How to decode the first UDP datagram from UDP over socks5 interaction?
Hi! I'm investigating the compatibility of opensource proxy client and one of the servers impelmentation. TCP part deconding works good, I see all neede info. But due to UDP over socks5 semantic in one moment client switch to UDP and send datagram to previously gathered addr. I found definition of this datagram in RFC but wireshark showing it as bytes. https://datatracker.ietf.org/doc/html...
It might be that some body allready has written the decessor and I just don't know how to find and apply it. If not, Am I right that I need to write decessor using lua or C(I never did it before)?
Do you have a capture file you can share?
Here is the pcap file https://api.datascrape.tech/static/ud... . I don't have enough point to attach content. There is PROXY AUTH data inside, but don't mind I've changed it already.
I want to decode packet #16: UDP 192.168.50.38:62497 -> 23.109.13.244:5000
Thanks! It gets added as a conversation. Nothing logged when Wireshark started with
debug
. Will need to dig in to verify whether its a bug or config issue.It's a bug - the UDP conversation is getting added using the source and destination addresses of frame 14 (which has the reply), but it needs to use the source and destination addresses contained within the command (stored in the hash_info) It also might need to create the conversation with
NO_PORT2
since one of the ports given is 0. The processing insocks_udp_dissector
also might need to do something special ifhash_info->port == 0
.So, Am I getting it right that I need to write this
socks_udp_dissector
myself and there is no available implementation?