Hi Mike,

I have the same problem as you with wireshark and the packets return by my gnutella client (gtk-gnutella).

The data are not encrypted but compressed with zlib.

As someone a solution to see easily the gnutella protocol packets in wireshark or should I write some code to decompress the stream received from the ultrapeers ?

Thanks in advance for your answers.

Regards
Yodoloi

hello Yodoloi,
I didn't recall the deflate option used at the beginning of the handshake by the time I wrote this post. What I did is that I used the Limewire source and modified the source for it to send everything not compressed.
I was lazy enough to write the code to decompress it. A cool thing would be though if the libraries used by Wireshark (libpcap or winpcap) had the option of decompressing the payload of a packet, like you said. That would save a lot. And it doesn't sound unreasonable. I actually wrote a program to detect gnutella traffic. I will try to find something like that and post it here.
Mike

hello Mike,

Could you tell me which file did you modify on the limewire code.
I tried to search some library for wireshark and to recompile wireshark on my linux computer with differents options, but without success to decompress the packets on wireshark.

Actually I'm trying to write a littel client (juste with the basic fonctionality ping, pong, query, query hit, bye) in C# for my Master project, and I think in the beginning I will not use the deflate option, I don't know if it's a good idea but for the moment it's the fatest way to have a prototype working in a short time.
Juan

Hello Juan,
the file is the following:
LimeWire/core/com/limegroup/gnutella/settings/ConnectionSettings.java

Two lines I changed:

157:
FACTORY.createBooleanSetting("ACCEPT_GNUTELLA_DEFL ATE", true);
I changed the true for a false
FACTORY.createBooleanSetting("ACCEPT_GNUTELLA_DEFL ATE", false);

167:
FACTORY.createBooleanSetting("ENCODE_GNUTELLA_DEFL ATE", true);
I changed the true for a false
FACTORY.createBooleanSetting("ENCODE_GNUTELLA_DEFL ATE", false);

I don't recall changing anything else.

I know also is not the best idea, but I am on the same situation, for prototype purposes.

Hope it helps!
mikejim

Hello Mikejim,

Thanks for your help,

I modified the limewire files and took some captures with wireshark to "try" to understand how the gnutella protocol works.

Regards
Juan

Hi, the query and query hit is transmit using udp or tcp?

Where can I know which message using tcp or udp of limewire,I just find little udp message such as ping ,pong when bootstrap and handshake,why?

If the limewire using tls encryption,then we don't see the content using wireshark,isn't it?