It looks cool but it seems like something that Wireshark can do much better.
What am I missing or getting wrong?
I am working on a new tool for bitcoin nodes, based on nostr:npub1kyxqqqq8n2pu7f5pthr48zqcmr2k52vrud6wxzjpg0jsqcyhs3tshfc6vv 's https://github.com/0xB10C/peer-observer work... I am forking it to create something a bit more hacker-friendly.
Introducing #bitcointap: a quick and easy way to tap into any bitcoin core node and extract traces in realtime
https://github.com/jb55/bitcointap
nostr:npub1kyxqqqq8n2pu7f5pthr48zqcmr2k52vrud6wxzjpg0jsqcyhs3tshfc6vv has done most of the hard work here. I am just making his tool a bit more unixy.
Discussion
This is just one trace, bitcointap can trace things other than network code
Another cool thing is you can use this like a library. You can tap data streams from bitcoind into rust programs directly
Additionally to the other responses in this thread, an increasing amount of Bitcoin P2P traffic should be encrypted, which makes it harder to analyze with network tcpdump style tools.