Suggest an way to get the real IP of [insert.your.ip]

Mining
1

How about to use Wireshark to get the real IP of that notorious [insert.your.ip]?
You can filter out all the tcp packets containing “insert.your.ip”, and find the real source IP of those packets using following filter.

(tcp.port == 8800) and (tcp contains “insert.your.ip”)

I tried but my server went wrong and couldn’t identify NIC… :frowning:

Anyway, I’ve grepped any lines containing “insert.your.ip” in validator_debug.log, but I don’t know what connection_id means. Is it unique for every validator, or temporary id for each tcp connection?

$ docker exec sawtooth-validator-default tail -f /var/log/sawtooth/validator-debug.log | grep “insert.your.ip”
[14:14:15.679 [Thread-18] handlers DEBUG] Endpoint of connecting node is tcp://[insert.your.ip]:8800
[14:14:16.368 [Thread-14] gossip_handlers DEBUG] Got peer register message from 9b55f7a3dafd9d7e5fb3f9aef3377f8883afde3eee4b38711f1865feca3f7c4bdec32e28530f0b9657d52aacc9d5a0c7f810780f82f6b600edb9dd8290947d18 (tcp://[insert.your.ip]:8800, protocol v1)
[14:14:18.812 [Thread-17] handlers DEBUG] Endpoint of connecting node is tcp://[insert.your.ip]:8800
[14:14:18.842 [Thread-14] gossip_handlers DEBUG] Got peer register message from 303264d00da758fd2c318da2f87b5eca73386044842b8cfc0dcb16148b4ad04772a528f5ae684d8937480d28a912ae8eda2b9608063837b6f05858c1c9f99671 (tcp://[insert.your.ip]:8800, protocol v1)
[14:14:24.866 [Thread-17] handlers DEBUG] Endpoint of connecting node is tcp://[insert.your.ip]:8800
[14:14:24.938 [Thread-15] gossip_handlers DEBUG] Got peer register message from 830c9edc4b5560f7a14675e8f9fb0a65e78f37dcf095592037f984a407adec811aeec6144d6416691e43cae207ddd45085b67f536d8a2bf4303bc6139e505df9 (tcp://[insert.your.ip]:8800, protocol v1)
[14:20:13.451 [Thread-16] handlers DEBUG] Endpoint of connecting node is tcp://[insert.your.ip]:8800
[14:20:45.328 [Thread-19] handlers DEBUG] Endpoint of connecting node is tcp://[insert.your.ip]:8800
[14:20:45.644 [Thread-14] gossip_handlers DEBUG] Got peer register message from 0f584e2b52cf0a855aa524150d373f214a59b3aee630826c71dc429aa29907903488141bb93b33e988f2132bb6d69ed81bb3a2b482bc549c31ebfdfdc5ef32e6 (tcp://[insert.your.ip]:8800, protocol v1)
[14:21:09.224 [Thread-18] handlers DEBUG] Endpoint of connecting node is tcp://[insert.your.ip]:8800
[14:21:09.260 [Thread-14] gossip_handlers DEBUG] Got peer register message from c5534127d9bb436437cc1886bc65bc6f22d5385f45b44a6326b786730694cee63d04fd13dde0fa1e1a5cbe7dd07fcec61f1714819cd69a79f18d783051ff04db (tcp://[insert.your.ip]:8800, protocol v1)

2 Likes
2

This is the good way . I’ll try it

2 Likes
3

It works!

스크린샷, 2020-10-13 14-01-29
스크린샷, 2020-10-13 14-01-291476×732 102 KB

4

If you’re using Linux and can’t get the real network interface, try following.

Don’t forget to reboot your server after executing commands.

Now that you can select the real network interface, set the display filter as following.

(tcp.port == 8800) and (tcp contains “insert.your.ip”)

And wait to see IPs of the notorious [insert.your.ip]. :slight_smile:

3 Likes
5

thx sword! awesome work

1 Like
6

More sophisticated display filter so far…

(tcp.port == 8800) and ((tcp contains “insert”) or (tcp contains “tcp://[”))

I tried to find an way to search inadequate IP format using regular expressions, but in vain.
Display filter supports regular expression, but does not support matching strings in dynamic offset.
Any other suggestion will be welcomed.