search

BUZZARDGTA / GTA-V-Session-Sniffer

A script that scans for IP addresses, country, ports, and tracks how long a player has been active and the last time it was seen. It is optimized for GTA 5 but also works with other P2P video games.
17 stars 4 forks source link
console-sniffer gta gta-5 gta-v gta5 gtav packet-capture packet-sniffer packet-sniffing pc playstation ps session-sniffer sniffer xbox

readme

GTA V Session Sniffer

Description

Compatible with both PC and all consoles (PlayStation and Xbox).
Thoroughly tested on PC, Xbox One, PlayStation 5, and PlayStation 3 ensuring 100% compatibility.

To be clear, the script does not explicitly indicate which IP corresponds to which in-game username*.
This functionality used to be possible on old-gen consoles (PS3 and Xbox 360) but has been patched in next-gen consoles.

Officially Tested and Supported Video Games**:

Supported Video Games Officially Tested Platforms
Grand Theft Auto 5 PC, Xbox One, PS5
Minecraft Bedrock Edition (Friends) PC, PS3

*Since v1.1.4, you can now view usernames in real-time on PC using either 2Take1 / Stand or Cherax mod menuss:

**Technically the script works for literally every P2P (Peer-To-Peer) video games.
But please note that additional servers (e.g., game servers) won't be filtered from the script's output if they are not indexed within the list above

Advantages

Showcase

Console Output
WindowsTerminal_2024-11-07_01-25

Configuration

Prerequisites / Dependencies

Before proceeding, ensure you are using Windows 10 or above.

Additionally, make sure you have Wireshark (v4.2.8) installed on your system.

Furthermore, for packet sniffing functionality, you'll require either Npcap or Winpcap.
It's worth noting that this step can be omitted as Npcap is already included by default within the Wireshark installation.

Editing Settings

To edit the script settings, open the Settings.ini file.
This file is created upon the first script launch and automatically updates thereafter.

Please note that any changes made to the file will take effect only after restarting the script.
If you're unsure about a specific setting, set its value to None. The script will analyze the file and regenerate it if errors are found.

For detailed explanations of each setting, please refer to the sections below.

The full path to your "tshark.exe" executable.
If not set, it will attempt to detect tshark from your Wireshark installation.

Allows you to skip the network interface selection by automatically
using the <CAPTURE_INTERFACE_NAME>, <CAPTURE_IP_ADDRESS> and <CAPTURE_MAC_ADDRESS> settings.

The network interface from which packets will be captured.

The IP address of a network interface on your computer from which packets will be captured.
If the <CAPTURE_ARP> setting is enabled, it can be from any device on your home network. Valid example value: "x.x.x.x"

The MAC address of a network interface on your computer from which packets will be captured.
If the <CAPTURE_ARP> setting is enabled, it can be from any device on your home network.
Valid example value: "xx:xx:xx:xx:xx:xx" or "xx-xx-xx-xx-xx-xx"

Allows you to capture from devices located outside your computer but within your home network, such as gaming consoles.

Determine if you want or not to block the annoying IP ranges from servers that shouldn't be detected.

A program preset that will help capturing the right packets for your program.
Supported program presets are only "GTA5" and "Minecraft".
Note that Minecraft only supports Bedrock Edition.
Please also note that Minecraft have only been tested on PCs.
I do not have information regarding it's functionality on consoles.

Setting this to False will add filters to exclude unrelated IPs from the output.
However, if you are scanning trough a VPN <CAPTURE_INTERFACE_NAME>, you have to set it to True.

This timer represents the duration between the timestamp of a captured packet and the current time.
When this timer is reached, the tshark process will be restarted.
Valid values include any number greater than or equal to 3.

Determine if you want or not to show the developer's advertisements in the script's display.

Determine if you want to log console's output to "SessionsLogging" folder.
It is synced with the console output and contains all fields.

When a player rejoins, clear their previously detected ports list.

Specifies a list of fields you wish to hide from the output.
It can only hides field names that are not essential to the script's functionality.
Valid values include any of the following field names: {Settings.stdout_hideable_fields}

Shows or not the elapsed time from which a player has been captured in "First Seen", "Last Rejoin" and "Last Seen" fields.

Shows or not the date from which a player has been captured in "First Seen", "Last Rejoin" and "Last Seen" fields.

Specify whether to display the continent's ISO 2-letter code in parentheses next to the continent name.

Specify whether to display the country's ISO 2-letter code in parentheses next to the country name.

Specifies the fields from the connected players by which you want the output data to be sorted.
Valid values include any field names. For example: Last Rejoin

Specifies the fields from the disconnected players by which you want the output data to be sorted.
Valid values include any field names. For example: Last Seen

Maximum allowed length for the "Country" field.

Maximum allowed length for the "City" field.

Maximum allowed length for the "Continent" field.

Maximum allowed length for the "Region" field.

Maximum allowed length for the "Organization" field.

Maximum allowed length for the "ISP" field.

Maximum allowed length for the "ASN / ISP" field.

Maximum allowed length for the "AS" field.

Maximum allowed length for the "AS Name" field.

The duration after which a player will be moved as disconnected on the console if no packets are received within this time.
Valid values include any number greater than or equal to 3.

The maximum number of players showing up in disconnected players list.
Valid values include any number greater than or equal to 0.
Setting it to 0 will make it unlimitted.

Minimum time interval between which this will refresh the console display.

Determine if you want or not to enable detections from the UserIP databases.

Scan trough a VPN

When using a VPN, make sure that you scan from your actual VPN interface.
Additionally, ensure that in the Settings.ini file, the setting <CAPTURE_NETWORK_INTERFACE_CONNECTION_PROMPT> is set to True value.

Scan for a console

In order to scan for a console (PS3/PS4/PS5 and Xbox 360/Xbox One/Xbox Series X), you'll need to follow these steps:

  1. Open the Settings.ini file.
  2. If not already done, set <CAPTURE_NETWORK_INTERFACE_CONNECTION_PROMPT> to True value, so that it forces entering the "Capture network interface selection" screen at script's startup. (you can disable it later)
  3. Enable the <CAPTURE_ARP> setting by setting its value to True. (This setting allows you to view all currently connected external devices within your local network in the script's "Capture network interface selection" screen)
  4. Ensure that your console is currently running and connected to internet through your PC's internet connection (Wired / Hotspot).
  5. Start the script and wait for it to enter the "Capture network interface selection" screen.
  6. Then, you'll need to identify the console's IP and MAC Address and select it accordingly.

Resolving Country, City and ASN fields.

The script relies on MaxMind’s GeoIP2 databases to resolve player information.
Upon startup, it automatically attempts to check for updates and downloads the latest version from the PrxyHunter/GeoLite2 repository.

In the event that this repository is deleted, you will need to manually download the following MaxMind GeoLite2 databases: GeoLite2-ASN.mmdb, GeoLite2-City.mmdb and GeoLite2-Country.mmdb.
You can obtain copies of these databases by signing up for GeoLite2 on the MaxMind official website and downloading them from there.
Then you will need to create a new folder named GeoLite2 Databases within the script's directory, and place the database files there.

Please note that I am not allowed to publicly distribute their database in my project due to their strict license.
You must obtain it directly from MaxMind website.

Resolving Mobile, Proxy and Hosting fields.

The script relies on the free ip-api API website to resolve player's "Mobile", "VPN" and "Hosting" fields.
This free and limited usage allows for a maximum resolution of (100 * 15) = 1500 IPs per minute.

Troubleshooting

Scanner is stuck

When the scanner is stuck at "Scanning IPs, refreshing display in x seconds ...", it typically indicates one of the following situation:

Some players are undetected

On GTA V, occasionally, players may go undetected, but it's crucial to emphasize that this is not specific to the script.
Similar occurrences happen even with mod-menus, affecting the same individuals as those encountered with the script.
This occurs because players can be connected through dedicated game servers (the exact circumstances of which I am not familiar with).
Furthermore, mod menus now have the capability to enforce this connection by providing a feature for IP protection, commonly referred to as "Force Relay Connections".

Unrelated / False Positive IPs detected

The display of unrelated IPs is possible in certain scenarios.
I have made efforts to minimize this occurrence by optimizing the CAPTURE_FILTER and DISPLAY_FILTER from the source code.
If you have other Peer-To-Peer applications running, such as a BitTorrent client, it may contribute to this issue.
To mitigate this, I recommend closing all other Peer-To-Peer applications while using the script.

Furthermore, you can enhance the filtering process by setting <CAPTURE_BLOCK_THIRD_PARTY_SERVERS> to the True value in your Settings.ini file.
You can also, adjust <CAPTURE_PROGRAM_PRESET> to correspond to the program you are scanning.
These configurations help minimize the display of unrelated IPs.

About Screen Refreshing

Refreshing the display of the script positions your terminal's cursor at the very bottom of the script.
However, if you are using Windows Terminal, this issue is somewhat resolved because the view sticks to the top of the page by scrolling there initially.
I would recommend using Windows Terminal for an optimal experience.

UserIP INI databases Tutorial

What's an UserIP database ?

In earlier versions, there was only one database Blacklist.ini for blacklisting users.
Since v1.1.8, you can create multiple lists with custom behaviors to suit your needs.

For example, I personally maintain four lists:

Throughout the INI file, any text following a ; or # symbol is treated as a comment.

Simply create a folder named UserIP Databases and add any *.ini files for the script to read.
To create these files, follow these guidelines:

UserIP Settings

These are settings specific for each UserIP database files configuration.

If you don't know what value to choose for a specifc setting, set it's value to None.
The program will automatically analyzes this file and if needed will regenerate it if it contains errors.

\<ENABLED>

Determine if you want or not to enable this UserIP database.

\<COLOR>

Determine which color will be applied on the script's output for these users. Valid values are either one of the following colors:
BLACK, RED, GREEN, YELLOW, BLUE, MAGENTA, CYAN, WHITE

\<NOTIFICATIONS>

Determine if you want or not to display a notification when a user is detected.

\<VOICE_NOTIFICATIONS>

This setting determines the voice that will play when a user is detected or when they disconnect.
Valid values are either Male or Female.
Set it to False to disable this setting.

\<LOG>

Determine if you want or not to log the user in the UserIP logging file.

\<PROTECTION>

Determine if you want or not a protection when a user is found.
Valid values include any of the following protections:
Suspend_Process, Exit_Process, Restart_Process, Shutdown_PC, Restart_PC
Set it to False value to disable this setting.

\<PROTECTION_PROCESS_PATH>

The file path of the process that will be used for the <PROTECTION> setting.
Please note that UWP apps are not supported.

\<PROTECTION_RESTART_PROCESS_PATH>

The file path of the process that will be started when
the <PROTECTION> setting is set to the Restart_Process value.
Please note that UWP apps are not supported.

\<PROTECTION_SUSPEND_PROCESS_MODE>

Specifies the duration (in seconds) for which the <PROTECTION_PROCESS_PATH> process will be suspended when <PROTECTION> is set to Suspend_Process.

UserIP Entries

You need to list the entries under the [UserIP] section of the INI file in this format:
<USERNAME>=<IP>

Example UserIP file:

[Settings]
ENABLED=True
COLOR=RED
NOTIFICATIONS=True
VOICE_NOTIFICATIONS=Male
LOG=True
PROTECTION=False
PROTECTION_PROCESS_PATH=E:\Games\GTAV\GTA5.exe
PROTECTION_RESTART_PROCESS_PATH=D:\Desktop\Grand Theft Auto V.url
PROTECTION_SUSPEND_PROCESS_MODE=Auto

[UserIP]
username1=0.0.0.0
username2=127.0.0.1
username3=255.255.255.255

Tips and Tricks

General Tips and Tricks

GTA V Tips and Tricks

Obtaining / Resolving someones IP address

Contact Support

If you need assistance or have any inquiries, feel free to reach me out. I'm here to help!

You can also contact me privately via:

Requirements

Credits

@Grub4K - General help during the source code development.
@_txshia_ - Testings of the script on Xbox One console.
@2jang - Helped me fixing ARP parsing issues (https://github.com/BUZZARDGTA/GTA-V-Session-Sniffer/issues/7 and https://github.com/BUZZARDGTA/GTA-V-Session-Sniffer/pull/8)
@anonymous - Testings of the script on PS5 console.
@Rosalyn - Giving me the force and motivation.
@Butters333 - Gived me new ideas for things to code: