Protocols > WinMX P2P

WinMX is a peer-to-peer program that while once thought dead appears to have resurfaced.  For some time, WinMX was a quite capable p2p application very popular with folks who wanted a lightweight client not full of spyware and that wasn't going to rat them out to officials.  Regardless, after some pressure from the RIAA, this client seemingly disappeared under the pressure.  However, I recently started seeing folks using this application again from a third-party group that appears to have hacked this client into working once again.  Fortunately, this client is not too hard to recognize, at least in it's most bandwidth intensive phases. 

On every WinMX connection I've observed so far, the connection begins with a single byte packet containing simply a number 1.  After this single packet has been sent by the client, the server will respond with one of several things, some of which aren't identifiable, or for the case of the downloading/uploading, which easily are.  In the table below are the packets you can easily expect in response:

• SEND
• GET

Upon having received the 1, and in turn receiving one of these responses, these connections are then readily identifiable and tagged by HiPPIE as WinMX.  The current state of this protocol identification in HiPPIE however is not thoroughly complete, as server connections aren't identified readily yet.  Also, when a client connects to a server via a "primary" connection, there is also a large surge of UDP traffic related to this protocol that I have not worked on identifying yet.  Once done, this signature will be considered fully capable.