Archives: Networking

What is bro and how to install bro on debian 8 No ratings yet.

Bro, or sometimes referred to as Bro-IDS is a bit different than Snort and Suricata. In a way Bro is both a signature and anomaly-based IDS. Its analysis engine will convert traffic captured into a series of events. An event could be a user logon to FTP, a connection to a website or practically anything. • Read More »



DTLS, DTLS-SRTP No ratings yet.

DTLS:  Basically DTLS is to construct TLS over datagram (UDP, DCCP, etc.) DTLS is similar to TLS intentionally except that DTLS has to solve two problems: packet lost and reordering. DTLS-SRTP DTLS-SRTP can be viewed in two equivalent ways: as a new key management method for SRTP, and a new RTP-specific data format for DTLS. • Read More »


OpenPGP vs S/MIME No ratings yet.

S/MIME and OpenPGP similarity: both depends on public/private keys to encrypt/authenticate msg ( emails), difference:  how to distribute the public keys. S/MIME is similar to TLS, need to depends on X.509 certificate OpenPGP depends on web of trust to distribute the public key.   references: http://security.stackexchange.com/questions/7874/how-does-pgp-differ-from-s-mime Please rate this rating


What is the difference between srtp and zrtp No ratings yet.

SRTP sdp msg: v=0 o=jdoe 2890844526 2890842807 IN IP4 10.47.16.5 s=SDP Seminar i=A Seminar on the session description protocol u=http://www.example.com/seminars/sdp.pdf e=j.doe@example.com (Jane Doe) c=IN IP4 161.44.17.12/127 t=2873397496 2873404696 m=video 51372 RTP/SAVP 31 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20 m=audio 49170 RTP/SAVP 0 a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20 m=application 32416 udp wb a=orient:portrait The crypto line includes the master key and • Read More »


SSH protocol No ratings yet.

How SSH2 works: (1) When a TCP connection is made by a client, the server responds with the protocol versions it supports. If the client can match one of the acceptable protocol versions, the connection continues. The server also provides its public host key, which the client can use to check whether this was the • Read More »


TLS/SSL handshake No ratings yet.

  The combination of Diffie-Hellman and the use of ephemeral session keys are what enables “Forward Secrecy”: even if an attacker gains access to the server’s private key they are not able to passively listen in on the active session, nor can they decrypt previously recorded sessions. Diffie-Hellman Key Exchange Both A, B create the • Read More »


some notes about BGP, OSPF/IS-IS, RIP/EIGRP No ratings yet.

BGP: run on tcp 179, path vector protocol,  65K routes eBGP: append AS_PATH iBGP:  ( the same AS number),  iBGP need full mesh, thus could use Route Reflector (RR, need to config, not like OSPF DR/BDR is auto-elected), up to 10-20 iBGP routers BGP conferderation ( multiple private AS number in internal network, but public AS to • Read More »


Apache Kafka big picture and quick start No ratings yet.

What is Apache Kafka? ( big picture)  I found the article http://www.confluent.io/blog/stream-data-platform-1/ ( from Jay Kreps) presented a very good big picture on what Kafka suppose to do: you can use Kafka to build a stream data platform. Here the pictures from that article. The big idea is simple: many business processes can be modeled • Read More »


MPLS VPN/VRF No ratings yet.

Why MPLS? Networks with more stringent QoS requirements might use IPSec-over-Internet for non-real-time traffic and MPLS for real-time and mission-critical traffic Basic MPLS, how it works: A good explanation is at: https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching customer router-1/packets-> PE-ingress -> P-router -> … ->P-router ->PE-egress –> customer A router2 The PE-ingress will use routing information (FEC) to put the • Read More »