Hi,
Thanks for all your answers.
I finally solved it using a Wireshark pluguin: https://github.com/nayutaco/lightning-dissector
It fails on some packets, but id does his job anyway.
Topic: Sniffing LN traffic with Wireshark (Read 149 times)
Last point as usual: Make sure that you have the latest version of Wireshark, maybe you are using an older version where these protocols arent added yet. Updating/Reinstalling can fix corrupted files sometimes.[/li][/list]
Wireshark has supported Bitcoin-related traffic since version 1.10, so that's a while ago. However, the reason I wanted to highlight the point you raised is that on the Wireshark site, bitcoin support seems to have been excluded from certain versions: 
Source
So if OP uses such a version, it is quite possible that the traffic is not displayed correctly. By the way, the same question was also asked here recently, you can find more starting points there: How to use Wireshark to identify Bitcoin/Lightning P2P packets
https://www.wireshark.org/docs/man-pages/wireshark-filter.html
https://www.wireshark.org/docs/dfref/b/bitcoin.html
I don't know much about it, but I've seen websites about it before from other sources. I hope this can help you.
https://www.wireshark.org/docs/dfref/b/bitcoin.html
I don't know much about it, but I've seen websites about it before from other sources. I hope this can help you.
Yeah Wireshark can detect a lot of protocols including Bitcoin and Lightning packets.
There are few things that u should check if they arent identified:
There are few things that u should check if they arent identified:
- Bitcoin network uses port '8333' for mainnet and '18333' for testnet. The lightning network uses '9735' as a port. Atleast what I found, not 100% sure on LN.
Make sure that you capture traffic on these mentioned ports. - You can also check if u set the preferences right. For that: Go to Edit -> Preferences -> Protocols. Lookup 'bitcoin' and ensure that its enabled aswell. Otherwise it will not capturing these packages.
- VPNs or proxys can cause problems aswell. If its possible you should capture them without services like that.
- Last point as usual: Make sure that you have the latest version of Wireshark, maybe you are using an older version where these protocols arent added yet. Updating/Reinstalling can fix corrupted files sometimes.
I never use WireShark myself, but i recall people manually specify magic bytes of certain protocol on WireShark. In case you forget, you can check magic values for Bitcoin on-chain at https://en.bitcoin.it/wiki/Protocol_documentation#Message_structure.
Hi all,
I've seen on the Internet that Wireshark can detect protocol packages like Bitcoin and Lightning Network. They are identified in the protocol column.
The problem is that my Wireshark is not classifying those packages, it just says tcp/ip or http/json.
Does anyone know how to solve that?
Note: I know there's a package called lightning dissector but I don't need to read the packages, just identify them. (In the end, I ended up using it)
Thanks in advance!
-SS
I've seen on the Internet that Wireshark can detect protocol packages like Bitcoin and Lightning Network. They are identified in the protocol column.
The problem is that my Wireshark is not classifying those packages, it just says tcp/ip or http/json.
Does anyone know how to solve that?
Note: I know there's a package called lightning dissector but I don't need to read the packages, just identify them. (In the end, I ended up using it)
Thanks in advance!
-SS
Jump to: