Networking
still a mess.
General
- https://en.wikipedia.org/wiki/Computer_network
- https://en.wikipedia.org/wiki/Network_topology
- https://en.wikipedia.org/wiki/Network_theory
- https://en.wikipedia.org/wiki/Client_(computing)
- https://en.wikipedia.org/wiki/Server_(computing)
- https://en.wikipedia.org/wiki/Router_(computing)
- https://en.wikipedia.org/wiki/Gateway_(telecommunications)
- https://en.wikipedia.org/wiki/Point-to-point_(telecommunications)
- https://en.wikipedia.org/wiki/Point-to-multipoint
- https://en.wikipedia.org/wiki/All-to-all_communication
- https://en.wikipedia.org/wiki/Bus_network
- https://en.wikipedia.org/wiki/Ring_network
- https://en.wikipedia.org/wiki/Grid_network
- https://en.wikipedia.org/wiki/Star_network
- https://en.wikipedia.org/wiki/Mesh_networking
- https://en.wikipedia.org/wiki/Peer-to-peer
- https://en.wikipedia.org/wiki/Overlay_network
- https://en.wikipedia.org/wiki/Scale-free_network
- https://en.wikipedia.org/wiki/Broadcast_communication_network
- https://en.wikipedia.org/wiki/Switched_communication_network
Hardware
Cisco
Home router
- http://npr.me.uk/ - Thomson Technicolor Routers. Shit.
Quagga
- Quagga is a routing software suite, providing implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4 for Unix platforms, particularly FreeBSD, Linux, Solaris and NetBSD. Quagga is a fork of GNU Zebra.
Other
Software
See Comms, Security#Firewalls etc.
Linux
sudo lsof -i ports open sudo netstat -plnt ss -tnlp sudo nmap -sT -O localhost
nc 127.0.0.1 123 < /dev/null; echo $? test local port, 1 for closed 0 for open
iputils
- http://www.linuxfoundation.org/collaborate/workgroups/networking/iputils - ping, ping6, traceroute6, rdisc, clockdiff, tftpd
net-tools
- http://sourceforge.net/projects/net-tools/ - NET-3: arp, hostname, ifconfig, netstat, rarp, route, plipconfig, slattach, mii-tool and iptunnel and ipmaddr.
route show (and temp. set) network routes avaliable. in /sbin, in root $PATH only route -n show network routes available, just ip
iproute2
- https://en.wikipedia.org/wiki/Iproute2 - replaces net-tools
ip addr etc.
Other
advanced traceroute + ping
- Linux DNS Lookup Command - host & dig
- https://wiki.archlinux.org/index.php/Software_access_point
- http://askubuntu.com/questions/180733/how-to-setup-an-access-point-mode-wi-fi-hotspot
Configuration
- /etc/hosts
- /etc/network/interfaces - ubuntu network interface settings
- /etc/resolv.conf - dns settings
Goes a little something like;
domain members.linode.com search members.linode.com nameserver 98.76.54.32 nameserver 76.54.32.10 options rotate
- /etc/host.conf - dns resolve order
- /etc/dhcp3/dhclient.conf - overrides ubuntu server dns settings. change prepend option.
- /etc/dnsmasq.conf - dnsmasq settings
- dnsmasq configuration
- Local DNS cache in Linux using dnsmasq
- http://en.wikipedia.org/wiki/inetd - (internet service daemon) is a super-server daemon on many Unix systems that provides Internet services. For each configured service, it listens for requests from connecting clients. Requests are served by spawning a process which runs the appropriate executable, but simple services such as echo are served by inetd itself. External executables, which are run on request, can be single- or multi-threaded. First appearing in 4.3BSD, it is generally located at /usr/sbin/inetd. Often called a super-server, inetd listens on designated ports used by Internet services such as FTP, POP3, and telnet. When a TCP packet or UDP packet arrives with a particular destination port number, inetd launches the appropriate server program to handle the connection. For services that are not expected to run with high loads, this method uses memory more efficiently, since the specific servers run only when needed. Furthermore, no network code is required in the service-specific programs, as inetd hooks the sockets directly to stdin, stdout and stderr of the spawned process. For protocols that have frequent traffic, such as HTTP and POP3, a dedicated server that intercepts the traffic directly may be preferable.
systemd supports inetd
- NCD - scripting language for network configuration and much more
- Horde is linux-based networking middleware that allows an application to stripe data from multiple streams across a set of dissimilar wireless network channels. Horde's approach aims to decrease the programming costs associated with building complex mobile systems that use network striping.
nmap
nmap -A 192.168.1.1 scan machine and report nmap -v -A 192.168.1.1-255 verbose scan range and report nmap -sT -sU -O -p 1-65535 localhost full port scan, to check args
nmap -p T:110,955
- http://www.enterprisenetworkingplanet.com/netsecur/article.php/3716606/Master-Port-Scanning-with-Nmap.htm
- http://www.professormesser.com/nmap/nmap-best-practices/
- http://www.cyberciti.biz/tips/nmap-hide-ipaddress-with-decoy-ideal-scan.html
- http://www.slideshare.net/amiable_indian/hacking-with-nmap-scanning-techniques
nmap -R -sL 209.85.229.99/27 | awk ‘{if($3==”not”)print”(“$2″) no PTR”;else print$3″ is “$2}’ | grep ‘(‘
"This command uses nmap to perform reverse DNS lookups on a subnet. It produces a list of IP addresses with the corresponding PTR record for a given subnet. You can enter the subnet in CDIR notation (i.e. /24 for a Class C)). You could add “–dns-servers x.x.x.x” after the “-sL” if you need the lookups to be performed on a specific DNS server. On some installations nmap needs sudo I believe. Also I hope awk is standard on most distros."
Saving
wget
wget -r -np -l 1 -A zip http://example.com/download/ # download all links to .zip files on a given web page [4]
- http://www.editcorp.com/Personal/Lars_Appel/wget/v1/wget_7.html
- http://www.unixmen.com/wget-command-line-cheatsheet/
- http://fosswire.com/post/2008/04/create-a-mirror-of-a-website-with-wget/
- http://superuser.com/questions/55040/save-a-single-web-page-with-background-images-with-wget
- http://stackoverflow.com/questions/6145641/wget-how-to-mirror-only-a-section-of-a-website
- http://stackoverflow.com/questions/10712344/mirror-http-website-excluding-certain-files - downloads /then/ filters, often not handy...
wget -O myzip.zip https://github.com/zeromq/jzmq/zipball/master
wget -m http://example.com --mirror wget -mk http://example.com --convert-links wget -mk -w 20 http://example.com with delay between requests
wget -E -H -k -K -p -nd http://example.com to mirror a single page --adjust-extension --span-hosts --convert-links --backup-converted --page-requisites --no-directories - httpd access permission issues. to try next time; -nH
cURL
- curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP). The command is designed to work without user interaction.
curl http://www.google.com/search.js -o /path/to/local/file.js
curl http://site.{one,two,three}.com
curl ftp://ftp.numericals.com/file[1-100].txt ftp://ftp.numericals.com/file[001-100].txt (with leading zeros) ftp://ftp.letters.com/file[a-z].txt sequences of alphanumeric series by using []
curl http://any.org/archive[1996-1999]/vol[1-4]/part{a,b,c}.html Nested sequences are not supported, but you can use several ones next to each other:
curl http://www.numericals.com/file[1-100:10].txt http://www.letters.com/file[a-z:2].txt multiple urls + specify a step counter for the ranges to get every Nth number or letter:
other
- mulk - Multi-connection command line tool for downloading Internet sites with image filtering and Metalink support. Similar to wget and cURL, but it manages up to 50 simultaneous and parallel links. Main features are: HTML code parsing, recursive fetching, Metalink retrieving, segmented download and image filtering by width and height. It is based on libcurl, liburiparser, libtidy, libmetalink and libcrypto.
- aria2 is a lightweight multi-protocol & multi-source command-line download utility. It supports HTTP/HTTPS, FTP, BitTorrent and Metalink. aria2 can be manipulated via built-in JSON-RPC and XML-RPC interfaces.
- HTTrack allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads.
httrack "https://example.com" -O ExampleMirrorDirectory \ "-*" \ "+https://example.com/images/*" \ "-*.swf"
netcat
- netcat is a versatile tool that is able to read and write data across TCP and UDP network . Combined with other tools and redirection it can be used in number of ways in your scripts. You will be surprised to see what you can accomplish with Linux netcat command.
- http://mylinuxbook.com/linux-netcat-command/
- http://www.catonmat.net/blog/unix-utilities-netcat/
- http://intermediatesql.com/linux/scrap-the-scp-how-to-copy-data-fast-using-pigz-and-nc/ [5]
nc -l 8888 listen on port 8888 nc server1 8888 connect to port 8888
Ncat
- Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses.
to sort
- Surfraw provides a fast unix command line interface to a variety of popular WWW search engines and other artifacts of power. It reclaims google, altavista, babelfish, dejanews, freshmeat, research index, slashdot and many others from the false-prophet, pox-infested heathen lands of html-forms, placing these wonders where they belong, deep in unix heartland, as god loving extensions to the shell.
- Mininet creates a realistic virtual network, running real kernel, switch and application code, on a single machine (VM, cloud or native), in seconds, with a single command
- OMNeT++ is an extensible, modular, component-based C++ simulation library and framework, primarily for building network simulators. "Network" is meant in a broader sense that includes wired and wireless communication networks, on-chip networks, queueing networks, and so on. Domain-specific functionality such as support for sensor networks, wireless ad-hoc networks, Internet protocols, performance modeling, photonic networks, etc., is provided by model frameworks, developed as independent projects. OMNeT++ offers an Eclipse-based IDE, a graphical runtime environment, and a host of other tools. There are extensions for real-time simulation, network emulation, alternative programming languages (Java, C#), database integration, SystemC integration, and several other functions.
- OpenFlow enables networks to evolve, by giving a remote controller the power to modify the behavior of network devices, through a well-defined "forwarding instruction set". The growing OpenFlow ecosystem now includes routers, switches, virtual switches, and access points from a range of vendors.
- Upside-Down-Ternet - My neighbours are stealing my wireless internet access. I could encrypt it or alternately I could have fun.
- Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc.
- socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor (readline), a program, or a combination of two of these. These modes include generation of "listening" sockets, named pipes, and pseudo terminals.
socat -d -d TCP-L:22,reuseaddr,fork SYSTEM:"nc \$SOCAT_PEERADDR 22" # Confuse people SSHing to your host with a redirect back to theirs.
- ncp - a fast file copy tool for LANs
- bcp (Broadcast Copy) Any easy way to copy files between terminals or computers on a local network.
- UDPcast is a file transfer tool that can send data simultaneously to many destinations on a LAN. This can for instance be used to install entire classrooms of PC's at once. The advantage of UDPcast over using other methods (nfs, ftp, whatever) is that UDPcast uses UDP's multicast abilities: it won't take longer to install 15 machines than it would to install just 2.
- Tsunami UDP Protocol: A fast user-space file transfer protocol that uses TCP control and UDP data for transfer over very high speed long distance networks (≥ 1 Gbps and even 10 GE), designed to provide more throughput than possible with TCP over the same networks.
Monitoring
- Netperf is a benchmark that can be used to measure the performance of many different types of networking. It provides tests for both unidirecitonal throughput, and end-to-end latency. The environments currently measureable by netperf include: TCP and UDP via BSD Sockets for both IPv4 and IPv6, DLPI, Unix Domain Sockets, SCTP for both IPv4 and IPv6
- NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth.
- nload is a console application which monitors network traffic and bandwidth usage in real time. It visualizes the in- and outgoing traffic using two graphs and provides additional info like total amount of transfered data and min/max network usage.
- bwm-ng (Bandwidth Monitor NG) is a small and simple console-based live network and disk io bandwidth monitor for Linux, BSD, Solaris, Mac OS X and others.
- tcptrack is a packet sniffer, which passively watches for connections on a specified network interface, tracks their states, and lists them in a manner similar to the Unix 'top' command. It displays source and destination addresses and ports, connection state, idle time, and bandwidth usage.
- Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression.
- Ostinato is an open-source, cross-platform network packet crafter/traffic generator and analyzer with a friendly GUI. Craft and send packets of several streams with different protocols at different rates. For the full feature list see below. Ostinato aims to be "Wireshark in Reverse" and become complementary to Wireshark.
- EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
- hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
- ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
- Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.
- nfdump tools collect and process netflow data on the command line.
- NfSen is the web based front end for the nfdump netflow tools.
- Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting. [9]
Wireshark
- Wireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.
iftop
- iftop does for network usage what top does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question "why is our ADSL link so slow?".
ntop
vnStat
- vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s). It uses the network interface statistics provided by the kernel as information source. This means that vnStat won't actually be sniffing any traffic and also ensures light use of system resources. However, in Linux at least a 2.2 series kernel is required.
sFlow
other
- http://www.wirefloss.com/ - deja vu
Emulation
General
Layer 1/2
xDSL
- http://en.wikipedia.org/wiki/ADSL
- http://en.wikipedia.org/wiki/Symmetric_digital_subscriber_line - SDSL
- https://en.wikipedia.org/wiki/Very-high-bit-rate_digital_subscriber_line - VDSL
Fiber
Ethernet
Wireless
Wi-Fi
- 802.11 - a, b, g, n, etc.
Avoid NetworkManager if possible.
iwlist wlan0 scanning
Other
- http://akbars.net/how-steve-perlmans-revolutionary-wireless-technology-works-and-why-its-a-bigger-deal-than-anyone-realizes.html [14]
Security
- https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
- http://www.kb.cert.org/vuls/id/723755
- http://blogs.computerworld.com/19551/wifi_routers_oldies_are_goodies
- http://www.neowin.net/news/the-wps-wifi-protected-setup-flaw-explained
- wifite - An automated wireless attack tool.
- You Are a Rogue Device - A New Apparatus Capable of Spying on You Has Been Installed Throughout Downtown Seattle. Very Few Citizens Know What It Is, and Officials Don’t Want to Talk About It. [16]
Other
- https://en.wikipedia.org/wiki/Serial_Line_Internet_Protocol - SLIP, an encapsulation of the Internet Protocol designed to work over serial ports and modem connections. It is documented in RFC 1055. On personal computers, SLIP has been largely replaced by the Point-to-Point Protocol (PPP), which is better engineered, has more features and does not require its IP address configuration to be set before it is established. On microcontrollers, however, SLIP is still the preferred way of encapsulating IP packets due to its very small overhead.
- https://en.wikipedia.org/wiki/Parallel_Line_Internet_Protocol - PLIP - direct computer-to-computer communications using the parallel port normally used for connections to a printer.The Parallel Line Internet Protocol provides Link Layer services for the Internet Protocol, the protocol used for forming small local area networks and large computer networks, such as the Internet, enabling computers without standard dedicated networking hardware, such as Ethernet, but with older parallel port devices, to communicate.
- https://en.wikipedia.org/wiki/Point-to-Point_Protocol - PPP - a data link protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption (using ECP, RFC 1968), and compression. PPP is used over many types of physical networks including serial cable, phone line, trunk line, cellular telephone, specialized radio links, and fiber optic links such as SONET. PPP is also used over Internet access connections. Internet service providers (ISPs) have used PPP for customer dial-up access to the Internet, since IP packets cannot be transmitted over a modem line on their own, without some data link protocol. Two derivatives of PPP, Point-to-Point Protocol over Ethernet (PPPoE) and Point-to-Point Protocol over ATM (PPPoA), are used most commonly by Internet Service Providers (ISPs) to establish a Digital Subscriber Line (DSL) Internet service connection with customers.
Virtual LAN
- http://openvswitch.org/
- http://www.sdncentral.com/technology/vswitch-the-new-battleground-what-every-datacenter-operator-must-know/2012/07/
- http://blog.scottlowe.org/2013/09/09/namespaces-vlans-open-vswitch-and-gre-tunnels/
Ultrasonic
Layer 3/4
- https://en.wikipedia.org/wiki/Internet_layer - TCP/IP
- https://en.wikipedia.org/wiki/Network_layer - OSI
- Internet Engineering Task Force
- http://www.ietf.org/tao.html
- http://en.wikipedia.org/wiki/Rough_consensus
- http://datatracker.ietf.org/doc/draft-resnick-on-consensus/?include_text=1
- http://blog.jasoncrawford.org/request-for-comments
- The History of Packets - This guide seeks to take you on the adventure of the changing packet, and how it has survived over the past four decades of networking hardware and computer software. The Internet started in the late 1960s as ARPANET.
- https://en.wikipedia.org/wiki/Transport_layer - TCP/IP & OSI
Ports
IP
- onics - A suite of command line tools and libraries for manipulating packets in the style of cat, sed, awk, grep, diff, etc... [21]
ARP
Protocol to resolve IPv4 addresses to lower level addressed, i.e., ethernet MAC.
- http://www.habets.pp.se/synscan/programs.php?prog=arping - Broadcasts a who-has ARP packet on the network and prints answers.
- http://engineering.clever.com/2014/12/10/when-your-ip-traffic-in-aws-disappears-into-a-black-hole/ [22]
Subnetting
Addressing
Switching
Routing
- https://en.wikipedia.org/wiki/Routing_protocol
- https://en.wikipedia.org/wiki/Routing_table
- https://en.wikipedia.org/wiki/Forwarding_plane
- https://en.wikipedia.org/wiki/Interface_Message_Processor - the packet-switching node used to interconnect participant networks to the ARPANET from the late 1960s to 1989. It was the first generation of gateways, which are known today as routers.[1][2][3] An IMP was a ruggedized Honeywell DDP-516 minicomputer with special-purpose interfaces and software.[4] In later years the IMPs were made from the non-ruggedized Honeywell 316 which could handle two-thirds of the communication traffic at approximately one-half the cost. An IMP requires the connection to a host computer via a special bit-serial interface, defined in BBN Report 1822. The IMP software and the ARPA network communications protocol running on the IMPs was discussed in RFC 1, the first of a series of standardization documents published by the Internet Engineering Task Force (IETF).
- https://en.wikipedia.org/wiki/Routing_Information_Protocol v2/ng
- https://en.wikipedia.org/wiki/IGRP
- https://en.wikipedia.org/wiki/IS-IS
- https://en.wikipedia.org/wiki/Open_Shortest_Path_First
- https://en.wikipedia.org/wiki/Enhanced_Interior_Gateway_Routing_Protocol
DHCP
- dhclient - The Internet Systems Consortium DHCP Client, dhclient, provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address.
NAT
ICMP
Tunnelling
- iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed.
IPsec
IPv6
Security
NCP
- https://en.wikipedia.org/wiki/Network_Control_Program - preceded the Transmission Control Protocol (TCP) as a transport layer protocol used during the early ARPANET. NCP was a simplex protocol that utilized two port addresses, establishing two connections, for two-way communications. An odd and an even port were reserved for each application layer application or protocol. The standardization of TCP and UDP reduced the need for the use of two simplex ports for each application down to one duplex port
UDP
See also DNS
UPnP
TCP
traceroute -m 100 216.81.59.173 traceroute -m 120 216.81.59.173
Tunnelling
- sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
- Localtunnel allows you to easily share a web service on your local development machine without messing with DNS and firewall settings. Localtunnel will assign you a unique publicly accessible url that will proxy all requests to your locally running webserver. [27]
SCTP
Other
- Secure Socket Funneling (SSF) is a network tool and toolkit. It provides simple and efficient ways to forward data from multiple sockets (TCP or UDP) through a single secure TLS link to a remote computer. [30]
Layer 5 / 6 / 7
See Communication
- https://en.wikipedia.org/wiki/Session_layer
- https://en.wikipedia.org/wiki/Presentation_layer
- https://en.wikipedia.org/wiki/Application_layer
SNMP
telnet
HTTP
See HTTP
UDT
- UDT is a reliable UDP based application level data transport protocol for distributed data intensive applications over wide area high-speed networks. UDT uses UDP to transfer bulk data with its own reliability control and congestion control mechanisms. The new protocol can transfer data at a much higher speed than TCP does. UDT is also a highly configurable framework that can accommodate various congestion control algorithms. [32]
Gopher
FTP
BGP
- http://en.wikipedia.org/wiki/Autonomous_System_(Internet)
- http://bgp.he.net/ - routing
- http://www.bgp4.as/
- OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol.
- http://www.ripe.net/data-tools/stats/ris/
- http://en.wikipedia.org/wiki/List_of_Internet_exchange_points
- http://www.youtube.com/watch?v=RfLpJD0ES8k
SOCKS
NFS
nfs - fstab format and options for the nfs file systems mount.nfs
showmount -e server-Ip-address
- http://buffalo.nas-central.org/wiki/Terastation_NFS
- http://buffalo.nas-central.org/wiki/Terastation_FAQ
- http://buffalo.nas-central.org/wiki/Terastation_Recovery
http://linux.die.net/man/8/mount.cifs
SMB / CIFS
File sharing
See Sharing
- tus - The protocol provides a mechanism for resumable file uploads via HTTP/1.1 (RFC 7230) and HTTP/2 (RFC 7540).
- InterPlanetary File System (IPFS) - a peer-to-peer distributed file system that seeks to connect all computing devices with the same system of files. In some ways, IPFS is similar to the Web, but IPFS could be seen as a single BitTorrent swarm, exchanging objects within one Git repository. In other words, IPFS provides a high throughput content-addressed block storage model, with content-addressed hyperlinks. This forms a generalized Merkle DAG, a data structure upon which one can build versioned file systems, blockchains, and even a Permanent Web. IPFS combines a distributed hashtable, an incentivized block exchange, and a self-certifying namespace. IPFS has no single point of failure, and nodes do not need to trust each other.
Authentication, etc.
LDAP
Kerberos
SASL
- http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer
- http://tools.ietf.org/html/rfc4422
- http://www.gnu.org/software/gsasl/
RADIUS
Other
- OpenAM - The only “all-in-one” access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements, Adaptive Authentication, Strong Authentication, and Web Services Security, in a single, unified product. Mobile support out of the box with full OAuth 2.0 and OpenID Connect support, modern protocols that provide the most efficient method for developing secure native or HTML5 mobile applications optimized for bandwidth and CPU.
Messaging
- https://en.wikipedia.org/wiki/Message_broker
- https://en.wikipedia.org/wiki/Message-oriented_middleware
Apache Kafka
RabbitMQ
Distributed
Consensus
Raft
- https://raftconsensus.github.io/
- http://www.infoq.com/presentations/raft
- https://github.com/goraft/raft
Piping
- Huginn is a system for building agents that perform automated tasks for you online. They can read the web, watch for events, and take actions on your behalf. Huginn's Agents create and consume events, propagating them along a directed event flow graph. Think of it as Yahoo! Pipes plus IFTTT on your own server. [34]
Other
Anti-spam
See also GUI#XDMCP
KVM
VNC
- http://en.wikipedia.org/wiki/Virtual_Network_Computing
- https://help.ubuntu.com/community/VNC
- https://en.wikipedia.org/wiki/Comparison_of_remote_desktop_software
Server
- x11vnc allows one to view remotely and interact with real X displays (i.e. a display corresponding to a physical monitor, keyboard, and mouse) with any VNC viewer. In this way it plays the role for Unix/X11 that WinVNC plays for Windows.
- Vinagre (Remote Desktop Viewer) is the default VNC client in Ubuntu 8.04. It currently allows you to connect to desktops running VNC servers and control them. Specific connection options are not currently supported, e.g. high or low bandwidth settings, but it is planned to add them in an upcoming version.
Web
- Guacamole - a clientless remote desktop gateway. It supports standard protocols like VNC and RDP. We call it clientless because no plugins or client software are required. Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser. [39]
Client
- noVNC - VNC client using HTML5 (WebSockets, Canvas) with encryption (wss://) support. There are many companies/projects that have integrated noVNC into their products including: Ganeti Web Manager, Archipel, openQRM, OpenNode, OpenStack, Broadway (HTML5 GDK/GTK+ backend), OpenNebula, CloudSigma, Zentyal (formerly Ebox), SlapOS, Intel MeshCentral, Amahi, Brightbox, Foreman, LibVNCServer, and PocketVNC.
- https://bitbucket.org/saljam/vnc - This is a VNC viewer Chrome app. It uses Chrome's sockets API to talk to the VNC server directly.
Chicken is a VNC client for Mac OS X. A VNC client allows remote access to another computer over the network. Chicken is based on Chicken of the VNC.
RDP
NX
FreeNX
- https://wiki.archlinux.org/index.php/FreeNX - a GPL implementation of the NX Server and NX Client Components.
Neatx
- https://code.google.com/p/neatx/
- https://en.wikipedia.org/wiki/Neatx - an open-source NX server based on NoMachine's NX technology.
X2Go
- X2Go enables you to access a graphical desktop of a computer over a low bandwidth (or high bandwidth) connection. Multiple users/clients can access a single X2Go Server at the same time, with each user/client having an individual Desktop session by default - however, Desktop sharing (Remote Assistance) is possible, too (see below). For the graphical part of remote desktop sessions, X2Go uses No Machine NX3 technology under the hood.
Other
Mixed
- https://en.wikipedia.org/wiki/UUCP - an abbreviation of Unix-to-Unix Copy. The term generally refers to a suite of computer programs and protocols allowing remote execution of commands and transfer of files, email and netnews between computers. Specifically, a command named uucp is one of the programs in the suite; it provides a user interface for requesting file copy operations. The UUCP suite also includes uux (user interface for remote command execution), uucico (the communication program that performs the file transfers), uustat (reports statistics on recent activity), uuxqt (execute commands sent from remote machines), and uuname (reports the UUCP name of the local system).
VPN
- https://www.tinfoilsecurity.com/blog/dont-get-pwned-on-public-wifi-use-your-own-vpn-tutorial-guide-how-to [42]
- https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs-sstp/
- http://www.vpntutorials.com/blog/which-is-better-l2tp-vs-openvpn-105/
PPTP
- https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol
- https://wiki.archlinux.org/index.php/PPTP_Server
Not recommended for use any more.
L2TP
Requires use of encrypted protocol (IPsec). Uses UDP port 500, which is more easily blocked by NAT firewalls.
IPsec
IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite, while some other Internet security systems in widespread use, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers of the TCP/IP model. Hence, IPsec protects any application traffic across an IP network.
OpenVPN
- https://wiki.archlinux.org/index.php/OpenVPN
- https://cryptoanarchy.org/wiki/OpenVPN
- http://n0where.net/openvpn-simple-overview/
Tinc
DNS
Services
- http://lifehacker.com/5940565/why-you-should-start-using-a-vpn-and-how-to-choose-the-best-one-for-your-needs
- http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/ [44]
- http://torrentfreak.com/proxy-sh-vpn-provider-monitored-traffic-to-catch-hacker-130930/
Systems
- BadVPN is a peer-to-peer VPN system. It provides a Layer 2 (Ethernet) network between the peers (VPN network nodes). The peers connect to a central server which acts as a chat server for them to establish direct connections between each other (data connections). These connections are used for transferring network data (Ethernet frames).
- Freelan - A free, open-source, multi-platform, highly-configurable and peer-to-peer VPN software, designed to easily connect remote hosts and mainly focused on security and performance. [46]
- Social VPN Project - free and open-source P2P Social Virtual Private Network (VPN) that seamlessly networks your computer with the computers of your friends.
- http://www.ntop.org/products/n2n/ - layer 2
- SigmaVPN is simple, light-weight and modular VPN software for UNIX systems, deploying the NaCl encryption library. It's easy to configure, has low overheads and is reliable. No longer is it necessary to waste precious time configuring overcomplicated tunnels. [49]
Backbone
- http://en.wikipedia.org/wiki/Broadband_Remote_Access_Server
- http://en.wikipedia.org/wiki/Digital_subscriber_line_access_multiplexer
Cloud
See also Cloud
- https://en.wikipedia.org/wiki/Software-defined_networking
- YouTube: How SDN will Shape Networking - Nick McKeown
- YouTube:An attempt to motivate and clarify Software-Defined Networking (SDN)
- NOXRepo.org is the home of two Open Source control platforms for Software Defined Networks.
- Maestro is an "operating system" for orchestrating network control applications. Maestro provides interfaces for implementing modular network control applications to access and modify state of the network, and coordinate their interactions. Maestro is a platform for achieving automatic and programmatic network control functions using these modularized applications. Although this project focuses on building an OpenFlow controller using Maestro, Maestro is not only limited to OpenFlow networks.
Mesh
See also Open social.
General
- https://en.wikipedia.org/wiki/Wireless_mesh_network
- https://en.wikipedia.org/wiki/Mobile_ad_hoc_network
- How to Keep the NSA Out of Your Computer [52]
- YouTube: Building Dissent Networks (FOCI 2013)
- http://www.muniwireless.com/2010/01/10/guidelines-for-successful-large-scale-outdoor-wifi-networks/
Protocols
- http://en.wikipedia.org/wiki/List_of_ad_hoc_routing_protocols
- https://en.wikipedia.org/wiki/Category:Ad_hoc_routing_protocols
DSDV
Destination-Sequenced Distance-Vector Routing (DSDV) is a table-driven routing scheme for ad hoc mobile networks based on the Bellman–Ford algorithm. It was developed by C. Perkins and P.Bhagwat in 1994. The main contribution of the algorithm was to solve the routing loop problem. Each entry in the routing table contains a sequence number, the sequence numbers are generally even if a link is present; else, an odd number is used. The number is generated by the destination, and the emitter needs to send out the next update with this number. Routing information is distributed between nodes by sending full dumps infrequently and smaller incremental updates more frequently.
AODV
It is a reactive routing protocol, meaning that it establishes a route to a destination only on demand. In contrast, the most common routing protocols of the Internet are proactive, meaning they find routing paths independently of the usage of the paths. AODV is, as the name indicates, a distance-vector routing protocol. AODV avoids the counting-to-infinity problem of other distance-vector protocols by using sequence numbers on route updates, a technique pioneered by DSDV. AODV is capable of both unicast and multicast routing.
OLSR
Bmx6
- Bmx6 is a routing protocol for Linux based operating systems.
Babel
- Babel - loop-free distance-vector routing protocol
Babel is based on the ideas in Destination-Sequenced Distance Vector routing (DSDV), Ad hoc On-Demand Distance Vector Routing (AODV), and Cisco's Enhanced Interior Gateway Routing Protocol (EIGRP), but it uses a variant of Expected Transmission Count (ETX) link cost estimation rather than a simple hop-count metric. It employs several techniques to ensure the absence of routing pathologies, such as routing loops. Babel operates on IPv4 and IPv6 networks. It has been reported to be a robust protocol and to have fast convergence properties.
Two implementations of Babel are freely available: the standalone sample implementation, and a version that is integrated into the Quagga routing suite. The version integrated into Quagga allows for authentication.
B.A.T.M.A.N.
- Open Mesh B.A.T.M.A.N. - layer 2 & 3
- Netsukuku layer 2 & 3, etc
HWMP
cjdns
Wanderlust
- Wanderlust - A Worldwide Network with Distributed Routing through Location Swapping
Other
Router
- nodewatcher centralized network monitoring platform
- Free Networks volunteer cooperative association
- Nodecity - thing with trust metric
Hardware
- US Navy: Networks and Communication Systems Branch
- http://piratepad.net/new-intranets - old skool pad
- https://news.ycombinator.com/item?id=6285231
- http://jeelabs.com/
- http://www.sigfox.com/en/page/44-technology.html
- https://www.sparkdevices.com/
- http://thingsquare.com/tech/
- http://cubox-i.com/
Projects
Networks
- Wireless Battle of the Mesh - comparison event
- http://2013.wirelesssummit.org/
- freifunk - OLSR and B.A.T.M.A.N
- CUWiN 802.11b networks
- ninux.org is a Wireless Network Community in Italy. OLSR
Project Mesh Net
Serval
- http://developer.servalproject.org/dokuwiki/doku.php?id=content:tech:mdp - Mesh Datagram Protocol (MDP)
- http://developer.servalproject.org/dokuwiki/doku.php?id=content:tech:vomp - Voice over Mesh Protocol (VoMP)
- http://developer.servalproject.org/dokuwiki/doku.php?id=content:tech:rhizome
- http://developer.servalproject.org/dokuwiki/doku.php?id=content:tech:meshms
Commotion
OLSR
FabFi
OLSR
to sort
- http://youandjerrycan.org/
- http://wiki.youandjerrycan.org/ - plastic jug, zimbra
Stacks
Freedom Box
- http://freedomboxfoundation.org/
- http://wiki.debian.org/FreedomBox
- https://wiki.debian.org/Freedombox/FreedomBuddy
Byzantium
Other
- Stack#Ansible - basic services
ArcOS
- arkOS is a system for securely self-hosting your online life from the comfort of your home.
Mapping
Darknets
- https://en.wikipedia.org/wiki/AnoNet - anoNet is a decentralized friend-to-friend network built using VPNs and software BGP routers. anoNet works by making it difficult to learn the identities of others on the network allowing them to anonymously host IPv4 and IPv6 services.
Other
- http://www.reddit.com/r/Bitcoin/comments/1vd2r1/we_want_to_replace_youtube_dropbox_facebook/
- http://www.reddit.com/r/bitcloud
UK ISPs
Scotland
to sort
View The Daily Show, etc. in the UK, etc. Mofity HTTP headers; X-Forwarded-For "12.13.14.15" [56]
- http://queue.acm.org/detail.cfm?id=2076798 - buffer bloat
- GLIF, the Global Lambda Integrated Facility, is an international consortium that promotes the paradigm of lambda networking.
- OpenSignalMaps - database of cell phone towers, cell phone signal strength readings, and Wi-Fi access points around the world