
From vile@usmo.com Sat Jun 13 10:39:50 1998
Date: Tue, 2 Jun 1998 11:13:38 -0500
From: Anber Rybar <vile@usmo.com>
Reply-To: icq-devel@tjsgroup.com
To: icq-devel@tjsgroup.com
Subject: [ICQdev] ICQ Message Protocol (TCP).

This is what I got out of sniffing a TCP Message session.  Sorry if this has
already been done and/or is erroneous.  I'm posting the summary, if you would
like to see a commented sniff session let me know.

CQ_MSG_HDR consists of six parts 
        (u_long, u_short, u_short, u_short, u_long, u_short)
        Your UIN.
        Your ICQ Version (0x0002).
        C_SEND_MSG (0x07EE).
        Spacing Null (2 bytes).
        Your UIN.
        Static type of u_short (0x0001).

ICQ_MSG consists of three parts: (u_short, char *):
        Size of Message+1 (type u_short)
        Message
        Null of type u_char. (typical to a string :) )

ICQ_MSG_FOOTER is nine parts:
        (u_long twice, u_short, u_char, u_short, u_short, u_char, u_char, u_long)
        Your IP twice.
        Your Port (u_short).
        Null (0x00).
        His Port (u_short).
        Static (0x0010).
        Dynamic Variable I don't really understand (type u_char).
        Static (0xFF).
        Static (0xFFFF).

If you can help me out with the dynamic u_char i would be greatly appreciative
:)

ICQ_MSG_ACK is two parts (with subparts):
ICQ_MSG_ACK_HDR consists of:
        Your uin.
        ICQ Version (0x0002)
        Command (0x07DA)
        NULL (0x0000)
        Your uin.
        0x0001 twice.
ICQ_MSG_ACK_FOOTER contains:
        Your IP Address x 2 (for v2).
        Your Port.
        His Port
        Null (type u_long).
        Ref Code (type u_char).
        0xFF and 0xFFFF.

I'm calling the dynamic u_char a reference code here because it contains the
same code in the ACK as in the message, but it seems to change from message to
message, might it be a checksum?

-- 
[ vile@usmo.com  |  http://www.usmo.com/~vile  |  Ryan T. Barber ]
[ "You have reached the edge of within, and it goes on forever." ]
          =====================================================
          The "unoffical, not-sponsored-by-Mirabilis-one-bit"
          ICQ Clone Development List
