Using the Cafu Wireshark dissector

News about the Cafu Engine. Subscribe to the related ImageCafu News feed to stay informed.
Locked
User avatar
Carsten
Site Admin
Posts:2170
Joined:2004-08-19, 13:46
Location:Germany
Contact:
Using the Cafu Wireshark dissector

Post by Carsten » 2013-07-24, 22:43

In a recent News announcement I presented a dissector for Wireshark that one can use to study and analyze the Cafu Engine network protocol. (I currently use it to aid the development of the Cafu Component Systems, about which I'll post more information soon.)

However, what I haven't but should have done at this time, is add some information on the key steps to actually use that dissector: As I found out at the beginning at this week, the necessary setup is not particularly complicated once you know how to do it, but if you still don't, it can take a while to search the web for all required information:
  1. The first step after you've installed Wireshark is to "install" the Cafu Wireshark dissector as well. This is easily done by copying the dissector file into the user's Wireshark plugins directory. For example, from the Cafu repository's root directory on my Windows 7 system, this command does the job:

    Code: Select all

    copy Ca3DE\wireshark-cafu.lua c:\Users\Carsten\AppData\Roaming\Wireshark\plugins\
    Make sure to manually create the plugins subdirectory beforehand, if necessary.
  2. Under Windows, Wireshark cannot capture packets from the loopback device directly, which is required in order to capture the network traffic in single player sessions on the local machine. Instead, we have to use the RawCap.exe program from http://www.netresec.com/?page=RawCap. When RawCap.exe is started, it will capture all packets from the loopback device into a dump file. While RawCap is running, we also run the Cafu Engine in order to record the network traffic. When you're done with Cafu, also quit RawCap with Ctrl+C, then start Wireshark to analyze the file that has been written by RawCap.
  3. In Wireshark, a useful filter expression for reducing the view to Cafu Engine related network packets only is

    Code: Select all

    udp.port == 30000 or udp.port == 33000
Best regards,
Carsten
Locked

Who is online

Users browsing this forum: No registered users and 11 guests