/ethpd

Ethereum UDP packet dissector for discovery protocol v4.

Primary LanguageGo

ethpd

Ethereum UDP packet dissector for discovery protocol v4.

ethpd decodes a pcap file of captured Ethereum packets into a readable format. The decoded packets will be printed to the standard output. Pipe the output to a text file for larger pcap files.

Usage

ethpd [pcapFile] -- Prints to standard output

ethpd [pcapFile] > file.txt -- Prints to text file file.txt

Install

With a correctly configured Go installation:

go get -u github.com/ymarcus93/ethpd

Version 4 Packet Structure

See RLPx protocol page for more information

  • All packets are signed with ECDSA-secp256k1 keys (represents a node's ID)
    • For authenticity
    • Signature: sign(privkey, sha3(packet-type || packet-data))
      • 65-byte compact ECDSA signature containing the recovery id as the last element.
      • See the code for more information on how NodeID is recovered from the signature.
  • All packets are prepended with SHA3-256 hash of the underlying data of the packet
    • For integrity
    • Hash: sha3(signature || packet-type || packet-data)
    • 32 bytes
  • Packet Type: Single byte < 2**7 // valid values are [1,4]

Full UDP Packet Payload: hash || signature || packet-type || packet-data

Packet Data

RLPx encoded list. Packet properties are serialized in the order in which they're defined.

Ping

  • Version
  • From, To (IP, UDP, TCP)
  • Expiration

Pong

  • To (IP, UDP, TCP)
  • ReplyTok
  • Expiration

Findnode

  • Target
  • Expiration

Neighbors

  • Nodes:
    • IP
    • UDP
    • TCP
    • ID
  • Expiration