Getting Started with Wireshark
(Updated for new IP addresses used in build 1.887 and to check both Auth and Game servers)
A quick guide on how to use Wireshark to collect network packet data to help
diagnose problems with MOULagain (Myst Online URU Live 2010).
1. Get the tools
Download Wireshark from www.wireshark.org,
and install. This installation includes the WinPCap packet capture service. Pay attention to the
instructions, particularly if you already have an older version of WinPCap installed on your PC, in
which case you may need to reboot your PC to complete the removal of the old service.
2. Setup the capture
You should now have a desktop icon for Wireshark:
Double click this to run Wireshark. It'll probably take several seconds to initialise, so be patient.
Note that some of the images used in this guide are from an older version of Wireshark: The screens
you see may vary slightly from the ones shown, but the essential details should be similar.
Once the main window appears click on the "Show the Capture Options" button, highlighted below
Now, using the image below as a guide, set the following options:
Interface: Drop down the list a select the interface you use to connect to the internet.
You may only have one entry in the list here, in which case that's fine, but if you've also got
a dial-up modem or wired and wireless LAN adapter in your PC, then you'll need to select the correct
Capture packets in promiscuous mode: Untick this box, so we don't capture data from other
PCs in your network - setting the filter below should prevent this anyway, but just in case.
Limit each packet to: Tick the box, and set the value to 96 (the value doesn't matter that much,
it just helps to save disk space if we don't actually need to see whole data in every packet).
Capture Filter: Don't click the button, just type the following text into the box, (don't
use the text shown in the image above - it's an outdated example!):
host 220.127.116.11 or host 18.104.22.168
Capture File(s): Click on the Browse button and when the file selection window appears,
type in a suitable name (using the extension ".pcap" to ensure that the file is associated with
Wireshark, but that's not essential), then click on "Browse for other folders" and select a
suitable folder for the log file.
Click on OK to accept the file details.
Name Resolution: We're not really interested in finding the names of the source and
destination machines, so keep things simple and untick the "Enable Mac name resolution"
and "Enable network name resoultion" boxes.
We're now ready to start the capture.
3. Start Myst Online
Run the Myst Online launcher, and go through the login procedure, and get to the point where
you want to start capturing data. Use "ALT+TAB" to flip back to Windows/Wireshark and click on
"Start" and you should see the screen start to fill with data, possibly quite slowly. Return
to Uru and continue playing until the event you wanted to record has happened.
4. Stop the capture
Use "ALT+TAB" to flip back to Windows/Wireshark and click the "Stop" button (fourth
icon from left on the toolbar) or use the menu option: Capture -> Stop. You'll
end up with a window filled with packet details similar to that below - Don't worry
about what it all means just now:
5. Send off the data
Once you are done, close down Wireshark, locate the log file and send it off to be
analysed. It's best if you can zip or rar the file first then e-mail to
And that's it!