=0
> truecol=1
> redmx=7936
> gm=16128
> bm=7936
 
Byteswap. 7936==0x1f00 -> 0x001f, 16128=0x3f00 -> 0x003f
 
> rsf=11
> gsf=5
> bsf=0 pad1=0
> pad2=0
> 
> next client sends setpixelformat msg with following
> values
> bpp=8
> dep=6
> bend=0
> tcol=1
> redm=768=gm=bm
 
Likewise -> 0x0003 
 
> rsf=4
> gsf=2
> bsf=0
> pad1=0
> pad2=0
> 
> 
> 
> Then client again sends setEncodings message as
> follows
> 
> pad=0
> nencodings=1792
> encoding types=17,33,16,1,5,2,0 in order
> 
> nencodings is 1792 actually it listed only 7
 
Likewise 0x0007 
 
> encodings.The value is received as 7>>8=1792. I dont
> know why.And also the encoding types 17 & 33 are
> unknown.
> 
          
I bet 17 is really 0xFFFFFF11 -> Cursor pseudo encoding
I bet 33 is really 0xFFFFFF21 -> Desktop size pseudo encoding

> 
> Then client again sends framebufferupdaterequest as
> incr=0
> x=0,y=0
> w=4,h=3
> 

Byteswap, w=0x0400=1024, h=0x0300=768

> 
> Then server sends frame bufferupdate msg as
> 
> 
> pad=0
> nrects=768

Byteswap nrects = 3

> The rect header gives following vcalues
> x=256,y=256,w=4096,h=4096

Byteswap x=1, y=1, w=16, h=16

> encoding type=17
> I dont understand what these values mean.what  The
> encoding type 17 means.The width and height of 4096 is
> not possible.
> 
> For all the framebufferupdate message i get values
> like this only. Some values seem correct if i shift
> them right 8 times or 16 times or 24 times, While some
> values are correct as they are.  Why this is happening.

You need to learn how to byteswap :-), the "problematic" values are
in network byte order. See the man page for htonl/htons.

Cheers,
Peter
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

Reply via email to