P2P Monitoring

Date: April 9, 2024

Transcript By:

Started working on this about 2 years ago; in 2021. After we accidentally observed the address flooding anomaly/attack
Primarily uses https://github.com/0xB10C/peer-observer to extract data from Bitcoin Core nodes with tracepoints.
The infrastructure also includes a fork-observer connected to each node as well as an addrman-observer for each node. Additionally, detailed Bitcoin Core debug logs are avaliable. The main part are the Grafana dashboards.
There’s a public version at public.peer.observer, which is redacted to not leak honeynode IP addresses. Happy to provide access to an internal version.
Grafana dashboard shown, for example:
- in and outbound P2P messages per node
  - observed drop in inbound version coming in when linking lion was down
- current inbound connections
- block connection duration
- transaction rejected from mempool
More automated alerting and anomaly detection is a todo.