, BT protocol work process
The BT protocol consists of the. torrent file format, tracker HTTP/HTTPS protocol, and peer wire protocol (using TCP ). Among them, the tracker HTTP/HTTPS protocol is the communication protocol between the BT client and the tracker server, and the peer wire protocol is the communication protocol between the BT client.
Using Ethereal to track and analyze the specific interaction process of the BT protocol when downloading a file, combined with the BT protocol specifications, the working sequence of each BT protocol component is drawn (see figure 3 ).
Figure 3 sequence of Bt Components
3.1. torrent file structure
Figure 4 shows the main content of the. torrent file used for download. It adopts B encoding. B encoding is a simple data organization method. It supports four data types: byte strings, integers, lists, and dictionaries. The integers, lists, and dictionaries types Use the letters I, L, and D as the first delimiters, and the letters E as the last delimiters. The Byte strings type does not use the first or end delimiters. The format is <decimal String Length >:< string>. For example, 4: Spam indicates the string "spam ". These four data types are nested and constitute the content of the. torrent file. Replace spaces with the "*" sign for analysis.
Figure 4. Torrent File Content
Some of the main components are as follows:
● Announce: the URL of the tracker server, in this example: http://tracker.cnxp.com: 8080/announce.
● Announce-list: Optional. The URL list of the standby Tracker server, in this example: http://tracker.cnxp.com: 8080/announce, http://btfans.3322.org: 6969/announce, etc.
● Creation Date: Optional .. The date when the torrent file was created. The standard UNIX time is used. In this example, the value is 1152105243.
● Comment: Optional .. Description of any format added by torrent file producer.
● Created by: Optional. The tool used to create a. torrent file is bitcomet/0.67.
● Encoding: Optional. The encoding method used for published resources. In this example, GBK is used.
● Info: information of the published file. There are two formats: single file format and multi-file format. Single file formats include length, md5sum (optional), name, piece length, and pieces. Multiple file formats include files, name, piece length, and pieces, files includes length, path, and md5sum (Optional). Each file has a separate length, path, and md5sum (optional ). This example uses multiple file formats. There are two files in total: "Love undercover movie .txt" and "bbs.cnxp.com ".
3. word. rmvhe in dvdscr in Mandarin. The piece length is 262 144 bytes. The number of piece is 34 780.
The. torrent file also contains other options that can be recognized by clients as long as they follow the B encoding method.
3.2 tracker HTTP/HTTPS protocol
The BT client sends connection requests to the tracker server in the. torrent server in sequence to obtain the list of peers (mainly IP addresses and listening ports) that are downloading the file ). If the connection is successfully obtained, close the connection and try to establish a connection with the peer in the list. If the connection fails, try the next Tracker server.
The IP address of server tracker.cnxp.com is 61.129.77.239, the IP address of btfans.3322.org is 61.129.78.114, and the interaction process between BT client and Bt server is 5.
Figure 5 interaction between the BT client and the BT Server
By analyzing these groups, yi zhi group 702, 748 (group 702 re-transmission), 750, and 752 are three handshakes for establishing TCP connections. The BT client sends a request to the tracker server to obtain the peer list through group No. 753. Group No. 754 and group No. 755 are the response. Group 757-760 is the process of closing the connection. Next we will focus on the analysis of groups 753, 754, and 755.
The HTTP part of group 753 is shown in section 6. Use the "*" symbol instead of a space for analysis.
Figure 6 HTTP Content in group No. 753
The meanings of some components are as follows:
● Info_hash: The shal check code of info in the. torrent file, totaling 20 bytes. The tracker server finds the corresponding record in the release list.
● Peer_id: Unique Identifier of the BT client, generated at the startup of the client, a total of 20 bits. The algorithm for generating peer_id is not specified in Bt V1.0. Only the uniqueness can be guaranteed.
● Port: Provides the upload port number, that is, the monitoring port, which is usually set to 6641 ).
● Key: Optional. An extended uniqueness flag. This field can be used to mark the BT client even if the IP address is changed.
● Uploaded/downloaded: the number of bytes for upload/download (calculated from the number of "started" sent by the client to the tracker server). The server can use it for traffic analysis.
● Left: the number of bytes to be downloaded.
● Compact: compression mark. If the value is 1, it indicates the list of peers in the compressed format. 6 bytes indicates a peer (the first 4 bytes represent the IP address, and the last 2 bytes represent the port number ); 0 indicates no.
● Event: indicates the client status. It can only be one of three types: started, completed, and stopped.
In addition to the parameters contained in the preceding examples, the optional parameters include:
● IP: Optional. The IP address. If not, the server will find the IP address on its own.
● Numwant: Optional. The number of peers that the client wants to obtain from the tracker server.
● Trackerid: Optional. If trackerid is included in the previous announce, set the value here.
The server has a track program to manage these requests. After this code string is obtained, info_hash is used to find the list. If this code string is found, it can be downloaded. Next, it checks the IP address and port of the natcheck client to determine whether it is an intranet user or an Internet user (such as 10.10.10.x. Cannot be connected ). Next, the server returns the IP addresses and ports of all public network users who are currently Downloading this file (including the IP addresses and ports in group 754 and 755, which are returned in multiple parts due to the large amount of data returned ). Part of the data above HTTP 7 is shown.
Figure 7 partial data above HTTP
Among them, "1998:" and its previous parts use the ASCII character set, and "1998:" and the latter part is the binary number expressed in hexadecimal notation. The value of interval is 1 800. That is, the BT client can re-contact the tracker server at most once every 800 time units: the peers part has 1 998 bytes. According to the analysis of group No. 753, the BT client can compress the peer list. Therefore, the peer list returned by group No. 754 and group No. 755 is stored in compression mode, that is, 6
Byte represents a peer. For example, da40 91 E8 41 af represents 218.64.145.small: 16815, dd ea 3B 9f 7A 2f represents 221.234.59.149: 31279. The length of the Peer list is 1 998 bytes, that is, the number of returned peers is 333.