Ask Your Question
0

How can I edit or expand a protocol like `bitcoin`

asked 2019-04-29 23:59:57 +0000

pinehadmz gravatar image

The bitcoin protocol analyzer in Wireshark is great, but it's out of date. There are new message types, such as cmpctblock (Compact Block) that I need to analyze with the same ease as block messages.

When WS gets a block message, it is able to deconstruct it and label the parts of the message nicely (block version, merkle root, timestamp, etc.) I would like to define fields such as these for the bitcoin protocol messages that are not yet built in to the filter.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
1

answered 2019-04-30 06:35:06 +0000

Jaap gravatar image

Then you'll have to write the source code to expand the bitcoin dissector in order to generate these fields. This code can be contributed to the repository, see develop. Or you can file an enhancement request at the bug database. Attaching a capture file there can increase the chance of someone else investing their time in writing the code for you.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2019-04-29 23:59:57 +0000

Seen: 336 times

Last updated: Apr 30 '19

Related questions

How to capture UDP traffic and not NBNS traffic?

Capture incoming packets from remote web server

Localhost capturing

How to filter out TCP retransmissions

My UDP packets aren't showing

Using tshark filters to extract only interesting traffic from 12GB trace

Capture Filters - SSL Handshake or HEX

Is it possible to test a capture filter with already captured traffic?

What is the udp.length display filter actually for?

How would I map this display filter to a capture filter?