Home SALE - 20% Off My Library My Account Pocketmags Plus+ Title A-Z Category A-Z Best Selling Magazines Latest Offers Gift Vouchers Activate a Subscription Blog Help & Support
GB
0 Basket
Login Plus+
BEST SELLERS OFFERS Hobbies & Craft Aviation & Transport Leisure General Interest Sport
United Kingdom  

SITE SETTINGS

LIGHT MODE
All Categories
Art & Photography Art Design Architecture Photography Aviation & Transport Motorbikes Aviation Automotive Rail Family & Home Kids Parenting Animals & Pets Food DIY Landscaping & Gardening Property Interior Design & Home Food and Drink Cooking & Baking Drink Vegetarian & Vegan Gluten Free & Special Diets General Interest History & Fact Astronomy Education & Literary Spiritual & Religion Trade & Professional National & Regional Books News & Current Affairs Health & Fitness Medical Running Women's Health Men's Health Slimming Spirituality & Wellbeing Hobbies & Craft Collecting Radio Control Modelling Scale & Millitary Modelling Sewing & Knitting Woodworking Arts & Crafts Leisure Interest Travel Boating & Yachting Poker & Gambling Caravan & Motorhome Camping & Outdoor TV & Film Tattoo Horse Riding & Equestrian Wildlife Men's Interest Lifestyle Gay TV & Film Men's Fitness Motorbikes Automotive Football Fishing & Angling Gaming Gadgets Newspapers All Music Classical Heavy Metal Other Rock Pop Practical & Playing Hi-Fi Sport Football Cycling Rugby Cricket & Golf Football Programmes Fishing & Angling Shooting & Archery Boxing & Martial Arts Horse Riding & Equestrian Other Watersports & Board Athletics & Running Motorsport Ski & Winter Sports Outdoor & Adventure Tech & Gaming Apple Gaming Internet Gadgets PC Mobile Trade & Professional Money & Investment Building & Architecture Military & Defense Education Media Retail News Farming & Agriculture Catering Business Transport Politics Travel Women's Interest Hair Celebrity Weddings & Brides Fashion & Lifestyle Healthy Food & Slimming Fitness
United Kingdom  
Digital Subscriptions > Linux Format > February 2023 > Monitor your TCP/IP networks with eBPF
  
You are currently viewing the United Kingdom version of the site.
Would you like to switch to your local site?
11 MIN READ TIME

EBPF Credit: www.ebpf.io

Monitor your TCP/IP networks with eBPF

Naturally suspicious, Mihalis Tsoukalos keeps an eye on all his network traffic using eBPF – and he’ll show you how, too.

OUR EXPERT

Mihalis Tsoukalos is a systems engineer and a technical writer. He is the author of Go Systems Programming and Mastering Go, 3rd edition.

This is the kind of output generated by the TCPlife utility, which traces the lifespan of TCP sessions.

S ure to send a shiver down the nerdiest of geek’s spines, the idea of monitoring TCP/IP S packets and connections can be confusing at best. Just scan this article and the output of the eBPF tools, and you realise you need to be familiar with TCP/ IP and its cryptic options in order to understand the provided information. Before diving into the TCP/IP tools, we’ll begin by explaining how to trace eBPF related system calls with the help of the Strace utility.

Let’s use Strace to trace eBPF-related system calls along with their parameters. For example, we can find out the eBPF system calls executed with Opensnoop:

This is a small part of the generated output but you get the idea and the insights of the system calls related to eBPF. Using filtering tools such as Grep can help you locate what you are looking for because Strace produces lots of output.

What we see here is three versions of the BPF system call. The first one using the BPF_MAP_CREATE command, the second one using BPF_MAP_UPDATE_ELEM and the last one using BPF_RAW_TRACEPOINT_OPEN . In LXF297, we discussed eBPF maps and how each map has a file descriptor associated with it – this can be seen in action here: the first call creates a map and returns a file descriptor with a value of 4, whereas the second statement uses 4 as its map_fd parameter in order to update the desired map.

Here you can see the output from the TCPconnect utility, which traces TCP connect calls.

Traditional TCP/IP tools

Before deciding to use eBPF utilities, consider using one of the existing Unix ones. The list of such tools includes butis not limited to the following:

• Netstat: Shows information about the network status of a Unix machine. It’s a powerful tool that can work on the Socket, TCP, UDP, IP and Ethernet levels. Its main drawback is that it only works on the local machine but doesn’t usually need root to operate.

Unlock this article and thousands more for just 99p Get unlimited access to 650+ titles

30 day trial, then just £9.99 p/ month.
One per customer. Cancel anytime.

Learn more
Pocketmags Plus
Unlock this article and much more with
You can enjoy:
Enjoy this edition in full
Instant access to 600+ titles
Thousands of back issues
No contract or commitment
Try for 99p
SUBSCRIBE NOW
30 day trial, then just £9.99 / month. Cancel anytime. New subscribers only.


Learn more
Pocketmags Plus
Pocketmags Plus
More Options:
SUBSCRIBER LOGIN | PRINT OFFERS | DIGITAL OFFERS | DIGITAL BACK ISSUES
SUBSCRIBER LOGIN
PRINT OFFERS
DIGITAL OFFERS
DIGITAL BACK ISSUES

This article is from...


View Issues
Linux Format
February 2023
VIEW IN STORE

Other Articles in this Issue


LINUX FORMAT
BRAIN TUMOURS MOVE FAST WITH YOUR HELP WE CAN TOO!
WELCOME
LINUX FORMAT
We’re kicking off 2023 with a selection of hot Pi projects – what maker builds or new open source ventures would you recommend for readers to try this year?
Build the future
Why didn’t you pick up that flashy MacFormat
REGULARS AT A GLANCE
Newsdesk
THIS ISSUE: CPU support » Rust » Linux on Apple » AMD ray tracing » Thunderbird for Android » RGB lighting
TURN TO RUST
Adrian Ratiu is a senior software engineer at
EXPERT ADVICE
Keith Edmonds is MD of Tiger Computing, which
Distro watch
Fresh from the farm.
HAPPY NEW YEAR
Donnie Berkholz is senior vice president, product, at
BYE, 2022!
Jon Masters is a kernel hacker who’s been
Kernel Watch
Jon Masters keeps an eye out for all the latest happenings in the Linux kernel, so you don’t have to.
ONGOING DEVELOPMENT
Right on cue, following the Linux 6.1 announcement,
Answers
Got a burning question about open source or the kernel? Whatever your level, email it to answers@linuxformat.com
Mailserver
WRITE TO US Do you have a burning
LETTER OF THE MONTH
Laptop drive Over the last few months, the
Cryptomator
Version: 1.6.15 Web: https://cryptomator.org
PowerShell
Version: 7.3.0 Web: https://github . com/PowerShell/PowerShell F ree
JOSM
Version: 22.10 Web: https://josm.openstreetmap.de
Logseq
Version: 0.8.11 Web: https://logseq.com
Easy Effects
Version: 7.0.0 Web: https://github.com/ wwmm/easyeffects
Ear Tag
Version: 0.2.1 Web: https://github . com/knuxify/eartag
Gabut Download Manager
Version: 1.9.9 Web: https://github . com/gabutakut/gabutdm
3D-Puzzles
Version: N/A Web: https://github.com/ volatilflerovium/3D-Puzzles
Total Chaos
Version: 1.2.1 Web: www.moddb.com/ mods/total-chaos
Metadata Cleaner
Version: 2.2.7 Web: https:// metadatacleaner.romainvigier.fr
Hidamari
Version: 3.2 Web: https://github.com/ jeffshee/hidamari
LINUX FORMAT
The #1 open source mag Future Publishing Limited,
REVIEWS
Wix
Shashank Sharma takes the feature-rich site builder for a test drive.
AMD Ryzen 5 7600X
A beastly “budget” gaming CPU that Christian Guyton has found has one big temporary drawback.
WattOS R12
Nate Drake explores how WattOS can bring your ancient hardware to life with this zippy, if spartan Linux distro.
Kali Linux 2022.4
If you exist in the grey twilight between good and evil, and want to look cool while doing it, David Rutland has just the distro for you.
Nitrux 2.5.1
An impressive beginner distro that’s well worth your time, even if you spend most of it tweaking the settings, says Mayank Sharma.
Victoria 3
“The peasants are revolting,” cries The Management, but really it’s just Jonathan Bolding serving up their afternoon tea and biscuits.
ROUNDUP
Roundup
Element 1.11.14 » Cinny 2.2.2 » Mirage 0.7.2 » NeoChat 223.09 » Fractal 4.4.0
Ease of installation
Most applications offer multiple package formats for installation.
Look and feel
You’ll see the interface a lot…
Logging in and getting started
Having conversations on Matrix is open until you set up your own groups.
Community and status
Use the power of community for yourself.
How are they made?
Language and framework make a long-term difference.
Encryption options
Look out for ways to protect privacy.
Frequency of updates
To use it, you need updates.
The Verdict
Matrix chat clients
ALSO CONSIDER
Syphon is an up and coming client that
Hot Pi projects
Dig in to our New Year smorgasbord of hot Pi projects, from Pico devices running MicroPython to full-Pi setups, with expert guidance from Les Pounder and Matt Holder.
I like to make it, make it
Welcome to the maker revolution – but first, get your Pi up to speed.
OVERCLOCK YOUR Pi
It’s easy to overclock your Pi to gain
Play retro games
Defend the universe, save the princess, win the race and all without spending a 10-pence piece!
Make a media centre
Settle down with your own open source media centre and watch the latest blockbusters with a side of Pi and popcorn.
Build a Wi-Fi router
Create a Raspberry Pi-based Wi-Fi router as a secure option for use around the home.
Track and scan planes
Use your Raspberry Pi to track aircraft or detect local devices to keep an eye on all kinds of data.
Master the Pi Pico GPIO
Get to grips with the Raspberry Pi Pico’s GPIO to open the gateway to a range of simple projects.
Convert currency
Work with remote data using an API and the Pi Pico W to make a live currency converter.
Build a smart home
Use ESPHome to feed a wide range of useful data to a smart home hub via a Raspberry Pi Pico W.
Control NeoPixel LEDs
Create animated lighting effects with the brightest LEDs connected to your Raspberry Pi Pico.
We’re on the case!
A case isn’t just for Christmas – it’s a life-long home for your chosen Raspberry Pi project, so make sure you pick a good one!
IN DEPTH
Contributing for non - coders
Aaron Peters, who is a coding tinkerer at best, describes some ways that non-technical folks can contribute to open source projects.
Pi USER
Santa Claus delivers extra Pis for Christmas
Saint Nick, aka Eben Upton, drops 100,000 extra Raspberry Pis on Tiny Tim just in time for Christmas.
Cool Pi 4
Not cool dude!
Aaeon Extreme!
Too much to handle?
Pi-TERNATIVE LIFESTYLE?
Neil Mohr badgers his small children into doing
Petoi Bittle Robot Dog
The rise of quadruped robots is upon us — their mission to boost STEM and AI learning with Anj Bryant.
Elegoo Neptune 3 Pro
Denise Bertacchi wishes everything in life could be relied upon to add more features while remaining excellent value.
Pi robots: motors and control
TUTORIALS Build a robot
TUTORIALS
Tackling terminal tabular table tools!
With the right tool at his disposal, Shashank Sharma has no trouble making sense of vast heaps of tabular data.
Plan and write your next smash-hit novel
Nick Peers reveals how to develop better stories with the help of our favourite freemium app for budding novelists.
Polish your video footage with Kdenlive
Michael Reed looks at how you can use Kdenlive to produce highquality videos suitable for uploading all over the internet.
More fun with layers and masks
Karsten Günther reveals how GIMP manages layers, what the different types are and how to use masks for subtle effects.
Create better QR codes
Mike Bedford reveals how to get creative with your QR codes to draw attention to them better and help people sign up to newsletters and more.
Nifty note-taking with Obsidian
Nate Drake walks you through adopting the almighty Markdown-based note-taking app Obsidian to see whether it lives up to its legend.
Get Serenity – direct from the source
What do you get if you take a modern kernel, a classic GUI and a handful of custom apps? Michael Reed investigates SerenityOS.
CODING ACADEMY
Finish your cataloguing app
With a tear in his eye, Matt Holder finishes up our cataloguing database app by adding search and export functionality.

Basket -

Your basket is currently empty.
Continue Shopping
Or, read for just 99p with
Pocketmags Plus
You can enjoy:
The issue in your basket
Instant access to 600+ titles
Thousands of back issues
30 days for just 99p
TRY PLUS+ FOR 99p
30 days access, then just £9.99 / month. Cancel anytime. New subscribers only.

Learn more
View Issues
View Issues
Chat
X
Pocketmags Support