Bitcoin Forum
December 11, 2016, 06:24:13 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Capturing and analyzing Bitcoin network traffic with tcpdump  (Read 4310 times)
altamic
Newbie
*
Offline Offline

Activity: 2


View Profile
January 25, 2011, 10:53:56 PM
 #1


During these days I am trying to collect Bitcoin packets flowing through the network lan, to (hopefully) gain a deeper understanding of the protocol by "seeing" how it behave.

Needless to say that having a good understanding of the protocol is essential to write accurate documentation, verify correctness of any implementation, detect or debug incorrect behavior and analyze performance.

After having discarded the option of instrumenting the code, since I judge it too time consuming for my current skills, I've opted to use an "Old School Unix Tool of The Trade", i.e. tcpdump.

I am by no means an expert with it, but I have been able to put  a simple shell script to filter only packets of "Bitcoinian"interest Smiley

I would like to share it with you:

#!/usr/bin/env sh

# bitdump.sh
#
# captures Bitcoin network traffic

SELF=`basename $0`

if [[ $1 = "" ]]; then
  DEFAULT="en1"
  echo "$SELF: no interface name provided as argument: using $DEFAULT as default"
else
  DEFAULT=$1
fi

connected_nodes() {
  netstat -an |
  awk '/8333/ && /ESTA/ { print $5 }' |
  sed 's/[.:]8333//'
}

# tcpdump config
IF="-i $DEFAULT"
ASCII="-A"
BINARY="-XX"
NO_DNS="-n"
FULL_PACKETS="-s 0"
NODES=($(connected_nodes))
PORT="8333"
FILE="bitdump.pcap"

if [[ -z "$NODES" ]]; then
  echo "$SELF: No peer found, check your internet connection and that Bitcoin is running"
else
  for (( i = 0; i < ${#NODES
  • }; i++ )); do
    ANY_NODE="host ${NODES} and $ANY_NODE"
  done

  # -t : don't print a timestamp on each dump line
  # -q : stay quiet

  CMD="tcpdump $IF -w $FILE $FULL_PACKETS $BINARY $NO_DNS $ANY_NODE port $PORT"

  echo $CMD
  $CMD
fi


you can clone/fork it here:

   https://gist.github.com/795809

The executable script, baptised 'bitdump.sh', receives as argument the name of the network interface and requires superuser privileges, i.e. you can run it with:

   chmod +x bitdump.sh
   sudo ./bitdump.sh


Mining a new block, creating a new bitcoin installation, sending or receiving transaction  involve many protocol interaction between nodes and I think it would be interesting to see yours on the wire. So ...let's start a campaign!

http://desmond.yfrog.com/Himg617/scaled.php?tn=0&server=617&filename=x4atu.png&xsize=640&ysize=640

Are you a miner? Are you a new user? Nice, then share your network dumps to benefit developers Smiley

Thank you.





 
1481437453
Hero Member
*
Offline Offline

Posts: 1481437453

View Profile Personal Message (Offline)

Ignore
1481437453
Reply with quote  #2

1481437453
Report to moderator
1481437453
Hero Member
*
Offline Offline

Posts: 1481437453

View Profile Personal Message (Offline)

Ignore
1481437453
Reply with quote  #2

1481437453
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481437453
Hero Member
*
Offline Offline

Posts: 1481437453

View Profile Personal Message (Offline)

Ignore
1481437453
Reply with quote  #2

1481437453
Report to moderator
1481437453
Hero Member
*
Offline Offline

Posts: 1481437453

View Profile Personal Message (Offline)

Ignore
1481437453
Reply with quote  #2

1481437453
Report to moderator
1481437453
Hero Member
*
Offline Offline

Posts: 1481437453

View Profile Personal Message (Offline)

Ignore
1481437453
Reply with quote  #2

1481437453
Report to moderator
fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
January 26, 2011, 12:49:27 AM
 #2

Mhhh, I don't see the point unless Bitcoin was a closed sourced program. You can look at the sourecode and see how it works. Tongue

0x6763
Guest

January 26, 2011, 03:23:59 PM
 #3

My favorite tools for packet sniffing and inspection are Wireshark (http://www.wireshark.org/) and Scapy (http://www.secdev.org/projects/scapy/).  I'm implementing the protocol right now, and these tools were very helpful and lead to me finding that some of the docs on the wiki were incorrect (I changed the wiki to reflect my findings, though I haven't covered everything).  The wiki, forums, IRC, other bitcoin related software, and packet sniffs have allowed me to learn about the protocol and how the official bitcoin client works while barely looking at the official client's code (It's pretty hard to follow, at least for me...I'm starting to make sense out of some of it after learning about what it's doing from all of these other sources, however).
Cdecker
Hero Member
*****
Offline Offline

Activity: 487



View Profile WWW
January 26, 2011, 09:40:42 PM
 #4

I have a few dumps done with wireshark and I use them when unit testing my networking code, it's incredibly usefull to have actual conversations to test against. Also the format of the messages makes it quite easy to split the dump into single messages.

BTW: 0x6763 would you be interested in joining efforts? I heard you are developing a network stack in Java too, I'd be keen to get a good networking code done that is peer reviewed. It could serve as a basis for many different services.

Want to see what developers are chatting about? http://bitcoinstats.com/irc/bitcoin-dev/logs/
Bitcoin-OTC Rating
0x6763
Guest

January 26, 2011, 09:53:08 PM
 #5

BTW: 0x6763 would you be interested in joining efforts? I heard you are developing a network stack in Java too, I'd be keen to get a good networking code done that is peer reviewed. It could serve as a basis for many different services.

My code is running on the JVM, but it's not Java.  I'm using Clojure. See http://clojure.org or #clojure on freenode.
Technically we could certainly use each other's code, but I think it would be a little awkward for merging our development while keeping with our own languages.  I'd very much like to discuss it, though.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!