<dennis_tra:matrix.org> Hi folks, this is Dennis! I'm a computer network researcher and I'm just getting started looking into Monero. I'm a co-founder of ProbeLab probelab.io where we do p2p protocol research, measurements and optimizations.

<dennis_tra:matrix.org> I'm the author of github.com/dennis-tra/nebula, an agnostic network crawler, which I've adjusted to crawl the Monero network. I was able to identify that ~25.4k unique IP:Port combinations are shared in the initial handshake when recursively contacting all nodes in the network (just ran another crawl a few minutes ago) [... too long, see mrelay.p2pool.observer/e/lc656OMKaGhoZGcy ]

<dennis_tra:matrix.org> In the other channel (Monero Research Lounge) I was pointed to monero.fail/map which reports ~17.4k peers and also moneronet.info which reports ~5.4k nodes (much closer to what I get). I'm interested in the following:[... more lines follow, see mrelay.p2pool.observer/e/lc656OMKaGhoZGcy ]

<sgp_> Welcome

<syntheticbird> Hi there Dennis. Very interesting work that you've been doing. Do not mind the little silence in chat, there are several members that worked extensively on network mapping and spy nodes countermeasures. So all we can do is wishing you a welcome and wait for them to answer your questions

<syntheticbird> May this begin to satisfy your thirst I can confidently answer 5. . Yes, monerod maintains a bigger list internally (which has a maximum of several thousands white peers iirc), You are indeed served a random sample of 250 peers.

<syntheticbird> Monerod do not communicate to you "gray peers" which are peers that it hasn't established connection to yet. So it make sense to repeatedly handshake with a monero node to extract a maximum of its address book

<syntheticbird> I love matrix lagging

<rucknium> @dennis_tra:matrix.org: "What is counted by monero.fail/map? Is it also unique IP:Port? What's the aggregation time window?" I'm not sure. You can look here: github.com/lalanza808/monero.fail

<rucknium> "How are spy nodes identified? Is there a methodology written up somewhere or is that confidential?" It's here: github.com/Boog900/p2p-proxy-checke…r?tab=readme-ov-file#how-this-works . I took the code from boog's repo and set it to collect more data here: github.com/Rucknium/xmrnetscan/tree/main/src/rust

<rucknium> "The crawler is performing a handshake with every peer it discovers. What information can I extract from the handshake that is worth capturing?" I store everything IIRC. p2p port, RPC port, pruning seed, peer id, support flags, core sync data, shared peer list. github.com/Rucknium/xmrnetscan/blob/main/src/rust/src/main.rs

<rucknium> github.com/ykpyck/monero-traffic-analysis collects every packet with wireshark. This is the paper: arxiv.org/abs/2509.10214 Kopyciok, Y., Schmid, S., & Victor, F. (2025). Friend or Foe? Identifying Anomalous Peers in Moneros P2P Network.

<rucknium> "Is there potentially another API exposed on Monero nodes which the crawler could call to get even more information?" Yes. You could try the RPC port of the nodes if they are open. You could make a get_info request. docs.getmonero.org/rpc-library/monerod-rpc/#get_info Some of the info is not disclosed in a node's re [... too long, see mrelay.p2pool.observer/e/xMy18OMKX21NblVl ]

<rucknium> "Would it make sense to connect repeatedly to get more nodes?" You could try that, but the responding node may block (ban) your IP address if it thinks you are misbehaving. I don't think you will get many more, if any, additional nodes by contacting the same node more than once instead of just contacting other nodes, who have overlapping peer lists.

<rucknium> The spy node ban list is here: github.com/Boog900/monero-ban-list

<rucknium> You can get historical data from my webapp through its API: api.moneronet.info/__docs__/#/default

<rucknium> This is the PR and research supporting a spy node countermeasure that was deployed last year: github.com/Rucknium/misc-research/b…onero-peer-subnet-deduplication.pdf and monero-project/monero #9939

<rucknium> More info about the spy node ban list: monero-project/meta #1124

<dennis_tra:matrix.org> Oh so many great pointers! I have a lot to read through. And great to see existing numbers to which I can compare my results with! I'm already afk into the weekend and will only be able to check out the links in detail next week. I'll certainly circle back here! Thanks a lot 🙏

<rucknium> @dennis_tra:matrix.org: You're welcome. Looking forward to your thoughts on it.