Bitcoin Forum
May 07, 2024, 01:09:22 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Bitcoin Technical Support > Sniffing LN traffic with Wireshark
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Sniffing LN traffic with Wireshark  (Read 149 times)
simpleSliv3r (OP)
Jr. Member
*
Offline Offline

Activity: 46
Merit: 28


View Profile
October 11, 2023, 08:34:16 AM
Last edit: October 30, 2023, 07:35:56 AM by simpleSliv3r
 #1
Hi all,

I've seen on the Internet that Wireshark can detect protocol packages like Bitcoin and Lightning Network. They are identified in the protocol column.
The problem is that my Wireshark is not classifying those packages, it just says tcp/ip or http/json.
Does anyone know how to solve that?

Note: I know there's a package called lightning dissector but I don't need to read the packages, just identify them. (In the end, I ended up using it)

Thanks in advance!

-SS
1715087362
Hero Member
*
Offline Offline

Posts: 1715087362

View Profile Personal Message (Offline)

Ignore
1715087362
1715087362
Reply with quote  #2
1715087362
Report to moderator
1715087362
Hero Member
*
Offline Offline

Posts: 1715087362

View Profile Personal Message (Offline)

Ignore
1715087362
1715087362
Reply with quote  #2
1715087362
Report to moderator
1715087362
Hero Member
*
Offline Offline

Posts: 1715087362

View Profile Personal Message (Offline)

Ignore
1715087362
1715087362
Reply with quote  #2
1715087362
Report to moderator
I HATE TABLES I HATE TABLES I HA(╯°□°)╯︵ ┻━┻ TABLES I HATE TABLES I HATE TABLES
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1715087362
Hero Member
*
Offline Offline

Posts: 1715087362

View Profile Personal Message (Offline)

Ignore
1715087362
1715087362
Reply with quote  #2
1715087362
Report to moderator
1715087362
Hero Member
*
Offline Offline

Posts: 1715087362

View Profile Personal Message (Offline)

Ignore
1715087362
1715087362
Reply with quote  #2
1715087362
Report to moderator
ABCbits
Legendary
*
Offline Offline

Activity: 2870
Merit: 7483


Crypto Swap Exchange


View Profile
October 11, 2023, 09:46:10 AM
Merited by simpleSliv3r (1)
 #2
I never use WireShark myself, but i recall people manually specify magic bytes of certain protocol on WireShark. In case you forget, you can check magic values for Bitcoin on-chain at https://en.bitcoin.it/wiki/Protocol_documentation#Message_structure.
█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████		▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
seek3r
Legendary
*
Offline Offline

Activity: 1260
Merit: 1954



View Profile
October 12, 2023, 09:55:54 AM
Merited by pooya87 (2), bullrun2024bro (2), ABCbits (1), simpleSliv3r (1)
 #3
Yeah Wireshark can detect a lot of protocols including Bitcoin and Lightning packets.
There are few things that u should check if they arent identified:

  • Bitcoin network uses port '8333' for mainnet and '18333' for testnet. The lightning network uses '9735' as a port. Atleast what I found, not 100% sure on LN.
    Make sure that you capture traffic on these mentioned ports.
  • You can also check if u set the preferences right. For that: Go to Edit -> Preferences -> Protocols. Lookup 'bitcoin' and ensure that its enabled aswell. Otherwise it will not capturing these packages.
  • VPNs or proxys can cause problems aswell. If its possible you should capture them without services like that.
  • Last point as usual: Make sure that you have the latest version of Wireshark, maybe you are using an older version where these protocols arent added yet. Updating/Reinstalling can fix corrupted files sometimes.
.
.HUGE.
▄██████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄███████████████████████▄
▄█████████████████████████▄
███████▌██▌▐██▐██▐████▄███
████▐██▐████▌██▌██▌██▌██
█████▀███▀███▀▐██▐██▐█████
▀█████████████████████████▀
▀███████████████████████▀
▀█████████████████████▀
▀█████████████████▀
▀██████████▀▀
█▀▀▀▀











█▄▄▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINSPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀█











▄▄▄▄█
DifDrama
Jr. Member
*
Offline Offline

Activity: 33
Merit: 32


View Profile
October 27, 2023, 02:39:55 AM
Merited by simpleSliv3r (1)
 #4
https://www.wireshark.org/docs/man-pages/wireshark-filter.html
https://www.wireshark.org/docs/dfref/b/bitcoin.html

I don't know much about it, but I've seen websites about it before from other sources. I hope this can help you.
Lakai01
Legendary
*
Offline Offline

Activity: 2296
Merit: 2721


Top Crypto Casino


View Profile
October 27, 2023, 10:05:57 AM
Merited by ABCbits (1), seek3r (1), simpleSliv3r (1)
 #5
Quote from: seek3r on October 12, 2023, 09:55:54 AM
Last point as usual: Make sure that you have the latest version of Wireshark, maybe you are using an older version where these protocols arent added yet. Updating/Reinstalling can fix corrupted files sometimes.[/li][/list]
Wireshark has supported Bitcoin-related traffic since version 1.10, so that's a while ago. However, the reason I wanted to highlight the point you raised is that on the Wireshark site, bitcoin support seems to have been excluded from certain versions:


Source

So if OP uses such a version, it is quite possible that the traffic is not displayed correctly. By the way, the same question was also asked here recently, you can find more starting points there: How to use Wireshark to identify Bitcoin/Lightning P2P packets
█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████		.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
simpleSliv3r (OP)
Jr. Member
*
Offline Offline

Activity: 46
Merit: 28


View Profile
October 29, 2023, 11:20:39 PM
 #6
Hi,

Thanks for all your answers.
I finally solved it using a Wireshark pluguin: https://github.com/nayutaco/lightning-dissector
It fails on some packets, but id does his job anyway.
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Bitcoin Technical Support > Sniffing LN traffic with Wireshark
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!