I take absolutely no credit for this. This is all ren3g4de 's work. He wanted me to post it for him b/c he couldn't for whatever reason.

******************************
*Diablo 2 Packet Sniffing 101*
******************************
*By: REN3G4DE *
*Written For: Blizz Sector *
*Version: 1.11b *
******************************

First lets start with the tools that are going to be needed for this project. You are going to need RedVex and its plugin NetStuff. Which will be listed in the download list at the end of this guide. You will also want a decimal to hexadecimal converter. If you dont want to find one you can just use this table:

Decimal, binary, hexadecimal and ASCII table

The above table is suitable for pretty much any decimal to hexadecimal conversion you will use in Diablo II, I believe. You will also need a reference list of the packets used in Diablo II. I use the following:

http://packetlist.new d 2 e v e n t.net/


There really isn't too much work to installing RedVex, all you have to do is extract it anywhere. Once it is extracted create a folder called Plugins in wherever you extracted RedVex to. This is where you will extract the NetStuff Plugin into. After you extract NetStuff make sure that RedVex sees it by running RedVex. It should display the following:

Title: NetStuff 1.6 by FooSoft
SDK Version: 1
Modules: G

Now to set RedVex up as a proxy server. First go to Edit-->Options, and select your realm, then click OK. After that go to Edit-->Realms, click on the realm you play on, replace the realm name in the name box to whatever you want your proxy server to be named. Then replace the realm address with "localhost" (without the quotes). Next click add and then ok.

You are now ready to run your RedVex proxy server. To do this just go to Proxy-->Start. It should read the follow now:

Proxy thread started

Accepting connection on port 6112...

It is now time to access battle.net via your proxy server. Start Diablo II and change your realm to whatever you named your proxy server. Then connect to bnet. Now that the installation is over, lets go over what a packet looks like. Each packet is compossed of bytes of data. Each byte is 2 digits long. The First byte is the packet number, this is what you are sniffing out. The following bytes are the objectid of what you are trying to sniff.

Packet Layout:
XXyyyyyyyy

Above the packet number is represented by XX and the objectid is the yyyyyyyy.

Thankfully the NetStuff plugin seperates them into bytes so it is easier to read.


When referencing 2 bytes it is called a word, and 4 bytes is called a DWord.

EX:
XX - Byte - 1 Byte
XX XX - Word - 2 Bytes
XX XX XX XX - DWord - 4 Bytes

Now, you must learn how to sniff for the packets you want. Lets start with something easy. You will be sniffing out packet 19, which is the Remove item from buffer packet. To sniff anything out you will use the watch command, while in a game.

Watch Command:
.watch send add 19

The above will add packet 19 to a watch list for packets being sent. Once packet 19 is sent out it will display packet 19 with all of its data. Since packet 19 is the remove item from buffer packet you need to click on an item in an inventory, cube, stash, belt, of NPC inventory. Click on an item in yoru inventory it should display something list this:

Send a 0x19 packetId with a 5 byte siza: 19 xx xx xx xx

The xx's are the objectid of the item clicked on. Now that you have your item on your cursor lets try dropping it without clicking. You will use packet 17 to do this. If you refer to your packet list you will see that packet 17 is 5 bytes long, or the packet number and then a dword(the objectid). All you have to do to send a packet is use the send command followed by the Packet and its data.

Send Command:
.send 17xxxxxxxx

You will want to type your objectid recieved from sniffing packet 19 into the xxxxxxxx. You will wont a space after send, but no spaces in the packet while sending it. Once you hit enter your item should fall on the ground. Now onto something a little bit more fun and the reason for this guide being written.

Now to sniff out a waypoint and use it to go to any other waypoint. In order to do this you will still need to be standing very close to the waypoint. So lets set packet 13, the "click on" packet, to the watch list with the following:

.watch send add 13

Next go and click on your waypoint and netstuff should display something like this:

Sent a 0x13 packetId with a 9 byte size: 13 20 00 00 00 xx xx xx xx

In the above packet the xx represent the objectid of the waypoint. This is the information you will have to use as which waypoint you are coming from. Which is 1/2 of the packet you will send to use a waypoint. The packet to use a WP/TP is 49.

It is composed of 2 parts, the origin waypoint and the desitnation objectid. Each areaid can be found in the levels.txt in your patch_d2.mpq file. The following is an example of packets 49 usage:

.send 49xxxxxxxxyyyyyyyy

A very good and very useful example of this is being able to get to UberDuriel without any keys. To do this go to act 5 and sniff packet 13. Click on the waypoint and get the objectid. Now just stay there and type in the following, replacing the xx's with your objectid of your waypoint.

.send 49xxxxxxxx86000000

The 8600000 is the area id of the forgotten sands. The actually object id is only 86 in hexadecimal, in the levels.txt file it is 134 in decimal. Any of the id numbers you read in the levels.txt file must be converted into hexidecimal. Since in hex it is only a byte long you must add in 0's to fill up the rest of the dword.

When you send this information in packet 49, you will instantly transported to the "dummy" waypoint in the forgotten sands.

If you look at the whole reference packet list there is alot of things you can control, something things have been patched, such as using the command:

.receive 770c

while in chat. This will enable a "onesided trade" where you can drop items while in trade, but as soon as your connection will be interupted. This used to be a dupe method because you could drop the item then cancel the trade, which would revert all items in your inventory to what they were before the trade, but the dropped item would be on the ground still along with the one in your inventory.

Unfortunately it does not work anymore.

I really hope this information helps you along your Diablo II hacking journey.

DOWNLOAD LIST:
RedVex 2.5:
http://new d 2 e v e n t .net/download_/confirm.php?get=hacks/redvex/RedVex_v2.5.zip

NetStuff Plugin:
http://new d 2 e v e n t.net/index.php?id=hacks/redvex/NetStuff_Plugin

Thank you very much mob, and thanks for putting the credit.

you are very welcome

what is packet sniffing?

i tryed to dl from the links to get the redvex and netstuff plugin but seem to not work for me

here's a question for packet sniffing pros. Is there a way to send a packet that will take you to act 4 say if you just started in Act 1? Just curious about this, as it would be really helpful. I wouldn't think so though because (in the case of getting to Act 5 you need the canyon wp) you would need the WP for the Pand. Fort. in the first place right? And you only get the PF WP when you travel through Meph's portal, or is it always activated and you just need to unlock Act 4 to see it? Just a thought if anyone has any insight on my question.

you r the best man

new redvex has been released, redvex3.0 can be downloaded here:
http://redvex.d2help.com/old/download.php?id=151&f=2

also here is netstuff1.8:
http://redvex.d2help.com/old/download.php?id=74&f=5


and i am back on diablo now that i am back at college and i am working on trying to figure out a way to get around their "fix" of the uber duriel....also i have someone working with me now on this stuff(finally) and we are trying alot of different packet possiblities.

what is packet sniffing?

this is win-win situation