Ask Your Question
0

What is this RakNet thing ? How do i get rid of it ?

asked 2024-03-28 19:49:21 +0000

dead33Pro7s gravatar image

updated 2024-03-28 19:51:00 +0000

Last time i used Wireshark, when i restricted all internet access with my firewalls there used to be 0 activity. Now a few months later this thing pops up. What is it and how do i get rid of it ? Im concerned that it's getting past my 2 firewalls.

image

image : https://ibb.co/rx8qFkj

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2024-03-28 20:24:44 +0000

Chuckc gravatar image

updated 2024-03-28 20:29:31 +0000

The raknet dissector is a heuristic dissector that has no preferences to specify a port.
It could be a fluke that your traffic matches the weak heuristic test for a match.
epan/dibe ssectors/packet-raknet.c

test_raknet_heur(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void* data _U_)
{
    if (tvb_memeql(tvb, 1 + 8, RAKNET_OFFLINE_MESSAGE_DATA_ID, sizeof(RAKNET_OFFLINE_MESSAGE_DATA_ID)) == 0) {
        /* ID_UNCONNECTED_PING */
        return TRUE;
    }
...


Disable it (Analyze -> Enabled Protocols... -> Search: "raknet") and see if another dissector claims the packets.

edit flag offensive delete link more

Comments

now UDP picks them i recognize the 31313 port, i ran it in cmd netstat -nabo but it does not appear so i can't figure out what app is doing this : They are coming from different ips in like 3 countries

306 74.725687   185.17.164.238  192.168.0.24    UDP 75  14349 → 31313 Len=33
dead33Pro7s gravatar imagedead33Pro7s ( 2024-03-28 20:31:32 +0000 )edit

Is this on a Windows machine? Similar question answered using sysinternals.
UDP Port 889 Broadcast (ip.ttl "Time to Live" only 1)

Chuckc gravatar imageChuckc ( 2024-03-29 00:08:18 +0000 )edit

Yes Windows10

dead33Pro7s gravatar imagedead33Pro7s ( 2024-03-29 06:21:24 +0000 )edit

I turned off everything again, blocked all traffic with my firewalls, reseted Wireshark protocols back to default and now it looks like everything is back to normal. No more RakNet packets. The question now is was it just a "fluke" or is somebody spying on me.

dead33Pro7s gravatar imagedead33Pro7s ( 2024-03-29 06:44:02 +0000 )edit

found this today ... now im more worried : https://youtu.be/LCsX5dZc1kc

dead33Pro7s gravatar imagedead33Pro7s ( 2024-03-29 20:05:33 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-03-28 19:49:21 +0000

Seen: 286 times

Last updated: Mar 28