Read IPFS node's communication using WireShark

Hi, I am using an older version of IPFS 0.4.5-dev (I know I have to update, soon because I did some modifications to the IPFS and is a bit complicated).

I have 2 nodes running locally, ports 5001 and 5003. I want to read the default, unencrypted messages sent from Node 5001 to 5003 when I perform a “cat” operation from 5003 requesting a file from 5001 on the low level (bitswap).

When I setup my Wireshark to listen on all these ports and run:

ipfs --api=/ip4/127.0.0.1/tcp/5003 cat QmSjX4K6ovAWP1mLE1xyaA3SLksVsxCxHzakmmXf248kH3

I am able to see the request and response but this is not the low level bitswap communication over a stream.

How can I listen to the bitswap network protocol communication between nodes?

I believe is this part of the code:

I tried to check the http://localhost:5001/logs as well but didn’t find there my request.

Thx

Bitswap isn’t using the api ports for bitswap.

Take a look on traffic going over TCP port 4001.

In case you’ve overridden the default port, you should be able to see it using ipfs config Addresses.Swarm.

1 Like

Hey @leerspace, i didn’t mention it but I am listening to 4001, 4003, 5001, 5003 with WireShark as well as the daemon start outputs:

Swarm listening on /ip4/127.0.0.1/tcp/4001
Swarm listening on /ip4/192.168.1.170/tcp/4001
Swarm listening on /ip4/84.126.43.3/tcp/4001

I did also a Dump of core.go:

// startListening on the network addresses
func startListening(ctx context.Context, host p2phost.Host, cfg *config.Config) error {
	listenAddrs, err := listenAddresses(cfg)
	if err != nil {
		return err
	}

	spew.Dump(listenAddrs)  

Output:

([]multiaddr.Multiaddr) (len=1 cap=1) {
 (*multiaddr.multiaddr)(0xc420269700)(/ip4/0.0.0.0/tcp/4001)
}

I found only this packets:

I am not able to see the “content” of it though as u can see from the screenshot. It looks though like it is it right? But these packets are some kind of periodic keep alive stuff maybe? Running every 30s when u look at the timestamp.

How can I read them? Or find the one that are transmitting actual files?

That looks too short for a data block; in my packet captures they’re Len=1460. Unless you’re actively requesting data or serving files from the node I’d expect you to just see the background chatter. It’s not clear what you are doing to cause data blocks to be transferred, but if you want to see data probably the easiest way to do is a ipfs get <hash> on the node where the <hash> is something that’s definitely not cached on your node (preferably something pretty large so it stands out from the chatter). Here’s a 1.1 GB video file if you want to use it for your test.

As for decoding them, I’m not 100% sure how to decode the packets with the block data. I think they’re protobuf encoded, but I’m not 100% sure. Here’s the documentation on the wire format for bitswap.

Yea I believe they are protobuf messages indeed. Hmmm good idea with a large file. I will try some large text or something. The thing is I won’t be able to read video packets or image packets but I thought a text should be feasible.