tshark and tcpdump

Occasionally we work with interesting network bugs or we want to learn more about how our service behaves outside of the application layer. Two tools that help me in those occasions are tshark and tcpdump.


Let’s assume we work on a unix system. Then to install tcpdump we simple execute:

$ apt install tcpdump

Installing tshark is simple too:

$ apt install libcap2-bin tshark

Example API

As a demonstration, we are going to utilize a clean and small Sinatra server. For this example a working Ruby installation is required. See the official docs on how to install Ruby properly on a local machine: https://www.ruby-lang.org/en/documentation/installation/

Going back to our example, first, create the repo:

$ mkdir booklist && cd booklist

Install sinatra:

$ gem install sinatra

Create the example API:

$ cat server.rb

require 'sinatra'
require 'json'

get '/' do
["pragmatic programmer", "clean code"].to_json

Fire up the server:

$ ruby server.rb

== Sinatra (v2.0.4) has taken the stage on 4567 for development with backup from Puma
Puma starting in single mode...
* Version 3.12.0 (ruby 2.4.0-p0), codename: Llamas in Pajamas
* Min threads: 0, max threads: 16
* Environment: development
* Listening on tcp://localhost:4567
Use Ctrl-C to stop

It works:

$ curl -X GET localhost:4567 | jq .

"pragmatic programmer",
"clean code"


tcpdump is available on most unix systems, so we can use it on a small remote sever where tshark would be most probably an overkill. It provides decoding so we can investigate how our services interact with the network.

We will work with the lo interface for this example:

$ tcpdump -D


$ sudo tcpdump -i lo -A

Hit the service:

$ curl -X GET localhost:4567

Now notice that tcpdump has captured the traffic:

HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Length: 37

["pragmatic programmer","clean code"]


tshark is a powerful sniffer with many filters which can decode traffic and provides tools for running more complex analysis on it.

tshark can behave exactly like tcpdump:

$ tshark -i lo --color

Depending on the problem, the best solution may be to combine the powers of these tools. A usual case is to create a file with captured decoded traffic with tcpdump and then run analysis on the file with tshark. Or just do both with tshark.

Let’s explore how to do this on the previous example.

Capture the traffic to a packet capture(pcap) file:

$ touch dump
$ tshark -i lo -w dump.pcap

Analyze it:

$ tshark -r dump.pcap

For example, HTTP analysis:

$ tshark -r dump.pcap -Y http.request -T fields -e http.host -e http.user_agent | sort | uniq -c | sort -n

We could also use wireshark for the last step which provides a nice GUI.


Learning more about these tools has helped me analyze and research solutions on more complicated problems, which in turn help me grow as an engineer and problem solver. Some good references for learning more about these tools are:

1) tutorial: https://danielmiessler.com/study/tcpdump/
2) how tcp works: https://medium.com/@eranda/analyze-tcp-dumps-a089c2644f19
3) book: https://www.goodreads.com/book/show/505564.The_TCP_IP_Guide

Git bisect debugging

Git is being used primarily for version control but it also provides some generic tools for debugging. In this article, we will
explore how git bisect can help us firstly spot a commit that introduced a but in our codebase and secondly track it throughout
it’s lifespan.

What is git bisect

From the official docs:

The bisect command does a binary search through your commit history to help you identify as quickly as possible which commit
introduced an issue.

Read more at https://git-scm.com/book/en/v2/Git-Tools-Debugging-with-Git.

The gist is that git bisect provides feedback about where and when the bug was introduced.


First of all, we start by running:

$ git bisect start

A binary search is being initialized and we have to answer yes or no, which usually means answer whether the commit
was error free or not.

We do this by marking commits as bad or good:

$ git bisect bad
$ git bisect good

We also get some feedback along the way:

# => Bisecting: 6 revisions left to test after this

When we are done with our research we can easily get back to a working state:

$ git bisect reset

Ruby Blocks

In this article we will discuss how default arguments work and analyze a situation where they can be useful.

The Ruby block

Ruby blocks are code that can be run by other code. All methods can accept blocks, but it’s up to them whether they do something with them or not.

3.times { puts 'hello world' }
3.times do
  puts 'hello world'

Blocks can take parameters

Ruby blocks accept parameters and can also initialize them with default values.

def call_block(&block)

call_block do |greeting = "hi"|
  puts "Block value: '#{greeting}'"

In the example above, we initialize the local block variable greeting with the value “hi”.

The behavior can be demonstrated more easily if we use procs:

is_even_proc = Proc.new {|n=1| n%2 == 0 }

is_even_proc(2) # => true
is_even_proc()  # => false, which is the default behavior


For a real example let’s consider the shared examples feature from RSpec, the well know gem for behavior driven development inside the Ruby ecosystem. So, when we use shared_examples we can define a default value and thus avoid code duplication.

# pseudocode

shared_example success |cost=0|
  it "processes the order" do
    expect_any_instance_of(Product).to receive(cost)

# Can be used with or without cost

it_behaves_like :success, 1
it_behaves_like :success


To sum up, Ruby allows blocks to receive parameters and enables its initialization with default values. This is applicable is some real world scenarios, such as DRYing up our RSpec suite.

Productivity Tools

In this article we will discuss some every day productivity tools.


The list contains tools available to all known operating systems, for the purposes of this article I chose a Debian distribution. You can scan the list for any interesting findings or just explore one by one the presented tools.

1. Time management – Pomodoro

The pomodoro technique is a time management technique that uses a timer to break down work into intervals.
My tool of choice is the because it integrates seamlessly with my desktop. It is available for Linux, even though there are similar pomodoro applications for all operating systems.

2. Note management – Note Board

Note board is a productivity app for taking notes(!!). I use only the chrome extension as it supplement my workflow. In particular, I use it for saving small bits of any webpage for later study or further categorization into the google drive notes (see later).

3. Cloud storage – Google drive

Google drive is a free cloud storage solution by Google. It enables seamless sync with my android phone and my tablet, a good enough text editor and basic version control.

4. Reading list management – Pocket

Pocket is productivity tool which helps you manage and tide up your web reading list(you can also use it for videos). I use the chrome extension. The cool thing about pocket is that you can easily download the android app and have an offline version of your whole reading list in your phone, so you can save on your mobile plan.

5. Text editor – Vim

Vim is a highly configurable and by default extremely lightweight text editor. I use vim to write code, notes, blog posts and really anything. It’s clearly a personal choice here, so use any text editor you feel productive with.

6. Task management – Taskwarrior and Todoist

I am a fan of organised and well thought to-do lists that supplement my workflow and not dictate it. For this reason, I am using two tools to manage my to-do tasks.
For simple things that I also need to have available at my phone, I use Todoist , which provides a chrome extension and a phone application.

For more work related things or more complex tasks that for example have big descriptions I use Taskwarrior . Taskwarrior is Free and Open Source Software that manages your TODO list from the command line.

7. Version control – Git

Finally, I cannot think how my workflow would be without the ability to create different versions of the same document either for testing or experimenting with an idea without keeping many files like file1.txt, file1_1.text etc. Git enables you to do exactly that. Git is for everyone who could benefit from the aforementioned workflow and not only for developers.

With this in mind, I also use Github to host in the cloud any git directories.


Productivity is a complex problem and finding the right tools for your workflow is a worthwhile quest. On the positive side, when I learned good enough the presented tools my workflow became more standardized and I stopped wasting time thinking about where to store a temporary small note(note board, vim) or when to take a break(pomodoro). I hope you find something useful in this list.