7 Attachment(s)
"How To" capture announces with Wireshark. [Limited to Http trackers only]
Hello sb-innovation members,
This tutorial will cover everything from capturing announces to viewing them with Wireshark. As you all must know, Wireshark can run on many of Operating Systems. So this guide can be beneficial to all.
Official Download Link: https://www.wireshark.org/download.html
Software(s) needed for this tutorial.
1) Notepad (To copy and save the data)
2) Torrent Client (A client which needs to be explored for many a reasons) [Vuze will be used in this case]
3) Wireshark (A network adapter sniffing tool)
4) Torrent File (Preferably with a http tracker) *No HTTPS Trackers or DDLs*
Now that we gotten our requirements straight, Let us get started!
1) Launch your Torrent Client and stop all torrent from running (i.e, Stop all torrent)
[Picture: Attachment 18110]
2) Start up Wireshark.
3) Fill in the filter with "http" or "http.request or http.response"
4) Click on Apply
5) Choose the "any" interface
6) Click on the start button.
[Picture:Attachment 18111]
7) Start one or more torrent.
[Picture:Attachment 18112
8) Check Wireshark interface for captured announce.
[Picture: Attachment 18134]
9) Right click on the announce url and choose "Follow TCP Stream"
[Picture: Attachment 18135]
Now you can copy your data to a notepad and save it or save it as any other format via Wireshark.
Other Options to view package information
1) In case you only want to copy more than one announce to the clipboard, use the Copy option. i.e, after you find the Announce link having the HTTP protocol. Right click on the link->Copy->Bytes->Printable Text Only.
[Picture of the data copied to the clipboard-Attachment 18136]
2) In case you want to view more than one announce, use the "Show Packet in New Window" Option. i.e., after you find the Announce link having the HTTP protocol. Right click on the link->Show Packet In New Window. This will open up the entire packet information covering:
1) Frame: Covers information regarding- interface id, encapsulation type, arrival time, package shift time, Epoch time, Time delta, frame number, frame length, captured length
2) Adapter Information (Usually Internet Connection 1,2,3....) (In my case it is Ethernet II): Covers information regarding- Local address, Source Address etc.
3) Interner Protocol Version 4: Covers information regarding- Version, length, Flags, Protocols.
4) Interner Protocol Version 6 (If IPv6 is used through on the Torrent Client.): Covers information regarding- Version, length, Flags, Protocols
4) Transmission Control Protocol (Source Port to Destination Port): Covers information regarding- Streams, Ports, Checksums, headers.
5) Hypertext Transfer Protocol: Covers information regarding- announce url, request method, request uri, request version, connection type, host, user agent.
[Picture - Attachment 18137
You can use also Wireshark, to capture HTTPS announce headers however, that requires adding the servers's SSL key, Ip, Port, Username, Passoword etc. If you plan to capture announces on a SSL(HTTPS) tracker try this tutorial here: https://support.citrix.com/article/CTX116557
So that about sums it up. If you do have questions, or think something that must be added here let me know.
~cloud99