Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SRE Book Club - Linux - ch38 - tcpdump & Wireshark

Rico Chen
September 24, 2020
Programming
0
54

SRE Book Club - Linux - ch38 - tcpdump & Wireshark

tcpdump & Wireshark usage

Rico Chen

September 24, 2020
Tweet

More Decks by Rico Chen

See All by Rico Chen
How to monitor Cosmos validator by Prometheus
ricotoothless
0
560
how-to-choose-cicd-tools.pdf
ricotoothless
0
110
SRE Book Club - Linux - ch45 - Where's socket buffer
ricotoothless
0
130
COSCUP - Dynamic Jenkins Agent on Kubernetes
ricotoothless
0
58
Taiwan CDK Meetup - Rookie operator's CDK journey
ricotoothless
0
180
DevOps Taiwan 2020 Workshop - Jenkins CICD
ricotoothless
0
82
SRE Book Club - Kubernetes - ch32-35 - Network
ricotoothless
0
52
SRE Book Club - Kubernetes - ch22 - Job & CronJob
ricotoothless
0
36

Other Decks in Programming

See All in Programming
RWC 2024 DICOM & ISO/IEC 2022
m_seki
0
190
Thoughts and experiences on Rust and TypeScript
unvalley
2
220
TypeScript でバックもやるって実際どう? 実運用で困ったこと3選
yuichiro_serita
17
7.7k
物流システムにおけるリファクタリングとアーキテクチャの再構築 〜依存関係とモジュール分割の重要性〜
deeprain
1
1.2k
htmxって知っていますか?次世代のHTML
hiro_ghap1
0
260
採用事例の少ないSvelteを選んだ理由と それを正解にするためにやっていること
oekazuma
2
980
第5回日本眼科AI学会総会_AIコンテスト_3位解法
neilsaw
0
160
Criando Commits Incríveis no Git
marcelgsantos
2
160
Java 23の概要とJava Web Frameworkの現状 / Java 23 and Java web framework
kishida
2
400
CSC509 Lecture 14
javiergs
PRO
0
130
talk-with-local-llm-with-web-streams-api
kbaba1001
0
170
As an Engineers, let's build the CRM system via LINE Official Account 2.0
clonn
1
670

Featured

See All Featured
It's Worth the Effort
3n
183
28k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
VelocityConf: Rendering Performance Case Studies
addyosmani
326
24k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.2k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.4k
Done Done
chrislema
181
16k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.3k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
Speed Design
sergeychernyshev
25
660

Transcript

  1. CH38 怎麼使用 tcpdump 與 Wireshark 分析網路流量

  2. Agenda • CH38 overview • tcpdump • Wireshark • How

    to analyze network traffic? • Lab • Reference

  3. CH38 overview

  4. • Network analysis tool like tcpdump & Wireshark are common

    chose to troubleshoot network issue. • tcpdump only supports command line. On the other hand, Wireshark GUI can handle complex network environment.

  5. • PTR (pointer record) provides the IP address associated with

    a domain name. • PTR common uses for reverse DNS include: ◦ Anti-spam ◦ Troubleshooting email delivery issues ◦ Logging • Email service: Gsuite, AWS SES, SendGrid, MailGun

  6. tcpdump

  7. • A powerful command-line packet analyzer • tcpdump group github

    • tcpdump relate project • How about other command-line? • Wireshark CLI tools & scripting youtube

  8. Wireshark

  9. • A powerful GUI network protocol analyzer • Over 251000

    fields in 3000 protocols can filters • Open source with rich community support • SharkFest'20 at 10/12 ~ 10/16 • Many of tutorial resources

  10. How to analyze network traffic?

  11. • Start with client-side • Capture server and client traffic

    • Focus on time • The different environment with different filter • Keep your eye on the ball • (resource)

  12. Lab

  13. NLB EKS control plane traefik kube-op s-view

  14. NLB EKS control plane traefik kube-op s-view 115.43.40.158 10.1.8.23 10.1.11.24

    10.1.13.131 10.1.6.103 10.1.48.138 10.1.43.161

  15. • what is 169.254.169.254 • Dynamic Configuration of IPv4 Link-Local

    Addresses • EKS architectural overview • Elastic network interfaces

  16. NLB EKS control plane traefik kube-op s-view k-proxy

  17. • Application Load Balancer target type

  18. ALB EKS control plane traefik kube-op s-view k-proxy

  19. Reference

  20. • What is a DNS PTR record? • 鳥哥 DNS

    正反解 • tcpdump relate project • Wireshark CLI tools & scripting • tcpdump group github • Top 10 Wireshark Filters • Wireshark Display Filter Reference • Wireshark distribution command line

  21. • what is 169.254.169.254 • Dynamic Configuration of IPv4 Link-Local

    Addresses • EKS architectural overview • Elastic network interfaces • Network Load Balancer Support in Kubernetes 1.9 • Application Load Balancer target type