Wireshark – Resources

Wireshark is a network protocol analyzer. I have found it useful for debugging UDP packet exchange issues between OpenSimulator and the Firestorm Virtual World Viewer.
This blog posts provides links and resources in case its useful in future or for others.

• https://www.wireshark.org/
• Wireshark for Windows already includes support for the Lua scripting language which enables Lua plugins to allow for dissection of logs. And Lua is already enabled by default. See https://wiki.wireshark.org/Lua.
• Wireshark LLUDP Plugin:
  • http://opensimulator.org/wiki/LLUDP_Dissector
  • https://github.com/Neopallium/lludp_dissector
  • Do not use the init.lua file in the LLUDP Dissector distribution. Only the other five .lua files are needed. More information is given below on installing and using the LLUDP Dissector.

Wireshark Usage

1. You can start and stop (or reset to empty) the logs via the “Capture” menu.
2. You can save a log via the “File” menu.
3. The logs can be opened in Wireshark for analysis.
4. You can select the network adaptor or connection you specifically wish to monitor via Capture -> Options.
5. Remote Desktop protocol (RDP) traffic can be filtered out if you are analyzing a network while logged on to the host via RDP by adding “not port 3389” to the Capture Filters for any connection.
6. More detailed analysis can be performed by installing specialised “Dissector” plugins, e.g. for the Linden Lab UDP virtual world protocols.

Installing and Using the LLUDP Dissector

Wireshark Help -> About Wireshark – Folders tab indicates the location where Personal Lua Plugins are placed – usually C:\Users\…\AppData\Roaming\Wireshark\Plugins. Create the directory of it does not already exist. Into that copy the lludp directory with the five .lua files. Do not use the Init.lua file as that is not required now.

Edit -> Preferences -> Protocols -> LLUDP allows for the configuration of the LLUDP Plugin.

• message_template.msg file for Firestorm (for 64 bit OpenSim version) is usually at C:\\Program Files\\FirestormOS-Releasex64\\app_settings\\message_template.msg (double backslash is needed the documentation says for Lua.
• The UDP port range monitored is set in Settings, but the defaults of 13000-13050 are odd. Regions normally run on 9000-upwards. So change the range in Preferences.

Tools -> LLUDP Stats Tap is useful to see a summary of the types of LLUDP traffic being exchanged.