Gnutella Forums  

Go Back   Gnutella Forums > Current Gnutella Client Forums > LimeWire+WireShare (Cross-platform) > Open Discussion topics
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Today's Posts

Open Discussion topics Discuss the time of day, whatever you want to. This is the hangout area. If you have LimeWire problems, post them here too.


 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1 (permalink)  
Old March 20th, 2009
Novicius
 
Join Date: March 20th, 2009
Posts: 3
mikejim is flying high
Confused Can't detect queries when using wireshark

Hello,

I am writing a program I want to use to detect queries using the libraries from Wireshark (a network protocol analyzer). The problem is not the program, but the Limewire I want to detect queries from.

I have Limewire 4.18.3, which after a few hours of being up is connected as an Ultrapeer. I make a search through the user interface and get some results. I use at the same time Wireshark (for testing purposes) to capture the packets sent to my computer so that I can trace the query sent by Limewire and the queryhits sent by the other peers/leafs. Most of the packets flow through TCP connections, I assume the same connections established with my peers/leafs. Some queryhits arrive through UDP.

The problem is that I can't recognize any of the messages (query and queryhits), because they look like encrypted (in the TCP case). None of the messages I capture follow the Gnutella specification. They just have garbage (to me, but not to Limewire). The only way to recognize something (at least parts of it, in which case the packet follow the Gnutella specification) is when the queryhit arrives through UDP. I don't have a clue why this is happening because Gnutella is open and I should see all the fields of the protocol in the packet trace and easily recognize a queryhit. The same case for a query.

Do any of you have a clue why this is happening? I have done this with Bearshare and the same happens. Is there something I am missing here? I know queryhits might flow through the TCP connections, but encrypted??

thanks all!
Mike
Reply With Quote
 


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 09:18 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.