Internet
General
See also Networking, Link
IETF / RFCs
See also Organising#Rough consensus
- https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force#Steering_group - a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and all its participants are volunteers. Their work is usually funded by employers or other sponsors. The IETF was initially supported by the federal government of the United States but since 1993 has operated under the auspices of the Internet Society, a non-profit organization with local chapters around the world.
The IETF is organized into a large number of working groups and birds of a feather informal discussion groups, each dealing with a specific topic. The IETF operates in a bottom-up task creation mode, largely driven by these working groups. Each working group has an appointed chairperson (or sometimes several co-chairs); a charter that describes its focus; and what it is expected to produce, and when. It is open to all who want to participate and holds discussions on an open mailing list or at IETF meetings, where the entry fee in July 2014 was US$650 per person. As of mid-2018 the fees are: early bird $700, late payment $875, student $150 and a one-day pass for $375.
- IETF | Open records - The IETF operates in an open and transparent fashion and we publish open records of most of the contributions, submissions, statements, and communications that we receive.
- IETF | Working groups - Working Groups (WGs) are the primary mechanism for development of IETF specifications and guidelines, many of which are intended to be standards or recommendations.
The Internet Engineering Steering Group (IESG) is a body composed of the Internet Engineering Task Force (IETF) chair and area directors. It provides the final technical review of Internet standards and is responsible for day-to-day management of the IETF. It receives appeals of the decisions of the working groups, and the IESG makes the decision to progress documents in the standards track.
- IETF | Standards process - The process of creating a standard is straightforward: a specification undergoes a period of development and several iterations of review by the Internet community and revision based upon experience.
- https://en.wikipedia.org/wiki/Internet_Standard - a normative specification of a technology or methodology applicable to the Internet. Internet Standards are created and published by the Internet Engineering Task Force (IETF). They allow interoperation of hardware and software from different sources which allows internets to function. As the Internet became global, Internet Standards became the lingua franca of worldwide communications.
- IETF Datatracker - The IETF Datatracker is the day-to-day front-end to the IETF database for people who work on IETF standards. It contains data about the documents, working groups, meetings, agendas, minutes, presentations, and more, of the IETF.
- https://en.wikipedia.org/wiki/Internet_Draft - a document published by the Internet Engineering Task Force (IETF) containing preliminary technical specifications, results of networking-related research, or other technical information. Often, Internet Drafts are intended to be work-in-progress documents for work that is eventually to be published as a Request for Comments (RFC) and potentially leading to an Internet Standard.
- Internet-Draft Author Resources - This site is the central resource site for authors of an Internet-Draft (I-D), with information on how to write an I-D and the tools available to support this. If you are new to authoring then begin with the introduction below or if you are more familiar then the main menu lists multiple individual topics.
- https://en.wikipedia.org/wiki/Request_for_Comments - a publication in a series from the principal technical development and standards-setting bodies for the Internet, most prominently the Internet Engineering Task Force (IETF). An RFC is authored by individuals or groups of engineers and computer scientists in the form of a memorandum describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems. It is submitted either for peer review or to convey new concepts, information, or, occasionally, engineering humor. The IETF adopts some of the proposals published as RFCs as Internet Standards. However, many RFCs are informational or experimental in nature and are not standards. The RFC system was invented by Steve Crocker in 1969 to help record unofficial notes on the development of ARPANET. RFCs have since become official documents of Internet specifications, communications protocols, procedures, and events. According to Crocker, the documents "shape the Internet's inner workings and have played a significant role in its success", but are not widely known outside the community. Outside of the Internet community, other documents also called requests for comments have been published in U.S. Federal government work, such as the National Highway Traffic Safety Administration.
- “Request for Comments” - A month or so after the new group began meeting, it became clear to [Steve] Crocker and others that they had better start accumulating notes on the discussions. If the meetings themselves were less than conclusive, perhaps the act of writing something down would help order their thoughts. Crocker volunteered to write the first minutes. He was an extremely considerate young man, sensitive to others. “I remember having great fear that we would offend whoever the official protocol designers were.” Of course, there were no official protocol designers, but Crocker didn’t know that. He was living with friends at the time and worked all night on the first note, writing in the bathroom so as not to wake anyone in the house. He wasn’t worried about what he wanted to say so much as he wanted to strike just the right tone. “The basic ground rules were that anyone could say anything and that nothing was official.” To avoid sounding too declarative, he labeled the note “Request for Comments” and sent it out on April 7, 1969. Titled “Host Software,” the note was distributed to the other sites the way all the first Requests for Comments (RFCs) were distributed: in an envelope with the lick of a stamp. RFC Number 1 described in technical terms the basic “handshake” between two computers—how the most elemental connections would be handled. “Request for Comments,” it turned out, was a perfect choice of titles. It sounded at once solicitous and serious. And it stuck.
- RFC Series Working Group (rswg) - The RFC Series Working Group (RSWG) is the primary venue in which members of the community collaborate regarding the policies that govern the RFC Series. All interested individuals are welcome to participate in the RSWG (subject to the IETF anti-harassment policies). This includes but is not limited to participants in the IETF and IRTF, members of the IAB and IESG, developers of software or hardware systems that implement RFCs, authors of RFCs and Internet-Drafts, developers of tools used to author or edit RFCs, individuals who use RFCs in procurement decisions, scholarly researchers, and representatives of standards development organizations other than the IETF and IRTF. The IETF LLC Board members, staff and contractors (especially representatives of the RFC Production Center), and the IETF Executive Director are invited to participate as community members in the RSWG to the extent permitted by any relevant IETF LLC policies. Members of the RFC Series Approval Board (RSAB) are also expected to participate actively.
- https://en.wikipedia.org/wiki/Internet_Architecture_Board - a committee of the Internet Engineering Task Force (IETF) and an advisory body of the Internet Society (ISOC). Its responsibilities include architectural oversight of IETF activities, Internet Standards Process oversight and appeal, and the appointment of the Request for Comments (RFC) Editor. The IAB is also responsible for the management of the IETF protocol parameter registries.
- https://en.wikipedia.org/wiki/Internet_Research_Task_Force - an organization, overseen by the Internet Architecture Board, that focuses on longer-term research issues related to the Internet. A parallel organization, the Internet Engineering Task Force (IETF), focuses on the shorter term issues of engineering and standards making. The IRTF promotes research of importance to the evolution of the Internet by creating focused, long-term research groups working on topics related to Internet protocols, applications, architecture and technology. Unlike the IETF, the task force does not set standards and there is no explicit outcome expected of IRTF research groups.
- https://en.wikipedia.org/wiki/Internet_Research_Steering_Group - managed by the IRTF chair in consultation with the Internet Research Steering Group (IRSG). The IRSG membership includes the IRTF chair, the chairs of the various IRTF research groups and other individuals (members at large) from the research or IETF communities. IRSG members at large are chosen by the IRTF chair in consultation with the rest of the IRSG and on approval by the Internet Architecture Board.
- » RFC Editor - The RFC Series (ISSN 2070-1721) contains technical and organizational documents about the Internet, including the specifications and policy documents produced by five streams: the Internet Engineering Task Force (IETF), the Internet Research Task Force (IRTF), the Internet Architecture Board (IAB), Independent Submissions, and Editorial.
- https://tracker.debian.org/pkg/doc-rfc - RFC documents Debian metapackage
- https://github.com/bfontaine/rfc - a simple tool written in Bash to read RFCs from the command-line. It fetches RFCs and drafts from the Web and caches them locally.
- IETF | IESG Statement On Inclusive Language - Contributions to the IETF, including Internet-Drafts and RFCs, are most understandable and effective when they use terminology that is clear, precise, and widely accessible to readers from varying backgrounds and cultures. The IESG hence encourages IETF participants to use the guidance in [NISTIR8366] when making contributions to the IETF. Although developed for use within the US National Institute of Standards and Technology (NIST), the IETF community expressed strong support for the sentiment that the guidance on inclusive language in [NISTIR8366] is suitable for the IETF as well [1,2]. Using the same terminology as other standards organizations and industry initiatives also contributes to overall coherence in the industry. The IESG also encourages the owners of the various RFC streams and the RFC Editor to consider whether they could issue similar guidance to their authors and contributors.
- https://github.com/apps/in-solidarity - A GitHub bot to add status checks for inclusive language.
- https://github.com/ietf/terminology - A configuration file for in-solidarity-bot that flags some of the terms in the NIST Technical Series Publications Author Instructions and the IETF's list of problematic terminology.
- https://en.wikipedia.org/wiki/Best_current_practice - a de facto level of performance in engineering and information technology. It is more flexible than a standard, since techniques and tools are continually evolving. The Internet Engineering Task Force publishes Best Current Practice documents in a numbered document series. Each document in this series is paired with the currently valid Request for Comments (RFC) document. BCP was introduced in RFC-1818.
BCPs are document guidelines, processes, methods, and other matters not suitable for standardization. The Internet standards process itself is defined in a series of BCPs, as is the formal organizational structure of the IETF, Internet Engineering Steering Group, Internet Architecture Board, and other groups involved in that process. IETF's separate Standard Track (STD) document series defines the fully standardized network protocols of the Internet, such as the Internet Protocol, the Transmission Control Protocol, and the Domain Name System. Each RFC number refers to a specific version of a document Standard Track, but the BCP number refers to the most recent revision of the document. Thus, citations often reference both the BCP number and the RFC number. Example citations for BCPs are: BCP 38, RFC 2827.
Layer 3/4
to sort
- https://en.wikipedia.org/wiki/Internet_layer - a group of internetworking methods, protocols, and specifications in the Internet protocol suite that are used to transport network packets from the originating host across network boundaries; if necessary, to the destination host specified by an IP address. The internet layer derives its name from its function facilitating internetworking, which is the concept of connecting multiple networks with each other through gateways.
- https://en.wikipedia.org/wiki/Network_layer - layer 3 in the seven-layer OSI model of computer networking. The network layer is responsible for packet forwarding including routing through intermediate routers.
Datagram / Packet
- The History of Packets - This guide seeks to take you on the adventure of the changing packet, and how it has survived over the past four decades of networking hardware and computer software. The Internet started in the late 1960s as ARPANET.
- https://en.wikipedia.org/wiki/Transport_layer - TCP/IP & OSI
Ports
Scanning
nmap -A 192.168.1.1 scan machine and report nmap -v -A 192.168.1.1-255 verbose scan range and report nmap -sT -sU -O -p 1-65535 localhost full port scan, to check args
nmap -p T:110,955
- http://www.enterprisenetworkingplanet.com/netsecur/article.php/3716606/Master-Port-Scanning-with-Nmap.htm
- http://www.professormesser.com/nmap/nmap-best-practices/
- http://www.cyberciti.biz/tips/nmap-hide-ipaddress-with-decoy-ideal-scan.html
- http://www.slideshare.net/amiable_indian/hacking-with-nmap-scanning-techniques
nmap -R -sL 209.85.229.99/27 | awk ‘{if($3==”not”)print”(“$2″) no PTR”;else print$3″ is “$2}’ | grep ‘(‘
"This command uses nmap to perform reverse DNS lookups on a subnet. It produces a list of IP addresses with the corresponding PTR record for a given subnet. You can enter the subnet in CDIR notation (i.e. /24 for a Class C)). You could add “–dns-servers x.x.x.x” after the “-sL” if you need the lookups to be performed on a specific DNS server. On some installations nmap needs sudo I believe. Also I hope awk is standard on most distros."
- https://github.com/trimstray/sandmap - a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques.
IP
- onics - A suite of command line tools and libraries for manipulating packets in the style of cat, sed, awk, grep, diff, etc... [5]
ARP
- https://en.wikipedia.org/wiki/Address_Resolution_Protocol - a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by RFC 826, which is Internet Standard STD 37. ARP has been implemented with many combinations of network and data link layer technologies, such as IPv4, Chaosnet, DECnet and Xerox PARC Universal Packet (PUP, using IEEE 802 standards, FDDI, X.25, Frame Relay and Asynchronous Transfer Mode (ATM). In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP).
arp -e # list arp table
arp-scan --interface=eth0 --localnet
- http://www.habets.pp.se/synscan/programs.php?prog=arping - Broadcasts a who-has ARP packet on the network and prints answers.
- arping(8) - Linux manual page - send ARP REQUEST to a neighbour host*
- KickThemOut - Kick devices off your network by performing an ARP Spoof attack.
- http://engineering.clever.com/2014/12/10/when-your-ip-traffic-in-aws-disappears-into-a-black-hole/ [6]
ArpChat
- https://github.com/kognise/arpchat - text your friends using only ARP [7]
Arpchat++
- https://github.com/gbonacini/arpchatcpp - textual chat exploiting gratuitous ARP requests ( RFC 5227 , written in c++
Subnetting
- https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing - CIDR, is a method for allocating IP addresses and IP routing. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the Internet. Its goal was to slow the growth of routing tables on routers across the Internet, and to help slow the rapid exhaustion of IPv4 addresses. CIDR encompasses several concepts. It is based on the variable-length subnet masking' (VLSM) technique, which allows the specification of arbitrary-length prefixes. CIDR introduced a new method of representation for IP addresses, now commonly known as CIDR notation, in which an address or routing prefix is written with a suffix indicating the number of bits of the prefix, such as 192.0.2.0/24 for IPv4, and 2001:db8::/32 for IPv6. CIDR introduced an administrative process of allocating address blocks to organizations based on their actual and short-term projected needs. The aggregation of multiple contiguous prefixes resulted in supernets in the larger Internet, which whenever possible are advertised as aggregates, thus reducing the number of entries in the global routing table.
Addressing
Multicast
Anycast
Switching
Routing
- https://en.wikipedia.org/wiki/Interface_Message_Processor - the packet-switching node used to interconnect participant networks to the ARPANET from the late 1960s to 1989. It was the first generation of gateways, which are known today as routers. An IMP was a ruggedized Honeywell DDP-516 minicomputer with special-purpose interfaces and software. In later years the IMPs were made from the non-ruggedized Honeywell 316 which could handle two-thirds of the communication traffic at approximately one-half the cost. An IMP requires the connection to a host computer via a special bit-serial interface, defined in BBN Report 1822. The IMP software and the ARPA network communications protocol running on the IMPs was discussed in RFC 1, the first of a series of standardization documents published by the Internet Engineering Task Force (IETF).
- The BIRD Internet Routing Daemon Project - a fully functional dynamic IP routing daemon primarily targeted on (but not limited to) Linux, FreeBSD and other UNIX-like systems and distributed under the GNU General Public License.
- https://en.wikipedia.org/wiki/Bufferbloat - a cause of high latency in packet-switched networks caused by excess buffering of packets. Bufferbloat can also cause packet delay variation (also known as jitter), as well as reduce the overall network throughput. When a router or switch is configured to use excessively large buffers, even very high-speed networks can become practically unusable for many interactive applications like voice over IP (VoIP), online gaming, and even ordinary web surfing. Some communications equipment manufacturers designed unnecessarily large buffers into some of their network products. In such equipment, bufferbloat occurs when a network link becomes congested, causing packets to become queued for long periods in these oversized buffers. In a first-in first-out queuing system, overly large buffers result in longer queues and higher latency, and do not improve network throughput. The bufferbloat phenomenon was initially described as far back as in 1985. It gained more widespread attention starting in 2009.
- RFC 970 - On Packet Switches With Infinite Storage - 1985, John Nagle
- https://en.wikipedia.org/wiki/Link_aggregation - applies to various methods of combining (aggregating) multiple network connections in parallel in order to increase throughput beyond what a single connection could sustain, and to provide redundancy in case one of the links should fail. A Link Aggregation Group (LAG) combines a number of physical ports together to make a single high-bandwidth data path, so as to implement the traffic load sharing among the member ports in the group and to enhance the connection reliability. Other umbrella terms used to describe the method include port trunking, link bundling, Ethernet/network/NIC bonding, channel bonding or NIC teaming. These umbrella terms encompass not only vendor-independent standards such as Link Aggregation Control Protocol (LACP) for Ethernet defined in IEEE 802.1AX or the previous IEEE 802.3ad, but also various proprietary solutions.
- https://wiki.linuxfoundation.org/networking/bonding - The Linux bonding driver provides a method for aggregating multiple network interfaces into a single logical bonded interface. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed.
DHCP
- dhclient - The Internet Systems Consortium DHCP Client, dhclient, provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address.
- https://en.wikipedia.org/wiki/Udhcpc - a very small DHCP client program geared towards embedded systems. The letters are an abbreviation for Micro - DHCP - Client (µDHCPc). The program tries to be fully functional and RFC 2131 compliant.It was once packaged with a similarly small DHCP server program named udhcpd, with the package called udhcp. It is now maintained as part of Busybox.Built for uClibc, the client executable is around 18k.
- https://en.wikipedia.org/wiki/Peg_DHCP - a method defined in RFC 2322 to assign IP addresses in a context where regular DHCP wouldn't work. The "server" hands out wooden clothes-pegs numbered with the addresses to allocate and an additional leaflet with network information. The "client", typically the user, then configures their device accordingly. Even though this RFC, "Management of IP numbers by peg-dhcp" was published on the first of April 1998, it describes, unlike most other April Fools' Day RFCs, a regularly used protocol with a serious purpose. During the preparation of Hacking in Progress 1997, the organizers were looking for a robust way to assign IP addresses to the participants. The obvious first choice, DHCP, almost completely defenseless against rogue servers, was not retained considering the traditionally creative use of the network. [12]
- https://github.com/pwnieexpress/dhcp0f - Passive DHCP analyzer with OS fingerprinting on the LAN through DHCP
NAT
- https://en.wikipedia.org/wiki/Network_address_translation - a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used as a shortcut to avoid the need to readdress every host when a network was moved. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network. IP masquerading is a technique that hides an entire IP address space, usually consisting of private IP addresses, behind a single IP address in another, usually public address space. The address that has to be hidden is changed into a single (public) IP address as "new" source address of the outgoing IP packet so it appears as originating not from the hidden host but from the routing device itself. Because of the popularity of this technique to conserve IPv4 address space, the term NAT has become virtually synonymous with IP masquerading.As network address translation modifies the IP address information in packets, it has serious consequences on the quality of Internet connectivity and requires careful attention to the details of its implementation. NAT implementations vary widely in their specific behavior in various addressing cases and their effect on network traffic. The specifics of NAT behavior are not commonly documented by vendors of equipment containing NAT implementations.
- https://samy.pl/pwnat - a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding *no* DMZ setup, and *no* 3rd party involvement. The server does not need to know anything about the clients trying to connect. Simply put, this is a proxy server that works behind a NAT, even when the client is behind a different NAT, without any 3rd party or network changes.
- https://en.wikipedia.org/wiki/Carrier-grade_NAT - or (CGNAT), also known as large-scale NAT (LSN), is an approach to IPv4 network design in which end sites, in particular residential networks, are configured with private network addresses that are translated to public IPv4 addresses by middlebox network address translator devices embedded in the network operator's network, permitting the sharing of small pools of public addresses among many end sites. This shifts the NAT function and configuration thereof from the customer premises to the Internet service provider network.
- https://en.wikipedia.org/wiki/NAT_traversal - a computer networking technique of establishing and maintaining Internet protocol connections across gateways that implement network address translation (NAT).NAT traversal techniques are required for many network applications, such as peer-to-peer file sharing and Voice over IP.
- Samy Kamkar - pwnat: NAT to NAT client-server communication - punch holes through firewalls/NATs where both clients and server can be behind separate NATs without any 3rd party involvement. Pwnat uses a newly developed technique, exploiting a property of NAT translation tables, with no 3rd party, port forwarding, DMZ, router administrative requirements, or spoofing required.
- https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol - a network protocol for establishing network address translation (NAT) settings and port forwarding configurations automatically without user effort. The protocol automatically determines the external IPv4 address of a NAT gateway, and provides means for an application to communicate the parameters for communication to peers. NAT-PMP was introduced in 2005 by Apple as an alternative to the more common ISO Standard Internet Gateway Device Protocol implemented in many NAT routers. The protocol was published as an informational Request for Comments (RFC) by the Internet Engineering Task Force (IETF) in RFC 6886. NAT-PMP runs over the User Datagram Protocol (UDP) and uses port number 5351. It has no built-in authentication mechanisms because forwarding a port typically does not allow any activity that could not also be achieved using STUN methods. The benefit of NAT-PMP over STUN is that it does not require a STUN server and a NAT-PMP mapping has a known expiration time, allowing the application to avoid sending inefficient keep-alive packets.NAT-PMP is the predecessor to the Port Control Protocol (PCP).
- https://en.wikipedia.org/wiki/Internet_Gateway_Device_Protocol - a protocol for mapping ports in network address translation (NAT) setups, supported by some NAT-enabled routers.[2] It is a common communications protocol for automatically configuring port forwarding, and is part of an ISO/IEC Standard [3] rather than an Internet Engineering Task Force standard.
- https://en.wikipedia.org/wiki/Port_Control_Protocol - a computer networking protocol that allows hosts on IPv4 or IPv6 networks to control how the incoming IPv4 or IPv6 packets are translated and forwarded by an upstream router that performs network address translation (NAT) or packet filtering. By allowing hosts to create explicit port forwarding rules, handling of the network traffic can be easily configured to make hosts placed behind NATs or firewalls reachable from the rest of the Internet (so they can also act as network servers), which is a requirement for many applications. Additionally, explicit port forwarding rules available through PCP allow hosts to reduce the amount of generated traffic by eliminating workarounds in form of outgoing NAT keepalive messages, which are required for maintaining connections to servers and for various NAT traversal techniques such as TCP hole punching. At the same time, less generated traffic reduces the power consumption, directly improving the battery runtime for mobile devices. PCP was standardized in 2013 as a successor to the NAT Port Mapping Protocol (NAT-PMP), with which it shares similar protocol concepts and packet formats.
ICMP
- prettyping - a wrapper around the standard ping tool, making the output prettier, more colorful, more compact, and easier to read.
- https://github.com/orf/gping - Ping, but with a graph [16]
- https://github.com/benjojo/sping - a tool that can tell you what direction packet latency or loss is on. This is handy for network debugging and locating congestion.
Tunnelling
- iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed.
- https://ngrok.com/ - has a free plan [17]
- https://github.com/skx/tunneller - Allow internal services, running on localhost, to be accessed over the internet..
IPsec
IPv4
- https://github.com/dtaht/unicast-extensions - The IPv4 unicast extensions project - Making class-e (240/4), 0/8, 127/8, 225/8-232/8 generally usable - adding 419 million new IPs to the world, and fixing various other slightly broken pieces of the IPv4 world
IPv6
- https://en.wikipedia.org/wiki/Multicast_Listener_Discovery - a component of the Internet Protocol Version 6 (IPv6) suite. MLD is used by IPv6 routers for discovering multicast listeners on a directly attached link, much like Internet Group Management Protocol (IGMP) is used in IPv4. The protocol is embedded in ICMPv6 instead of using a separate protocol. MLDv1 is similar to IGMPv2 and MLDv2 similar to IGMPv3. The protocol is described in RFC 3810 which has been updated by RFC 4604.
- IPv666 - set of tools that enables the discovery of IPv6 addresses both in the global IPv6 address space and in more narrow IPv6 network ranges. These tools are designed to work out of the box with minimal knowledge of their workings. [19]
Security