Linux Guides
Sysadmin and network engineering notes for people who already live on the command line. Each guide is command-heavy, opinionated, and aimed at solving a problem rather than teaching the basics.
Linux Networking & Security Series
A five-part sequence covering the toolkit I would want any Linux-savvy network engineer to have on day one: capture traffic precisely with tcpdump, manipulate it with NETEM, build a multi-router lab with network namespaces, migrate firewalls cleanly from iptables to nftables, and harden SSH with a certificate authority. The tcpdump post also cross-maps every command to FortiGate's diagnose sniffer packet for anyone switching between Linux and FortiOS.
-
tcpdump Deep Dive: BPF Filters, Capture Rotation, and Cross-Mapping to FortiGate's diagnose sniffer packet
A practical, command-heavy guide to getting real value out of tcpdump — precise BPF filters, production-grade ring-buffer captures, and a side-by-side mapping to FortiGate's diagnose sniffer packet so you can switch between the two without losing your place.
-
Network Emulation with NETEM: Simulating Latency, Loss, Jitter, and Bandwidth Constraints for Realistic Lab Testing
A practical guide to using Linux's NETEM qdisc to bend networks to your will — adding latency, loss, jitter, duplication, reordering, and bandwidth caps so you can test how applications and protocols actually behave when the network is anything other than perfect.
-
Linux Networking from the Ground Up: Network Namespaces, veth Pairs, and Building a Multi-Router Lab on One Host
Build a real multi-router BGP and OSPF lab on a single Linux box using network namespaces, veth pairs, and FRRouting — no VMs, no containers, no GNS3. A practical walk-through of the primitives that GNS3, Docker, and Kubernetes are quietly using under the hood.
-
iptables to nftables: Migrating Production Firewalls Without Downtime
A working engineer's guide to moving from iptables to nftables on production Linux firewalls — the mental model shift, where iptables-translate misleads you, atomic ruleset swaps, and a clean rollback strategy that means a bad migration costs you seconds, not your weekend.
-
SSH Hardening Beyond the Basics: Certificate Authorities, Bastion Patterns, and Session Auditing
A production-grade SSH setup that goes beyond disabling password auth — running your own SSH CA with short-lived user and host certificates, ProxyJump bastions, ForceCommand restrictions, and recording sessions with tlog and auditd.
Other Linux Posts
-
spectre-meltdown-checker: Auditing CPU Vulnerability Mitigations on Linux
A deep dive into spectre-meltdown-checker — how it actually works under the hood, what it tells you that /sys/devices/system/cpu/vulnerabilities does not, the alternative tools (lscpu, vendor microcode checkers, in-tree kernel reporting), and when to reach for each one on a production Linux box.
-
Generating a Constant Stream of Web Traffic with Python
A small, polite Python script that round-robins through ten popular public sites at a configurable rate — useful for homelab traffic, exercising a proxy, or learning the requests library. Walks through the full code, the safety rails, and how to run it under tmux.
-
Resilient DNS at Home: Building an HA Pi-hole Pair on Raspberry Pi
A complete walkthrough for installing Pi-hole on a Raspberry Pi running current Raspbian, then turning a single box into a highly available pair using keepalived and Orbital Sync — with the config examples and show commands you'll actually use.
-
Building a FortiManager Lab on Proxmox — Part 3: Proxmox Networking, Linux Bridges, VLAN-Aware Bridges and SDN for the Lab
Part 3 of the FortiManager-on-Proxmox series. Designs the four-segment lab network, compares Linux bridges, VLAN-aware bridges and Proxmox SDN, walks through the /etc/network/interfaces shape, and explains why the lab bridges should never have an IP on the host.