networking

A government blocks a VPN with a one-line SNI rule. The fix is a custom relay on port 443. Tailscale could make this trivial for millions — but they haven't. There's a lot of confusion about how Myanmar actually blocks Tailscale. Some say it's DNS poisoning. Others claim the coordination server is blackholed. A few insist the WireGuard protocol itself is detected and dropped. None of that is corr…

The historic go-to solution for network booting is PXE. PXE is based on DHCP and TFTP. It is tricky to correctly configure, even trickier to make it highly available and good luck with the security with this clear-text unsigned protocol. The modern web has long standardized on HTTPS with TLS certificates for server authentication, integrity and confidentiality. Moreover, highly available setups a…

One of the first networking concepts that confused me was this: Why does a computer need both a MAC address and an IP address? At first glance, they seem to solve the same problem. Both appear to identify a device. Both show up in networking tools. Both appear in packet captures. So why do we need two different addresses? While exploring Linux networking tools and Wireshark, the distinction final…

I run a transparent OPNsense bridge between a UniFi Dream Machine Pro and the rest of my LAN. It is deliberately boring at Layer 3: the UDM keeps routing, DHCP, DNS, firewall policy, WAN handling, and VLAN definitions. OPNsense sits inline as a Layer 2 bump in the wire. The interesting part is that both sides of that bump use LACP . I already wrote the build/configuration guide for this setup her…

I made a simple L2 network for a test. There are 2 L2 switches and 2 hosts (Ubuntu 22.04). They consist of a network like below: The Hosts has 2 NICs and they have their own IP. Both of switches have ...

Network monitoring is one of the most fundamental responsibilities of a system administrator or network engineer. When traffic slows down, an application becomes unresponsive, or there's a suspicion of a security vulnerability, one of the first places we look is the network layer. At this point, we have two powerful tools, but with different philosophies: SNMP and NetFlow. The question of which i…

How a 30-year-old protocol lets you punch through firewalls, protect your traffic, and access anything, from anywhere There's a feature baked into every SSH client on the planet that most developers use maybe once a year — if at all. It's not glamorous. It doesn't have a flashy dashboard. But once you understand SSH tunneling, you'll wonder how you ever worked without it. This article covers what…

The Layer That Connects the World The Data Link Layer helps devices communicate within the same local network. But what happens when your laptop in Karachi needs to reach a web server in Tokyo, London, or New York? Local delivery is no longer enough. Your data must travel across multiple networks, internet providers, routers, and international backbone connections before reaching its destination.…

Whenever thousands or even millions of users open an application at the same time, one big question arises: "How does a single website handle so much traffic without crashing?" The answer is usually a Load Balancer . A load balancer sits between users and backend servers and distributes incoming traffic intelligently. Instead of this: Users --> One Server Modern systems work like this: Users --> …

From Raw Signals to Organized Communication In the previous article, we explored the Physical Layer, where data exists as electrical signals, light pulses, or radio waves. Those signals can travel between devices, but there's a problem: Signals alone don't tell us who should receive the data. A network needs a way to identify devices and organize communication. That's exactly what the Data Link L…

What Is SSH? SSH — Secure Shell — is a cryptographic network protocol that lets you securely connect to remote machines, transfer files, tunnel traffic, and automate infrastructure operations over any network, including the open internet. It was created in 1995 by Tatu Ylönen as a direct response to a password-sniffing attack at his university. In the thirty years since, it has become the foundat…

Every new system or network engineer in the industry often starts by segmenting the existing network into slices, all in the name of "securing" it. In my 20 years of field experience, I've seen dozens of colleagues define 15 different VLANs even in 50-user offices, only to be crushed under the weight of their own rules. The answer to the question, Why is VLAN Segmentation Overhyped in Small Netwo…

A lot of network engineers learn their best lessons in home labs, especially the lessons that do not fit neatly into certification tracks or production change windows. They are also where things can get messy quickly. One folder has topology notes. Another has Ansible experiments. A diagram lives somewhere else. Remote access was configured once and then forgotten. Screenshots include details tha…

I built a detailed visual diagrams for the Transmission Control Protocol (TCP) — one of the core protocols powering the internet, that operates at the Transport Layer (Layer 4) of the OSI model. I broke down: 🔹 TCP Segment Structure: - Source & destination ports Sequence number Acknowledgment number Flags (SYN, ACK, FIN, RST, PSH, URG) Window size Checksum Options & payload Here the full animated…

Your router acts as a local network’s traffic manager. It is responsible for sending data coming from the internet to the correct device in your home. Let's break down exactly how that happens. 1. The Request When you search for youtube.com , your device sends a request out to the internet. Because the internet communicates via IP addresses rather than domain names, this request is first resolved…

A single hijacked prefix can route a chunk of payment traffic into a stranger's network for half an hour before anyone notices. For a payment provider, that is not a routing incident. It is a regulatory event, an exposed-traffic incident, and an auditor knocking on Monday morning. This post walks through the BGP edge hygiene we ran in production at a national fintech: what we filtered, how we aut…

Internet Architecture describes how data is organized, transmitted, and managed across networks. Different architectural models serve different needs, some offer a straightforward client-server setup (like a website), while others rely on a more distributed approach (like file-sharing platforms). Peer-to-Peer (P2P) Architecture This is when computers and devices are linked directly to each other …

A Wireshark dissector for DVRIP/Sofia protocol found on Xiongmai based IP cameras. Full working dissector code is available at a DVRIP analysis repository . Full writeup of a sample IP camera on which this dissector was tested is available at Besder 6024PB-XMA501 IP camera security investigation repository. Table of Contents Usage Linux Windows Test Device DVRIP/Sofia Headers DVRIP/Sofia Message …

As we have talked about before, the Internet relies on numerical addresses, IP addresses to route data from one device to another. IPv4 offers around 4.3 billion addresses, we have discussed that that is not enough. While there is IPv6, another solution to this issue is through Network Address Translation (NAT) NAT allows multiple devices on a private network to share a single public IP address. …

The server is on a Gbit link. ethtool confirms 1000 Mbps on the interface. And yet every SFTP transfer caps out somewhere around 800 KB/s. Not 80 MB/s — 800 kilobytes per second. Less than 1% of the theoretical capacity. The problem isn't bandwidth. It's a stack of bad defaults: a congestion control algorithm designed for year-2000 networks, microscopically small NIC ring buffers, and application…