Bitcoin P2P Networking

Remember Napster and Kaaza ?  Two of the earlier and well-known file sharing sites that used P2P networking. Well, guess what…Bitcoin also uses P2P networking and is a distributed, world-wide, global network of nodes.

If you download the bitcoin software stack, you (your computer) become a node in the bitcoin global network.  Since it’s peer-to-peer networking, does this mean that you peer with all other nodes in the world ?  Of course that would be silly and the answer is no.

You do peer with 8 other nodes and using the Bitcoin Core software, you can find out the addresses of those 8 peers.

The “Debug Window” has a “Peers” tab that shows you the 8 nodes.  To verify that you have 8 peers, run the command “getconnectioncount” in the debug console window:

The next question is, who are those 8 connections ? In the debug console window you can run the command “getpeerinfo” and the output is quite verbose so we’ll omit it here.

An easier approach is to select the “Peers” tab in the Debug window and you’ll see the list of 8 connections with their IP and Port number. Further, if you select one of the nodes, you’ll get more detailed information, similar to the verbose output of the “getpeerinfo” command.

The node/service column shows the IPv4 or IPv6 address and the port number. The bitcoin protocol is port 8333 and the Bitcoin testnet is port 18333.  Bitcoin testnet is the network where you can try stuff out, develop, train, etc.  As shown above, this example is on the Bitcoin testnet.

Here’s what we know:

1. We have 8 peers
2. We know the peer IP address and port number of each of the 8 peers.

Here’s what we don’t know:

1. We don’t know what is being sent back and forth between our node and a peer node.

Wireshark to Sniff the Bitcoin P2P network

With Wireshark we can examine the packets contents between the local node and remote nodes, and we can isolate the traffic to a specific peering node using the Wireshark IP address filter.  The IP address is from the peering tab of the Debug window.

Looking at the info column, we see “getdata”, “inv” and “tx”.  These are 3 different bitcoin message types between the nodes –  there are many others.  The message getdata is typically a response to an “inv” message.. That is, the “inv” message is sent when a node is informing it’s peers that there is a bitcoin transaction. The peering node responds with a “getdata”, which is a request for the full bitcoin transaction details and then the node that sent the “inv” message will respond to the “getdata” with a “tx” message, which is the full transaction details.  Also note that any node can initiate the “inv” message.   A high-level flow is depicted below.

Once a node has verified that the transaction in the “tx” message is valid, the node will send it out to it’s other 7 peers as an “inv” message. As a ripple in water cascades out in all directions, so to does a “tx” message cascade out to all the bitcoin nodes throughout the world.