problem analysing the raw rfb packets

rama krishna sramu28 "at" yahoo.com
Wed Oct 4 10:06:01 2006 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
Received: from [203.197.252.37] by web55506.mail.re4.yahoo.com via HTTP;
  Wed, 04 Oct 2006 02:04:05 PDT
Date: Wed, 4 Oct 2006 02:04:05 -0700 (PDT)
From: rama krishna <sramu28 "at" yahoo.com>
Subject: problem analysing the raw rfb packets
To: vnc-list-admin "at" realvnc.com
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Content-Length: 875

hi all,

 Iam trying to analyse raw rfb packets. Iam capturing
the raw packets while vnc server and client are
communicating  .Iam doing this on a different
system.After capturing iam decoding the packets as per
the rfb protocol.

while analysing the captured packets i could
understand the initial communication. The version
message,secutity handshake,client init message and the
server init message.

The server sends its init msg with following values

frame buffer width(fbw)=4
fbh=3
bpp=16
depth=16
bend=0
truecol=1
redmx=7936
gm=16128
bm=7936
rsf=11
gsf=5
bsf=0 pad1=0
pad2=0

next client sends setpixelformat msg with following
values
bpp=8
dep=6
bend=0
tcol=1
redm=768=gm=bm
rsf=4
gsf=2
bsf=0
pad1=0
pad2=0



Then client again sends setEncodings message as
follows

pad=0
nencodings=1792
encoding types=17,33,16,1,5,2,0 in order

nencodings is 1792 actually it listed only 7
encodings.The value is received as 7>>8=1792. I dont
know why.And also the encoding types 17 & 33 are
unknown.


Then client again sends framebufferupdaterequest as
incr=0
x=0,y=0
w=4,h=3


Then server sends frame bufferupdate msg as


pad=0
nrects=768
The rect header gives following vcalues
x=256,y=256,w=4096,h=4096
encoding type=17
I dont understand what these values mean.what  The
encoding type 17 means.The width and height of 4096 is
not possible.

For all the framebufferupdate message i get values
like this only. Some values seem correct if i shift
them right 8 times or 16 times or 24 times, While some
values are correct as they are.  Why this is happening.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com