Wireshark mailing list archives
BitTorrent info_hash decoder using Wireshark
From: firstname lastname <psykosonik_frequenz () yahoo com>
Date: Tue, 8 Nov 2011 12:51:07 -0800 (PST)
I have a pcap file which has traffic captured between the client and the server. Here, the server is a tracker and it looks like an announcement message from a Torrent client to the Tracker requesting to download a file. The request looks like below: GET http://tracker21.df6d4cf3-2787-4001-80ff-e8a23e7ff1ec.automated.snxd.com/?info_hash=%FEg%F6mth%90%5E%84%F6%F5z%E3%E8%DFu%E7%FA%14%0E&peer_id=<>&port=0&uploaded=0&downloaded=0&left=3760800 ...... The info hash looks like this: %FEg%F6mth%90%5E%84%F6%F5z%E3%E8%DFu%E7%FA%14%0E I want to decode this info_hash. I believe wireshark has the capability to dissect the Bittorrent Protocol, however I am unsure of whether there is a way to make it decode the info_hash and peer_id fields as well? I have searched on Google for algorithm used to encode the info hash but not much success. http://nakkaya.com/2009/12/03/bittorrent-tracker-protocol/ This is one reference, but I am trying to understand the algorithm. While doing that, I got this thought. It would be great if we can get the info_hash, since this way we can conclude which file was being downloaded from the tracker. Regards, NeonFlash
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- BitTorrent info_hash decoder using Wireshark firstname lastname (Nov 08)
- Re: BitTorrent info_hash decoder using Wireshark Jaap Keuter (Nov 09)