search

aresrpg / minecraft-dissector

A wireshark dissector for the Minecraft protocol using https://github.com/PrismarineJS/minecraft-data
56 stars 28 forks source link

Can't see anything using the filter #2

Open shai opened 3 years ago

shai commented 3 years ago

I seem to be unable to see anything when I use the minecraft filter. What am I doing wrong? image image image

DeltaEvo commented 3 years ago

Can you share me a pcap file for me to take a look ?

shai commented 3 years ago

I can't do that, due to privacy concerns. Would it be possible for you to perhaps elaborate on what one would expect to get using this plugin? I'm not used to using Wireshark much nor custom plugins, let alone, directing traffic. What kind of traffic am I expected to see while using this plugin?

I was able to get some traffic to show, during connecting and disconnecting from servers, but the traffic while connected to a server doesn't show. Maybe I expected it to show and this is too high of an expectation?

My end goal was to be able to identify (sorta like the matrix movie) things happening around me, while I'm connected to my server, using Wireshark and not just visually using the game client.

DeltaEvo commented 3 years ago

I can't do that, due to privacy concerns.

Yep no problem :)

Would it be possible for you to perhaps elaborate on what one would expect to get using this plugin?

For now not much, because I only tailored this plugin for my need but I can expand it to cover your usecase, for now it only parse 1.16.3 packets whithout encryption (offline mode) What version are you using (are you using multiple ones) ? Do you have a way to get the encryption keys from the server or the client ? (If not I can code a quick fabric mob to do that)

I was able to get some traffic to show

If you saw some packets then it's "expected" since I don't handle encryption yet (because I didn't had the usecase) so if you connect to an online mode server you will see some packets when you connect but after that it will start encryption

shai commented 3 years ago

Ok, so now we're understanding each other. Yes, I'm connected to an online server. I can't get the keys. You can get around it you say? I'm using Fabric as well. I connected to various servers as well. Some are 1.16.4 others 1.16.5 even. I don't think I'm connected to any 1.16.3.

I myself use Fabric 1.16.4

DeltaEvo commented 3 years ago

Some are 1.16.4 others 1.16.5 even. I don't think I'm connected to any 1.16.3.

Perfect 1.16.2 1.16.3 1.16.4 and 1.16.5 share the same protocol

I can't get the keys. You can get around it you say?

Yep I can make a mod that will get them (and maybe give them automaticaly to wireshark)

So thanks I have all the needed informations, I will work on that and update this issue when I have something working

shai commented 3 years ago

If you want, DM me or I can email you my Discord and we can take this offline for quicker progress and easier communication.

DeltaEvo commented 3 years ago

Yep we can do that, my Discord id is DeltaEvo#4453

shai commented 3 years ago

DeltaEvo#4453

Request sent.