Bitcoin Forum
May 08, 2021, 11:12:36 AM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
   Home   Help Search Login Register More  
Pages: [1]
Author Topic: Capturing and analyzing Bitcoin network traffic with tcpdump  (Read 5027 times)
Offline Offline

Activity: 2
Merit: 0

View Profile
January 25, 2011, 10:53:56 PM

During these days I am trying to collect Bitcoin packets flowing through the network lan, to (hopefully) gain a deeper understanding of the protocol by "seeing" how it behave.

Needless to say that having a good understanding of the protocol is essential to write accurate documentation, verify correctness of any implementation, detect or debug incorrect behavior and analyze performance.

After having discarded the option of instrumenting the code, since I judge it too time consuming for my current skills, I've opted to use an "Old School Unix Tool of The Trade", i.e. tcpdump.

I am by no means an expert with it, but I have been able to put  a simple shell script to filter only packets of "Bitcoinian"interest Smiley

I would like to share it with you:

#!/usr/bin/env sh

# captures Bitcoin network traffic

SELF=`basename $0`

if [[ $1 = "" ]]; then
  echo "$SELF: no interface name provided as argument: using $DEFAULT as default"

connected_nodes() {
  netstat -an |
  awk '/8333/ && /ESTA/ { print $5 }' |
  sed 's/[.:]8333//'

# tcpdump config

if [[ -z "$NODES" ]]; then
  echo "$SELF: No peer found, check your internet connection and that Bitcoin is running"
  for (( i = 0; i < ${#NODES
  • }; i++ )); do
    ANY_NODE="host ${NODES} and $ANY_NODE"

  # -t : don't print a timestamp on each dump line
  # -q : stay quiet


  echo $CMD

you can clone/fork it here:

The executable script, baptised '', receives as argument the name of the network interface and requires superuser privileges, i.e. you can run it with:

   chmod +x
   sudo ./

Mining a new block, creating a new bitcoin installation, sending or receiving transaction  involve many protocol interaction between nodes and I think it would be interesting to see yours on the wire. So ...let's start a campaign!

Are you a miner? Are you a new user? Nice, then share your network dumps to benefit developers Smiley

Thank you.

There are several different types of Bitcoin clients. Header-only clients like Bither trust that the majority of mining power is honest for the purposes of enforcing network rules such as the 21 million BTC limit. Full clients do not trust miners in this way.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Hero Member
Offline Offline

Posts: 1620472356

View Profile Personal Message (Offline)

Reply with quote  #2

Report to moderator
Sr. Member
Offline Offline

Activity: 322
Merit: 250

Do The Evolution

View Profile
January 26, 2011, 12:49:27 AM

Mhhh, I don't see the point unless Bitcoin was a closed sourced program. You can look at the sourecode and see how it works. Tongue


January 26, 2011, 03:23:59 PM

My favorite tools for packet sniffing and inspection are Wireshark ( and Scapy (  I'm implementing the protocol right now, and these tools were very helpful and lead to me finding that some of the docs on the wiki were incorrect (I changed the wiki to reflect my findings, though I haven't covered everything).  The wiki, forums, IRC, other bitcoin related software, and packet sniffs have allowed me to learn about the protocol and how the official bitcoin client works while barely looking at the official client's code (It's pretty hard to follow, at least for me...I'm starting to make sense out of some of it after learning about what it's doing from all of these other sources, however).
Hero Member
Offline Offline

Activity: 489
Merit: 504

View Profile WWW
January 26, 2011, 09:40:42 PM

I have a few dumps done with wireshark and I use them when unit testing my networking code, it's incredibly usefull to have actual conversations to test against. Also the format of the messages makes it quite easy to split the dump into single messages.

BTW: 0x6763 would you be interested in joining efforts? I heard you are developing a network stack in Java too, I'd be keen to get a good networking code done that is peer reviewed. It could serve as a basis for many different services.

Want to see what developers are chatting about?
Bitcoin-OTC Rating

January 26, 2011, 09:53:08 PM

BTW: 0x6763 would you be interested in joining efforts? I heard you are developing a network stack in Java too, I'd be keen to get a good networking code done that is peer reviewed. It could serve as a basis for many different services.

My code is running on the JVM, but it's not Java.  I'm using Clojure. See or #clojure on freenode.
Technically we could certainly use each other's code, but I think it would be a little awkward for merging our development while keeping with our own languages.  I'd very much like to discuss it, though.
Pages: [1]
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!