In a
recent News
announcement I presented a dissector for
Wireshark that one can use to study
and analyze the Cafu Engine network protocol. (I currently use it to aid
the development of the Cafu Component Systems, about which I'll post more
information soon.)
However, what I haven't but should have done at this time, is add some
information on the key steps to actually
use that dissector: As I
found out at the beginning at this week, the necessary setup is not
particularly complicated once you know how to do it, but if you still don't, it
can take a while to search the web for all required information:
- The first step after you've installed Wireshark is to "install" the
Cafu Wireshark dissector as well. This is easily done by copying the
dissector file into the user's Wireshark plugins directory. For example,
from the Cafu repository's root directory on my Windows 7 system, this
command does the job:
copy Ca3DE\wireshark-cafu.lua
c:\Users\Carsten\AppData\Roaming\Wireshark\plugins\
Make sure to manually create the plugins
subdirectory
beforehand, if necessary.
- Under Windows, Wireshark cannot capture packets from the loopback
device directly, which is required in order to capture the network traffic
in single player sessions on the local machine. Instead, we have to use the
RawCap.exe
program from http://www.netresec.com/?page=RawCap.
When RawCap.exe
is started,
it will capture all packets from the loopback device into a dump file.
While RawCap is running, we also run the Cafu Engine in order to record
the network traffic. When you're done with Cafu, also quit RawCap with
Ctrl+C
, then
start Wireshark to analyze the file that has been written by
RawCap.
- In Wireshark, a useful filter expression for reducing the view to Cafu
Engine related network packets only is
udp.port == 30000 or udp.port == 33000