What We Will Learn In this article, we will learn how to: Generate random syslog messages using the logger utility Modify packet captures using Tcprewrite Replay packets (pcap/pcapng files) in a controlled way and locally using Tcpreplay with the help of tc and network namespaces on Linux machines These will be the main takeaways from this article. Although there are some more details, which you can explore further. I have tested these steps on four different machines with various differences...| thegraynode.io
The following post is about a challenge that we encountered at work while extending an in-house-built program that provides automation for 14,000 network devices in our infrastructure. Although we will cover synchronous, asynchronous and threading methods of executing code, the intention of this post is not to go into details of how these methods operate under the hood and rather how they behave in the real world in I/O bound scenarios.| thegraynode.io
Introduction In this post, we will learn about a useful tool called the bpftool which is a command-line utility in Linux for interacting with eBPF programs and maps. It allows you to perform various operations such as loading and attaching programs, manipulating maps, and retrieving information about eBPF objects. I highly recommend reading this post first, which explains the details discussed here, since this post is intended to serve as more of a cheat sheet rather than a very detailed one,...| thegraynode.io
Introduction In this post, we will learn about portable or relocatable eBPF programs. You might wonder, can we not just copy our compiled program to another machine with the same CPU architecture and run it like any other program? Well, usually not. eBPF programs are more unique and rightfully so. They run directly in the kernel space and miss out on some of the help and abstractions that normal programs benefit from.| thegraynode.io
My Journey This section is about my background. Feel free to skip to the next one to read about eBPF. I started off my career as a network engineer and soon after, got into security. My fascination with optimizing networks and troubleshooting them paved the way to not be afraid of capturing packets using Wireshark or TCPDUMP and diving into them to fish out issues. Studying and working with all these concepts, protocols and the ability to influence and modify network traffic felt amazing and ...| thegraynode.io
Introduction In this post we will write the user space part of our eBPF program, flat to calculate and display the network latency using the data we gather in the kernel space program. Make sure to check out the previous posts to be able to follow the details of this article. eBPF primer Setup an eBPF Development Environment Building an Efficient Network Flow Monitoring Tool with eBPF - Part 1 Network Headers Building an Efficient Network Flow Monitoring Tool with eBPF - Part 2 I have made so...| thegraynode.io
Introduction In this post we will pick up where we left off and write the backend or kernel space eBPF code for our program, flat to monitor the network latency in a very efficient way. Make sure to check the previous posts to get up to speed with what we are about to build. eBPF primer Setup an eBPF Development Environment Building an Efficient Network Flow Monitoring Tool with eBPF - Part 1 Network Headers The Big Picture As described in part 1 of this series, our kernel space code needs to...| thegraynode.io
What is TCPDUMP? TCPDUMP is a powerful tool used to capture and analyze network traffic. Starting from version 4.99 it has added a new feature that allows us to view the interface names in its output. This is a useful addition, especially on systems that have multiple NICs as it allows users to easily identify the specific network interface that is processing the traffic. Prior to this feature, users had to manually determine the interface name by running multiple instances or get creative, w...| thegraynode.io
Network Headers While writing the part two of Building an Efficient Network Flow Monitoring Tool with eBPF, I felt the need to visualize and lay out a foundation on how packet headers are defined in the Linux kernel to make it easier to grasp the concepts there. Initially, I was embedding the contents of this blog there but I noticed it would turn into a pretty long or perhaps a boring read.| thegraynode.io
Introduction In this post we will learn about the big picture and how to structure our eBPF program named flat to monitor network latency. We will mostly talk about preliminaries and write a very minimal eBPF program to get a feel of how things work together. Make sure to check the previous posts to get up to speed with what we are about to build. eBPF primer Setup an eBPF Development Environment The Plan In order to measure the latency of network traffic, we need to match the related ingress...| thegraynode.io
Introduction In the previous post, I wrote about what eBPF is and the network latency tool that we are going to write. This post will walk you through the tools you need to follow along. Preliminary Requirements Let’s quickly discuss what we need to start. The Operating System And Hardware I have chosen to go with an Ubuntu 20.04.6 LTS machine with these specs: 4GB RAM Intel CPU with 2 cores Don’t stress over the hardware.| thegraynode.io
Overview Environment variables are a simple and popular option to avoid hard-coding credentials into your code or build files, while eliminating the risk of accidentally pushing sensitive information to Git. Most importantly, utilizing them in your programs is very easy. Say, you want to retrieve the username and password of your firewall in a Python program. This is all you have to do: import os fw_username = os.getenv('FIREWALL_USER', None) fw_password = os.| thegraynode.io
Overview Since ChatGPT’s release back in November 2022, I have been playing with it for various subjects, from network infrastructure questions, programming and all the way to conflict management. I must admit that it is an exceptional technological feat, and for the most part, it can provide answers that are on point. Although, initially it was much more “intelligent” and now it seems like it is nerfed down a bit.| thegraynode.io
A Bit of a Backstory During the many years that I have been privileged working at many different companies and through those, with other ones, I would say the most critical one was a multi-data center company that was handling millions of requests per day and I was in charge of the perimeter network and overall data center network infrastructure security. In that setup, even a second of downtime was unacceptable and justifiably so, due to the nature of the applications that were hosted there ...| thegraynode.io
If you have ever wondered what paths packets take to traverse networks, chances are that you have used or heard of traceroute. traceroute or some variant of it is available on almost all operating systems. My experience with traceroute began when I was just beginning to learn networking and was eager to determine the distance between a server and my machine. I used it on every server or website that I used to regularly visit, watching in awe as the green texts would fill up my terminal window.| thegraynode.io
Why Do You Need Different Python Versions? Why would you want to install another Python version than the one your system already ships with? Well, the default Python version that is bundled with your system is usually way too old and might not have what you need. For instance, Python 3.11 is now 10~60% faster than 3.10 which is a huge improvement and can improve your applications and scripts runtime.| thegraynode.io