Networking

From Things and Stuff Wiki
Revision as of 20:43, 11 April 2019 by Milk (talk | contribs) (→‎SNMP)
Jump to navigation Jump to search


still a mess.

to totally rejig

General






  • https://en.wikipedia.org/wiki/Channel_(communications) - or simply channel refers either to a physical transmission medium such as a wire, or to a logical connection over a multiplexed medium such as a radio channel in telecommunications and computer networking. A channel is used to convey an information signal, for example a digital bit stream, from one or several senders (or transmitters) to one or several receivers. A channel has a certain capacity for transmitting information, often measured by its bandwidth in Hz or its data rate in bits per second. Communicating data from one location to another requires some form of pathway or medium. These pathways, called communication channels, use two types of media: cable (twisted-pair wire, cable, and fiber-optic cable) and broadcast (microwave, satellite, radio, and infrared).




  • https://en.wikipedia.org/wiki/Connection-oriented_communication - a network communication mode in telecommunications and computer networking, where a communication session or a semi-permanent connection is established before any useful data can be transferred, and where a stream of data is delivered in the same order as it was sent. The alternative to connection-oriented transmission is connectionless communication, for example the datagram mode communication used by the IP and UDP protocols, where data may be delivered out of order, since different packets are routed independently, and may be delivered over different paths.


  • https://en.wikipedia.org/wiki/Connectionless_communication - often referred to as CL-mode communication, is a data transmission method used in packet switching networks in which each data unit is individually addressed and routed based on information carried in each unit, rather than in the setup information of a prearranged, fixed data channel as in connection-oriented communication. Under connectionless communication between two network end points, a message can be sent from one end point to another without prior arrangement. The device at one end of the communication transmits data addressed to the other, without first ensuring that the recipient is available and ready to receive the data. Some protocols allow for error correction by requested retransmission. Internet Protocol (IP) and User Datagram Protocol (UDP) are connectionless protocols.



  • https://en.wikipedia.org/wiki/Source_routing - also called path addressing, allows a sender of a packet to partially or completely specify the route the packet takes through the network. In contrast, in conventional routing, routers in the network determine the path incrementally based on the packet's destination. Another routing alternative, label switching, is used in connection-oriented networks such as X.25, frame relay, ATM and MPLS.


Topology














to sort






Speed testing


Internet


Backbone







  • guifi.net - a bottom-up, citizenship-driven technological, social and economic project with the objective of creating a free, open and neutral telecommunications network based on a commons model. The development of this common-pool infrastructure eases the access to quality, fair-priced telecommunications in general and broadband Internet connections in particular, for everybody. Moreover, it generates a model for collaborative economic activity based on proximity and sustainability.

Hardware



  • https://en.wikipedia.org/wiki/Forwarding_information_base - also known as a forwarding table or MAC table, is most commonly used in network bridging, routing, and similar functions to find the proper interface to which the input interface should forward a packet. It is a dynamic table that maps MAC addresses to ports. It is the essential mechanism that separates network switches from network hubs. Content-addressable memory (CAM) is typically used to efficiently implement the FIB, thus it is sometimes called a CAM table.

Cisco

Home router

  • LEDE project is founded as a spin-off of the OpenWrt project and shares many of the same goals. We are building an embedded Linux distribution that makes it easy for developers, system administrators or other Linux enthusiasts to build and customize software for embedded devices, especially wireless routers. The name LEDE stands for Linux Embedded Development Environment. [5]


Quagga

  • Quagga is a routing software suite, providing implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4 for Unix platforms, particularly FreeBSD, Linux, Solaris and NetBSD. Quagga is a fork of GNU Zebra.

Other




Layer 1/2

  • https://en.wikipedia.org/wiki/Link_layer - the group of methods and communications protocols that only operate on the link that a host is physically connected to. The link is the physical and logical network component used to interconnect hosts or nodes in the network and a link protocol is a suite of methods and standards that operate only between adjacent network nodes of a local area network segment or a wide area network connection.

Despite the different semantics of layering in TCP/IP and OSI, the link layer is sometimes described as a combination of the data link layer (layer 2) and the physical layer (layer 1) in the OSI model. However, the layers of TCP/IP are descriptions of operating scopes (application, host-to-host, network, link) and not detailed prescriptions of operating procedures, data semantics, or networking technologies.



  • https://en.wikipedia.org/wiki/MAC_address - or media access control address of a device is a unique identifier assigned to a network interface controller (NIC) for communications at the data link layer of a network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet, Wi-Fi and Bluetooth. In this context, MAC addresses are used in the medium access control protocol sublayer. As typically represented, MAC addresses are recognizable as six groups of two hexadecimal digits, separated by hyphens, colons, or no separator (see Notational conventions below).




Modem





  • ModemManager - a DBus-activated daemon which controls mobile broadband (2G/3G/4G) devices and connections. Whether built-in devices, USB dongles, bluetooth-paired telephones, or professional RS232/USB devices with external power supplies, ModemManager is able to prepare and configure the modems and setup connections with them.



ISDN

xDSL

Fiber

Ethernet

etc..



  • https://en.wikipedia.org/wiki/RDMA_over_Converged_Ethernet - a network protocol that allows remote direct memory access (RDMA) over an Ethernet network. There are two RoCE versions, RoCE v1 and RoCE v2. RoCE v1 is an Ethernet link layer protocol and hence allows communication between any two hosts in the same Ethernet broadcast domain. RoCE v2 is an internet layer protocol which means that RoCE v2 packets can be routed. Although the RoCE protocol benefits from the characteristics of a converged Ethernet network, the protocol can also be used on a traditional or non-converged Ethernet network.

Wireless

  • WiGLE.net - All the networks. Found by Everyone.



Wi-Fi



  • https://en.wikipedia.org/wiki/IEEE_802.11n - standardized support for multiple-input multiple-output, frame aggregation, and security improvements, among other features, and can be used in the 2.4 GHz or 5 GHz frequency bands. The purpose of the standard is to improve network throughput over the two previous standards—802.11a and 802.11g—with a significant increase in the maximum net data rate from 54 Mbit/s to 600 Mbit/s (slightly higher gross bit rate including for example error-correction codes, and slightly lower maximum throughput) with the use of four spatial streams at a channel width of 40 MHz.





  • wpa_supplicant - a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). It is suitable for both desktop/laptop computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. wpa_supplicant is designed to be a "daemon" program that runs in the background and acts as the backend component controlling the wireless connection. wpa_supplicant supports separate frontend programs and a text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with wpa_supplicant. wpa_supplicant uses a flexible build configuration that can be used to select which features are included. This allows minimal code size (from ca. 50 kB binary for WPA/WPA2-Personal and 130 kB binary for WPA/WPA2-Enterprise without debugging code to 450 kB with most features and full debugging support; these example sizes are from a build for x86 target).


iwlist wlan0 scanning


  • https://wiki.archlinux.org/index.php/iwd - a wireless daemon for Linux, written by Intel aiming to replace WPA supplicant. IWD works standalone or in combination with ConnMan or NetworkManager. It comes with different enhancements like an own crypto-library, called ELL, which docks directly into the Linux Kernel cryptography.


  • hostapd - a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. The current version supports Linux (Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211).hostapd is designed to be a "daemon" program that runs in the background and acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd.


  • https://bitbucket.org/xoseperez/espurna - ESPurna ("spark" in Catalan) is a custom firmware for ESP8266 based smart switches. It was originally developed with the IteadStudio Sonoff in mind but now it supports a growing number of ESP8266-based boards. It uses the Arduino Core for ESP8266 framework and a number of 3rd party libraries.


  • PyRF - an openly available, comprehensive development environment for wireless signal analysis. PyRF handles the low-level details of configuring a device, real-time data acquisition and signal processing, allowing you to concentrate on your analysis solutions. Hence, it enables rapid development of powerful applications that leverage the new generation of measurement-grade software-defined radio technology, such as ThinkRF Real-Time Spectrum Analysis Software.



  • https://github.com/martin-ger/esp_wifi_repeater - an implementation of a WiFi NAT router on the esp8266 and esp8285. It also includes support for a packet filtering firewall with ACLs, port mapping, traffic shaping, hooks for remote monitoring (or packet sniffing), an MQTT management interface, and power management. For a setup with multiple routers in a mesh to cover a larger area a new mode "Automesh" has been included


  • Better Wi-Fi: FILS - FILS is short for Fast Initial Link Setup. It's the term used to describe IEEE 802.11ai – the IEEE amendment in progress with the sole aim of setting standards for a wireless client to establish a link with an AP in much lesser time than it does today.  
  • Revolution Wi-Fi: Wake on Wireless LAN - Similar to Wake-on-LAN (WoL), Wake on Wireless LAN (WoWLAN) is a technology that allows remote wake-up of workstations from a standby power state to facilitate device management. WoWLAN is based on the well-established WoL standard used over wired Ethernet networks, and can provide similar functionality and benefits.


Other











Bluetooth

See Computer#Bluetooth

LTE

Linux

  • iw - a new nl80211 based CLI configuration utility for wireless devices. It supports all new drivers that have been added to the kernel recently. The old tool iwconfig, which uses Wireless Extensions interface, is deprecated and it's strongly recommended to switch to iw and nl80211.



  • hostapd - a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. The current version supports Linux (Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211). hostapd is designed to be a "daemon" program that runs in the background and acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd.


Security




  • wifite - An automated wireless attack tool.


  • You Are a Rogue Device - A New Apparatus Capable of Spying on You Has Been Installed Throughout Downtown Seattle. Very Few Citizens Know What It Is, and Officials Don’t Want to Talk About It. [15]


  • WiGLE - Wireless Network Mapping


WPS

sudo wpa_cli wps_pbc
  # WPS Push-button mode

sudo wpa_cli wps_pin any <the pin>
  # For WPS Pin mode



  • https://github.com/wiire-a/pixiewps - a tool written in C used to bruteforce offline the WPS PIN exploiting the low or non-existing entropy of some software implementations, the so-called "pixie-dust attack" discovered by Dominique Bongard in summer 2014. It is meant for educational purposes only. As opposed to the traditional online brute-force attack, implemented in tools like Reaver or Bully which aim to recover the pin in a few hours, this method can get the PIN in only a matter of seconds or minutes, depending on the target, if vulnerable.
  • https://github.com/aanarchyy/bully - a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification. It has several advantages over the original reaver code. These include fewer dependencies, improved memory and cpu performance, correct handling of endianness, and a more robust set of options. It runs on Linux, and was specifically developed to run on embedded Linux systems (OpenWrt, etc) regardless of architecture.

UUCP

  • https://en.wikipedia.org/wiki/UUCP - an abbreviation of Unix-to-Unix Copy. The term generally refers to a suite of computer programs and protocols allowing remote execution of commands and transfer of files, email and netnews between computers. Specifically, a command named uucp is one of the programs in the suite; it provides a user interface for requesting file copy operations. The UUCP suite also includes uux (user interface for remote command execution), uucico (the communication program that performs the file transfers), uustat (reports statistics on recent activity), uuxqt (execute commands sent from remote machines), and uuname (reports the UUCP name of the local system).


SLIP

  • https://en.wikipedia.org/wiki/Serial_Line_Internet_Protocol - SLIP, an encapsulation of the Internet Protocol designed to work over serial ports and modem connections. It is documented in RFC 1055. On personal computers, SLIP has been largely replaced by the Point-to-Point Protocol (PPP), which is better engineered, has more features and does not require its IP address configuration to be set before it is established. On microcontrollers, however, SLIP is still the preferred way of encapsulating IP packets due to its very small overhead.

PLIP

  • https://en.wikipedia.org/wiki/Parallel_Line_Internet_Protocol - PLIP - direct computer-to-computer communications using the parallel port normally used for connections to a printer.The Parallel Line Internet Protocol provides Link Layer services for the Internet Protocol, the protocol used for forming small local area networks and large computer networks, such as the Internet, enabling computers without standard dedicated networking hardware, such as Ethernet, but with older parallel port devices, to communicate.

PPP

  • https://en.wikipedia.org/wiki/Point-to-Point_Protocol - PPP - a data link protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption (using ECP, RFC 1968), and compression. PPP is used over many types of physical networks including serial cable, phone line, trunk line, cellular telephone, specialized radio links, and fiber optic links such as SONET. PPP is also used over Internet access connections. Internet service providers (ISPs) have used PPP for customer dial-up access to the Internet, since IP packets cannot be transmitted over a modem line on their own, without some data link protocol. Two derivatives of PPP, Point-to-Point Protocol over Ethernet (PPPoE) and Point-to-Point Protocol over ATM (PPPoA), are used most commonly by Internet Service Providers (ISPs) to establish a Digital Subscriber Line (DSL) Internet service connection with customers.

Audio / ultrasonic





Layer 3/4



  • The History of Packets - This guide seeks to take you on the adventure of the changing packet, and how it has survived over the past four decades of networking hardware and computer software. The Internet started in the late 1960s as ARPANET.




Ports

Scanning

nmap -A 192.168.1.1
  scan machine and report

nmap -v -A 192.168.1.1-255
  verbose scan range and report

nmap -sT -sU -O -p 1-65535 localhost
  full port scan, to check args
nmap -p T:110,955
nmap -R -sL 209.85.229.99/27 | awk ‘{if($3==”not”)print”(“$2″) no PTR”;else print$3″ is “$2}’ | grep ‘(‘

"This command uses nmap to perform reverse DNS lookups on a subnet. It produces a list of IP addresses with the corresponding PTR record for a given subnet. You can enter the subnet in CDIR notation (i.e. /24 for a Class C)). You could add “–dns-servers x.x.x.x” after the “-sL” if you need the lookups to be performed on a specific DNS server. On some installations nmap needs sudo I believe. Also I hope awk is standard on most distros."


  • https://github.com/trimstray/sandmap - a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques.

IP

  • onics - A suite of command line tools and libraries for manipulating packets in the style of cat, sed, awk, grep, diff, etc... [22]



ARP

Protocol to resolve IPv4 addresses to lower level addressed, i.e., ethernet MAC.


arp -e
  # list arp table


arp-scan --interface=eth0 --localnet




Subnetting



  • https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing - CIDR, is a method for allocating IP addresses and IP routing. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the Internet. Its goal was to slow the growth of routing tables on routers across the Internet, and to help slow the rapid exhaustion of IPv4 addresses. CIDR encompasses several concepts. It is based on the variable-length subnet masking' (VLSM) technique, which allows the specification of arbitrary-length prefixes. CIDR introduced a new method of representation for IP addresses, now commonly known as CIDR notation, in which an address or routing prefix is written with a suffix indicating the number of bits of the prefix, such as 192.0.2.0/24 for IPv4, and 2001:db8::/32 for IPv6. CIDR introduced an administrative process of allocating address blocks to organizations based on their actual and short-term projected needs. The aggregation of multiple contiguous prefixes resulted in supernets in the larger Internet, which whenever possible are advertised as aggregates, thus reducing the number of entries in the global routing table.

Addressing

Switching

Routing



  • https://en.wikipedia.org/wiki/Interface_Message_Processor - the packet-switching node used to interconnect participant networks to the ARPANET from the late 1960s to 1989. It was the first generation of gateways, which are known today as routers. An IMP was a ruggedized Honeywell DDP-516 minicomputer with special-purpose interfaces and software. In later years the IMPs were made from the non-ruggedized Honeywell 316 which could handle two-thirds of the communication traffic at approximately one-half the cost. An IMP requires the connection to a host computer via a special bit-serial interface, defined in BBN Report 1822. The IMP software and the ARPA network communications protocol running on the IMPs was discussed in RFC 1, the first of a series of standardization documents published by the Internet Engineering Task Force (IETF).






  • The BIRD Internet Routing Daemon Project - a fully functional dynamic IP routing daemon primarily targeted on (but not limited to) Linux, FreeBSD and other UNIX-like systems and distributed under the GNU General Public License.



  • https://en.wikipedia.org/wiki/Bufferbloat - a cause of high latency in packet-switched networks caused by excess buffering of packets. Bufferbloat can also cause packet delay variation (also known as jitter), as well as reduce the overall network throughput. When a router or switch is configured to use excessively large buffers, even very high-speed networks can become practically unusable for many interactive applications like voice over IP (VoIP), online gaming, and even ordinary web surfing. Some communications equipment manufacturers designed unnecessarily large buffers into some of their network products. In such equipment, bufferbloat occurs when a network link becomes congested, causing packets to become queued for long periods in these oversized buffers. In a first-in first-out queuing system, overly large buffers result in longer queues and higher latency, and do not improve network throughput. The bufferbloat phenomenon was initially described as far back as in 1985. It gained more widespread attention starting in 2009.


  • https://en.wikipedia.org/wiki/Link_aggregation - applies to various methods of combining (aggregating) multiple network connections in parallel in order to increase throughput beyond what a single connection could sustain, and to provide redundancy in case one of the links should fail. A Link Aggregation Group (LAG) combines a number of physical ports together to make a single high-bandwidth data path, so as to implement the traffic load sharing among the member ports in the group and to enhance the connection reliability. Other umbrella terms used to describe the method include port trunking, link bundling, Ethernet/network/NIC bonding, channel bonding or NIC teaming. These umbrella terms encompass not only vendor-independent standards such as Link Aggregation Control Protocol (LACP) for Ethernet defined in IEEE 802.1AX or the previous IEEE 802.3ad, but also various proprietary solutions.


  • https://wiki.linuxfoundation.org/networking/bonding - The Linux bonding driver provides a method for aggregating multiple network interfaces into a single logical bonded interface. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed.

DHCP

  • dhclient - The Internet Systems Consortium DHCP Client, dhclient, provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address.



  • https://en.wikipedia.org/wiki/Peg_DHCP - a method defined in RFC 2322 to assign IP addresses in a context where regular DHCP wouldn't work. The "server" hands out wooden clothes-pegs numbered with the addresses to allocate and an additional leaflet with network information. The "client", typically the user, then configures their device accordingly. Even though this RFC, "Management of IP numbers by peg-dhcp" was published on the first of April 1998, it describes, unlike most other April Fools' Day RFCs, a regularly used protocol with a serious purpose. During the preparation of Hacking in Progress 1997, the organizers were looking for a robust way to assign IP addresses to the participants. The obvious first choice, DHCP, almost completely defenseless against rogue servers, was not retained considering the traditionally creative use of the network. [27]


NAT

  • https://en.wikipedia.org/wiki/Network_address_translation - a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used as a shortcut to avoid the need to readdress every host when a network was moved. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network. IP masquerading is a technique that hides an entire IP address space, usually consisting of private IP addresses, behind a single IP address in another, usually public address space. The address that has to be hidden is changed into a single (public) IP address as "new" source address of the outgoing IP packet so it appears as originating not from the hidden host but from the routing device itself. Because of the popularity of this technique to conserve IPv4 address space, the term NAT has become virtually synonymous with IP masquerading.As network address translation modifies the IP address information in packets, it has serious consequences on the quality of Internet connectivity and requires careful attention to the details of its implementation. NAT implementations vary widely in their specific behavior in various addressing cases and their effect on network traffic. The specifics of NAT behavior are not commonly documented by vendors of equipment containing NAT implementations.



  • https://en.wikipedia.org/wiki/NAT_traversal - a computer networking technique of establishing and maintaining Internet protocol connections across gateways that implement network address translation (NAT).NAT traversal techniques are required for many network applications, such as peer-to-peer file sharing and Voice over IP.




  • https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol - a network protocol for establishing network address translation (NAT) settings and port forwarding configurations automatically without user effort. The protocol automatically determines the external IPv4 address of a NAT gateway, and provides means for an application to communicate the parameters for communication to peers. NAT-PMP was introduced in 2005 by Apple as an alternative to the more common ISO Standard Internet Gateway Device Protocol implemented in many NAT routers. The protocol was published as an informational Request for Comments (RFC) by the Internet Engineering Task Force (IETF) in RFC 6886. NAT-PMP runs over the User Datagram Protocol (UDP) and uses port number 5351. It has no built-in authentication mechanisms because forwarding a port typically does not allow any activity that could not also be achieved using STUN methods. The benefit of NAT-PMP over STUN is that it does not require a STUN server and a NAT-PMP mapping has a known expiration time, allowing the application to avoid sending inefficient keep-alive packets.NAT-PMP is the predecessor to the Port Control Protocol (PCP).


  • https://en.wikipedia.org/wiki/Port_Control_Protocol - a computer networking protocol that allows hosts on IPv4 or IPv6 networks to control how the incoming IPv4 or IPv6 packets are translated and forwarded by an upstream router that performs network address translation (NAT) or packet filtering. By allowing hosts to create explicit port forwarding rules, handling of the network traffic can be easily configured to make hosts placed behind NATs or firewalls reachable from the rest of the Internet (so they can also act as network servers), which is a requirement for many applications. Additionally, explicit port forwarding rules available through PCP allow hosts to reduce the amount of generated traffic by eliminating workarounds in form of outgoing NAT keepalive messages, which are required for maintaining connections to servers and for various NAT traversal techniques such as TCP hole punching. At the same time, less generated traffic reduces the power consumption, directly improving the battery runtime for mobile devices. PCP was standardized in 2013 as a successor to the NAT Port Mapping Protocol (NAT-PMP), with which it shares similar protocol concepts and packet formats.

ICMP




Tunnelling

  • iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed.


IPsec

IPv6






  • https://en.wikipedia.org/wiki/Multicast_Listener_Discovery - a component of the Internet Protocol Version 6 (IPv6) suite. MLD is used by IPv6 routers for discovering multicast listeners on a directly attached link, much like Internet Group Management Protocol (IGMP) is used in IPv4. The protocol is embedded in ICMPv6 instead of using a separate protocol. MLDv1 is similar to IGMPv2 and MLDv2 similar to IGMPv3. The protocol is described in RFC 3810 which has been updated by RFC 4604.



Security


NCP

  • https://en.wikipedia.org/wiki/Network_Control_Program - preceded the Transmission Control Protocol (TCP) as a transport layer protocol used during the early ARPANET. NCP was a simplex protocol that utilized two port addresses, establishing two connections, for two-way communications. An odd and an even port were reserved for each application layer application or protocol. The standardization of TCP and UDP reduced the need for the use of two simplex ports for each application down to one duplex port

UDP

See also DNS

UPnP



  • MiniUPnP Project HomePage - software which supports the UPnP Internet Gateway Device (IGD) specifications. NAT-PMP and PCP support was added to MiniUPnPd. For client side NAT-PMP support, use libnatpmp. The MiniUPnP daemon (MiniUPnPd) supports OpenBSD, FreeBSD, NetBSD, DragonFly BSD, (Open)Solaris and Mac OS X in combination with pf or ipfw (ipfirewall) or ipf and Linux with netfilter. The MiniUPnP client (MiniUPnPc) and MiniSSDPd are portable and should work on any POSIX system. MiniUPnPc also works under MS Windows and AmigaOS (version 3 and 4).

TCP

See also HTTP, SSH, Gopher

traceroute -m 100 216.81.59.173
traceroute -m 120 216.81.59.173

Tunnelling

  • sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
  • Localtunnel allows you to easily share a web service on your local development machine without messing with DNS and firewall settings. Localtunnel will assign you a unique publicly accessible url that will proxy all requests to your locally running webserver. [34]


  • https://github.com/darkk/redsocks - allows you to redirect any TCP connection to SOCKS or HTTPS proxy using your firewall, so redirection is system-wide. Why is that useful? I can suggest following reasons: you use tor[1] and don't want any TCP connection to leak. you use DVB ISP and this ISP provides internet connectivity with some special daemon that may be also called "Internet accelerator" and this accelerator acts as proxy. Globax[2] is example of such an accelerator.

UDT

  • UDT is a reliable UDP based application level data transport protocol for distributed data intensive applications over wide area high-speed networks. UDT uses UDP to transfer bulk data with its own reliability control and congestion control mechanisms. The new protocol can transfer data at a much higher speed than TCP does. UDT is also a highly configurable framework that can accommodate various congestion control algorithms. [35]

RTP / RTCP

  • https://en.wikipedia.org/wiki/Real-time_Transport_Protocol - a network protocol for delivering audio and video over IP networks. RTP is used extensively in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications including WebRTC, television services and web-based push-to-talk features.

RTP typically runs over User Datagram Protocol (UDP). RTP is used in conjunction with the RTP Control Protocol (RTCP). While RTP carries the media streams (e.g., audio and video), RTCP is used to monitor transmission statistics and quality of service (QoS) and aids synchronization of multiple streams. RTP is one of the technical foundations of Voice over IP and in this context is often used in conjunction with a signaling protocol such as the Session Initiation Protocol (SIP) which establishes connections across the network.

RTP was developed by the Audio-Video Transport Working Group of the Internet Engineering Task Force (IETF) and first published in 1996 as RFC 1889, superseded by RFC 3550 in 2003.


SRTP / SRTCP

  • https://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol - a Real-time Transport Protocol (RTP) profile, intended to provide encryption, message authentication and integrity, and replay attack protection to the RTP data in both unicast and multicast applications. It was developed by a small team of Internet Protocol and cryptographic experts from Cisco and Ericsson. It was first published by the IETF in March 2004 as RFC 3711.

Since RTP is closely related to RTP Control Protocol (RTCP) which can be used to control the RTP session, SRTP also has a sister protocol, called Secure RTCP (SRTCP); SRTCP securely provides the same features to RTCP, as the ones provided by SRTP to RTP. Utilization of SRTP or SRTCP is optional in RTP or RTCP applications; but even if SRTP or SRTCP are used, all provided features (such as encryption and authentication) are optional and can be separately enabled or disabled. The only exception is the message authentication feature which is indispensably required when using SRTCP.


SCTP

DCCP

Other

  • Secure Socket Funneling (SSF) is a network tool and toolkit. It provides simple and efficient ways to forward data from multiple sockets (TCP or UDP) through a single secure TLS link to a remote computer. [39]



  • http://www.openonload.org - a high performance network stack from Solarflare that dramatically reduces latency and cpu utilisation, and increases message rate and bandwidth. OpenOnload runs on Linux and supports TCP/UDP/IP network protocols with the standard BSD sockets API, and requires no modifications to applications to use. It achieves performance improvements in part by performing network processing at user-level, bypassing the OS kernel entirely on the data path. Networking performance is improved without sacrificing the security and multiplexing functions that the OS kernel normally provides.

QUIC

Software

See Comms, Security#Firewalls etc.



  • Network protocols, sans I/O - provides a single location for people to reference when looking for network protocol implementations written in Python that perform no I/O (this means libraries that operate directly on text or bytes; this excludes libraries that just abstract out I/O).


Network configuration



Goes a little something like;

domain members.linode.com
search members.linode.com
nameserver 98.76.54.32
nameserver 76.54.32.10
options rotate




iputils

net-tools

route
  show (and temp. set) network routes avaliable. in /sbin, in root $PATH only
route -n
  show network routes available, just ip


iproute2

ip a
  # list network devices and their status

ip link set [interface] up
  # start a network interface

ip route add default via 192.168.0.1 dev eth0


  • veth - Virtual Ethernet Devices. They can act as tunnels between network namespaces to create a bridge to a physical network device in another namespace, but can also be used as standalone network devices.


  • http://linux.die.net/man/8/ss - used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state informations than other tools.
  • https://loicpefferkorn.net/2016/03/linux-network-metrics-why-you-should-use-nstat-instead-of-netstat/ - netstat maintains a static table of metrics entries, while nstat parses the whole /proc files. Since netstat is obsolete, new entries are not taken into account. netstat appears more user-friendly by describing some metrics with plain English, while nstat displays raw information. This can be considered as an advantage to roughly identify the purpose of the metric, but also a drawback if you are interested in the RFC name of the variable, going through netstat source code is hence a mandatory step. Parsing nstat output is also easier, even almost done thanks to the JSON output format option.

Network management

systemd.network

  • systemd-networkd - a system service that manages networks. It detects and configures network devices as they appear, as well as creating virtual network devices. To configure low-level link settings independently of networks, see systemd.link(5). systemd-networkd will create network devices based on the configuration in systemd.netdev(5) files, respecting the [Match] sections in those files. systemd-networkd will manage network addresses and routes for any link for which it finds a .network file with an appropriate [Match] section, see systemd.network(5). For those links, it will flush existing network addresses and routes when bringing up the device. Any links not matched by one of the .network files will be ignored. It is also possible to explicitly tell systemd-networkd to ignore a link by using Unmanaged=yes option, see systemd.network(5).


  • systemd.network - The main network file must have the extension .network; other extensions are ignored. Networks are applied to links whenever the links appear. The .network files are read from the files located in the system network directory /usr/lib/systemd/network, the volatile runtime network directory /run/systemd/network and the local administration network directory /etc/systemd/network. All configuration files are collectively sorted and processed in lexical order, regardless of the directories in which they live. However, files with identical filenames replace each other. Files in /etc have the highest priority, files in /run take precedence over files with the same name in /usr/lib. This can be used to override a system-supplied configuration file with a local file if needed. As a special case, an empty file (file size 0) or symlink with the same name pointing to /dev/null disables the configuration file entirely (it is "masked").

Netctl

From Arch Linux devs, profile based


Connman

Generally for embedded systems.


Network Manager

meh


Traffic control

ipchains

Netfilter / iptables

  • http://en.wikipedia.org/wiki/Netfilter - a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network address translation, and port translation, which provide the functionality required for directing packets through a network, as well as for providing ability to prohibit packets from reaching sensitive locations within a computer network. Netfilter represents a set of hooks inside the Linux kernel, allowing specific kernel modules to register callback functions with the kernel's networking stack. Those functions, usually applied to the traffic in form of filtering and modification rules, are called for every packet that traverses the respective hook within the networking stack.
  • http://en.wikipedia.org/wiki/iptables - a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.
iptables -F
  # flush rules

iptables -P OUTPUT ACCEPT
  # accept policy for output chain traffic
iptables -P INPUT DROP
  # drop policy for input chain traffic
iptables -P FORWARD DROP
  # drop policy for forward chain traffic

iptables -A INPUT --in-interface lo -j ACCEPT
  • YouTube: Mastering IPTables, Part I - Linux Journal Presents: Linux comes with a powerful firewall built-in, although the interface can be a little intimidating. This is the first in a multi-part tutorial on how to master basic and not-so-basic IPTables functionality and create the perfect firewall for your home network.


  • husk - a natural language wrapper around the Linux iptables packet filtering engine (iptables). It is designed to abstract the sometimes confusing syntax of iptables, allowing use of rules that have better readability, and expressed in a more 'freeform' fashion compared to normal 'raw' iptables rules. husk can be used on either firewall/router computers (with multiple network interfaces), or standalone systems (with one network interface). Each interface (real or virtual) is called a 'zone' in husk. Zones are given a friendly name which is what is used in the rule definitions. This abstracts the Linux device names (eg, eth0, ppp0, bond0 etc) into much more intuitive names such as NET, LAN and DMZ. This has the added benefit of moving interfaces in the future can be done simply by changing the name-to-device mapping.


  • ebtables - a filtering tool for a Linux-based bridging firewall. It enables transparent filtering of network traffic passing through a Linux bridge. The filtering possibilities are limited to link layer filtering and some basic filtering on higher network layers. Advanced logging, MAC DNAT/SNAT and brouter facilities are also included.The ebtables tool can be combined with the other Linux filtering tools (iptables, ip6tables and arptables) to make a bridging firewall that is also capable of filtering these higher network layers. This is enabled through the bridge-netfilter architecture which is a part of the standard Linux kernel.The ebtables and arptables codebase is maintained by the netfilter developers, who were so kind to take over maintenance of the software. This website is kept mainly as a documentation reference.

nftables

  • http://en.wikipedia.org/wiki/nftables - a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames. It has been available since Linux kernel 3.13 released on 19 January, 2014. nftables is supposed to replace netfilter. Both subsystems have been co-authored by Patrick McHardy. Among the advantages of nftables over netfilter is less code duplication and more throughput. nftables is configured via the user-space utility nft while netfilter is configured via the utilities iptables, ip6tables, arptables and ebtables frameworks. nftables utilizes the building blocks of the Netfilter infrastructure, such as the existing hooks into the networking stack, connection tracking system, userspace queueing component, and logging subsystem.


  • NCD - scripting language for network configuration and much more


  • Horde is linux-based networking middleware that allows an application to stripe data from multiple streams across a set of dissimilar wireless network channels. Horde's approach aims to decrease the programming costs associated with building complex mobile systems that use network striping.

linuximq

  • linuximq - Pseudo-driver for the intermediate queue device. (IMQ) The imq device has two common usage cases: Ingress shaping: With linux only egress shaping is possible (except for the ingress queue which can only do rate limiting). IMQ enables you to use egress qdiscs for real ingress shaping. Shaping over multiple interfaces: Qdiscs get attached to devices. A consequence of this is that one qdisc can only handle traffic going to the interface it is attached to. Sometimes it is desireable to have global limits on multiple interfaces. With IMQ you can use iptables to specify which packets the qdiscs sees, so global limits can be placed.


Services

inetd

  • http://en.wikipedia.org/wiki/inetd - (internet service daemon) is a super-server daemon on many Unix systems that provides Internet services. For each configured service, it listens for requests from connecting clients. Requests are served by spawning a process which runs the appropriate executable, but simple services such as echo are served by inetd itself. External executables, which are run on request, can be single- or multi-threaded. First appearing in 4.3BSD, it is generally located at /usr/sbin/inetd. Often called a super-server, inetd listens on designated ports used by Internet services such as FTP, POP3, and telnet. When a TCP packet or UDP packet arrives with a particular destination port number, inetd launches the appropriate server program to handle the connection. For services that are not expected to run with high loads, this method uses memory more efficiently, since the specific servers run only when needed. Furthermore, no network code is required in the service-specific programs, as inetd hooks the sockets directly to stdin, stdout and stderr of the spawned process. For protocols that have frequent traffic, such as HTTP and POP3, a dedicated server that intercepts the traffic directly may be preferable.


  • http://linux.die.net/man/8/tcpd - whenever a request for service arrives, the inetd daemon is tricked into running the tcpd program instead of the desired server. tcpd logs the request and does some additional checks. When all is well, tcpd runs the appropriate server program and goes away.

Xinetd

systemd

In systemd, three target units take the role of $network:

network.target has very little meaning during start-up. It only indicates that the network management stack is up after it has been reached. Whether any network interfaces are already configured when it is reached is undefined. It's primary purpose is for ordering things properly at shutdown: since the shutdown ordering of units in systemd is the reverse of the startup ordering, any unit that is ordered After=network.target can be sure that it is stopped before the network is shut down if the system is powered off. This allows services to cleanly terminate connections before going down, instead of abruptly losing connectivity for ongoing connections, leaving them in an undefined state. Note that network.target is a passive unit: you cannot start it directly and it is not pulled in by any services that want to make use of the network. Instead, it is pulled in by the network management service itself. Services using the network should hence simply place an After=network.target dependency in their unit files, and avoid any Wants=network.target or even Requires=network.target.

network-online.target is a target that actively waits until the nework is "up", where the definition of "up" is defined by the network management software. Usually it indicates a configured, routable IP address of some kind. It's primary purpose is to actively delay activation of services until the network is set up. It is an active target, meaning that is may be pulled in by the services requiring the network to be up, but is not pulled in by the network management service itself. By default all remote mounts defined in /etc/fstab pull this service in, in order to make sure the network is up before it is attempted to connect to a network share. Note that normally, if no service requires it, and if not remote mount point is configured this target is not pulled into the boot, thus avoiding any delays during boot should the network not be available. It is strongly recommended not to pull in this target too liberally: for example network server software should generally not pull this in (since server software generally is happy to accept local connections even before any routable network interface is up), it's primary purpose is network client software that cannot operate without network.

network-pre.target is a target that may be used to order services before any network interface is configured. It's primary purpose is for usage with firewall services that want to establish a firewall before any network interface is up. It's a passive unit: you cannot start it directly and it is not pulled in by the the network management service, but by the service that wants to run before it. Network management services hence should set After=network-pre.target, but avoid any Wants=network-pre.target or even Requires=network-pre.target. Services that want to be run before the network is configured should place Before=network-pre.target and also set Wants=network-pre.target to pull it in. This way, unless there's actually a service that needs to be ordered before the network is up the target is not pulled in, hence avoiding any unnecessary synchronization point.

Other

to resort

sudo lsof -i
  ports open

sudo netstat -plnt

ss -tnlp

sudo nmap -sT -O localhost
nc 127.0.0.1 123 < /dev/null; echo $?
  test local port, 1 for closed 0 for open


  advanced traceroute + ping

netcat

  • netcat - a versatile tool that is able to read and write data across TCP and UDP network . Combined with other tools and redirection it can be used in number of ways in your scripts. You will be surprised to see what you can accomplish with Linux netcat command.
nc -l 8888
  listen on port 8888

nc server1 8888
  connect to port 8888

Ncat

  • Ncat - a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses.


to sort

  • Surfraw provides a fast unix command line interface to a variety of popular WWW search engines and other artifacts of power. It reclaims google, altavista, babelfish, dejanews, freshmeat, research index, slashdot and many others from the false-prophet, pox-infested heathen lands of html-forms, placing these wonders where they belong, deep in unix heartland, as god loving extensions to the shell.
  • Guidedog - an advanced routing/network configuration utility for KDE 3 and 4 running on Linux 2.4 & 2.6 based machines. Using Guidedog you can easily activate packet routing/forwarding and also more advanced networking such as IP masquerade and Port Forwarding.



  • Upside-Down-Ternet - My neighbours are stealing my wireless internet access. I could encrypt it or alternately I could have fun.



  • Scapy - a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc.



  • socat - a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor (readline), a program, or a combination of two of these. These modes include generation of "listening" sockets, named pipes, and pseudo terminals.
socat -d -d TCP-L:22,reuseaddr,fork SYSTEM:"nc \$SOCAT_PEERADDR 22" # Confuse people SSHing to your host with a redirect back to theirs.
  • ncp - a fast file copy tool for LANs
  • bcp (Broadcast Copy) Any easy way to copy files between terminals or computers on a local network.
  • UDPcast is a file transfer tool that can send data simultaneously to many destinations on a LAN. This can for instance be used to install entire classrooms of PC's at once. The advantage of UDPcast over using other methods (nfs, ftp, whatever) is that UDPcast uses UDP's multicast abilities: it won't take longer to install 15 machines than it would to install just 2.
  • Tsunami UDP Protocol: A fast user-space file transfer protocol that uses TCP control and UDP data for transfer over very high speed long distance networks (≥ 1 Gbps and even 10 GE), designed to provide more throughput than possible with TCP over the same networks.





  • https://github.com/nodogsplash/nodogsplash - a high performance, small footprint Captive Portal, offering by default a simple splash page restricted Internet connection, yet incorporates an API that allows the creation of sophisticated authentication applications.

netsniff-ng

  • netsniff-ng toolkit - a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa. Our toolkit can be used for network development and analysis, debugging, auditing or network reconnaissance.

The netsniff-ng toolkit consists of the following utilities:

  • netsniff-ng, a fast zero-copy analyzer, pcap capturing and replaying tool
  • trafgen, a multithreaded low-level zero-copy network packet generator
  • mausezahn, high-level packet generator for HW/SW appliances with Cisco-CLI
  • bpfc, a Berkeley Packet Filter compiler, Linux BPF JIT disassembler
  • ifpps, a top-like kernel networking statistics tool
  • flowtop, a top-like netfilter connection tracking tool
  • curvetun, a lightweight curve25519-based IP tunnel
  • astraceroute, an autonomous system (AS) trace route utility


Monitoring

netmon

Nbwmon

netbwmon


iPerf

  • iPerf - a The TCP, UDP and SCTP network active bandwidth measurement tool. It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters. This is a new implementation that shares no code with the original iPerf and also is not backwards compatible. iPerf was orginally developed by NLANR/DAST. iPerf3 is principally developed by ESnet / Lawrence Berkeley National Laboratory. It is released under a three-clause BSD license.

Netperf

  • Netperf - a benchmark that can be used to measure the performance of many different types of networking. It provides tests for both unidirecitonal throughput, and end-to-end latency. The environments currently measureable by netperf include: TCP and UDP via BSD Sockets for both IPv4 and IPv6, DLPI, Unix Domain Sockets, SCTP for both IPv4 and IPv6

NetHogs

  • NetHogs - a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth.

nload

  • nload - a console application which monitors network traffic and bandwidth usage in real time. It visualizes the in- and outgoing traffic using two graphs and provides additional info like total amount of transfered data and min/max network usage.

bwm-ng

  • bwm-ng - Bandwidth Monitor NG, is a small and simple console-based live network and disk io bandwidth monitor for Linux, BSD, Solaris, Mac OS X and others.

tcptrack

  • tcptrack - a packet sniffer, which passively watches for connections on a specified network interface, tracks their states, and lists them in a manner similar to the Unix 'top' command. It displays source and destination addresses and ports, connection state, idle time, and bandwidth usage.

Tcpdump

Ostinato

  • Ostinato - an open-source, cross-platform network packet crafter/traffic generator and analyzer with a friendly GUI. Craft and send packets of several streams with different protocols at different rates. For the full feature list see below. Ostinato aims to be "Wireshark in Reverse" and become complementary to Wireshark.

EtherApe

  • EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.

hping

  • hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

ngrep

  • ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

Cacti

  • Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

nfdump

SmokePing

  • SmokePing - keeps track of your network latency. Best of breed latency visualisation. Interactive graph explorer. Wide range of latency measurement plugins. Master/Slave System for distributed measurement. Highly configurable alerting system. Live Latency Charts with the most 'interesting' graphs. Free and OpenSource Software written in Perl written by Tobi Oetiker, the creator of MRTG and RRDtool

Bro

  • Bro - a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting. [50]

Wireshark

  • Wireshark - the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.

iftop

  • iftop - does for network usage what top does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question "why is our ADSL link so slow?".

ntop

NetHogs

  • https://github.com/raboof/nethogs - a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to identify programs that have gone wild and are suddenly taking up your bandwidth. Since NetHogs heavily relies on /proc, most features are only available on Linux. NetHogs can be built on Mac OS X and FreeBSD, but it will only show connections, not processes.

vnStat

  • vnStat - a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s). It uses the network interface statistics provided by the kernel as information source. This means that vnStat won't actually be sniffing any traffic and also ensures light use of system resources. However, in Linux at least a 2.2 series kernel is required.

NTM

  • NTM - a monitor of the network and internet traffic for Linux.

sFlow

IPTraf

  • IPTraf - a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.

bettercap

  • bettercap - Swiss army knife for network attacks and monitoring.

Other





Security

Layer 5 / 6 / 7

See Communication


SNMP

  • http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol - an Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more. SNMP is widely used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.


  • Net-SNMP - a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6, widely used protocols for monitoring the health and welfare of network equipment (eg. routers), computer equipment and even devices like UPSs.


  • qtmib - an easy-to-use SNMP MIB Browser based on QT4 library. It is build as a front-end for net-snmp, and it allows the user to query any SNMP-enabled device. It implements SNMPv1 and SNMPv2c, and it is released under GPL v2 license.


  • Devmon - a Perl daemon designed to supplement and enhance the monitoring capabilities of a server running either the BigBrother or Hobbit monitoring software. BigBrother and Hobbit, at present, only support monitoring remote devices via ICMP or TCP port tests. Devmon takes this a step further, allowing a system administrator to proactively monitor remote devices via SNMP (Simple Network Management Protocol), querying said devices for current status and alarms. Devmon takes the data that it obtains via SNMP and applies user-defined logic against it and compares the results to user-customizable thresholds. It uses the final data to determine if the remote device is in an abnormal or critical state, and reports accordingly to the BigBrother/Hobbit display server.

SSDP

  • https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol - a network protocol based on the Internet protocol suite for advertisement and discovery of network services and presence information. It accomplishes this without assistance of server-based configuration mechanisms, such as Dynamic Host Configuration Protocol (DHCP) or Domain Name System (DNS), and without special static configuration of a network host. SSDP is the basis of the discovery protocol of Universal Plug and Play (UPnP) and is intended for use in residential or small office environments. It was formally described in an Internet Engineering Task Force (IETF) Internet Draft by Microsoft and Hewlett-Packard in 1999. Although the IETF proposal has since expired (April, 2000), SSDP was incorporated into the UPnP protocol stack, and a description of the final implementation is included in UPnP standards documents.


telnet

HTTP

See HTTP

Gopher





  • Little Gopher Client - a client for the Gopher protocol written in Free Pascal and Lazarus with support for the Windows, Linux and Mac OS X operating systems. It is mainly made to browse and read articles in gopherspace, so for the moment it only supports menus and text content - no downloads, images or queries. In the future i might add features for these. The client supports only the original Gopher protocol as specified RFC1436. There is no support for the incompatible Gopher+ protocol (which should be fine in practice since no gopherhole seems to use it anyway - its complexity was most likely its downfall). The biggest feature it has compared to most other Gopher clients is the browser sidebar which maps the gopherspace as you go, taking advantage of Gopher's hierarchical nature. Or at least it tries to, since many modern gopherholes today treat Gopher menus as HTML-lite, adding back links and such. Still, it helps to navigate faster than without it.


FTP / SFTP

BGP


  • BGP4.as - your independent starting point for all BGP routing related information. It contains references to all major BGP software, vendors, presentations, research work, as well as practical BGP tools, and IETF reference material.
  • BGPStream - a free resource for receiving alerts about hijacks, leaks, and outages in the Border Gateway Protocol. With BGP Stream, we use an automated process to cull the largest and most important outages, what type of outage it is, and which ASNs are involved and publish those updates for free to a Twitter feed and this site. It is important to us to provide this information free, in a real-time format, providing contextual information so network engineers and owners can respond to outages as quickly as possible.






  • FRRouting - an IP routing protocol suite for Linux and Unix platforms whichincludes protocol daemons for BGP, IS-IS, LDP, OSPF, PIM, and RIP.FRR’s seamless integration with the native Linux/Unix IP networking stacksmakes it applicable to a wide variety of use cases including connectinghosts/VMs/containers to the network, advertising network services, LANswitching and routing, Internet access routers, and Internet peering.FRR has its roots in the Quagga project. In fact, it was started by manylong-time Quagga developers who combined their efforts to improve onQuagga's well-established foundation in order to create the best routingprotocol stack available. We invite you to participate in the FRRoutingcommunity and help shape the future of networking.




SOCKS



  • tsocks - a transparent SOCKS proxying library. tsocks' role is to allow non SOCKS aware applications (e.g telnet, ssh, ftp etc) to use SOCKS without any modification. It does this by intercepting the calls that applications make to establish network connections and negotating them through a SOCKS server as necessary.


File systems

See Storage/Files#Networked, etc.

SMB / CIFS

  • http://en.wikipedia.org/wiki/Server_Message_Block - SMB, one version of which was also known as Common Internet File System (CIFS), operates as an application-layer network protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism. Most usage of SMB involves computers running Microsoft Windows, where it was known as "Microsoft Windows Network" before the introduction of Active Directory. Corresponding Windows services are LAN Manager Server (for the server component) and LAN Manager Workstation (for the client component).




File sharing

See Sharing

  • tus - The protocol provides a mechanism for resumable file uploads via HTTP/1.1 (RFC 7230) and HTTP/2 (RFC 7540).


  • InterPlanetary File System - IPFS, a peer-to-peer distributed file system that seeks to connect all computing devices with the same system of files. In some ways, IPFS is similar to the Web, but IPFS could be seen as a single BitTorrent swarm, exchanging objects within one Git repository. In other words, IPFS provides a high throughput content-addressed block storage model, with content-addressed hyperlinks. This forms a generalized Merkle DAG, a data structure upon which one can build versioned file systems, blockchains, and even a Permanent Web. IPFS combines a distributed hashtable, an incentivized block exchange, and a self-certifying namespace. IPFS has no single point of failure, and nodes do not need to trust each other.




Authentication, etc.


LDAP


Kerberos

SASL

RADIUS

Other

  • OpenAM - The only “all-in-one” access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements, Adaptive Authentication, Strong Authentication, and Web Services Security, in a single, unified product. Mobile support out of the box with full OAuth 2.0 and OpenID Connect support, modern protocols that provide the most efficient method for developing secure native or HTML5 mobile applications optimized for bandwidth and CPU.


pwm

  • https://github.com/pwm-project/pwm - an open source password self service application for LDAP directories. PWM is an ideal candidate for organizations that wish to “roll their own” password self service solution, but do not wish to start from scratch.

RPC

See also Data

  • https://en.wikipedia.org/wiki/Remote_procedure_call - In distributed computing, a remote procedure call (RPC) is when a computer program causes a procedure (subroutine) to execute in a different address space (commonly on another computer on a shared network), which is coded as if it were a normal (local) procedure call, without the programmer explicitly coding the details for the remote interaction. That is, the programmer writes essentially the same code whether the subroutine is local to the executing program, or remote. This is a form of client–server interaction (caller is client, executor is server), typically implemented via a request–response message-passing system. In the object-oriented programming paradigm, RPC calls are represented by remote method invocation (RMI). The RPC model implies a level of location transparency, namely that calling procedures is largely the same whether it is local or remote, but usually they are not identical, so local calls can be distinguished from remote calls. Remote calls are usually orders of magnitude slower and less reliable than local calls, so distinguishing them is important.

RPCs are a form of inter-process communication (IPC), in that different processes have different address spaces: if on the same host machine, they have distinct virtual address spaces, even though the physical address space is the same; while if they are on different hosts, the physical address space is different. Many different (often incompatible) technologies have been used to implement the concept.

Messaging

Apache Kafka

RabbitMQ

Distributed


  • https://en.wikipedia.org/wiki/Virtual_synchrony - an interprocess message passing (sometimes called ordered, reliable multicast) technology. Virtual synchrony systems allow programs running in a network to organize themselves into process groups, and to send messages to groups (as opposed to sending them to specific processes). Each message is delivered to all the group members, in the identical order, and this is true even when two messages are transmitted simultaneously by different senders.

Consensus

Raft

Vsync

  • Vsync - can enable reliable, secure replication of data even in the highly elastic first-tier of the cloud. Vsync is a new name for a fairly mature project of Ken Birman at Cornell University, previously called Isis2. The Vsync software library helps you build applications that will run on multiple computers, coordinating actions, sharing replicated data, moving files and other information at high speeds, cooperating to support key-value storage (DHT storage), etc. Vsync aims at sophisticated developers with challenging needs, and is designed to be highly secure, fault-tolerant, consistent and very scalable, even under "cloudy conditions."

Piping



Other



  • https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution - a protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link. It is included in Windows Vista, Windows Server 2008, Windows 7, Windows 8 and Windows 10. It is also implemented by systemd-resolved on Linux. LLMNR is defined in RFC 4795.

Anti-spam

Virtual


  • https://en.wikipedia.org/wiki/Virtual_network - a computer network that consists, at least in part, of virtual network links. A virtual network link is a link that does not consist of a physical (wired or wireless) connection between two computing devices but is implemented using methods of network virtualization. The two most common forms of network virtualization are protocol-based virtual networks (such as VLANs, VPNs, and VPLSs) and virtual networks that are based on virtual devices (such as the networks connecting virtual machines inside a hypervisor). In practice, both forms can be used in conjunction.




X.25

  • https://en.wikipedia.org/wiki/X.25 - an ITU-T standard protocol suite for packet switched wide area network (WAN) communication. An X.25 WAN consists of packet-switching exchange (PSE) nodes as the networking hardware, and leased lines, plain old telephone service connections, or ISDN connections as physical links.

X.25 is a family of protocols that was popular during the 1980s with telecommunications companies and in financial transaction systems such as automated teller machines. X.25 was originally defined by the International Telegraph and Telephone Consultative Committee (CCITT, now ITU-T) in a series of drafts and finalized in a publication known as The Orange Book in 1976. While X.25 has, to a large extent, been replaced by less complex protocols, especially the Internet protocol (IP), the service is still used (e.g. as of 2012 in the credit card payment industry) and available in niche and legacy applications.

Beginning in the early 1990s, in North America, use of X.25 networks (predominated by Telenet and Tymnet)[11] started to be replaced by Frame Relay, service offered by national telephone companies. Most systems that required X.25 now use TCP/IP, however it is possible to transport X.25 over TCP/IP when necessary.

X.25 networks are still in use throughout the world. A variant called AX.25 is also used widely by amateur packet radio. Racal Paknet, now known as Widanet, is still in operation in many regions of the world, running on an X.25 protocol base. In some countries, like the Netherlands or Germany, it is possible to use a stripped version of X.25 via the D-channel of an ISDN-2 (or ISDN BRI) connection for low volume applications such as point-of-sale terminals; but, the future of this service in the Netherlands is uncertain.

Frame Relay

ATM


Virtual LAN


Network virtualization

  • https://en.wikipedia.org/wiki/Network_virtualization - the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization. Network virtualization is categorized as either external virtualization, combining many networks or parts of networks into a virtual unit, or internal virtualization, providing network-like functionality to software containers on a single network server.


  • Mininet creates a realistic virtual network, running real kernel, switch and application code, on a single machine (VM, cloud or native), in seconds, with a single command

Virtual Extensible LAN

  • https://en.wikipedia.org/wiki/Virtual_Extensible_LAN - VXLAN, a network virtualization technology that attempts to improve the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate MAC-based OSI layer 2 Ethernet frames within layer 4 UDP packets, using 4789 as the default IANA-assigned destination UDP port number. VXLAN endpoints, which terminate VXLAN tunnels and may be both virtual or physical switch ports, are known as VXLAN tunnel endpoints (VTEPs).


NGN

MPLS

  • https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching - type of data-carrying technique for high-performance telecommunications networks that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table. The labels identify virtual links (paths) between distant nodes rather than endpoints. MPLS can encapsulate packets of various network protocols, hence its name "multiprotocol". MPLS supports a range of access technologies, including T1/E1, ATM, Frame Relay, and DSL.


VPN



PPTP

Not recommended for use any more.

L2TP

Requires use of encrypted protocol (IPsec). Uses UDP port 500, which is more easily blocked by NAT firewalls.

L2FP

  • https://en.wikipedia.org/wiki/Layer_2_Forwarding_Protocol - a tunneling protocol developed by Cisco Systems, Inc. to establish virtual private network connections over the Internet. L2F does not provide encryption or confidentiality by itself; It relies on the protocol being tunneled to provide privacy. L2F was specifically designed to tunnel Point-to-Point Protocol (PPP) traffic.[

IPsec

  • https://en.wikipedia.org/wiki/IPsec - an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite, while some other Internet security systems in widespread use, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers of the TCP/IP model. Hence, IPsec protects any application traffic across an IP network.


GRE

OpenVPN


n2n

Tinc

WireGuard

BoringTun

strongSwan

Algo

  • Algo VPN - short for "Al Gore", the Vice President of Networks everywhere for inventing the Internet, a set of Ansible scripts that simplifies the setup of a personal IPSEC VPN. It contains the most secure defaults available, works with common cloud providers, and does not require client software on most devices.

Vita

  • https://github.com/inters/vita - a high-performance L3 VPN gateway you can use to interconnect your networks. Vita acts as a tunnel between your local, private network and any number of remote Vita gateways. With it, nodes spread across your outposts can communicate with each other with confidentiality and authenticity ensured at the network layer. [73]

DNS

Services

Systems

  • BadVPN is a peer-to-peer VPN system. It provides a Layer 2 (Ethernet) network between the peers (VPN network nodes). The peers connect to a central server which acts as a chat server for them to establish direct connections between each other (data connections). These connections are used for transferring network data (Ethernet frames).
  • Freelan - A free, open-source, multi-platform, highly-configurable and peer-to-peer VPN software, designed to easily connect remote hosts and mainly focused on security and performance. [76]
  • Social VPN Project - free and open-source P2P Social Virtual Private Network (VPN) that seamlessly networks your computer with the computers of your friends.
  • Campagnol is a distributed IP-based VPN software able to open new connections through NATs or firewalls without any configuration. It uses UDP for the transport layer and utilizes tunneling and encryption (with DTLS) and the UDP hole punching NAT traversal technique. The established connections are P2P.


  • SigmaVPN is simple, light-weight and modular VPN software for UNIX systems, deploying the NaCl encryption library. It's easy to configure, has low overheads and is reliable. No longer is it necessary to waste precious time configuring overcomplicated tunnels. [79]


  • dn42 - a big dynamic VPN, which employs Internet technologies (BGP, whois database, DNS, etc). Participants connect to each other using network tunnels (GRE, OpenVPN, Tinc, IPsec) and exchange routes thanks to the Border Gateway Protocol. Network addresses are assigned in the 172.20.0.0/14 range and private AS numbers are used (see registry) as well as IPv6 addresses from the ULA-Range (fd00::/8). A number of services are provided on the network: see internal (only available from within dn42). Also, dn42 is interconnected with other networks, such as ChaosVPN or some Freifunk networks. [81]


  • ChaosVPN - a system to connect Hackers.Design principals include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is being able to run on a embedded hardware you will find in our todays router.

Overlay


Tor

Usage

sudo systemctl start tor

google-chrome-stable --proxy-server="socks://localhost:9050" -incognito
chromium --proxy-server="socks://localhost:9050" -incognito

Software

Exit nodes

Hidden services

Chat

Search

Social

Other

I2P

Phantom

  • The Phantom protocol - a system for decentralized anonymization of generic network traffic. It has been designed with the following main goals in mind: Completely decentralized. Maximum resistance against all kinds of DoS attacks. Theoretically secure anonymization. Theoretically secure end-to-end transport encryption. Completely (virtually) isolated from the "normal" Internet. Maximum protection against identification of protocol usage through traffic analysis. Capable of handling larger data volumes, with acceptable throughput. Generic and well-abstracted design, compatible with all new and existing network enabled software.

Bitmask

  • Bitmask - an open source application to provide easy and secure encrypted communication. You can choose among several different service providers or start your own. Currently, Bitmask supports encrypted internet (VPN) and encrypted email. [91]

Samizdat

  • Samizdat - a platform for the self-hosted, peer-to-peer, cryptographically-secured internet of the future. We provide ways for people to communicate with one another without corporate intermediaries -- without even the DNS or the PKIX systems. Our software must be understood both in terms of what it does for users, and how it is done. We provide decentralized internet services for use by autonomous communities. These are ordinary internet services like email, chat, voice-over-IP, DNS, wiki, blog, and so on. We package them up in an easy-to-use form, so that anyone can run them. More importantly, we do this using standard, interoperable protocols, creating a framework for future development and integration. Our implementation serves as a prototype for the next generation of the internet: one based on cryptographic trust. The potential waiting to be unlocked by cryptographic techniques is immense. My goal in the article that follows is to explain the possibilities. [92]


telehash / Rival

  • telehash - A lightweight interoperable protocol with strong encryption to enable mesh networking across multiple transports and platforms. An embeddable private network stack for mobile, web, and devices. Each endpoint generates its own unique public-key based address (a hashname) to send and receive small encrypted packets of JSON (with optional binary payloads) to other trusted endpoints. An endpoint may also provide routing assistance to others for bridging across different transports and to help negotiate direct peer-to-peer links.
  • Rival Messenger - Secure Decentralized Communication Built on Telehash. Providing the most secure solution for instant messaging, VoIP, and more, between friends. Mac.


Simulation / emulation


  • OMNeT++ is an extensible, modular, component-based C++ simulation library and framework, primarily for building network simulators. "Network" is meant in a broader sense that includes wired and wireless communication networks, on-chip networks, queueing networks, and so on. Domain-specific functionality such as support for sensor networks, wireless ad-hoc networks, Internet protocols, performance modeling, photonic networks, etc., is provided by model frameworks, developed as independent projects. OMNeT++ offers an Eclipse-based IDE, a graphical runtime environment, and a host of other tools. There are extensions for real-time simulation, network emulation, alternative programming languages (Java, C#), database integration, SystemC integration, and several other functions.




  • Netkit - an environment for setting up and performing networking experiments at low cost and with little effort. It allows to "create" several virtual network devices (full-fledged routers, switches, computers, etc.) that can be easily interconnected in order to form a network on a single PC. Networking equipments are virtual but feature many of the characteristics of the real ones, including the configuration interface.


  • Marionnet - a virtual network laboratory: it allows users to define, configure and run complex computer networks without any need for physical setup. Only a single, possibly even non-networked GNU/Linux host machine is required to simulate a whole Ethernet network complete with computers, routers, hubs, switches, cables, and more. Support is also provided for integrating the virtual network with the physical host network. Marionnet was born in April 2005 as a simple textual interface to Netkit, itself based on User Mode Linux.



  • EVE-NG: Community Edition - clientless multivendor network emulation software that empowers network and security professionals with huge opportunities in the networking world.

Software-defined networking

See also Virtualisation, IaaS




  • Maestro is an "operating system" for orchestrating network control applications. Maestro provides interfaces for implementing modular network control applications to access and modify state of the network, and coordinate their interactions. Maestro is a platform for achieving automatic and programmatic network control functions using these modularized applications. Although this project focuses on building an OpenFlow controller using Maestro, Maestro is not only limited to OpenFlow networks.





Mesh

See Mesh

UK ISPs

Wireless broadband

Scotland

to sort

View The Daily Show, etc. in the UK, etc. Mofity HTTP headers; X-Forwarded-For "12.13.14.15" [94]

  • GLIF, the Global Lambda Integrated Facility, is an international consortium that promotes the paradigm of lambda networking.


  • OpenSignalMaps - database of cell phone towers, cell phone signal strength readings, and Wi-Fi access points around the world






  • Pi-hole -  Network-wide ad blocking via your own Linux hardware