Decoding Packets without knowing the encoding/protocol

I'm using wireshark to look at the traffic of a really, really old online game to see if I could feasibly reverse-engineer a new server off an existing game client. Commands issued to the server are showing up as TCP in WireShark, but responses from the server are being labeled as "CoAP" (Constrained Application Protocol). I found a library through NuGet called COAP.Net but I don't fully understand it. Since this game is so incredibly old, I'm not 100% sure that the packets are proper CoAP packets. It could just be Wireshark misinterpreting it if it's malformed TCP or UDP, right?

Now, when looking at the payload, I do see chat being sent and it's clearly readable as plain text in WireShark, but I cannot for the life of me figure out how to decode it in C# to extract the chat strings.

I'm using PCap.NET to grab the packets, which seems to be going just fine, but I've tried all kinds of Encoding (ASCII, UTF8, Unicode, etc) on the entire payload of the Packet but I can't get anything usable even though I see the text clearly in Wireshark. Can anyone point me in the right direction here?

by karathos via /r/csharp

Leave a Reply