Hey everyone,
I'm trying to capture the traffic from the p2p Lightning Network and analyze it with Wireshark or another packet capture tool. The problem is that the traffic is encrypted. Is there any node implementation out there that allows you to pull the key used for encrypting this traffic?
If anyone has suggestions on how to capture and read this traffic without needing to extract the key from the node, like maybe setting up a man-in-the-middle situation between the Node and the P2P network, I'd really appreciate any tips.
Thanks for your help!
Cheers,
SS
Assuming you are running the node and using LND as an example in the lnd.conf file you can specify the TLS certificate used:
https://docs.lightning.engineering/lightning-network-tools/lnd/lnd.conf
Not perfect and you won't get everything but anything connecting to your node can then be read.
As a cheat, if you just want to see what is going on in general you can setup a bunch of nodes that just talk to each other and read all of their traffic.
-Dave
Hi Dave,
Thanks for your answer!
Checking the link you provided, I'm only able to see configuration for the TLS certificate on RPC connections.
I don't know if the node will use the same certificate, but I'm looking to read the p2p network messages (gossip protocol). I mean, the messages that are sent between the nodes.
I just read though and did a quick search of
https://github.com/lightning/bolts/blob/master/07-routing-gossip.md
and did not see anything mentioning encryption.
Odd, but you have to have some certificate someplace that you send your side to when they connect.
Didn't check, IS it even encrypted? I mean it's 'sudo public' information being sent.
-Dave
I guess it is, for privacy and security reasons.
https://github.com/lightning/bolts/blob/master/08-transport.md
As far as I understand from here, it uses the node ID (a pubkey) to encrypt the traffic.
SS
It looks like it's a non-standard authentication method, not using TLS but it is using keys on the secp256k1 curve and a form of ECDH called Noise_XK.
In order to get the session key that is generated by this algorithm which encrypts the traffic, you'll have to find a utility which allows you to replicate the Noise_XK key exchange process.