Dumping Network Traffic

From Custom Mario Kart
Jump to navigation Jump to search

In November 2012 Wiimm started to dump the complete network traffic of Mario Kart Wii online meetings. The goal was to have enough information to create a own MKWii server if ever necessary. In March 2014 Nintendo announced the shutdown of the server for May 2014 — much earlier than ever thought.

This article will explain, how to get good dumps and good logs. Logs are necessary to remember, what happened during the dump time.



Get the data

If capturing network data, it is important to capture the complete traffic from and to the Wii. To keep the dumps small, filter out all unrelated traffic of other network devices. The filtering is very important, if you plan to give the dumps away, because it may contains passwords and other private data.

Port Mirroring

The best and cleanest way to capture the network traffic is a managed switch[1], that support port mirroring[2].

You place the managed switch between Wii and router. Then you connect a PC, that should capture the network traffic, to another port of the switch. In the switch setup you mirror the traffic from and to the Wii to the PC port. After doing this setup once, all traffic of the Wii is mirrored to the PC. Normally the PC will drop the unwanted network packets. But a capture tool see the data.

A typical capturing command: 

tcpdump -w <DEST_FILE> -U -i eth1 host <MY_WII> or arp
<DEST_FILE>
The filename, where the dump is stored. If using - as file name, stdout (standard output) is used.
<MY_WII>
Replace this by the IP or DNS name of the captured Wii.
or arp
These keywords enable capturing of ARP packets. ARP packets are only needed, if your Wii has network troubles.

Router captures

Many routers (like Fritzbox) allow to capture network traffic and to store it as a file. Using a Linux, Mac or Windows PC as router between Wii and the DSL-Router is also possible. All current operating systems support the capturing of network data, but often you need root/administrator rights.

ARP spoofing

ARP spoofing[3] is a method to redirect data from and to the Wii. But it has a big disadvantage: The Wii generate ARP request frequently. And the time between the correct answer and the spoofed one, the data is sent directly to the correct destination and the packets are lost for capturing.

Logging

???

Videos

???

Analysing with mkw-ana

???

Using log files

???

References

  1. MediaWiki: Network Switch Options
  2. MediaWiki: Port Mirroring
  3. MediaWiki: ARP spoofing

Template:MKWii Network Protocol

Retrieved from "https://wiki.tockdom.com/w/index.php?title=Dumping_Network_Traffic&oldid=60408"