I ran two IPFS's with disabled encryption (--disable-transport-encryption), added the nodes to the bootstrap (otherwise it doesn't work) and captured its traffic with wireshark.
You add to bootstrap like this:
ipfs bootstrap add /ip4/[ip where to connect]/tcp/[port]/ipfs/[peer id]
ipfs bootstrap add /ip4/10.0.0.1/tcp/4001/ipfs/QmaRmsQ2BfJFqRkqgd3MEPTgP3vrvwh5FTWPxf1irF1jtR
I started sniffing without IPFS's started, then I started them and ran ping while sniffing, then ended.
I've saved the
pcapng dump on IPFS, https://ipfs.io/ipfs/QmVYdhiH4XW32fdMWptwFVFhYKjsfn54xUPhXZTNZC8zPY
Seems that it's a bit more complex.
I also don't understand why
/multistream/1.0.0 gets repeated so often. Seems like a lot of overhead.