Enabling security analysis and education of the Ethereum platform: A network traffic dissection tool
Preferred Name
Joshua Kemp
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License
Date of Graduation
5-11-2023
Semester of Graduation
Spring
Degree Name
Master of Science (MS)
Department
Department of Computer Science
Second Advisor
Mohamed Aboutabl
Third Advisor
M. Heydari
Fourth Advisor
Brett Tjaden
Abstract
Ethereum, the decentralized global software platform powered by blockchain technology known for its native cryptocurrency, Ether (ETH), provides a technology stack for building apps, holding assets, transacting, and communicating without control by a central authority. At the core of Ethereum’s network is a suite of purpose-built protocols known as DEVP2P, which provides the underlying nodes in an Ethereum network the ability to discover, authenticate and communicate confidentiality. This document discusses the creation of a new Wireshark dissector for DEVP2P’s discovery protocols, DiscoveryV4 and DiscoveryV5, and a dissector for RLPx, an extensible TCP transport protocol for a range of Ethereum node capabilities. Network packet dissectors like Wireshark are commonly used to educate, develop, and analyze underlying network traffic. In support of creating the dissector, a custom private Ethereum docker network was also created, facilitating the communication amongst Go Ethereum execution clients and allowing the Wireshark dissector to capture live network data. Lastly, the dissector is used to understand the differences between DiscoveryV4 and DiscoveryV5, along with stepping through the network packets of RLPx to track a transaction executed on the network.
Included in
Computer and Systems Architecture Commons, Digital Communications and Networking Commons