Wed 30 Nov

Bro IDS Cheat Sheet

My friend Matthias just posted a Bro language cheat sheet for the Bro IDS. Bro is a great tool for network measurement and monitoring. I've been using it for some traffic analysis I'm doing for my research. I'm still learning how to use Bro, but it's one of those tools that I'm more excited about using every time I learn a bit more about it.

Sat 26 Nov

Why wireless mesh networks won't save us from censorship

Or "why the reddit 'Darknet Plan' is a fun but misguided solution to the wrong problem".

It's exciting to see so much interest of late in the Darknet Plan hatched by redditors to build a second, people-owned, censorship-free Internet using a large-scale wireless mesh network. Freedom of speech on the Internet is an important issue and it's important for all of us to take it seriously. Additionally, as someone who thinks wireless networks are the bee's knees (and who does research on wireless networks in his day job), it's exciting to see so much interest in using wireless to circumvent censorship.

That's why it's painful for me to say, "hey guys, this isn't going to work".

I got into this space about five years ago to build a community-owned Internet using solar power and wireless mesh networks -- censorship circumvention wasn't an explicit goal, but it was part of the broader vision. I actually wound up building a couple sizable networks using equipment like this (Orangemesh grew out of this work). After a couple years I developed a pretty good understanding that wireless mesh networks aren't actually a good way to build a real network. These are a few of those reasons.

Read More »

Fri 18 Nov

Pirate Party wins 8% of vote in Berlin elections

I remember when the first Pirate Party was created in 2006 (back in the days when I still read 2600 and went to high school). I'm thrilled to see that in the ensuing years the party has taken hold in multiple countries and has expanded its agenda to become more than a single-issue party. To paraphrase a point made by Evgeny Morozov at a talk I was at yesterday, the best outcome for a movement started on the Internet is the formation of a party that can engage with the political system in a meaningful way to create change.

Thu 18 Aug

The Case of the Mystery IGMP Query Request

I've spent two days trying to track down the source of mystery IGMP query requests on a network emulation testbed I'm building. All the machines are (essentially) stock installations of Ubuntu 11.04, with no services running besides sshd.

One of my machines acts as a poor man's Ethernet tap. Its two NICs, which are connected to the two machines that run the system I'm testing, are bridged together, allowing me to run tcpdump on the bridge interface (br0) to capture packet traces from the experiments I run*.

I noticed some strange IGMP queries originating from this monitor machine, and after several hours of hunting for the source I found that it was actually coming from this bridge device! It turns out that the bridge module in Linux supports IGMP snooping. I'm sure this is a useful feature for certain scenarios, but when you're trying to make sure no non-intentional traffic is moving across your NICs it is not at all useful.

Anyway, once you've figured this out the solution is simple: just disable IGMP snooping. You can (thankfully) do this via a sysctl variable:

cd /sys/devices/virtual/net/br0/bridge
echo 0 | sudo tee multicast_snooping

Once you do this, the pesky IGMP queries will go away. You can make this permanent (in Ubuntu, anyway) by adding these lines to a script under /etc/network/if-up.d/.

This page was helpful in solving this problem, as it provides documentation about the sysfs features of the bridge module.

*Yes, I know this is not a real Ethernet tap, but with the equipment, budget, and schedule I have (as well as my desire to run at 1Gbps, rather than 100Mbps) this is the best I can do.

Sat 23 Apr

File reading performance in Python

There are a few ways to read a file in Python, some of which are outlined in this page about their relative performance. I am working on a project right now that involves reading large amounts of data from text files, so I repeated the analysis on Python 2.6.6, the version currently shipping with Ubuntu 10.10. I ran three implementations (below) against a file with 1 million lines.

My test script is available here, and the functions I tested are below. Here were my results:

ScriptTime (sec)Lines read per sec
fileread1:0.16955,899,280 lines/sec
fileread2:1.6387610,236 lines/sec
fileread3:0.12787,823,156 lines/sec
def fileread1():
    file = open("test.txt")
    while 1:
        line = file.readlines()
        if not line:

def fileread2():
    for l in fileinput.input("test.txt"):

def fileread3():
    file = open("test.txt")
    for l in file:
· Tags: ,
← Previous Next → Page 3 of 11