Differences between revisions 14 and 15
Revision 14 as of 2007-09-04 14:39:26
Size: 1100
Editor: GeraldCombs
Comment:
Revision 15 as of 2007-12-09 19:10:02
Size: 1517
Comment:
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
[http://pastebin.ca/71370 HERE] (Long text pasted on pastebin.ca) v2.3.0 [http://pastebin.ca/71370 HERE] (Long text pasted on pastebin.ca)

== v3.0.0 ==
The preshared encryption key is the same as the one for 2.3.0 and the key exchange and encryption method seem to be the same. However, a type 0x34 packet now siganls a change in encryption sometime shortly after connecting and displaying the server status.

The login packet has also changed to type 0x48 and has an additional 16 bytes of data immediately before the client version string.

Ventrilo Protocol

VP - The ventrilo protocol is the one used by Ventrilo to encrypt and decrypt VoIP chatting.

Protocol dependencies

  • ["TCP"]: Typically, VP uses ["TCP"] as its transport protocol. The TCP port for VP traffic is 3784 (Depending on server).

Example traffic

v2.3.0 [http://pastebin.ca/71370 HERE] (Long text pasted on pastebin.ca)

v3.0.0

The preshared encryption key is the same as the one for 2.3.0 and the key exchange and encryption method seem to be the same. However, a type 0x34 packet now siganls a change in encryption sometime shortly after connecting and displaying the server status.

The login packet has also changed to type 0x48 and has an additional 16 bytes of data immediately before the client version string.

Wireshark

The VP dissector is non-existing.

Example capture file

[http://wiki.wireshark.org/Ventrilo?action=AttachFile&do=get&target=ExampleVP.pcap ExampleVP.pcap]: This file contains a capture of the Ventrilo protocol, however the packets are encrypted.

See [http://aluigi.altervista.org/papers.htm#ventrilo Luigi's page] for decryption algorithm and [http://pastebin.ca/71370 this] for a decrypted capture.

Ventrilo (last edited 2008-05-20 02:53:18 by GuyHarris)