mirror of
https://github.com/cunnie/sslip.io.git
synced 2025-10-07 08:31:02 +08:00
359cf6b7df
Note: the two biggest users are Cypriot IP addresses:
```
2 106.52.50.235 <- Tencent
1 223.71.46.114 <- China Mobile
157 31.153.14.207 <- Cypriot
110 62.228.164.123 <- Cypriot
4 73.189.219.4 <- My home IP
```
`
38 lines
1.1 KiB
Markdown
38 lines
1.1 KiB
Markdown
### Tools for Exploring Log Files
|
|
|
|
To generate log files on, say, ns-aws:
|
|
|
|
```zsh
|
|
sudo journalctl -u sslip.io-dns -S yesterday > /tmp/sslip.io.log
|
|
```
|
|
|
|
A file which I subsequently copy to my Mac (warning: uses BSD-variant of tools
|
|
like `sed`, so you may need to tweak the following commands if you're on Linux):
|
|
|
|
[I use `cut` instead of `awk` because it's twice as fast (9.11s instead of 22.56s)]
|
|
|
|
To find the domains queried (95% sslip.io):
|
|
|
|
```zsh
|
|
# find all successful queries of A & AAAA records
|
|
grep -v '\. \? nil' < sslip.io.log |\
|
|
egrep "TypeA | TypeAAAA " |\
|
|
cut -d " " -f 10 > /tmp/hosts.log
|
|
sed -E 's=.*(\.[^.]+\.[^.]+\.$)=\1=' < hosts.log | tr 'A-Z' 'a-z' | sort | uniq -c | sort -n
|
|
```
|
|
|
|
```zsh
|
|
# find the most looked-up IP addresses using the above hosts.log
|
|
sort < /tmp/hosts.log | uniq -c | sort -n | tail -50
|
|
```
|
|
|
|
```zsh
|
|
# Who's trying to find out their own IP via ip.sslip.io?
|
|
sudo journalctl --since yesterday -u sslip.io-dns | \
|
|
grep -v "nil, SOA" | \
|
|
grep "TypeTXT ip.sslip.io" | \
|
|
sed 's/.*TypeTXT ip.sslip.io. ? \["//; s/"\]$//' | \
|
|
sort | \
|
|
uniq -c
|
|
```
|