User blog:Martirsadota/Utilizing Wireshark for Kancolle Asset Grabbing

'''This is a work in progress. Please be careful in utilizing the information contained herein.'''

=Intro=

I actually don't know why should I be writing this guide. If anybody's smart enough to be using a packet sniffer like Wireshark, he/she should be proficient enough to do all the things discussed here.

Anyways, here we go.

This is intended for users playing Kancolle via KCV; if you're playing directly in the browser, or are using KC3Kai, you're in luck; there's an easier method. Visit Crazy Teitoku's guide instead.

Why KCV?
Simply because KCV doesn't have a browser's ability to view network traffic and HTTP requests (try it: open your browser, hit F12, go to the tab named "Network" (or similar), then try loading some web pages). So we have to monitor the traffic some other way.

For this guide, I'm going to assume you already have Wireshark set up and running; if you don't have Wireshark yet, grab it off their site, and install it into your PC. Once done, read on.

=Preparing Wireshark for the Capture=

Start Wireshark.

Capture Options
First, head over to Capture > Options (or hit Ctrl+K ).

Just leave much of the screen as it is. Two things you might want to check are the network interface you're capturing from (the big list box at the top) and the capture filter (the green edit box in the picture).

Network Interface
Unless you're rich enough to have multiple network cards, playing Kancolle off the datacenter racks' boxes (I sure hope nobody's doing this), or are using a laptop (the more probable case), there should be only one interface listed in this box (something like "Local Area Connection"). If so, you don't need to touch anything in this box.

Now, if it does list more than one interface, make sure you have checked the correct interface to capture. Which checkbox should be checked should be easy to figure out:


 * If you have connected a LAN cable to your computer, check "Local Area Connection".
 * If you're playing over Wi-Fi, check Wi-Fi.
 * If you're not sure, check everything. No, seriously.

Capture Filter
To avoid massive headaches, pointless scrolling, and HUGE capture files later on, filter your capture. A lot of activity goes on at the network every moment, and capturing them would only clutter your screen (and eventually your capture file) with traffic you don't really need.

Setting up one is simple. Just type:

tcp and host &lt;your Kancolle server's IP address&gt;

into the Capture Filter box.

If you're not sure which server you're in, try this. If you're not sure what your server's IP address is, check the Server list.

Capturing
Good going! Now hit the Start button at the bottom of the box. You're done. You should now see Wireshark's main window with all kinds of text scrolling. We'll get to this in the next section (which I'll probably write later).