wireshark packet analysis missing checksum in version msg



I'm trying to send a raw bitcoin transaction through a raw socket connection in python. To debug I'm using wireshark to sniff the packets.

Wireshark figures out that the packet is for Bitcoin and that it's a 'version' message, and gets the first couple fields right, but then neglects the checksum field and instead assigns what should be the checksum to the protocol version, throwing everything else off. I can't seem to get to the bottom of it.

Other message types, like 'tx', include the checksum but have other issues (I'll get to later). Any ideas why wireshark isn't picking up on the checksum for the version message?


Posted 2014-05-24T15:19:32.110

Reputation: 151

Does Wireshark correctly parse transactions sent by the standard Bitcoin client? – Nate Eldredge – 2014-05-24T17:47:34.990

I think the issue might be an old bitcoin dissector, since checksums were only added into the version msg recently. building from source now with updates dissector. don't have the cpp-client right now so can't check. – Ethan – 2014-05-24T18:07:08.710

I believe the dissector for Bitcoin is broke in Wireshark, there are more issues. – Jori – 2014-05-24T18:47:42.617

super. is there an alternative. how can I debug my packets? – Ethan – 2014-05-24T19:39:07.500

1Yes, the Bitcoin plugin for Wireshark is very old and doesn't include some types of messages. Your best bet is to just filter by the port and do the work manually, the types are identified correctly and are not encrypted so it's fairly easy going. – user13413 – 2014-05-25T09:32:56.987

No answers