Sunday, March 30, 2008

wireshark secondlife filters

Ok, this is another search-bait post - the "wireshark secondlife filters" is another frequently used search string that lands on my blog...

Of course here I suppose the audience is talking about dissectors rather than filters (nb: filter is something that you use do show only some of the packets, while dissector is something that allows you to watch the logical structure of the packet instead of the hex bytes) - just that we get the terminology straight.

I found an article on how to do your own dissector and the article on the wireshark website about your own dissector, I've almost started doing this, but wanted to search a bit first.

Sure thing, the bicycle was already invented: there is already a dissector for SL.

Copy the files as instructed, and then find the UDP SL packets, and enter "Decode As..." and in the sea of protocols find the "slmsg".

For some reason the packets look as "malformed" to me (nothing beyond the message type decodes) - so I am not sure if it is the bug in the dissector or my wireshark playing tricks - drop your note about your experience with this dissector - if it does not work, the machine code generation from message template is not too difficult, I might as well implement my own version of bike :)

3 comments:

Anonymous said...

Hey, this isn't bad! It does show the blocks and fields of the slmsg for me. Some messages have changed since this thing was created I guess, it says ObjectUpdate is malformed. But it's pretty good! Thanks!

RobinC said...

You may need to regenerate the static array from a fresh message template and the code to do that is inside the src tar ball.

it certainly was working at the time it was posted but as the last poster said, the message template as updated so some things may be bust. Also the zero encoding probably needs checking, and if i recall appended acks are still missing.

Robert Jakbosky said...

I created a wireshark dissector for the SecondLife protocol using Lua. It can dynamically parse the message_template.msg to get the latest messages structures/names.

It has been uploaded to the OpenSim wiki:
LLUDP_Dissector