On Wed, Oct 04, 2006 at 02:05:26AM -0700, rama krishna wrote: > hi all, > > Iam trying to analyse raw rfb packets. Iam capturing > the raw packets while vnc server and client are > communicating .Iam doing this on a different > system.After capturing iam decoding the packets as per > the rfb protocol. > > while analysing the captured packets i could > understand the initial communication. The version > message,secutity handshake,client init message and the > server init message. > > The server sends its init msg with following values > > frame buffer width(fbw)=4 > fbh=3
You need to byteswap those. 4==0x0004 -> 0x0400==1024 3==0x0003 -> 0x0300==768 > bpp=16 > depth=16 > bend=0 > truecol=1 > redmx=7936 > gm=16128 > bm=7936 Byteswap. 7936==0x1f00 -> 0x001f, 16128=0x3f00 -> 0x003f > rsf=11 > gsf=5 > bsf=0 pad1=0 > pad2=0 > > next client sends setpixelformat msg with following > values > bpp=8 > dep=6 > bend=0 > tcol=1 > redm=768=gm=bm Likewise -> 0x0003 > rsf=4 > gsf=2 > bsf=0 > pad1=0 > pad2=0 > > > > Then client again sends setEncodings message as > follows > > pad=0 > nencodings=1792 > encoding types=17,33,16,1,5,2,0 in order > > nencodings is 1792 actually it listed only 7 Likewise 0x0007 > encodings.The value is received as 7>>8=1792. I dont > know why.And also the encoding types 17 & 33 are > unknown. > I bet 17 is really 0xFFFFFF11 -> Cursor pseudo encoding I bet 33 is really 0xFFFFFF21 -> Desktop size pseudo encoding > > Then client again sends framebufferupdaterequest as > incr=0 > x=0,y=0 > w=4,h=3 > Byteswap, w=0x0400=1024, h=0x0300=768 > > Then server sends frame bufferupdate msg as > > > pad=0 > nrects=768 Byteswap nrects = 3 > The rect header gives following vcalues > x=256,y=256,w=4096,h=4096 Byteswap x=1, y=1, w=16, h=16 > encoding type=17 > I dont understand what these values mean.what The > encoding type 17 means.The width and height of 4096 is > not possible. > > For all the framebufferupdate message i get values > like this only. Some values seem correct if i shift > them right 8 times or 16 times or 24 times, While some > values are correct as they are. Why this is happening. You need to learn how to byteswap :-), the "problematic" values are in network byte order. See the man page for htonl/htons. Cheers, Peter _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list