Session Sniffer is a packet sniffer (also known as an IP grabber/sniffer) specifically designed for peer-to-peer (P2P) video games on PC and consoles (PlayStation and Xbox). It can identify players who:
- Are trying to connect.
- Are currently connected.
- Have left your session.
- Have rejoined your session.
- Unlike other similar software, it is completely FREE TO USE and OPEN SOURCE.
- Works without requiring a modded video game or cracked program.
- Includes a configuration file for advanced customization.
- Includes a setting to scan for game server(s).
- Includes a setting to fully save sessions into a log file.
- Warns you about specific user IPs upon detection.
- Protects you from specific user IPs upon detection.
- Logs specific user IPs to a file upon detection.
Supported Video Games | Tested Platforms |
---|---|
Grand Theft Auto 5 | PC, Xbox One, PS5 |
Minecraft Bedrock Edition (Friends) | PC, PS3 |
Technically, the script works for literally every P2P (Peer-To-Peer) video games.
However, please note that additional servers (e.g., game servers) will not be filtered from the script's output unless they are listed above.
To clarify, the script does not explicitly decrypt or resolve in-game usernames associated with IPs*.
This functionality used to be possible on old-gen consoles (PS3 and Xbox 360) but has been patched in next-gen.
You can, however, manually assign a username to each IP using UserIP database files.
*Since v1.1.4, you can now view usernames on GTA V in real-time on PC using either 2Take1 / Stand or Cherax mod menus:
GTA_V_Session_Sniffer-plugin-2Take1-Lua[ARCHIVED]- GTA_V_Session_Sniffer-plugin-Stand-Lua
- GTA_V_Session_Sniffer-plugin-Cherax-Lua
Before proceeding, ensure you are using Windows 10 or above.
Additionally, make sure you have Wireshark (v4.2.9) installed on your system.
Furthermore, for packet sniffing functionality, you'll require either Npcap or Winpcap.
It's worth noting that this step can be omitted as Npcap is already included by default within the Wireshark installation.
Settings File |
---|
To edit the script settings, open the Settings.ini
file.
This file is created upon the first script launch and automatically updates thereafter.
Please note that any changes made to the file will take effect only after restarting the script.
If unsure about a setting, remove its line. The script will analyze the file and reset missing settings to defaults upon restart.
For detailed explanations of each setting, click to expand below:
📖 Settings Details (Click to Expand/Collapse)
-
<CAPTURE_TSHARK_PATH>
The full path to your "tshark.exe" executable.
If not set, it will attempt to detect tshark from your Wireshark installation. -
<CAPTURE_NETWORK_INTERFACE_CONNECTION_PROMPT>
Allows you to skip the network interface selection by automatically
using the<CAPTURE_INTERFACE_NAME>
,<CAPTURE_IP_ADDRESS>
and<CAPTURE_MAC_ADDRESS>
settings. -
<CAPTURE_INTERFACE_NAME>
The network interface from which packets will be captured. -
<CAPTURE_IP_ADDRESS>
The IP address of a network interface on your computer from which packets will be captured.
If the<CAPTURE_ARP>
setting is enabled, it can be from any device on your home network. Valid example value: "x.x.x.x" -
<CAPTURE_MAC_ADDRESS>
The MAC address of a network interface on your computer from which packets will be captured.
If the<CAPTURE_ARP>
setting is enabled, it can be from any device on your home network.
Valid example value: "xx:xx:xx:xx:xx:xx" or "xx-xx-xx-xx-xx-xx" -
<CAPTURE_ARP>
Allows you to capture from devices located outside your computer but within your home network, such as gaming consoles. -
<CAPTURE_BLOCK_THIRD_PARTY_SERVERS>
Determine if you want or not to block the annoying IP ranges from servers that shouldn't be detected. -
<CAPTURE_PROGRAM_PRESET>
A program preset that will help capturing the right packets for your program.
Supported program presets are only "GTA5" and "Minecraft".
Note that Minecraft only supports Bedrock Edition.
Please also note that Minecraft have only been tested on PCs.
I do not have information regarding it's functionality on consoles. -
<CAPTURE_VPN_MODE>
Setting this to False will add filters to exclude unrelated IPs from the output.
However, if you are scanning trough a VPN<CAPTURE_INTERFACE_NAME>
, you have to set it to True. -
<CAPTURE_OVERFLOW_TIMER>
This timer represents the duration between the timestamp of a captured packet and the current time.
When this timer is reached, the tshark process will be restarted.
Valid values include any number greater than or equal to 3. -
<STDOUT_SHOW_ADVERTISING_HEADER>
Determine if you want or not to show the developer's advertisements in the script's display. -
<STDOUT_SESSIONS_LOGGING>
Determine if you want to log console's output to "SessionsLogging" folder.
It is synced with the console output and contains all fields. -
<STDOUT_RESET_PORTS_ON_REJOINS>
When a player rejoins, clear their previously detected ports list. -
<STDOUT_FIELDS_TO_HIDE>
Specifies a list of fields you wish to hide from the output.
It can only hides field names that are not essential to the script's functionality.
Valid values include any of the following field names: {Settings.stdout_hideable_fields} -
<STDOUT_DATE_FIELDS_SHOW_ELAPSED_TIME>
Shows or not the elapsed time from which a player has been captured in "First Seen", "Last Rejoin" and "Last Seen" fields. -
<STDOUT_DATE_FIELDS_SHOW_DATE>
Shows or not the date from which a player has been captured in "First Seen", "Last Rejoin" and "Last Seen" fields. -
<STDOUT_FIELD_SHOW_CONTINENT_CODE>
Specify whether to display the continent's ISO 2-letter code in parentheses next to the continent name. -
<STDOUT_FIELD_SHOW_COUNTRY_CODE>
Specify whether to display the country's ISO 2-letter code in parentheses next to the country name. -
<STDOUT_FIELD_CONNECTED_PLAYERS_SORTED_BY>
Specifies the fields from the connected players by which you want the output data to be sorted.
Valid values include any field names. For example: Last Rejoin -
<STDOUT_FIELD_DISCONNECTED_PLAYERS_SORTED_BY>
Specifies the fields from the disconnected players by which you want the output data to be sorted.
Valid values include any field names. For example: Last Seen -
<STDOUT_FIELD_COUNTRY_MAX_LEN>
Maximum allowed length for the "Country" field. -
<STDOUT_FIELD_CITY_MAX_LEN>
Maximum allowed length for the "City" field. -
<STDOUT_FIELD_CONTINENT_MAX_LEN>
Maximum allowed length for the "Continent" field. -
<STDOUT_FIELD_REGION_MAX_LEN>
Maximum allowed length for the "Region" field. -
<STDOUT_FIELD_ORGANIZATION_MAX_LEN>
Maximum allowed length for the "Organization" field. -
<STDOUT_FIELD_ISP_MAX_LEN>
Maximum allowed length for the "ISP" field. -
<STDOUT_FIELD_ASN_ISP_MAX_LEN>
Maximum allowed length for the "ASN / ISP" field. -
<STDOUT_FIELD_AS_MAX_LEN>
Maximum allowed length for the "AS" field. -
<STDOUT_FIELD_AS_NAME_MAX_LEN>
Maximum allowed length for the "AS Name" field. -
<STDOUT_DISCONNECTED_PLAYERS_TIMER>
The duration after which a player will be moved as disconnected on the console if no packets are received within this time.
Valid values include any number greater than or equal to 3. -
<STDOUT_DISCONNECTED_PLAYERS_COUNTER>
The maximum number of players showing up in disconnected players list.
Valid values include any number greater than or equal to 0.
Setting it to 0 will make it unlimitted. -
<STDOUT_REFRESHING_TIMER>
Minimum time interval between which this will refresh the console display. -
<USERIP_ENABLED>
Determine if you want or not to enable detections from the UserIP databases.
When using a VPN, make sure that you scan from your actual VPN interface.
Additionally, ensure that in the Settings.ini
file, the setting <CAPTURE_NETWORK_INTERFACE_CONNECTION_PROMPT>
is set to True
value.
In order to scan for a console (PS3/PS4/PS5 and Xbox 360/Xbox One/Xbox Series X), you'll need to follow these steps:
- Open the
Settings.ini
file. - If not already done, set
<CAPTURE_NETWORK_INTERFACE_CONNECTION_PROMPT>
toTrue
value, so that it forces entering the "Capture network interface selection" screen at script's startup. (you can disable it later) - Enable the
<CAPTURE_ARP>
setting by setting its value toTrue
. (This setting allows you to view all currently connected external devices within your local network in the script's "Capture network interface selection" screen) - Ensure that your console is currently running and connected to internet through your PC's internet connection (Wired / Hotspot).
- Start the script and wait for it to enter the "Capture network interface selection" screen.
- Then, you'll need to identify the console's IP and MAC Address and select it accordingly.
The script relies on MaxMind’s GeoIP2 databases to resolve player information.
Upon startup, it automatically attempts to check for updates and downloads the latest version from the PrxyHunter/GeoLite2 repository.
In the event that this repository is deleted, you will need to manually download the following MaxMind GeoLite2 databases: GeoLite2-ASN.mmdb
, GeoLite2-City.mmdb
and GeoLite2-Country.mmdb
.
You can obtain copies of these databases by signing up for GeoLite2 on the MaxMind official website and downloading them from there.
Then you will need to create a new folder named GeoLite2 Databases
within the script's directory, and place the database files there.
Please note that I am not allowed to publicly distribute their database in my project due to their strict license.
You must obtain it directly from MaxMind website.
The script relies on the free ip-api API website to resolve player's "Mobile", "VPN" and "Hosting" fields.
This free and limited usage allows for a maximum resolution of (100 * 15) = 1500 IPs per minute.
When the scanner is stuck at "Scanning IPs, refreshing display in x seconds ..."
, it typically indicates one of the following situation:
- You are not currently in an online session with a minimum of 2 players.
- The configuration for the script may not be set up correctly.
Please refer to Editing Settings for detailed instructions.
On GTA V, occasionally, players may go undetected, but it's crucial to emphasize that this is not specific to the script.
Similar occurrences happen even with mod-menus, affecting the same individuals as those encountered with the script.
This occurs because players can be connected through dedicated game servers (the exact circumstances of which I am not familiar with).
Furthermore, mod menus now have the capability to enforce this connection by providing a feature for IP protection, commonly referred to as "Force Relay Connections".
The display of unrelated IPs is possible in certain scenarios.
I have made efforts to minimize this occurrence by optimizing the CAPTURE_FILTER
and DISPLAY_FILTER
from the source code.
If you have other Peer-To-Peer applications running, such as a BitTorrent client, it may contribute to this issue.
To mitigate this, I recommend closing all other Peer-To-Peer applications while using the script.
Furthermore, you can enhance the filtering process by setting <CAPTURE_BLOCK_THIRD_PARTY_SERVERS>
to the True
value in your Settings.ini
file.
You can also, adjust <CAPTURE_PROGRAM_PRESET>
to correspond to the program you are scanning.
These configurations help minimize the display of unrelated IPs.
Refreshing the display of the script positions your terminal's cursor at the very bottom of the script.
However, if you are using Windows Terminal, this issue is somewhat resolved because the view sticks to the top of the page by scrolling there initially.
I would recommend using Windows Terminal for an optimal experience.
In earlier versions, there was only one database Blacklist.ini
for blacklisting users.
Since v1.1.8, you can create multiple lists with custom behaviors to suit your needs.
For example, I personally maintain four lists:
- Searchlist.ini: For people whose IPs I am searching for.
- Blacklist.ini: For individuals whose GTA5 process I want to suspend.
- Enemylist.ini: For users I want to be notified about when they join the session.
- Friendlist.ini: For users I don't want notifications for but wish to highlight in green.
Throughout the INI file, any text following a ;
or #
symbol is treated as a comment.
Simply create a folder named UserIP Databases
and add any *.ini files for the script to read.
To create these files, follow these guidelines:
These are settings specific for each UserIP database files configuration.
If you don't know what value to choose for a specifc setting, set it's value to None.
The program will automatically analyzes this file and if needed will regenerate it if it contains errors.
For detailed explanations of each UserIP database settings, click to expand below:
📖 UserIP Database Settings Details (Click to Expand/Collapse)
-
<ENABLED>
Determine if you want or not to enable this UserIP database. -
<COLOR>
Determine which color will be applied on the script's output for these users. Valid values are either one of the following colors:
BLACK
,RED
,GREEN
,YELLOW
,BLUE
,MAGENTA
,CYAN
,WHITE
-
<NOTIFICATIONS>
Determine if you want or not to display a notification when a user is detected. -
<VOICE_NOTIFICATIONS>
This setting determines the voice that will play when a user is detected or when they disconnect.
Valid values are eitherMale
orFemale
.
Set it toFalse
to disable this setting. -
<LOG>
Determine if you want or not to log the user in the UserIP logging file. -
<PROTECTION>
Determine if you want or not a protection when a user is found.
Valid values include any of the following protections:
Suspend_Process
,Exit_Process
,Restart_Process
,Shutdown_PC
,Restart_PC
Set it toFalse
value to disable this setting. -
<PROTECTION_PROCESS_PATH>
The file path of the process that will be used for the<PROTECTION>
setting.
Please note that UWP apps are not supported. -
<PROTECTION_RESTART_PROCESS_PATH>
The file path of the process that will be started when
the<PROTECTION>
setting is set to theRestart_Process
value.
Please note that UWP apps are not supported. -
<PROTECTION_SUSPEND_PROCESS_MODE>
Specifies the duration (in seconds) for which the<PROTECTION_PROCESS_PATH>
process will be suspended when<PROTECTION>
is set toSuspend_Process
.- Floating-point number: Specify a duration in seconds (e.g., 2.5 for 2.5 seconds).
Auto
: Keep the process suspended as long as the IP is detected in the session.Manual
: Suspend the process indefinitely until the user manually resumes it.
- Floating-point number: Specify a duration in seconds (e.g., 2.5 for 2.5 seconds).
You need to list the entries under the [UserIP]
section of the INI file in this format:
<USERNAME>=<IP>
[Settings]
ENABLED=True
COLOR=RED
NOTIFICATIONS=True
VOICE_NOTIFICATIONS=Male
LOG=True
PROTECTION=False
PROTECTION_PROCESS_PATH=E:\Games\GTAV\GTA5.exe
PROTECTION_RESTART_PROCESS_PATH=D:\Desktop\Grand Theft Auto V.url
PROTECTION_SUSPEND_PROCESS_MODE=Auto
[UserIP]
username1=0.0.0.0
username2=127.0.0.1
username3=255.255.255.255
- You can handily zoom in or out on your terminal's output by using the keyboard shortcut
[CTRL] + [Mouse_Scroll]
or[CTRL] + [+]
, and[CTRL] + [-]
. - You can pause your terminal's output by using the keyboard shortcut
[CTRL] + [S]
and resume it with[CTRL] + [Q]
.
- The GTA V game port is
6672
; unfortunately, I don't have any clue what the other ports mean. - If somebody joins the session, you can obtain their IP address from the most recent entry in "connected players" list.
- If somebody leaves the session, you can obtain their IP address from the most recent entry in "disconnected players" list.
- One way to obtain someone's IP address is by saving all entries from the "connected players" list during the current session. Save each IPs under the in-game username(s) you are tracking in the
UserIP Databases\Searchlist.ini
file. In a future session, if you receive a notification from the searchlist database and the person you're searching for is in your session, it confirms that you have successfully obtained their IP address. - A similar method to the above one is that you can notice when someone has been flagged as disconnected and reconnected to your session by monitoring the "Rejoins" field.
This can help you track a player who has been seen in another session, or joined your session again. - You can invite them to your private lobby; in this case, the only IP address displayed will be that of your victim.
- You can analyze the country information. If you know your victim's country and the script shows only one person hailing from that country, it is highly likely to be them.
You can view someone's country if they have publicly provided it on their Rockstar Games Social Club profile. To do so, visit this address: https://socialclub.rockstargames.com/member/Player_Username/ and replace 'Player_Username' with their actual username. - Most of the time, when joining a new session, the host is typically the player whose "First Seen" field in the connected players output shows the oldest date and time.
- If you're playing on PC and want to obtain someone's IP address, if they are indexed on this website, you can try using gtaresolver.com website to resolve someone's IP address from their in-game username.
If you need assistance or have any inquiries, feel free to reach me out. I'm here to help!
You can also contact me privately via:
- Email: [email protected]
- Discord: waitingforharukatoaddme
- Telegram: @waitingforharukatoaddme
- Windows 10 or 11 (x86/x64)
- Wireshark v4.2.9
- optional: MaxMind GeoLite2
- Npcap or Winpcap
@Grub4K - General help during the source code development.
@_txshia_ - Testings of the script on Xbox One console.
@2jang - Helped me fixing ARP parsing issues (#7 and #8)
@anonymous - Testings of the script on PS5 console.
@Rosalyn - Giving me the force and motivation.
@Butters333 - Gived me new ideas for things to code:
- The ability to hide the date or time, allowing users to display only the elapsed time, date, time, or any combination of these fields, depending on their preference.
- Support for displaying any IP lookup fields in the console output and logs.