Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SRE Book Club - Linux - ch38 - tcpdump & Wireshark

Avatar for Rico Chen Rico Chen
September 24, 2020
Programming
0
61

SRE Book Club - Linux - ch38 - tcpdump & Wireshark

tcpdump & Wireshark usage

Avatar for Rico Chen

Rico Chen

September 24, 2020
Tweet

More Decks by Rico Chen

See All by Rico Chen
How to monitor Cosmos validator by Prometheus
Avatar for Rico Chen ricotoothless
0
630
how-to-choose-cicd-tools.pdf
Avatar for Rico Chen ricotoothless
0
120
SRE Book Club - Linux - ch45 - Where's socket buffer
Avatar for Rico Chen ricotoothless
0
170
COSCUP - Dynamic Jenkins Agent on Kubernetes
Avatar for Rico Chen ricotoothless
0
61
Taiwan CDK Meetup - Rookie operator's CDK journey
Avatar for Rico Chen ricotoothless
0
250
DevOps Taiwan 2020 Workshop - Jenkins CICD
Avatar for Rico Chen ricotoothless
0
96
SRE Book Club - Kubernetes - ch32-35 - Network
Avatar for Rico Chen ricotoothless
0
57
SRE Book Club - Kubernetes - ch22 - Job & CronJob
Avatar for Rico Chen ricotoothless
0
42

Other Decks in Programming

See All in Programming
エンジニアの「手元の自動化」を加速するn8n 2026.02.27
Avatar for 西尾義英 symy2co
0
180
仕様漏れ実装漏れをなくすトレーサビリティAI基盤のご紹介
Avatar for Kuniwak orgachem
PRO
7
3.1k
Agentic AI: Evolution oder Revolution
Avatar for Lars Roewekamp mobilelarson
PRO
0
190
ベクトル検索のフィルタを用いた機械学習モデルとの統合 / python-meetup-fukuoka-06-vector-attr
Avatar for monochromegane monochromegane
2
530
ロボットのための工場に灯りは要らない
Avatar for watany watany
12
3.2k
Linux Kernelの1文字のミスで 権限昇格ができた話
Avatar for rona rqda
0
2.1k
脱 雰囲気実装! AgentCoreを良い感じに WEBアプリケーションに組み込むために
Avatar for Takuya Yonezawa takuyay0ne
3
390
安いハードウェアでVulkan
Avatar for Fadis fadis
1
790
モダンOBSプラグイン開発
Avatar for Kaito Udagawa umireon
0
180
コードレビューをしない選択 #でぃーぷらすトウキョウ
Avatar for Takuma Kajikawa kajitack
3
1.1k
「効かない!」依存性注入(DI)を活用したAPI Platformのエラーハンドリング奮闘記
Avatar for Maki Hayashi mkmk884
0
180
20260228_JAWS_Beginner_Kansai
Avatar for Takuya Yonezawa takuyay0ne
5
620

Featured

See All Featured
The Hidden Cost of Media on the Web [PixelPalooza 2025]
Avatar for Tammy Everts tammyeverts
2
250
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
55
3.3k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
370
20k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
Avatar for Aleyda Solis aleyda
1
1.2k
The innovator’s Mindset - 
Leading Through an Era of Exponential Change - McGill University 2025
Avatar for Jean-Marc De Jonghe jdejongh
PRO
1
130
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
75
11k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
77
5.3k
Color Theory Basics | Prateek | Gurzu
Avatar for Gurzu gurzu
0
260
Crafting Experiences
Avatar for Bethany Jepchumba bethany
1
94
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
133
19k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
122
21k
<Decoding/> the Language of Devs - We Love SEO 2024
Avatar for Nikki Halliwell nikkihalliwell
1
160

Transcript

  1. CH38 怎麼使用 tcpdump 與 Wireshark 分析網路流量

  2. Agenda • CH38 overview • tcpdump • Wireshark • How

    to analyze network traffic? • Lab • Reference

  3. CH38 overview

  4. • Network analysis tool like tcpdump & Wireshark are common

    chose to troubleshoot network issue. • tcpdump only supports command line. On the other hand, Wireshark GUI can handle complex network environment.

  5. • PTR (pointer record) provides the IP address associated with

    a domain name. • PTR common uses for reverse DNS include: ◦ Anti-spam ◦ Troubleshooting email delivery issues ◦ Logging • Email service: Gsuite, AWS SES, SendGrid, MailGun

  6. tcpdump

  7. • A powerful command-line packet analyzer • tcpdump group github

    • tcpdump relate project • How about other command-line? • Wireshark CLI tools & scripting youtube

  8. Wireshark

  9. • A powerful GUI network protocol analyzer • Over 251000

    fields in 3000 protocols can filters • Open source with rich community support • SharkFest'20 at 10/12 ~ 10/16 • Many of tutorial resources

  10. How to analyze network traffic?

  11. • Start with client-side • Capture server and client traffic

    • Focus on time • The different environment with different filter • Keep your eye on the ball • (resource)

  12. Lab

  13. NLB EKS control plane traefik kube-op s-view

  14. NLB EKS control plane traefik kube-op s-view 115.43.40.158 10.1.8.23 10.1.11.24

    10.1.13.131 10.1.6.103 10.1.48.138 10.1.43.161

  15. • what is 169.254.169.254 • Dynamic Configuration of IPv4 Link-Local

    Addresses • EKS architectural overview • Elastic network interfaces

  16. NLB EKS control plane traefik kube-op s-view k-proxy

  17. • Application Load Balancer target type

  18. ALB EKS control plane traefik kube-op s-view k-proxy

  19. Reference

  20. • What is a DNS PTR record? • 鳥哥 DNS

    正反解 • tcpdump relate project • Wireshark CLI tools & scripting • tcpdump group github • Top 10 Wireshark Filters • Wireshark Display Filter Reference • Wireshark distribution command line

  21. • what is 169.254.169.254 • Dynamic Configuration of IPv4 Link-Local

    Addresses • EKS architectural overview • Elastic network interfaces • Network Load Balancer Support in Kubernetes 1.9 • Application Load Balancer target type