First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

I want to get the IP addresses list in the response returned by bitcoin.addr command

I would like to get the IP addresses of the peer list maintained by a bitcoin node. For this, I built the 'version', 'verack' and 'getaddr' messages using socket programming. I was able to get the 'addr' message from the corresponding bitcoin node. Now, further I would like to parse that addr response and get the list of IP addresses contained in it. I have tried using the bitcoin protocol documentation provided by the pyshark library. However, when I execute, pkt.bitcoin.addr.address or pkt.bitcoin.address.address, I get an Attribute error saying no such attribute exist. How can I parse such addr response for my further analysis?

Sajan's avatar
1
Sajan
asked 2019-09-30 02:54:47 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Both of those fields are listed in the field reference for the bitcoin dissector, so if there is a packet in the capture that contains those fields and the packet is correctly dissected as bitcoin then the fields should be present.

What do you see if you open the capture file in Wireshark?

grahamb's avatar
23.8k
grahamb
answered 2019-09-30 07:52:05 +0000
edit flag offensive 0 remove flag delete link
more

Comments

I found the issue, actually in the website, it mentions to use bitcoin.address.address for each packet sniffed. However, I found that it is actually supposed to be bitcoin.address_address

Below is the snapshot of the image I found! https://imgur.com/TEo6NvH

Thank you for your efforts and concern

Sajan's avatar Sajan (2019-09-30 08:36:13 +0000) edit
more
  • delete

That must be either an artefact of the pyshark wrapper, or tshark XML output (which is apparently what pyshark uses) because the field is defined in the bitcoin dissector as noted in the field reference (which is autogenerated), i.e. "bitcoin.address.address" and has been since 2013. Something to maybe take note of when using pyshark.

grahamb's avatar grahamb (2019-09-30 09:06:12 +0000) edit
more
  • delete

thank you!

Sajan's avatar Sajan (2019-09-30 09:09:16 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer