cat ~/blog

I occasionally write about projects that I’m working on or things that I’m playing with. Like almost everyone who maintains a technical blog, I don’t have nearly enough time to care and feed for it. However, I do try to write articles with technical merit. Since this takes a lot of time and effort, I only find myself publishing a few articles each year. Also like nearly every technical blogger: this (2017) is going to be the year that I write more articles.

Persistent Password SSH on AWS AMIs

Feb 14 2017

If you use AWS EC2, you’re definitely familiar with the concept of using a key pair for SSH authentication. Recently, I had a use case that required password SSH login. I set PasswordAuthentication yes in /etc/ssh/sshd_config and created an AMI, but was surprised to discover that PasswordAuthentication no quickly reappeared in my sshd_config when launching an image from the AMI. I spent some time troubleshooting this (more than I care to admit, to be honest), and eventually found that most AMIs use cloud-init to accomplish their provisioning steps. Read more...

Deploying certificate-based SSH with Ansible

Dec 25 2016

A few months ago, I read “Scalable and secure access with SSH” by Marlon Dutra on the Facebook Engineering blog. It’s an informative look into how an organization of Facebook’s size is able to keep authentication manageable across a very large, dynamic, and scalable environment without a single point of failure. If you haven’t read the article, do that before reading mine. Otherwise, nothing below is going to make any sense. Read more...

A Packet Look at Cisco FabricPath

Nov 6 2016

Spanning-tree protocol was one of the first network control plane protocols that I learned about back in my Intro to Routing and Switching class during college. At the time, it seemed pretty obvious: network loops are bad at layer 2, and should be indiscriminately avoided in an effort to prevent broadcast storms. However, real-life networks really aren’t that simple, as any data center engineer will gladly tell you. Specifically, modern data centers face a few important issues: Read more...

Flannels n sh*t is Making my WiFi Slow

Jul 24 2016

  I’ve recently been working on renewing the Certified Wireless Network Administrator (CWNA) certification. The CWNA focuses on a deep, technical, and vendor-agnostic understanding of the foundational principles underlying 802.11 WLANs. One day, in between flipping through flash cards, I decided to take a look at the wireless traffic in my own home environment. I was interested to see quite a few Request to Send/Clear to Send (RTS/CTS) exchanges on the same channel as mine, so I decided to dig a bit deeper to “diagnose” the issue. Read more...

Peer Routing and VLT with Dell FTOS Switches

May 26 2016

I recently wrapped up a Dell networking deployment consisting of both Dell S-series switches running the Force10 Operating System (FTOS) and N-series switches running the Dell Network Operating System (DNOS). Both boasted straightforward configuration and were pleasant to work with. The FTOS switches in particular offered a powerful and Dell-recommended feature called Peer Routing that could be used in conjunction with the Virtual Link Trunking (VLT) capabilities. VLT is similar to Cisco’s Virtual Port Channel (vPC) feature, and allows for a single port channel to be multihomed to two Dell FTOS switches. Read more...

Path MTU Discovery

Mar 20 2016

The maximum transmission unit (MTU) is the largest packet that can be transmitted on a link. It naturally follows that the MTU of a given path is the smallest MTU that would be experienced along any given hop on a packet’s journey to its destination. While many of us have become accustomed to the default Ethernet LAN MTU of 1500 bytes, different transmission technologies may have a more constrained MTU. Read more...

Neighbor Discovery

Sep 27 2015

The next topic that we’ll be covering is fairly straightforward (allowing for a quick article and providing some forward momentum on this blog series). Neighbor discovery is a crucial element of host communication on a local network. While it’s not a particularly complex topic, it is a fundamental IPv6 networking concept that should be understood by any administrator of an IPv6 network. This article will build on our previous discussion of Stateless Autoconfiguration in some ways, and it is recommended that you read that article first. Read more...

Stateless Autoconfiguration

Aug 22 2015

A packet series about IPv6 If you perform nearly any role in the information technology world, you’re no doubt familiar with the issue of IPv4 exhaustion and the challenges of IPv6 adoption. While it doesn’t mean that every business, small and large, will be renumbering their entire networks anytime soon, it does mean that every IT professional should have a familiarity (I’d argue comfortability) with this new addressing scheme that will be directing our packets to and from their destinations in the future. Read more...

Pockethernet: A review of the net admin Swiss Army Knife

Mar 2 2015

About a year ago, I decided to fund a nifty project called Pockethernet on IndieGoGo. With the product being marketed as “The Swiss Army knife for network administrators,” I was really looking forward to the final product being released sometime in July of 2014. When the team started missing target dates due to various setbacks, I shrugged it off as the business learning experience of a few hard working guys, and I largely forgot about it. Read more...

Hacking VoIP: Decrypting SDES Protected SRTP Phone Calls

Jun 22 2014

VoIP security is a fairly complex topic, rife with acronyms, competing solutions, and enough implementation challenges to make any administrator pull their hair out. The Session Description Protocol Security Descriptions (SDES) provide one method for exchanging the keys that are used to encrypt RTP media. Essentially, SDES allows for key exchange within the SDP portion of a SIP packet. Remember that SDP provides parameters, such as media encoding, for a connection. Read more...

Voice and XMPP: Integrating Asterisk with ejabberd

Apr 2 2014

My current home voice system consists of an Asterisk virtual machine, two Cisco 7940 IP Phones running SIP firmware, and a Google Voice number that is handled by Asterisk. Clearly, I was lacking in the home telephony department, so I decided to try finding some neat things to do with my setup. That’s when I decided to learn about XMPP, unified communications, presence, synergy, communications enabled business practices, agile, methodologies, eXtreme programm…Oops, my bad. Read more...

Upgrading Cisco 7940 Firmware to SIP

Feb 28 2014

So, you picked up a few cheap Cisco 7940s on eBay with the hopes of using SIP and Asterisk, but you don’t really feel like using Call Manager Express (mainly because you don’t want to drop more money on a router). You Google around for firmware upgrade instructions, only to find that the vast majority of “tutorials” are completely unhelpful, wrong, or missing some critical component of the process. Yeah, I did that too. Read more...

Getting around paid in-flight Wi-Fi

Sep 2 2013

Note: The following article is theoretical and based on lab testing. I do not condone or suggest that you attempt to bypass filtering mechanisms for paid Wi-Fi access. This is merely an academic exercise performed in a lab setting. I was flying back to New York recently, and my flight (like most) had a paid Wi-Fi access option. Naturally, as a student with an interest in wireless networking, I started to wonder if there was a way to bypass the payment option get some free access. Read more...

Book and Cert Review: Certified Wireless Network Administrator

Jul 29 2013

I used to hate 802.11. Wireless networking was some form of black magic that broke often, was impossible to troubleshoot, and made me convinced that everything should be hardwired if a reliable connection was desired. I found that others shared my sentiments toward WLANs, and complaining about some broken wireless device was a frequent occurrence among my peers. Overall, wireless networking was this mystical creature that I could never quite understand, troubleshoot, or control. Read more...