From Things and Stuff Wiki
Jump to navigation Jump to search

Layer 5 / 6 / 7

See also Sharing

  • - Relay broadcast and multicast packets between interfaces Useful, for example, if you have Sonos speakers on one interface, or VLAN, and you want to be able to control them from devices on a different interface/VLAN. Similar for Chromecast devices.


  • - an Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more. SNMP is widely used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.

  • Net-SNMP - a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6, widely used protocols for monitoring the health and welfare of network equipment (eg. routers), computer equipment and even devices like UPSs.

  • qtmib - an easy-to-use SNMP MIB Browser based on QT4 library. It is build as a front-end for net-snmp, and it allows the user to query any SNMP-enabled device. It implements SNMPv1 and SNMPv2c, and it is released under GPL v2 license.

  • Devmon - a Perl daemon designed to supplement and enhance the monitoring capabilities of a server running either the BigBrother or Hobbit monitoring software. BigBrother and Hobbit, at present, only support monitoring remote devices via ICMP or TCP port tests. Devmon takes this a step further, allowing a system administrator to proactively monitor remote devices via SNMP (Simple Network Management Protocol), querying said devices for current status and alarms. Devmon takes the data that it obtains via SNMP and applies user-defined logic against it and compares the results to user-customizable thresholds. It uses the final data to determine if the remote device is in an abnormal or critical state, and reports accordingly to the BigBrother/Hobbit display server.


  • - a network protocol based on the Internet protocol suite for advertisement and discovery of network services and presence information. It accomplishes this without assistance of server-based configuration mechanisms, such as Dynamic Host Configuration Protocol (DHCP) or Domain Name System (DNS), and without special static configuration of a network host. SSDP is the basis of the discovery protocol of Universal Plug and Play (UPnP) and is intended for use in residential or small office environments. It was formally described in an Internet Engineering Task Force (IETF) Internet Draft by Microsoft and Hewlett-Packard in 1999. Although the IETF proposal has since expired (April, 2000), SSDP was incorporated into the UPnP protocol stack, and a description of the final implementation is included in UPnP standards documents.






  • - WAIS, is a client–server text searching system that uses the ANSI Standard Z39.50 Information Retrieval Service Definition and Protocol Specifications for Library Applications" (Z39.50:1988) to search index databases on remote computers. It was developed in 1990 as a project of Thinking Machines, Apple Computer, Dow Jones, and KPMG Peat Marwick. WAIS did not adhere to either the standard nor its OSI framework (adopting instead TCP/IP) but created a unique protocol inspired by Z39.50:1988.

The WAIS protocol and servers were promoted by Thinking Machines Corporation (TMC) of Cambridge, Massachusetts. TMC-produced WAIS servers ran on their massively parallel CM-2 (Connection Machine) and SPARC-based CM-5 MP supercomputers. WAIS clients were developed for various operating systems and windowing systems including Microsoft Windows, Macintosh, NeXT, X, GNU Emacs, and character terminals. TMC released a free open source software version of WAIS for Unix in 1991.

Inspired by the WAIS project on full-text databases and emerging SGML projects, Z39.50 version 2 (Z39.50:1992) was released. Unlike its 1988 predecessor, it was a compatible superset of the international ISO 10162/10163 standard. With the advent of Z39.50:1992, the termination of support for free WAIS by Thinking Machines and the establishment of WAIS Inc as a commercial venture, the U.S. National Science Foundation funded the Clearinghouse for Networked Information Discovery and Retrieval (CNIDR) to promote Internet search and discovery systems, open source and standards. CNIDR created a new, free open-source WAIS. This was the first freeWAIS based on the wais-8-b5 codebase of TMC, with a wholly new software suite Isite based upon Z39.50:1992 using Isearch as its full-text search engine.

Thinking Machines Corp provided a service called the Directory of Servers. It was a WAIS server like any other information source except containing information about the other WAIS servers on the Internet. A WAIS server with TMC WAIS code creates a special record containing metadata plus some common words describing its indexed content. The record is uploaded to the central server and indexed along with the records from other public servers. The directory can be searched to find servers that might have content relevant to a specific field of interest. This model of searching for (WAIS) servers to search became the model for GILS and Peter Deutsch's WHOIS++ distributed white pages directory.


  • - a query and response protocol that is used for querying databases that store an Internet resource's registered users or assignees. These resources include domain names, IP address blocks and autonomous systems, but it is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The current iteration of the WHOIS protocol was drafted by the Internet Society, and is documented in RFC 3912. Whois is also the name of the command-line utility on most UNIX systems used to make WHOIS protocol queries. In addition, WHOIS has a sister protocol called Referral Whois (RWhois).

  • - an open source project that develops and operates a free whois-compatible framework for stockpiling and querying various routing and registry information. Prefix WhoIs uses global BGP routing data learned from many ISP backbone routers. Other information sources are also supported, such as imported data from every regional Internet registry (AFRINIC, APNIC, ARIN, LACNIC, and RIPE, and geocoding information. The project has been mentioned in a number of popular network security and network engineering books and articles.


  • - a distributed directory system, originally designed to provide a "white pages" search mechanism to find humans, but which could actually be used for arbitrary information retrieval tasks. It was developed in the early 1990s by BUNYIP Information Systems and is documented in the IETF.

WHOIS++ was devised as an extension to the pre-existing WHOIS system. WHOIS was an early networked directory service, originally maintained by SRI International for the Defense Data Network. The WHOIS protocol is still widely used to allow domain ownership records in the Internet to be easily queried. WHOIS++ attempted to address some of the short comings in the original WHOIS protocol that had become apparent over the years. It supported multiple languages and character sets to help with I18N issues, had a more advanced query syntax, and the ability to generate "forward knowledge" in the form of 'centroid' data structures that could be used to route queries from one server to another. The protocol was designed to be backward compatible with the older WHOIS standard, so that WHOIS++ clients could still extract meaningful information from the already deployed WHOIS servers.


See Gopher


  • - a network protocol for delivering audio and video over IP networks. RTP is used extensively in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications including WebRTC, television services and web-based push-to-talk features.

RTP typically runs over User Datagram Protocol (UDP). RTP is used in conjunction with the RTP Control Protocol (RTCP). While RTP carries the media streams (e.g., audio and video), RTCP is used to monitor transmission statistics and quality of service (QoS) and aids synchronization of multiple streams. RTP is one of the technical foundations of Voice over IP and in this context is often used in conjunction with a signaling protocol such as the Session Initiation Protocol (SIP) which establishes connections across the network.

RTP was developed by the Audio-Video Transport Working Group of the Internet Engineering Task Force (IETF) and first published in 1996 as RFC 1889, superseded by RFC 3550 in 2003.


  • - a Real-time Transport Protocol (RTP) profile, intended to provide encryption, message authentication and integrity, and replay attack protection to the RTP data in both unicast and multicast applications. It was developed by a small team of Internet Protocol and cryptographic experts from Cisco and Ericsson. It was first published by the IETF in March 2004 as RFC 3711.

Since RTP is closely related to RTP Control Protocol (RTCP) which can be used to control the RTP session, SRTP also has a sister protocol, called Secure RTCP (SRTCP); SRTCP securely provides the same features to RTCP, as the ones provided by SRTP to RTP. Utilization of SRTP or SRTCP is optional in RTP or RTCP applications; but even if SRTP or SRTCP are used, all provided features (such as encryption and authentication) are optional and can be separately enabled or disabled. The only exception is the message authentication feature which is indispensably required when using SRTCP.


  • UDT - a reliable UDP based application level data transport protocol for distributed data intensive applications over wide area high-speed networks. UDT uses UDP to transfer bulk data with its own reliability control and congestion control mechanisms. The new protocol can transfer data at a much higher speed than TCP does. UDT is also a highly configurable framework that can accommodate various congestion control algorithms. [5]


  • - your independent starting point for all BGP routing related information. It contains references to all major BGP software, vendors, presentations, research work, as well as practical BGP tools, and IETF reference material.
  • BGPStream - a free resource for receiving alerts about hijacks, leaks, and outages in the Border Gateway Protocol. With BGP Stream, we use an automated process to cull the largest and most important outages, what type of outage it is, and which ASNs are involved and publish those updates for free to a Twitter feed and this site. It is important to us to provide this information free, in a real-time format, providing contextual information so network engineers and owners can respond to outages as quickly as possible.

  • FRRouting - an IP routing protocol suite for Linux and Unix platforms whichincludes protocol daemons for BGP, IS-IS, LDP, OSPF, PIM, and RIP.FRR’s seamless integration with the native Linux/Unix IP networking stacksmakes it applicable to a wide variety of use cases including connectinghosts/VMs/containers to the network, advertising network services, LANswitching and routing, Internet access routers, and Internet peering.FRR has its roots in the Quagga project. In fact, it was started by manylong-time Quagga developers who combined their efforts to improve onQuagga's well-established foundation in order to create the best routingprotocol stack available. We invite you to participate in the FRRoutingcommunity and help shape the future of networking.


  • - a security extension of the Border Gateway Protocol defined in RFC 8205, published in September 2017. BGPsec provides to receivers of valid BGPsec UPDATE messages cryptographic verification of the routes they advertise.[1] BGPsec replaces the BGP AS_PATH attribute with a new BGPsec_Path attribute.


  • - also known as Resource Certification, is a specialized public key infrastructure (PKI) framework designed to secure the Internet's routing infrastructure. RPKI provides a way to connect Internet number resource information (such as Autonomous System numbers and IP addresses) to a trust anchor. The certificate structure mirrors the way in which Internet number resources are distributed. That is, resources are initially distributed by the IANA to the regional Internet registries (RIRs), who in turn distribute them to local Internet registries (LIRs), who then distribute the resources to their customers. RPKI can be used by the legitimate holders of the resources to control the operation of Internet routing protocols to prevent route hijacking and other attacks. In particular, RPKI is used to secure the Border Gateway Protocol (BGP) through BGP Route Origin Validation (ROV), as well as Neighbor Discovery Protocol (ND) for IPv6 through the Secure Neighbor Discovery protocol (SEND).


  • - Sending and receiving message blocks/TCP stream over SOCKS5 proxy (running locally or over a network, with TCP sockets is a pain. I was frustrated when trying to send some TCP stream through a SOCKS5 server, so I implemented an abstraction over TCP sockets for this specific purpose. The interface is super easy to use; take a look at example.cpp.


  • tsocks - a transparent SOCKS proxying library. tsocks' role is to allow non SOCKS aware applications (e.g telnet, ssh, ftp etc) to use SOCKS without any modification. It does this by intercepting the calls that applications make to establish network connections and negotating them through a SOCKS server as necessary.


  • - a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named "clowwindy", and multiple implementations of the protocol have been made available since. Shadowsocks is not a proxy on its own, but (typically, is the client software to help connect to a third-party SOCKS5 proxy, which is similar to a Secure Shell (SSH) tunnel. Once connected, internet traffic can then be directed through the proxy. Unlike an SSH tunnel, shadowsocks can also proxy User Datagram Protocol (UDP) traffic.

File systems

See Storage/Files#Networked, etc.

File sharing

See Sharing

  • tus - The protocol provides a mechanism for resumable file uploads via HTTP/1.1 (RFC 7230) and HTTP/2 (RFC 7540).


  • InterPlanetary File System - IPFS, a peer-to-peer distributed file system that seeks to connect all computing devices with the same system of files. In some ways, IPFS is similar to the Web, but IPFS could be seen as a single BitTorrent swarm, exchanging objects within one Git repository. In other words, IPFS provides a high throughput content-addressed block storage model, with content-addressed hyperlinks. This forms a generalized Merkle DAG, a data structure upon which one can build versioned file systems, blockchains, and even a Permanent Web. IPFS combines a distributed hashtable, an incentivized block exchange, and a self-certifying namespace. IPFS has no single point of failure, and nodes do not need to trust each other.
  • - a modular suite of protocols for addressing, routing, and transferring data, designed from the ground up with the principles of content addressing and peer-to-peer networking. Many popular Web3 projects are built on IPFS - see the ecosystem directory for some of these projects.

  • radicle - Secure peer-to-peer code collaboration without intermediaries. 🌱


  • - better known as WOPI, is a protocol that enables a client to access and change files stored on a server. The protocol was first released as v0.1 by Microsoft in January 2012, but as of November 2020 the current specification is v12.2. The protocol has been adopted by applications outside of Microsoft, such as by Google, ownCloud and Nextcloud.

Authentication, ID

  • - the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.

  • - also known as identity and access management (IAM or IdAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and authorize individuals who will be utilizing IT resources, but also the hardware and applications employees need to access. Identity and access management solutions have become more prevalent and critical in recent years as regulatory compliance requirements have become increasingly more rigorous and complex.

  • - the function of specifying access rights/privileges to resources, which is related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define an access policy. For example, human resources staff are normally authorized to access employee records and this policy is usually formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from (authenticated) consumers shall be approved (granted) or disapproved (rejected). Resources include individual files or an item's data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer Software and other Hardware on the computer.






  • SpaceFED - an inter-(hacker)space federated authentication platform which currently offers the following services: spacenet - federated authentication using RADIUS, useful for 802.1X and more spacesaml - federated authentication for cloudservices spaceconnect - seamless encrypted connectivity between hackerspaces, based on IPsec and NHRP


  • OpenAM - The only “all-in-one” access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements, Adaptive Authentication, Strong Authentication, and Web Services Security, in a single, unified product. Mobile support out of the box with full OAuth 2.0 and OpenID Connect support, modern protocols that provide the most efficient method for developing secure native or HTML5 mobile applications optimized for bandwidth and CPU.


  • - an open source password self service application for LDAP directories. PWM is an ideal candidate for organizations that wish to “roll their own” password self service solution, but do not wish to start from scratch.



  • Authelia - an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.


See also Data, HTTP, Semantic

  • - In distributed computing, a remote procedure call (RPC) is when a computer program causes a procedure (subroutine) to execute in a different address space (commonly on another computer on a shared network), which is coded as if it were a normal (local) procedure call, without the programmer explicitly coding the details for the remote interaction. That is, the programmer writes essentially the same code whether the subroutine is local to the executing program, or remote. This is a form of client–server interaction (caller is client, executor is server), typically implemented via a request–response message-passing system. In the object-oriented programming paradigm, RPC calls are represented by remote method invocation (RMI). The RPC model implies a level of location transparency, namely that calling procedures is largely the same whether it is local or remote, but usually they are not identical, so local calls can be distinguished from remote calls. Remote calls are usually orders of magnitude slower and less reliable than local calls, so distinguishing them is important.

RPCs are a form of inter-process communication (IPC), in that different processes have different address spaces: if on the same host machine, they have distinct virtual address spaces, even though the physical address space is the same; while if they are on different hosts, the physical address space is different. Many different (often incompatible) technologies have been used to implement the concept.


Apache Kafka



  • - the persistent message streaming platform written in Rust, supporting QUIC, TCP and HTTP transport protocols, capable of processing millions of messages per second.


  • - an interprocess message passing (sometimes called ordered, reliable multicast) technology. Virtual synchrony systems allow programs running in a network to organize themselves into process groups, and to send messages to groups (as opposed to sending them to specific processes). Each message is delivered to all the group members, in the identical order, and this is true even when two messages are transmitted simultaneously by different senders.




  • Vsync - can enable reliable, secure replication of data even in the highly elastic first-tier of the cloud. Vsync is a new name for a fairly mature project of Ken Birman at Cornell University, previously called Isis2. The Vsync software library helps you build applications that will run on multiple computers, coordinating actions, sharing replicated data, moving files and other information at high speeds, cooperating to support key-value storage (DHT storage), etc. Vsync aims at sophisticated developers with challenging needs, and is designed to be highly secure, fault-tolerant, consistent and very scalable, even under "cloudy conditions."


  • - a protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link. It is included in Windows Vista, Windows Server 2008, Windows 7, Windows 8 and Windows 10. It is also implemented by systemd-resolved on Linux. LLMNR is defined in RFC 4795.


  • Resilience - an ad blocker for your computer that works with any browser on any operating system. Resilience on macOS. Resilience doesn't sell out your privacy with "acceptable ads". Built-in support for EasyList and EasyPrivacy. Transparent HTTP/HTTPS proxy for Windows, Linux and macOS.Launches at startup and shows a system tray icon. Automatically updates block lists every 24 hours. Checks for Resilience client updates automatically.