1
Recently I captured a part of blockchain when my bitcoin wallet started to syncing for the first time. I analyze about 10 Gb of traffic which was for primary transactions of bitcoin. wireshark can detect them as bitcoin traffic but these packets don't have a valid command name and a valid packet magic. according to this link:
https://en.bitcoin.it/wiki/Protocol_documentation#Network_address
all magic values are 0xD9B4BEF9, 0xDAB5BFFA, 0x0709110B and 0xFEB4BEF9.
my first question is why a lot of packets at the start of blockchain don't have a valid magic packet and valid command name, and how wireshark can detect these packets as bitcoin while they don't have a valid header?
It may be useful to show exactly what you are seeing instead of only what you're expecting to see. – Pieter Wuille – 2019-08-06T06:02:56.360
1@PieterWuille there a lot of incorrect values, for example for a packet i see "0x45022056d20ede6d23d563b5" as it's command name which isn't a valid printable value and 0x008b4830 for it's packet magic. – Saeed – 2019-08-06T06:25:57.733
Presumably you're incorrectly splitting data into packets. Can you post the full data you see for a representative selections of packets? Preferably subsequent ones? – Pieter Wuille – 2019-08-06T06:27:46.703
1I just copy these values from wireshark. they have large size so i can't post full data here. wireshark detect them as bitcoin protocol but shows them as black packets. – Saeed – 2019-08-06T06:37:32.640
If you're not showing what you're seeing, there is no way anyone can guess. I'm sure there are some small packets among them, or if not, there are paste sites where you can easily put a few MB. – Pieter Wuille – 2019-08-06T06:39:25.383
1as an example, start of one of these packets is shown below:
082d2026eda71ec445dbf97b346cb65692e23b712a11fc500220174bbfea9f0c591c9efb91ee004386ad22d13eb04d748df3f1957b3a3c69b18401210294c3fba7a78fcfaae34a7154e53b03ee1d78fa87499eefdb631c84e9cfd85614feffffff02e8166500000000001976a914d6c094481a567c316af56676c4df77d23ecf3a3088ac18c00900000000001976a914808b475d6a12476fb854e8aa6dd6e85aa217c1ae88ace6c106000100000001024db340a993dadcfa7b4f4d350057e38efa0339f58dc52c4cecb027a42ff7f300000as wireshark's info, packet magic = 0x082d2026 and payload length is 92e23b71 which is equal to 1899750034. – Saeed – 2019-08-06T09:22:47.793
@PieterWuille do you have any opinion? – Saeed – 2019-08-07T12:13:42.353