Here I present some examples of BitTorrent protocol interactions.
Wireshark can be used to analyze BitTorrent protocol interactions in TCP/IP.
Remember that BitTorrent’s peer protocol operates over TCP or uTP. At the time of writing, Wireshark could identify correctly a uTP connection, but unfortunately would not decode its contents as a BitTorrent protocol session. It decodes it fine for TCP/IP connections.
The Handshake message flows in both directions, this means that each peer sends an handshake message to the other.
“Extended” message examples
In these messages we can see which extensions are supported by a peer / downloader.
Port, Interested, Unchoke example
A request for a piece of a file:
The reply with the piece’s data contents:
Not Interested example
Downloader Peers screenshots
Usually, when a peer is connected to another one, the remote peer appears in the “Peers” tab for a torrent.
Most virtualization platforms provide some sort of mechanism of communication between the the hypervisor and its guest virtual machines. “Open VM Tools” is a set of tools that implements such communication mechanisms for VMware™ virtual machines and hypervisors. In this book we analyze each of these these tools and APIs, from high-level usage to low-level communication details, between the guest and the host. This information can be used for a better understating of what actually happens when using a guest machine with these tools. It can also be used as inspiration for using and extending guest-hypervisor communication and penetration testing.
Just published a new tool vmhost_report.rb (and a paper about it) for VMware hypervisor fingerprinting. The tool is released with an open source license (GPL), you can use it freely.
In the paper, I show you how to determine hypervisor properties (such as hypervisor version or virtual CPU Limits) by running commands in the guest operating system, without any special privileges in the host machine running the hypervisor.
This can be useful for penetration testing, information gathering, determining the best software configuration for virtualization-sensitive and virtualization-aware software.
I have developed a reporting tool vmhost_report.rb that unifies all the presented methods, by running them all in sequence and gathering the information in a useful report that can be run from any guest system. Currently, Linux and Nested ESXi are supported.
You can run it as “ruby vmhost_report.rb“. It will return a lot of useful information in the vmhost_report.log file.
These reports can be used to learn a lot about VMware internals or a particular guest system or network. You can find report examples in the Paper’s “Annex A”.
Some of the described methods can be used even if the VMware Tools are disabled or not installed, or if some of the methods are disabled by host configuration. Some of the methods require “root” privileges, while others do not need it.