Bitcoin protocol and Wireshark

3

I captured bitcoin protocol communication in real-time and it is present in fig1 and fig2.

Fig1 enter image description here

In red box, there are many types of command.

First Question:

How can Wireshark detect bitcoin communication and parse them? I think the packet that socket sends may have something what I don't know.

In red box of fig2, you can see many properties of packet. this is definitely defined by software program, not hardware such as router. Real data that client send is really just hex data which is encoded by specific rule.

Second Question:

How Wireshark can parse data received? Bitcoin client can parse it because they know the rule but Wireshark doesn't know anything since Wireshark is thrid-party program, which no have any relation with Bitcoin software.

Fig2 enter image description here

Sorry for my English.

Hyunsoo

Posted 2019-11-26T05:23:53.577

Reputation: 363

Wireshark knows about 3000 different protocols, including Bitcoin. The list of protocols it handles is here: https://www.wireshark.org/docs/dfref/

– Ken Shirriff – 2019-11-27T01:35:31.440

Answers

15

Someone wrote a Bitcoin protocol decoder for Wireshark, several years ago. I assume it was included in the Wireshark distribution.

Wireshark simply knows about the Bitcoin protocol. There is no magic involved.

Pieter Wuille

Posted 2019-11-26T05:23:53.577

Reputation: 64 874