Mirrors/overte-Armored-Dragon
3
0
Fork 0
mirror of https://github.com/Armored-Dragon/overte.git synced 2025-03-11 16:13:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
overte-Armored-Dragon/tools/dissectors/README.md

73 lines
No EOL
2 KiB
Markdown
Raw Permalink Blame History

# High Fidelity Wireshark Plugins
## Installation
* Install wireshark 2.4.6 or higher.
* Copy these lua files into `c:\Users\username\AppData\Roaming\Wireshark\Plugins` on Windows, or `$HOME/.local/lib/wireshark/plugins` on Linux.
## Lua version
This is a Lua plugin, which requires the bit32 module to be installed. You can find the Lua version wireshark uses in the About dialog, eg:
Version 4.2.5 (Git commit 798e06a0f7be).
Compiled (64-bit) using GCC 14.1.1 20240507 (Red Hat 14.1.1-1), with GLib
2.80.2, with Qt 6.7.0, with libpcap, with POSIX capabilities (Linux), with libnl
3, with zlib 1.3.0.zlib-ng, with PCRE2, with Lua 5.1.5, with GnuTLS 3.8.5 and
This indicates Lua 5.1 is used (see on the last line)
## Requirements
On Fedora 40:
* wireshark-devel
* lua5.1-bit32
## Usage
After a capture any detected Overte Packets should be easily identifiable by one of the following protocols
* `HF-AUDIO` - Streaming audio packets
* `HF-AVATAR` - Streaming avatar mixer packets
* `HF-ENTITY` - Entity server traffic
* `HF-DOMAIN` - Domain server traffic
* `HFUDT` - All other UDP traffic
## Troubleshooting
### attempt to index global 'bit32' (a nil value)
`[Expert Info (Error/Undecoded): Lua Error: /home/dale/.local/lib/wireshark/plugins/1-hfudt.lua:207: attempt to index global 'bit32' (a nil value)]`
See the installation requirements, you need to install the bit32 Lua module for the right Lua version.
## Development hints
* Symlink files from the development tree to `$HOME/.local/lib/wireshark/plugins`, to have Wireshark work on the latest dissector code.
* Capture packets for later analysis in a PCAPNG file.
* Only save needed packets in the dump
Decode on the commandline with:
tshark -r packets.pcapng.gz -V
Decode only the first packet:
tshark -r packets.pcapng.gz -V -c 1
### Useful tshark arguments
* `-x` hex dump
* `-c N` Only decode first N packets
* `-O hfudt,hf-domain,hf-entity,hf-avatar,hf-audio` Only dump Overte protocol data, skip dumping UDP/etc parts.
* `-V` decode protocols
*
Reference in a new issue View git blame Copy permalink