Spent the last couple days searching and reading the forums, looking to collect in 1 spot the info necessary to help fix seq on patch day.
This question has been asked many times over several years, but all the threads just seem to fizzle out. Many of the past threads say:
there can be no "real" HOWTO guide to start you out on this road.
I'd like to think the above statement false. I think something could be written to at least get people started. I'll try to collect the info here and if it gets unmanageable I'll put into my FAQ engine.
Here are the list of threads that I find relevant:
http://www.showeq.net/forums/showthr...ighlight=HOWTO
http://www.showeq.net/forums/showthr...ighlight=HOWTO
http://www.showeq.net/forums/showthr...ighlight=HOWTO
http://www.showeq.net/forums/showthread.php?t=5265
Outside the forum, I found these to be helpful:
http://samba.org/samba/docs/myths_about_samba.html
http://samba.org/ftp/tridge/misc/french_cafe.txt
http://us1.samba.org/samba/ftp/slides/net_analysis.pdf
Beside the standard tools sniffers (tcpdump, ethereal) these tools seem to have potential?
ftp://ftp.procplace.com/pub/tcl/sort...ockspy-1.0/1.0
http://samba.org/ftp/unpacked/junkcode/udpspy.c
The above should give someone who is interested in helping some reading material. It helped me.
Now, I guess is the questions, most of these are what I think should be done.
Patch Day
Opcodes:
Q: How do you discover opcodes have changed?
A: Run seq and log into a quiet zone
Press F8 to log Unknown Data
Do something
<need help here?>
Q: Opcodes changed, how do I find the new opcodes?
A: Run seq Press F7 to log Zone Data
Log into a quiet zone
Do something
<need help here?>
Structures:
Q: How do you discover structs have changed?
Q: Structures changed, how do figure out the new structs?
Packets:
Q: How do I de-serialize a packet into a useful struct?
Q: Encrypted packets do I care?
Q: Huge udp packets and fragmentation, do I care?