I have a pcap file which has traffic captured between the client and the server. Here, the server is a tracker and it looks like an announcement message from a Torrent client to the Tracker requesting to download a file.
The request looks like below:
GET http://tracker21.df6d4cf3-2787-4001-80ff-e8a23e7ff1ec.automated.snxd.com/?info_hash=%FEg%F6mth%90%5E%84%F6%F5z%E3%E8%DFu%E7%FA%14%0E&peer_id=<>&port=0&uploaded=0&downloaded=0&left=3760800 ......
The info hash looks like this: %FEg%F6mth%90%5E%84%F6%F5z%E3%E8%DFu%E7%FA%14%0E
I want to decode this info_hash. I believe wireshark has the capability to dissect the Bittorrent Protocol, however I am unsure of whether there is a way to make it decode the
info_hash and peer_id fields as well?
I have searched on Google for algorithm used to encode the info hash but not much success.
http://nakkaya.com/2009/12/03/bittorrent-tracker-protocol/
This is one reference, but I am trying to understand the algorithm. While doing that, I got this thought.
It would be great if we can get the info_hash, since this way we can conclude which file was being downloaded from the tracker.
Regards,
NeonFlash
