Techly NewsGet the app

Get the latest tech news

Implementing fast TCP fingerprinting with eBPF


cle I want to document my journey implementing fast TCP fingerprinting in a golang webserver, using eBPF. Just to provide some background, TCP fingerprinting is one of the many techniques that can be used to detect unusual or identifying informations about a web request when implementing an anti-bot solution.

This code differs significantly from the hello worlds that you would normally write with a modern web framework, regardles of what’s trending today, for an important reason: We are directly using the abstraction layer provided by the operative system, nothing is hidden away. To capture the packets shown in this screenshot I launched wireshark on the loopback interface, then I visited the hello world website from the browser in order to generate some data. The POSIX APIs don’t provide easy access to TCP SYNs, but we can follow the same approach as wireshark, and just capture raw packets in a userspace buffer.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of TCP

TCP

Photo of eBPF

eBPF

Photo of fast TCP

fast TCP

Related news:

News photo

tcpulse: A TCP/UDP load generator that provides fine-grained, flow-level control

News photo

Show HN: Malai – securely share local TCP services (database/SSH) with others

News photo

Show HN: Using eBPF to see through encryption without a proxy

« Bloom Filters by Example
One of our favorite Ninja air fryers is $50 off for Prime Day »