Author

Topic: Sniffing LN traffic with Wireshark (Read 167 times)

jr. member
Activity: 46
Merit: 28
October 29, 2023, 06:20:39 PM
#6
Hi,

Thanks for all your answers.
I finally solved it using a Wireshark pluguin: https://github.com/nayutaco/lightning-dissector
It fails on some packets, but id does his job anyway.
legendary
Activity: 2296
Merit: 2721
October 27, 2023, 05:05:57 AM
#5
Last point as usual: Make sure that you have the latest version of Wireshark, maybe you are using an older version where these protocols arent added yet. Updating/Reinstalling can fix corrupted files sometimes.[/li][/list]
Wireshark has supported Bitcoin-related traffic since version 1.10, so that's a while ago. However, the reason I wanted to highlight the point you raised is that on the Wireshark site, bitcoin support seems to have been excluded from certain versions:


Source

So if OP uses such a version, it is quite possible that the traffic is not displayed correctly. By the way, the same question was also asked here recently, you can find more starting points there: How to use Wireshark to identify Bitcoin/Lightning P2P packets
jr. member
Activity: 35
Merit: 33
October 26, 2023, 09:39:55 PM
#4
https://www.wireshark.org/docs/man-pages/wireshark-filter.html
https://www.wireshark.org/docs/dfref/b/bitcoin.html

I don't know much about it, but I've seen websites about it before from other sources. I hope this can help you.
legendary
Activity: 1260
Merit: 2014
October 12, 2023, 04:55:54 AM
#3
Yeah Wireshark can detect a lot of protocols including Bitcoin and Lightning packets.
There are few things that u should check if they arent identified:

  • Bitcoin network uses port '8333' for mainnet and '18333' for testnet. The lightning network uses '9735' as a port. Atleast what I found, not 100% sure on LN.
    Make sure that you capture traffic on these mentioned ports.
  • You can also check if u set the preferences right. For that: Go to Edit -> Preferences -> Protocols. Lookup 'bitcoin' and ensure that its enabled aswell. Otherwise it will not capturing these packages.
  • VPNs or proxys can cause problems aswell. If its possible you should capture them without services like that.
  • Last point as usual: Make sure that you have the latest version of Wireshark, maybe you are using an older version where these protocols arent added yet. Updating/Reinstalling can fix corrupted files sometimes.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
October 11, 2023, 04:46:10 AM
#2
I never use WireShark myself, but i recall people manually specify magic bytes of certain protocol on WireShark. In case you forget, you can check magic values for Bitcoin on-chain at https://en.bitcoin.it/wiki/Protocol_documentation#Message_structure.
jr. member
Activity: 46
Merit: 28
October 11, 2023, 03:34:16 AM
#1
Hi all,

I've seen on the Internet that Wireshark can detect protocol packages like Bitcoin and Lightning Network. They are identified in the protocol column.
The problem is that my Wireshark is not classifying those packages, it just says tcp/ip or http/json.
Does anyone know how to solve that?

Note: I know there's a package called lightning dissector but I don't need to read the packages, just identify them. (In the end, I ended up using it)

Thanks in advance!

-SS
Jump to: