cpt9m0 · January 25, 2026 09:42
diff --git a/tcpdump_top_countries.sh b/tcpdump_top_countries.sh
 #!/usr/bin/env bash
 set -euo pipefail

 CAPTURE_SECONDS="${CAPTURE_SECONDS:-15}"
 TOP_N="${TOP_N:-25}"

 echo "=== Conduit Country Tracker (Top Countries) ==="

 echo ""
 echo "[1/4] Installing required tools..."
 sudo apt-get update -y
 sudo apt-get install -y tcpdump geoip-bin gawk coreutils grep sed

 echo ""
 echo "[2/4] Detecting primary network interface..."
 IFACE="$(ip route get 1.1.1.1 2>/dev/null | awk '{for(i=1;i<=NF;i++) if($i=="dev") {print $(i+1); exit}}' || true)"
 if [[ -z "${IFACE}" ]]; then
  IFACE="$(ip route | awk '/^default /{print $5; exit}' || true)"
 fi
 if [[ -z "${IFACE}" ]]; then
  echo "ERROR: Could not detect network interface."
  echo "Run: ip route get 1.1.1.1"
  exit 1
 fi
 echo "Detected interface: ${IFACE}"

 echo ""
 echo "[3/4] Capturing inbound traffic for ${CAPTURE_SECONDS}s on ${IFACE}..."

 # Capture inbound packets and extract public source IPs
 IPS="$(
  sudo timeout "${CAPTURE_SECONDS}" tcpdump -ni "${IFACE}" 'inbound and (tcp or udp)' 2>/dev/null \
    | awk '{print $3}' \
    | cut -d. -f1-4 \
    | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' \
    | grep -vE '^(10\.|127\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|192\.168\.)' \
    | sort -u || true
 )"

 if [[ -z "${IPS}" ]]; then
  echo "No public inbound IPs captured in ${CAPTURE_SECONDS}s."
  echo ""
  echo "Common reasons:"
  echo " - Conduit has 0 clients right now (nothing inbound)."
  echo " - The VPS is very quiet during the capture window."
  echo ""
  echo "Try:"
  echo " - Increase CAPTURE_SECONDS=300"
  echo " - Check: docker logs conduit --tail 30"
  exit 0
 fi

 echo "Captured $(echo "${IPS}" | wc -l | tr -d ' ') unique public source IP(s)."
 echo ""

 echo "[4/4] Top Countries (ranked):"
 echo "---------------------------------------------"
 echo "${IPS}" \
  | xargs -n1 geoiplookup \
  | awk -F: '{print $2}' \
  | sed 's/^ *//' \
  | awk 'NF' \
  | sort \
  | uniq -c \
  | sort -nr \
  | head -n "${TOP_N}"
 echo "---------------------------------------------"
 echo "Done."
	#!/usr/bin/env bash
	set -euo pipefail

	CAPTURE_SECONDS="${CAPTURE_SECONDS:-15}"
	TOP_N="${TOP_N:-25}"

	echo "=== Conduit Country Tracker (Top Countries) ==="

	echo ""
	echo "[1/4] Installing required tools..."
	sudo apt-get update -y
	sudo apt-get install -y tcpdump geoip-bin gawk coreutils grep sed

	echo ""
	echo "[2/4] Detecting primary network interface..."
	IFACE="$(ip route get 1.1.1.1 2>/dev/null \| awk '{for(i=1;i<=NF;i++) if($i=="dev") {print $(i+1); exit}}' \|\| true)"
	if [[ -z "${IFACE}" ]]; then
	IFACE="$(ip route \| awk '/^default /{print $5; exit}' \|\| true)"
	fi
	if [[ -z "${IFACE}" ]]; then
	echo "ERROR: Could not detect network interface."
	echo "Run: ip route get 1.1.1.1"
	exit 1
	fi
	echo "Detected interface: ${IFACE}"

	echo ""
	echo "[3/4] Capturing inbound traffic for ${CAPTURE_SECONDS}s on ${IFACE}..."

	# Capture inbound packets and extract public source IPs
	IPS="$(
	sudo timeout "${CAPTURE_SECONDS}" tcpdump -ni "${IFACE}" 'inbound and (tcp or udp)' 2>/dev/null \
	\| awk '{print $3}' \
	\| cut -d. -f1-4 \
	\| grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' \
	\| grep -vE '^(10\.\|127\.\|172\.(1[6-9]\|2[0-9]\|3[0-1])\.\|192\.168\.)' \
	\| sort -u \|\| true
	)"

	if [[ -z "${IPS}" ]]; then
	echo "No public inbound IPs captured in ${CAPTURE_SECONDS}s."
	echo ""
	echo "Common reasons:"
	echo " - Conduit has 0 clients right now (nothing inbound)."
	echo " - The VPS is very quiet during the capture window."
	echo ""
	echo "Try:"
	echo " - Increase CAPTURE_SECONDS=300"
	echo " - Check: docker logs conduit --tail 30"
	exit 0
	fi

	echo "Captured $(echo "${IPS}" \| wc -l \| tr -d ' ') unique public source IP(s)."
	echo ""

	echo "[4/4] Top Countries (ranked):"
	echo "---------------------------------------------"
	echo "${IPS}" \
	\| xargs -n1 geoiplookup \
	\| awk -F: '{print $2}' \
	\| sed 's/^ *//' \
	\| awk 'NF' \
	\| sort \
	\| uniq -c \
	\| sort -nr \
	\| head -n "${TOP_N}"
	echo "---------------------------------------------"
	echo "Done."
No results found