Merge pull request #20 from probe-lab/yiannisbot-ants-readme-update

Update README.md for `ants-watch`
probe-lab · Nov 21, 2024 · 64c7ad7 · 64c7ad7
2 parents fc77fd0 + 1170223
commit 64c7ad7
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -12,13 +12,17 @@ Authors: [guillaumemichel](https://github.com/guillaumemichel), [kasteph](https:
 
 ## Overview
 
-* `ants-watch` is a DHT honeypot monitoring tool, logging the activity of all DHT nodes.
-* It spawns `ants` at targeted locations in the keyspace to _occupy_ and _watch_ the full keyspace.
+* `ants-watch` is a DHT honeypot monitoring tool, logging the activity of all nodes in a DHT network.
 * An `ant` is a lightweight [libp2p DHT node](https://github.com/libp2p/go-libp2p-kad-dht), participating in the DHT network, and logging incoming requests.
+* `ants` participate in the DHT network as DHT server nodes. `ants` need to be dialable by other nodes in the network. Hence, `ants-watch` must run on a public IP address either with port forwarding properly configured (including local and gateway firewalls) or UPnP enabled.
+* The tool releases `ants` (i.e., spawns new `ant` nodes) at targeted locations in the keyspace in order to _occupy_ and _watch_ the full keyspace.
+* The tool's logic is based on the fact that peer routing requests are distributed to `k` closest nodes in the keyspace and routing table updates by DHT client (and server) nodes need to find the `k` closest DHT server peers to themselves. Therefore, placing approximately 1 `ant` node every `k` DHT server nodes can capture all DHT client nodes over time.
+* The routing table update process varies across implementations, but is by default set to 10 mins in the go-libp2p implementation. This means that `ants` will record the existence of DHT client nodes approximately every 10 mins (or whatever the routing table update interval is).
 * Depending on the network size, the number of `ants` as well as their location in the keyspace is adjusted automatically.
 * Network size and peers distribution is obtained by querying an external [Nebula database](https://github.com/dennis-tra/nebula).
 * All `ants` run from within the same process, sharing the same DHT records.
-* The `ant queen` is responsible for spawning and monitoring the ants as well as gathering their logs and persisting them to a central database.
+* The `ant queen` is responsible for spawning, adjusting the number and monitoring the ants as well as gathering their logs and persisting them to a central database.
+* `ants-watch` does not operate like a crawler, where after one run the number of DHT client nodes is captured. `ants-watch` logs all received DHT requests and therefore, it must run continuously to provide the number of DHT client nodes over time.
 
 ### Supported networks