However, what I haven't but should have done at this time, is add some information on the key steps to actually use that dissector: As I found out at the beginning at this week, the necessary setup is not particularly complicated once you know how to do it, but if you still don't, it can take a while to search the web for all required information:
- The first step after you've installed Wireshark is to "install" the Cafu Wireshark dissector as well. This is easily done by copying the dissector file into the user's Wireshark plugins directory. For example, from the Cafu repository's root directory on my Windows 7 system, this command does the job:
Make sure to manually create the
Code: Select all
copy Ca3DE\wireshark-cafu.lua c:\Users\Carsten\AppData\Roaming\Wireshark\plugins\
plugins
subdirectory beforehand, if necessary. - Under Windows, Wireshark cannot capture packets from the loopback device directly, which is required in order to capture the network traffic in single player sessions on the local machine. Instead, we have to use the
RawCap.exe
program from http://www.netresec.com/?page=RawCap. WhenRawCap.exe
is started, it will capture all packets from the loopback device into a dump file. While RawCap is running, we also run the Cafu Engine in order to record the network traffic. When you're done with Cafu, also quit RawCap withCtrl+C
, then start Wireshark to analyze the file that has been written by RawCap. - In Wireshark, a useful filter expression for reducing the view to Cafu Engine related network packets only is
Code: Select all
udp.port == 30000 or udp.port == 33000