Getting traffic to your ShowEQ system

Eratosthenes
Dec 5, 2018 · 4 min read

This is part of a multi-part series:

  1. Installing ShowEQ For Project1999 in 2019
  2. Getting traffic to your ShowEQ system (you are here)
  3. Understanding Project1999 Protections
  4. Decrypting Project1999 Spawns

Welcome back! This story is a continuation of the first post here so please read it if you haven’t before continuing.

So now we have a working (as in running) version of ShowEQ running on a separate Linux machine. In my instance, I used an old laptop I had laying around. That being said, I’m not intending to play EverQuest on my linux laptop. I have a nice fancy gaming PC, large monitor, and gaming keyboard/mice that I intend to use. How exactly then, can I leverage ShowEQ on a separate system?

Port Mirroring

ShowEQ operates as an entirely passive monitoring solution for traffic to and from the EverQuest server. Due to being entirely passive, it actually doesn’t need to run on real-time traffic and it also doesn’t need to interact with either the EverQuest server or your gaming PC at all. The main advantage is that it’s 100% impossible to detect programmatically.

The concept of taking a systems traffic and passively duplicating it to another system is called Port Mirroring. This technique is frequently used in enterprise computer networks to provide traffic monitoring or security. We will leverage this technique to seamlessly duplicate our EverQuest traffic.

Option 1: Easiest, but costs money

The absolute easiest way to mirror traffic to a system is to buy a physical device tap, sometimes referred to as a Network Tap. A network tap usually has three ports on it: An input connection for traffic from/to your router, an output connection for traffic from/to your gaming PC, and an additional connection to mirror a copy of the traffic.

There are multiple Network Taps available for purchase on Amazon and eBay. Personally I highly recommend the SharkTap 10/100 listed currently at $90 on Amazon which I have been currently using without issue for the past 6 months. However, if you’re running a high speed network and using gigabit Ethernet, consider the badass (and unfortunately twice as expensive) 10/100/1000 version.

SharkTap 10/100 Network Sniffer. Available on Amazon.

Setting up the traffic in a wired environment is as simple as it gets (note: you will need two extra Ethernet cables to perform the tap). First, remove the Ethernet cable from the back of your computer, connect it to the side labeled “NETWORK”, connect a new network cable from the “pass-through” side on the SharkTap to the back of your computer. At this point, you’re gaming PC’s internet connectivity should be working as normal. Finally, add an additional Ethernet cable from the “TAP” side on the SharkTap to the ethernet port on your ShowEQ Linux system.

Optionally: If your laptop/Linux machine does not have an extra or available Ethernet port, consider using a cheap USB Ethernet Adapter.

Option 2: Medium difficulty but router specific

Do you have a fancy router like an ASUS RT-AC68/86/87U? Well, you’re in luck as you can configure port mirroring directly on the router itself. First, install the Asuswrt-Merlin firmware and then follow instructions from here. While I have not personally followed these instructions, the commands are simple Linux “iptables” commands that should definitely work without issue.

For any other routers, try googling “YOUR ROUTER MODEL + Port Mirroring” to see if instructions are available online. If you have a success story please leave it in the comments.

Option 3: Easy, free, but not recommended

Finally, it’s entirely possible to mirror traffic from your system to a Virtual Machine running Linux on your host. VMWare Workstation supports Virtual Machines listening in promiscuous (sniffing) mode. If you go this route, you will be able to run a Linux VM directly on your gaming PC and seamlessly view your traffic on the virtual machine with no additional configuration.

However, personally, I do not recommend this option. The largest reason is (which will be discussed in the next blog post) private servers such as Project1999 include monitoring code that can identify other processes running and their window titles. While having VMs running is not necessarily a smoking gun, it’s a risk I would rather not take.

VMWare Workstation 14 on Linux error when setting promiscuous mode in a VM.

Now you should have some interesting traffic flowing to your ShowEQ box. Were you able to make it work? Have any issues? Find this blog generally useful? Please comment below!

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade