You are here: Home » Wireshark SL disector
Print This Page

THIS IS OUT OF DATE

There is a much bette disector that is a LUA plugin for wireshark avaiable at

http://opensimulator.org/wiki/LLUDP_Dissector

 ONLY FOR REFERENCE BELOW

I wanted a wireshark (ethereal) packet dissector for the secondlife UDP message protocol, as i could not find one, i wrote most of one myself, it would be great to finish this completely, but it works to a reasonably useful point :-

Test version binaries 

Debian linux .deb (requires wireshark to be installed first) ... here

linux shared library (please untarball and copy to /usr/lib/wireshark/plugins by hand)

Windows library (.dll) (copy to c:\program files\wireshark\plugins\0.99.8\secondlife.dll) (after installing wireshark 0.99.8 for windows)

Source code

Get the code from :-

svn co svn://slupdate.byteme.org.uk/wireshark/plugins/secondlife .

Rough instructions for unix type build

 

You will need all the usual unix build tools, gcc,make,patch, automake,autoconf, autotools etc installed to be able to compile.

  1. Download wireshark source code.
  1. Copy the code you have checked out from my svn to wireshark/plugins/secondlife/
  1. Go to the /plugins/secondlife folder and do the following :- 


patch -p0 < build_unix.patch

Go to the top level wireshark source directory and run 

./autogen.sh
./configure
make

if you already have wireshark installed go to plugins/secondlife and run 

make install.

If you do no have wireshark installed and wish to install now just run 

make install

from the top level source directory.


Windows type build

1. Download wireshark source from http://www.wireshark.org/download.html

2. Unpack this to a convinent folder.

3. Download and install cygwin http://cygwin.com/ make sure you install perl, python, bison,flex,wget,unzip when you have the choice of extar components to install. Perl is under its own sub folder on the installer and you only need the core perl install same with python. Other packages are under development, some under internet (wget).

Don't worry if you find you have things missing you can add them later by re running cygwin.

4. You need some kind of Visual C installed, according to the notes inside wireshark, Visual C 9 does not work currently. i used .net 2003

5. Inside the wireshark source tree, edit config.nmake and ensure only ONE MSVC_VARIENT line is not commented out and that it reflects the visual C you have installed and are going to use.

6. Open a command prompt window

7. Run the visual C script that sets the paths/environmental variables. With Visual c .net 2003 this is 

"C:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\bin\vcvars32.bat"

this MUST be run from your command prompt window and you will need to enclose the command in quotes " because of the spaces in the path name. If you use a different visual studio you will have a similar file in the visual C's program files folder. Have a quick look for it under program files\your visual studio version\vc???\bin\

7. Run 

"nmake -f Makefile.nmake setup"
this will install the required tools and libraries. If it shouts about missing tools go back to step 3 and find the missing tool.

 

7a Rename python, copy the c:\python2 to c:\python24 as the build system is looking for an older python than cygwin installs.*** this may need to be done before step 7 ****

8. Assuming all is well you can build wireshark with 

"nmake -f Makefile.nake"

Yay you now have a compiled wireshark

copy the code out of my svn above to plugins/secondlife and change the current directory to this folder, then :- 


 nmake -f Makefile.nmake clean

nmake -f Makefile.nmake

Copy the resulting secondlife.dll to c:\Program Files\Wireshark\plugins\0.99.8\secondlife.dll

run wireshark

Notes, to add to the wireshark complete build edit the Makefile.nmake in <wireshark-src>\plugins to make sure the secondlife folder is included in the build. As the the installer you will need to find the installer script and again add the secondlife folder lines to the script.

Running wireshark

Start wireshark, it should be capable of disecting SL traffic on UDP port 32793. Currenty there are no options provided to enable this to be changed.

If you want to update the message template do the following :-

gcc parsestdalone.c -o parsestdalone

./ parsestdalone

You need to ensure the message_template.msg lives in /usr/share/secondlife/message_template.msg OR modify parsestdalone.c to look else where

TODO

  1. Implement decoding of zero coded packets
  2. Show appended ACKs
  3. Add in options to allow user to change port numbers from wireshark interface
  4. Finish off some of the protocol details display


If anyone does any of this feel free to send me a patch back!

Licence

Code is GPL licence, but all or bits may be submitted to the wiki on secondlife.com if thats what someone wants todo :-)

 

 


^ Top

Previous page: meerkat
Next page: mozlib - xulrunner, a friendly fork to enable mozlib to work with system xulrunner