Networking
General
- https://en.wikipedia.org/wiki/Channel_(communications) - or simply channel refers either to a physical transmission medium such as a wire, or to a logical connection over a multiplexed medium such as a radio channel in telecommunications and computer networking. A channel is used to convey an information signal, for example a digital bit stream, from one or several senders (or transmitters) to one or several receivers. A channel has a certain capacity for transmitting information, often measured by its bandwidth in Hz or its data rate in bits per second. Communicating data from one location to another requires some form of pathway or medium. These pathways, called communication channels, use two types of media: cable (twisted-pair wire, cable, and fiber-optic cable) and broadcast (microwave, satellite, radio, and infrared).
- https://en.wikipedia.org/wiki/Connection-oriented_communication - a network communication mode in telecommunications and computer networking, where a communication session or a semi-permanent connection is established before any useful data can be transferred, and where a stream of data is delivered in the same order as it was sent. The alternative to connection-oriented transmission is connectionless communication, for example the datagram mode communication used by the IP and UDP protocols, where data may be delivered out of order, since different packets are routed independently, and may be delivered over different paths.
- https://en.wikipedia.org/wiki/Connectionless_communication - often referred to as CL-mode communication, is a data transmission method used in packet switching networks in which each data unit is individually addressed and routed based on information carried in each unit, rather than in the setup information of a prearranged, fixed data channel as in connection-oriented communication. Under connectionless communication between two network end points, a message can be sent from one end point to another without prior arrangement. The device at one end of the communication transmits data addressed to the other, without first ensuring that the recipient is available and ready to receive the data. Some protocols allow for error correction by requested retransmission. Internet Protocol (IP) and User Datagram Protocol (UDP) are connectionless protocols.
- https://en.wikipedia.org/wiki/Source_routing - also called path addressing, allows a sender of a packet to partially or completely specify the route the packet takes through the network. In contrast, in conventional routing, routers in the network determine the path incrementally based on the packet's destination. Another routing alternative, label switching, is used in connection-oriented networks such as X.25, frame relay, ATM and MPLS.
Topology
to sort
- Beej's Guide to Network Programming - how-to guide on network programming using Internet sockets, or "sockets programming", for those of you who prefer it. The sockets API, though started by the Berkeley folk, has been ported to many many platforms, including Unix, Linux, and even Windows.Unfortunately, it can be a little, um, "much" to digest the API, but as long as you know some C or C++, this guide should springboard you into the realm of network programming with hopefully as little hassle as humanly possible!
- High Performance Browser Networking (O'Reilly) - Performance is a feature. This book provides a hands-on overview of what every web developer needs to know about the various types of networks (WiFi, 3G/4G), transport protocols (UDP, TCP, and TLS), application protocols (HTTP/1.1, HTTP/2), and APIs available in the browser (XHR, WebSocket, WebRTC, and more) to deliver the best—fast, reliable, and resilient—user experience.
- The Network Administrators' Guide - Olaf Kirch - old
- https://github.com/majek/slirpnetstack/ -User-mode networking for unprivileged network namespaces.
- Netbox - solution for modeling and documenting modern networks. By combining the traditional disciplines of IP address management (IPAM) and datacenter infrastructure management (DCIM) with powerful APIs and extensions, NetBox provides the ideal "source of truth" to power network automation. Available as open source software under the Apache 2.0 license, NetBox serves as the cornerstone for network automation in thousands of organizations.
- https://en.wikipedia.org/wiki/Gossip_protocol - or epidemic protocol is a procedure or process of computer peer-to-peer communication that is based on the way epidemics spread. Some distributed systems use peer-to-peer gossip to ensure that data is disseminated to all members of a group. Some ad-hoc networks have no central registry and the only way to spread common data is to rely on each member to pass it along to their neighbors.
Testing
- https://github.com/chrissnell/sparkyfish - An internet speed and latency tester in client/server form.
Internet
- http://en.wikipedia.org/wiki/Internet_protocol_suite - TCP/IP model/protocols
Backbone
- http://en.wikipedia.org/wiki/Broadband_Remote_Access_Server
- http://en.wikipedia.org/wiki/Digital_subscriber_line_access_multiplexer
- guifi.net - a bottom-up, citizenship-driven technological, social and economic project with the objective of creating a free, open and neutral telecommunications network based on a commons model. The development of this common-pool infrastructure eases the access to quality, fair-priced telecommunications in general and broadband Internet connections in particular, for everybody. Moreover, it generates a model for collaborative economic activity based on proximity and sustainability.
Hardware
- https://en.wikipedia.org/wiki/Forwarding_information_base - also known as a forwarding table or MAC table, is most commonly used in network bridging, routing, and similar functions to find the proper interface to which the input interface should forward a packet. It is a dynamic table that maps MAC addresses to ports. It is the essential mechanism that separates network switches from network hubs. Content-addressable memory (CAM) is typically used to efficiently implement the FIB, thus it is sometimes called a CAM table.
Cisco
Home router
- http://npr.me.uk/ - Thomson Technicolor Routers. Shit.
- LEDE project is founded as a spin-off of the OpenWrt project and shares many of the same goals. We are building an embedded Linux distribution that makes it easy for developers, system administrators or other Linux enthusiasts to build and customize software for embedded devices, especially wireless routers. The name LEDE stands for Linux Embedded Development Environment. [6]
Quagga
- Quagga is a routing software suite, providing implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4 for Unix platforms, particularly FreeBSD, Linux, Solaris and NetBSD. Quagga is a fork of GNU Zebra.
Other
Software
See Comms, Security#Firewalls etc.
- Network protocols, sans I/O - provides a single location for people to reference when looking for network protocol implementations written in Python that perform no I/O (this means libraries that operate directly on text or bytes; this excludes libraries that just abstract out I/O).
Network configuration
- /etc/network/interfaces - ubuntu network interface settings
- /etc/resolv.conf - dns settings
Goes a little something like;
domain members.linode.com search members.linode.com nameserver 98.76.54.32 nameserver 76.54.32.10 options rotate
- /etc/host.conf - dns resolve order
- /etc/dhcp3/dhclient.conf - overrides ubuntu server dns settings. change prepend option.
- /etc/dnsmasq.conf - dnsmasq settings
- dnsmasq configuration
- Local DNS cache in Linux using dnsmasq
iputils
- http://www.linuxfoundation.org/collaborate/workgroups/networking/iputils - ping, ping6, traceroute6, rdisc, clockdiff, tftpd
net-tools
- http://sourceforge.net/projects/net-tools/ - NET-3: arp, hostname, ifconfig, netstat, rarp, route, plipconfig, slattach, mii-tool and iptunnel and ipmaddr.
route show (and temp. set) network routes avaliable. in /sbin, in root $PATH only route -n show network routes available, just ip
iproute2
- https://en.wikipedia.org/wiki/iproute2 - replaces net-tools
ip a # list network devices and their status ip link set [interface] up # start a network interface ip route add default via 192.168.0.1 dev eth0
- veth - Virtual Ethernet Devices. They can act as tunnels between network namespaces to create a bridge to a physical network device in another namespace, but can also be used as standalone network devices.
- http://linux.die.net/man/8/ss - used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state informations than other tools.
- http://linux.die.net/man/8/tc - used to configure Traffic Control in the Linux kernel.
- https://github.com/thombashi/tcconfig - a Simple tc command wrapper. Easy to set up traffic control of network bandwidth/latency/packet-loss to a network interface.
- http://man7.org/linux/man-pages/man8/nstat.8.html - nstat and rtacct are simple tools to monitor kernel snmp counters and network interface statistics.
- https://loicpefferkorn.net/2016/03/linux-network-metrics-why-you-should-use-nstat-instead-of-netstat/ - netstat maintains a static table of metrics entries, while nstat parses the whole /proc files. Since netstat is obsolete, new entries are not taken into account. netstat appears more user-friendly by describing some metrics with plain English, while nstat displays raw information. This can be considered as an advantage to roughly identify the purpose of the metric, but also a drawback if you are interested in the RFC name of the variable, going through netstat source code is hence a mandatory step. Parsing nstat output is also easier, even almost done thanks to the JSON output format option.
Network management
systemd.network
- systemd-networkd - a system service that manages networks. It detects and configures network devices as they appear, as well as creating virtual network devices. To configure low-level link settings independently of networks, see systemd.link(5). systemd-networkd will create network devices based on the configuration in systemd.netdev(5) files, respecting the [Match] sections in those files. systemd-networkd will manage network addresses and routes for any link for which it finds a .network file with an appropriate [Match] section, see systemd.network(5). For those links, it will flush existing network addresses and routes when bringing up the device. Any links not matched by one of the .network files will be ignored. It is also possible to explicitly tell systemd-networkd to ignore a link by using Unmanaged=yes option, see systemd.network(5).
- systemd.network - The main network file must have the extension .network; other extensions are ignored. Networks are applied to links whenever the links appear. The .network files are read from the files located in the system network directory /usr/lib/systemd/network, the volatile runtime network directory /run/systemd/network and the local administration network directory /etc/systemd/network. All configuration files are collectively sorted and processed in lexical order, regardless of the directories in which they live. However, files with identical filenames replace each other. Files in /etc have the highest priority, files in /run take precedence over files with the same name in /usr/lib. This can be used to override a system-supplied configuration file with a local file if needed. As a special case, an empty file (file size 0) or symlink with the same name pointing to /dev/null disables the configuration file entirely (it is "masked").
- https://gitlab.com/ky1e/configure-wifi - A standalone dialog-based script to select a wifi network from a list. Similar to wifi-menu found in Arch Linux, but uses systemd-networkd and wpa_supplicant instead of netctl.
Netctl
From Arch Linux devs, profile based
- https://github.com/tom-mi/arch-qr-wifi - Generate netctl profiles from QR-Codes scanned via webcam. This script only works under ArchLinux.
Connman
Generally for embedded systems.
Network Manager
meh
- https://github.com/guh/nymea-networkmanager - This daemon allows to set up the wireless network using a Bluetooth LE connection.
Traffic control
ipchains
- https://en.wikipedia.org/wiki/ipchains - superseded ipfwadm, but was replaced by iptables in the 2.4 series. Unlike iptables, ipchains is stateless.
Netfilter / iptables
- http://en.wikipedia.org/wiki/Netfilter - a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network address translation, and port translation, which provide the functionality required for directing packets through a network, as well as for providing ability to prohibit packets from reaching sensitive locations within a computer network. Netfilter represents a set of hooks inside the Linux kernel, allowing specific kernel modules to register callback functions with the kernel's networking stack. Those functions, usually applied to the traffic in form of filtering and modification rules, are called for every packet that traverses the respective hook within the networking stack.
- http://en.wikipedia.org/wiki/iptables - a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.
iptables -F # flush rules iptables -P OUTPUT ACCEPT # accept policy for output chain traffic iptables -P INPUT DROP # drop policy for input chain traffic iptables -P FORWARD DROP # drop policy for forward chain traffic iptables -A INPUT --in-interface lo -j ACCEPT
- YouTube: Mastering IPTables, Part I - Linux Journal Presents: Linux comes with a powerful firewall built-in, although the interface can be a little intimidating. This is the first in a multi-part tutorial on how to master basic and not-so-basic IPTables functionality and create the perfect firewall for your home network.
- husk - a natural language wrapper around the Linux iptables packet filtering engine (iptables). It is designed to abstract the sometimes confusing syntax of iptables, allowing use of rules that have better readability, and expressed in a more 'freeform' fashion compared to normal 'raw' iptables rules. husk can be used on either firewall/router computers (with multiple network interfaces), or standalone systems (with one network interface). Each interface (real or virtual) is called a 'zone' in husk. Zones are given a friendly name which is what is used in the rule definitions. This abstracts the Linux device names (eg, eth0, ppp0, bond0 etc) into much more intuitive names such as NET, LAN and DMZ. This has the added benefit of moving interfaces in the future can be done simply by changing the name-to-device mapping.
- ebtables - a filtering tool for a Linux-based bridging firewall. It enables transparent filtering of network traffic passing through a Linux bridge. The filtering possibilities are limited to link layer filtering and some basic filtering on higher network layers. Advanced logging, MAC DNAT/SNAT and brouter facilities are also included.The ebtables tool can be combined with the other Linux filtering tools (iptables, ip6tables and arptables) to make a bridging firewall that is also capable of filtering these higher network layers. This is enabled through the bridge-netfilter architecture which is a part of the standard Linux kernel.The ebtables and arptables codebase is maintained by the netfilter developers, who were so kind to take over maintenance of the software. This website is kept mainly as a documentation reference.
nftables
- http://en.wikipedia.org/wiki/nftables - a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames. It has been available since Linux kernel 3.13 released on 19 January, 2014. nftables is supposed to replace netfilter. Both subsystems have been co-authored by Patrick McHardy. Among the advantages of nftables over netfilter is less code duplication and more throughput. nftables is configured via the user-space utility nft while netfilter is configured via the utilities iptables, ip6tables, arptables and ebtables frameworks. nftables utilizes the building blocks of the Netfilter infrastructure, such as the existing hooks into the networking stack, connection tracking system, userspace queueing component, and logging subsystem.
- NCD - scripting language for network configuration and much more
- Horde is linux-based networking middleware that allows an application to stripe data from multiple streams across a set of dissimilar wireless network channels. Horde's approach aims to decrease the programming costs associated with building complex mobile systems that use network striping.
linuximq
- linuximq - Pseudo-driver for the intermediate queue device. (IMQ) The imq device has two common usage cases: Ingress shaping: With linux only egress shaping is possible (except for the ingress queue which can only do rate limiting). IMQ enables you to use egress qdiscs for real ingress shaping. Shaping over multiple interfaces: Qdiscs get attached to devices. A consequence of this is that one qdisc can only handle traffic going to the interface it is attached to. Sometimes it is desireable to have global limits on multiple interfaces. With IMQ you can use iptables to specify which packets the qdiscs sees, so global limits can be placed.
Services
inetd
- http://en.wikipedia.org/wiki/inetd - (internet service daemon) is a super-server daemon on many Unix systems that provides Internet services. For each configured service, it listens for requests from connecting clients. Requests are served by spawning a process which runs the appropriate executable, but simple services such as echo are served by inetd itself. External executables, which are run on request, can be single- or multi-threaded. First appearing in 4.3BSD, it is generally located at /usr/sbin/inetd. Often called a super-server, inetd listens on designated ports used by Internet services such as FTP, POP3, and telnet. When a TCP packet or UDP packet arrives with a particular destination port number, inetd launches the appropriate server program to handle the connection. For services that are not expected to run with high loads, this method uses memory more efficiently, since the specific servers run only when needed. Furthermore, no network code is required in the service-specific programs, as inetd hooks the sockets directly to stdin, stdout and stderr of the spawned process. For protocols that have frequent traffic, such as HTTP and POP3, a dedicated server that intercepts the traffic directly may be preferable.
- http://linux.die.net/man/8/tcpd - whenever a request for service arrives, the inetd daemon is tricked into running the tcpd program instead of the desired server. tcpd logs the request and does some additional checks. When all is well, tcpd runs the appropriate server program and goes away.
Xinetd
systemd
In systemd, three target units take the role of $network:
network.target has very little meaning during start-up. It only indicates that the network management stack is up after it has been reached. Whether any network interfaces are already configured when it is reached is undefined. It's primary purpose is for ordering things properly at shutdown: since the shutdown ordering of units in systemd is the reverse of the startup ordering, any unit that is ordered After=network.target can be sure that it is stopped before the network is shut down if the system is powered off. This allows services to cleanly terminate connections before going down, instead of abruptly losing connectivity for ongoing connections, leaving them in an undefined state. Note that network.target is a passive unit: you cannot start it directly and it is not pulled in by any services that want to make use of the network. Instead, it is pulled in by the network management service itself. Services using the network should hence simply place an After=network.target dependency in their unit files, and avoid any Wants=network.target or even Requires=network.target.
network-online.target is a target that actively waits until the nework is "up", where the definition of "up" is defined by the network management software. Usually it indicates a configured, routable IP address of some kind. It's primary purpose is to actively delay activation of services until the network is set up. It is an active target, meaning that is may be pulled in by the services requiring the network to be up, but is not pulled in by the network management service itself. By default all remote mounts defined in /etc/fstab pull this service in, in order to make sure the network is up before it is attempted to connect to a network share. Note that normally, if no service requires it, and if not remote mount point is configured this target is not pulled into the boot, thus avoiding any delays during boot should the network not be available. It is strongly recommended not to pull in this target too liberally: for example network server software should generally not pull this in (since server software generally is happy to accept local connections even before any routable network interface is up), it's primary purpose is network client software that cannot operate without network.
network-pre.target is a target that may be used to order services before any network interface is configured. It's primary purpose is for usage with firewall services that want to establish a firewall before any network interface is up. It's a passive unit: you cannot start it directly and it is not pulled in by the the network management service, but by the service that wants to run before it. Network management services hence should set After=network-pre.target, but avoid any Wants=network-pre.target or even Requires=network-pre.target. Services that want to be run before the network is configured should place Before=network-pre.target and also set Wants=network-pre.target to pull it in. This way, unless there's actually a service that needs to be ordered before the network is up the target is not pulled in, hence avoiding any unnecessary synchronization point.
Tools
to resort
sudo lsof -i ports open
sudo netstat -plnt
ss -tnlp
sudo nmap -sT -O localhost
nc 127.0.0.1 123 < /dev/null; echo $? test local port, 1 for closed 0 for open
advanced traceroute + ping
- Linux DNS Lookup Command - host & dig
netcat
- netcat - a versatile tool that is able to read and write data across TCP and UDP network . Combined with other tools and redirection it can be used in number of ways in your scripts. You will be surprised to see what you can accomplish with Linux netcat command.
- http://mylinuxbook.com/linux-netcat-command/
- http://www.catonmat.net/blog/unix-utilities-netcat/
- http://intermediatesql.com/linux/scrap-the-scp-how-to-copy-data-fast-using-pigz-and-nc/ [10]
nc -l 8888 listen on port 8888 nc server1 8888 connect to port 8888
Ncat
- Ncat - a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses.
Socat
- socat - a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor (readline), a program, or a combination of two of these. These modes include generation of "listening" sockets, named pipes, and pseudo terminals.
socat -d -d TCP-L:22,reuseaddr,fork SYSTEM:"nc \$SOCAT_PEERADDR 22" # Confuse people SSHing to your host with a redirect back to theirs.
hostA$ tar c mydir | lzop | socat - tcp-listen:1234 hostB$ socat tcp:hostA:1234 | lzop -d | tar x
Guidedog
- Guidedog - an advanced routing/network configuration utility for KDE 3 and 4 running on Linux 2.4 & 2.6 based machines. Using Guidedog you can easily activate packet routing/forwarding and also more advanced networking such as IP masquerade and Port Forwarding.
masscan
- https://github.com/robertdavidgraham/masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
Scapy
- Scapy - a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc.
bitmeteros
- BitMeter OS - a free, open-source, bandwidth monitor that works on Windows, Linux and Mac OSX. BitMeter OS keeps track of how much you use your internet/network connection, and allows you to view this information either via a web browser, or by using the command line tools.The Web Interface displays various graphs and charts that show how your internet/network connection has been used over time.
to sort
- Upside-Down-Ternet - My neighbours are stealing my wireless internet access. I could encrypt it or alternately I could have fun.
- Bro Network Security Monitor - a powerful network analysis framework that is much different from the typical IDS you may know.
- https://github.com/nodogsplash/nodogsplash - a high performance, small footprint Captive Portal, offering by default a simple splash page restricted Internet connection, yet incorporates an API that allows the creation of sophisticated authentication applications.
netsniff-ng
- netsniff-ng toolkit - a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa. Our toolkit can be used for network development and analysis, debugging, auditing or network reconnaissance.
The netsniff-ng toolkit consists of the following utilities:
- netsniff-ng, a fast zero-copy analyzer, pcap capturing and replaying tool
- trafgen, a multithreaded low-level zero-copy network packet generator
- mausezahn, high-level packet generator for HW/SW appliances with Cisco-CLI
- bpfc, a Berkeley Packet Filter compiler, Linux BPF JIT disassembler
- ifpps, a top-like kernel networking statistics tool
- flowtop, a top-like netfilter connection tracking tool
- curvetun, a lightweight curve25519-based IP tunnel
- astraceroute, an autonomous system (AS) trace route utility
Monitoring
Tcpdump
- Tcpdump - prints out a description of the contents of packets on a network interface that match the boolean expression.
xdpcap
- https://github.com/cloudflare/xdpcap - a tcpdump like tool for eXpress Data Path (XDP). It can capture packets and actions / return codes from XDP programs, using standard tcpdump / libpcap filter expressions.
netmon
Nbwmon
netbwmon
- https://github.com/moetunes/netbwmon - Network monitor based on nbwmon and netmon but without Ncurses dependency and only Linux support.
CBM
- https://github.com/resurrecting-open-source-projects/cbm - Color Bandwidth Meter - display in real time the network traffic speed
iPerf
- iPerf - a The TCP, UDP and SCTP network active bandwidth measurement tool. It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters. This is a new implementation that shares no code with the original iPerf and also is not backwards compatible. iPerf was orginally developed by NLANR/DAST. iPerf3 is principally developed by ESnet / Lawrence Berkeley National Laboratory. It is released under a three-clause BSD license.
Netperf
- Netperf - a benchmark that can be used to measure the performance of many different types of networking. It provides tests for both unidirecitonal throughput, and end-to-end latency. The environments currently measureable by netperf include: TCP and UDP via BSD Sockets for both IPv4 and IPv6, DLPI, Unix Domain Sockets, SCTP for both IPv4 and IPv6
NetHogs
- NetHogs - a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth.
nload
- nload - a console application which monitors network traffic and bandwidth usage in real time. It visualizes the in- and outgoing traffic using two graphs and provides additional info like total amount of transfered data and min/max network usage.
bandwhich
- https://github.com/imsnif/bandwhich - Terminal bandwidth utilization tool
bwm-ng
- bwm-ng - Bandwidth Monitor NG, is a small and simple console-based live network and disk io bandwidth monitor for Linux, BSD, Solaris, Mac OS X and others.
tcptrack
- tcptrack - a packet sniffer, which passively watches for connections on a specified network interface, tracks their states, and lists them in a manner similar to the Unix 'top' command. It displays source and destination addresses and ports, connection state, idle time, and bandwidth usage.
Ostinato
- Ostinato - an open-source, cross-platform network packet crafter/traffic generator and analyzer with a friendly GUI. Craft and send packets of several streams with different protocols at different rates. For the full feature list see below. Ostinato aims to be "Wireshark in Reverse" and become complementary to Wireshark.
EtherApe
- EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
hping
- hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
ngrep
- ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
Cacti
- Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.
nfdump
- nfdump - tools to collect and process netflow data on the command line.
- NfSen is the web based front end for the nfdump netflow tools.
SmokePing
- SmokePing - keeps track of your network latency. Best of breed latency visualisation. Interactive graph explorer. Wide range of latency measurement plugins. Master/Slave System for distributed measurement. Highly configurable alerting system. Live Latency Charts with the most 'interesting' graphs. Free and OpenSource Software written in Perl written by Tobi Oetiker, the creator of MRTG and RRDtool
Bro
- Bro - a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting. [17]
Wireshark
- Wireshark - the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.
- tshark - The Wireshark Network Analyzer
- https://github.com/gcla/termshark - A terminal user-interface for tshark, inspired by Wireshark.
iftop
- iftop - does for network usage what top does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question "why is our ADSL link so slow?".
ntop
NetHogs
- https://github.com/raboof/nethogs - a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to identify programs that have gone wild and are suddenly taking up your bandwidth. Since NetHogs heavily relies on /proc, most features are only available on Linux. NetHogs can be built on Mac OS X and FreeBSD, but it will only show connections, not processes.
vnStat
- vnStat - a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s). It uses the network interface statistics provided by the kernel as information source. This means that vnStat won't actually be sniffing any traffic and also ensures light use of system resources. However, in Linux at least a 2.2 series kernel is required.
NTM
- NTM - a monitor of the network and internet traffic for Linux.
sFlow
IPTraf
- IPTraf - a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.
bettercap
- bettercap - Swiss army knife for network attacks and monitoring.
bmon
Other
- http://www.wirefloss.com/ - deja vu
Security
Zeroconf
See also DNS
- https://en.wikipedia.org/wiki/Zero-configuration_networking - a set of technologies that automatically creates a usable computer network based on the Internet Protocol Suite (TCP/IP) when computers or network peripherals are interconnected. It does not require manual operator intervention or special configuration servers. Without zeroconf, a network administrator must set up network services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer's network settings manually. Zeroconf is built on three core technologies: automatic assignment of numeric network addresses for networked devices, automatic distribution and resolution of computer hostnames, and automatic location of network services, such as printing devices.
- avahi - mDNS/DNS-SD - a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. Compatible technology is found in Apple MacOS X (branded "Bonjour" and sometimes "Zeroconf"). Avahi is primarily targetted at Linux systems and ships by default in most distributions. It is not ported to Windows at this stage, but will run on many other BSD-like systems. The primary API is D-Bus and is required for usage of most of Avahi, however services can be published using an XML service definition placed in /etc/avahi/services.See also the nss-mdns project, which allows hostname lookup of *.local hostnames via mDNS in all system programs using nsswitch
- https://github.com/HBPVIS/Servus - Zeroconf discovery in C++
Virtual
- https://en.wikipedia.org/wiki/Virtual_network - a computer network that consists, at least in part, of virtual network links. A virtual network link is a link that does not consist of a physical (wired or wireless) connection between two computing devices but is implemented using methods of network virtualization. The two most common forms of network virtualization are protocol-based virtual networks (such as VLANs, VPNs, and VPLSs) and virtual networks that are based on virtual devices (such as the networks connecting virtual machines inside a hypervisor). In practice, both forms can be used in conjunction.
- https://github.com/anderspitman/awesome-tunneling - List of ngrok alternatives and other ngrok-like tunneling software and services. Focus on self-hosting.
X.25
- https://en.wikipedia.org/wiki/X.25 - an ITU-T standard protocol suite for packet switched wide area network (WAN) communication. An X.25 WAN consists of packet-switching exchange (PSE) nodes as the networking hardware, and leased lines, plain old telephone service connections, or ISDN connections as physical links.
X.25 is a family of protocols that was popular during the 1980s with telecommunications companies and in financial transaction systems such as automated teller machines. X.25 was originally defined by the International Telegraph and Telephone Consultative Committee (CCITT, now ITU-T) in a series of drafts and finalized in a publication known as The Orange Book in 1976. While X.25 has, to a large extent, been replaced by less complex protocols, especially the Internet protocol (IP), the service is still used (e.g. as of 2012 in the credit card payment industry) and available in niche and legacy applications.
Beginning in the early 1990s, in North America, use of X.25 networks (predominated by Telenet and Tymnet)[11] started to be replaced by Frame Relay, service offered by national telephone companies. Most systems that required X.25 now use TCP/IP, however it is possible to transport X.25 over TCP/IP when necessary.
X.25 networks are still in use throughout the world. A variant called AX.25 is also used widely by amateur packet radio. Racal Paknet, now known as Widanet, is still in operation in many regions of the world, running on an X.25 protocol base. In some countries, like the Netherlands or Germany, it is possible to use a stripped version of X.25 via the D-channel of an ISDN-2 (or ISDN BRI) connection for low volume applications such as point-of-sale terminals; but, the future of this service in the Netherlands is uncertain.
Frame Relay
ATM
Virtual LAN
https://github.com/m13253/popub - Publish a service from localhost onto your server.
Network virtualization
- https://en.wikipedia.org/wiki/Network_virtualization - the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization. Network virtualization is categorized as either external virtualization, combining many networks or parts of networks into a virtual unit, or internal virtualization, providing network-like functionality to software containers on a single network server.
- Mininet creates a realistic virtual network, running real kernel, switch and application code, on a single machine (VM, cloud or native), in seconds, with a single command
Virtual Extensible LAN
- https://en.wikipedia.org/wiki/Virtual_Extensible_LAN - VXLAN, a network virtualization technology that attempts to improve the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate MAC-based OSI layer 2 Ethernet frames within layer 4 UDP packets, using 4789 as the default IANA-assigned destination UDP port number. VXLAN endpoints, which terminate VXLAN tunnels and may be both virtual or physical switch ports, are known as VXLAN tunnel endpoints (VTEPs).
NGN
MPLS
- https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching - type of data-carrying technique for high-performance telecommunications networks that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table. The labels identify virtual links (paths) between distant nodes rather than endpoints. MPLS can encapsulate packets of various network protocols, hence its name "multiprotocol". MPLS supports a range of access technologies, including T1/E1, ATM, Frame Relay, and DSL.
VPN
- https://en.wikipedia.org/wiki/VTun - a networking application which can set up Virtual Tunnels over TCP/IP networks. It supports Internet Protocol (IP), Point-to-Point Protocol (PPP) and Serial Line Internet Protocol (SLIP) protocols. It exists as the reference implementation of the Tun/Tap user-space tunnel driver which was included in the Linux kernel as of version 2.4, also originally developed by Maxim Krasnyansky. Bishop Clark is the current maintainer.
- https://www.tinfoilsecurity.com/blog/dont-get-pwned-on-public-wifi-use-your-own-vpn-tutorial-guide-how-to [19]
- https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs-sstp/
- http://www.vpntutorials.com/blog/which-is-better-l2tp-vs-openvpn-105/
PPTP
- https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol
- https://wiki.archlinux.org/index.php/PPTP_Server
Not recommended for use any more.
L2TP
Requires use of encrypted protocol (IPsec). Uses UDP port 500, which is more easily blocked by NAT firewalls.
L2FP
- https://en.wikipedia.org/wiki/Layer_2_Forwarding_Protocol - a tunneling protocol developed by Cisco Systems, Inc. to establish virtual private network connections over the Internet. L2F does not provide encryption or confidentiality by itself; It relies on the protocol being tunneled to provide privacy. L2F was specifically designed to tunnel Point-to-Point Protocol (PPP) traffic.[
IPsec
- https://en.wikipedia.org/wiki/IPsec - an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite, while some other Internet security systems in widespread use, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers of the TCP/IP model. Hence, IPsec protects any application traffic across an IP network.
- https://github.com/royhills/ike-scan - Discover and fingerprint IKE hosts (IPsec VPN Servers)
GRE
- https://en.wikipedia.org/wiki/Generic_Routing_Encapsulation - a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network.
OpenVPN
- PiVPN - Simplest OpenVPN setup and configuration, designed for Raspberry Pi.
- https://github.com/corrad1nho/qomui - an easy-to-use OpenVPN/WireGuard gui for GNU/Linux with some unique features such as provider-independent support for double-hop connections. Qomui supports multiple providers with added convenience when using AirVPN, PIA, ProtonVPN, Windscribe or Mullvad.
n2n
Tinc
WireGuard
- https://github.com/pirate/wireguard-docs - a BETA/WIP open-source VPN solution written in C by Jason Donenfeld and others, aiming to fix many of the problems that have plagued other modern server-to-server VPN offerings like IPSec/IKEv2, OpenVPN, or L2TP. It shares some similarities with other modern VPN offerings like Tinc and MeshBird, namely good cipher suites and minimal config.This is my attempt at writing "The Unofficial WireGuard Documentation" to make up for the somewhat sparse official docs on an otherwise great piece of software.
- Tailscale - easy and secure VPN using WireGuard and 2FA. Connect your team's devices and development environments for easy access to remote resources.
- https://github.com/juanfont/headscale - a modern VPN built on top of Wireguard. It works like an overlay network between the computers of your networks - using NAT traversal. Everything in Tailscale is Open Source, except the GUI clients for proprietary OS (Windows and macOS/iOS), and the control server.The control server works as an exchange point of Wireguard public keys for the nodes in the Tailscale network. It assigns the IP addresses of the clients, creates the boundaries between each user, enables sharing machines between users, and exposes the advertised routes of your nodes. A Tailscale network (tailnet) is private network which Tailscale assigns to a user in terms of private users or an organisation.
BoringTun
strongSwan
Algo
- Algo VPN - short for "Al Gore", the Vice President of Networks everywhere for inventing the Internet, a set of Ansible scripts that simplifies the setup of a personal IPSEC VPN. It contains the most secure defaults available, works with common cloud providers, and does not require client software on most devices.
Vita
- https://github.com/inters/vita - a high-performance L3 VPN gateway you can use to interconnect your networks. Vita acts as a tunnel between your local, private network and any number of remote Vita gateways. With it, nodes spread across your outposts can communicate with each other with confidentiality and authenticity ensured at the network layer. [27]
DNS
Services
- http://lifehacker.com/5940565/why-you-should-start-using-a-vpn-and-how-to-choose-the-best-one-for-your-needs
- http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/ [28]
- http://torrentfreak.com/proxy-sh-vpn-provider-monitored-traffic-to-catch-hacker-130930/
SoftEther VPN
BadVPN
- BadVPN is a peer-to-peer VPN system. It provides a Layer 2 (Ethernet) network between the peers (VPN network nodes). The peers connect to a central server which acts as a chat server for them to establish direct connections between each other (data connections). These connections are used for transferring network data (Ethernet frames).
Freelan
- Freelan - A free, open-source, multi-platform, highly-configurable and peer-to-peer VPN software, designed to easily connect remote hosts and mainly focused on security and performance. [30]
Social VPN Project
- Social VPN Project - free and open-source P2P Social Virtual Private Network (VPN) that seamlessly networks your computer with the computers of your friends.
Campagnol
- Campagnol is a distributed IP-based VPN software able to open new connections through NATs or firewalls without any configuration. It uses UDP for the transport layer and utilizes tunneling and encryption (with DTLS) and the UDP hole punching NAT traversal technique. The established connections are P2P.
ocserv
- OpenConnect VPN server - The OpenConnect VPN server (ocserv) is an open source Linux SSL VPN server designed for organizations that require a remote access VPN with enterprise user management and control.
DSVR
- https://github.com/dboyd13/DSVR - Domain-Specific VPN Router. If you're using a VPN service today, you may have found the following limitations: All or nothing. Either ALL traffic goes down the VPN or none - unable to be selective. Only one VPN at a time. Cannot selectively route certain sites down one VPN, and others down another VPN. Unless you've configured your VPN at the router level, it's likely that only a single device can use your VPN at one time. [31]
n2n
- n2n - a layer-two peer-to-peer virtual private network (VPN) which allows users to exploit features typical of P2P applications at network instead of application level. This means that users can gain native IP visibility (e.g. two PCs belonging to the same n2n network can ping each other) and be reachable with the same network IP address regardless of the network where they currently belong. In a nutshell, as OpenVPN moved SSL from application (e.g. used to implement the https protocol) to network protocol, n2n moves P2P from application to network level.
sshuttle
- https://github.com/sshuttle/sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
SigmaVPN
- SigmaVPN is simple, light-weight and modular VPN software for UNIX systems, deploying the NaCl encryption library. It's easy to configure, has low overheads and is reliable. No longer is it necessary to waste precious time configuring overcomplicated tunnels. [33]
fastd
- https://github.com/neocturne/fastd - a very small VPN daemon which tunnels IP packets and Ethernet frames over UDP. It supports various modern encryption and authentication schemes and can be used in many different network topologies (1:1, 1:n, meshed). fastd runs on Linux, FreeBSD, OpenBSD and macOS. Android support exists in the code, but is currently unmaintained. Binary packages are provided by many major Linux distributions.
dn42
- dn42 - a big dynamic VPN, which employs Internet technologies (BGP, whois database, DNS, etc). Participants connect to each other using network tunnels (GRE, OpenVPN, Tinc, IPsec) and exchange routes thanks to the Border Gateway Protocol. Network addresses are assigned in the 172.20.0.0/14 range and private AS numbers are used (see registry) as well as IPv6 addresses from the ULA-Range (fd00::/8). A number of services are provided on the network: see internal (only available from within dn42). Also, dn42 is interconnected with other networks, such as ChaosVPN or some Freifunk networks. [34]
ChaosVPN
- ChaosVPN - a system to connect Hackers. Design principals include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is being able to run on a embedded hardware you will find in our todays router.
wirehole
- https://github.com/IAmStoxe/wirehole - a combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound. [35]
Mix network
- https://en.wikipedia.org/wiki/Mix_network - are routing protocols that create hard-to-trace communications by using a chain of proxy servers known as mixes[2] which take in messages from multiple senders, shuffle them, and send them back out in random order to the next destination (possibly another mix node). This breaks the link between the source of the request and the destination, making it harder for eavesdroppers to trace end-to-end communications. Furthermore, mixes only know the node that it immediately received the message from, and the immediate destination to send the shuffled messages to, making the network resistant to malicious mix nodes.
Loopix / MixNet
Simulation / emulation
- OMNeT++ is an extensible, modular, component-based C++ simulation library and framework, primarily for building network simulators. "Network" is meant in a broader sense that includes wired and wireless communication networks, on-chip networks, queueing networks, and so on. Domain-specific functionality such as support for sensor networks, wireless ad-hoc networks, Internet protocols, performance modeling, photonic networks, etc., is provided by model frameworks, developed as independent projects. OMNeT++ offers an Eclipse-based IDE, a graphical runtime environment, and a host of other tools. There are extensions for real-time simulation, network emulation, alternative programming languages (Java, C#), database integration, SystemC integration, and several other functions.
- Netkit - an environment for setting up and performing networking experiments at low cost and with little effort. It allows to "create" several virtual network devices (full-fledged routers, switches, computers, etc.) that can be easily interconnected in order to form a network on a single PC. Networking equipments are virtual but feature many of the characteristics of the real ones, including the configuration interface.
- Marionnet - a virtual network laboratory: it allows users to define, configure and run complex computer networks without any need for physical setup. Only a single, possibly even non-networked GNU/Linux host machine is required to simulate a whole Ethernet network complete with computers, routers, hubs, switches, cables, and more. Support is also provided for integrating the virtual network with the physical host network. Marionnet was born in April 2005 as a simple textual interface to Netkit, itself based on User Mode Linux.
- https://github.com/CovenantSQL/GNTE - a docker-based all-in-one unstable global network emulator. It emulates functionality such as random delay and packet loss.
- EVE-NG: Community Edition - clientless multivendor network emulation software that empowers network and security professionals with huge opportunities in the networking world.
- SIPp - a free Open Source test tool / traffic generator for the SIP protocol. It includes a few basic SipStone user agent scenarios (UAC and UAS) and establishes and releases multiple calls with the INVITE and BYE methods. It can also reads custom XML scenario files describing from very simple to complex call flows. It features the dynamic display of statistics about running tests (call rate, round trip delay, and message statistics), periodic CSV statistics dumps, TCP and UDP over multiple sockets or multiplexed with retransmission management and dynamically adjustable call rates.Other advanced features include support of IPv6, TLS, SCTP, SIP authentication, conditional scenarios, UDP retransmissions, error robustness (call timeout, protocol defense), call specific variable, Posix regular expression to extract and re-inject any protocol fields, custom actions (log, system command exec, call stop) on message receive, field injection from external CSV file to emulate live users.SIPp can also send media (RTP) traffic through RTP echo and RTP / pcap replay. Media can be audio or video.While optimized for traffic, stress and performance testing, SIPp can be used to run one single call and exit, providing a passed/failed verdict.
- SeagulL - a free, Open Source (GPL) multi-protocol traffic generator test tool. Primarily aimed at IMS (3GPP, TISPAN, CableLabs) protocols (and thus being the perfect complement to SIPp for IMS testing), Seagull is a powerful traffic generator for functional, load, endurance, stress and performance/benchmark tests for almost any kind of protocol.In addition, its openness allows to add the support of a brand new protocol in less than 2 hours - with no programming knowledge. For that, Seagull comes with several protocol families embedded in the source code: Binary/TLV (Diameter, Radius and many 3GPP and IETF protocols) External library (TCAP, SCTP) Text (XCAP, HTTP, H248 ASCII)
Software-defined networking
See also Virtualisation, IaaS
- YouTube: How SDN will Shape Networking - Nick McKeown
- YouTube:An attempt to motivate and clarify Software-Defined Networking (SDN)
- OpenFlow - enables networks to evolve, by giving a remote controller the power to modify the behavior of network devices, through a well-defined "forwarding instruction set". The growing OpenFlow ecosystem now includes routers, switches, virtual switches, and access points from a range of vendors.
- NOXRepo.org is the home of two Open Source control platforms for Software Defined Networks.
- Maestro is an "operating system" for orchestrating network control applications. Maestro provides interfaces for implementing modular network control applications to access and modify state of the network, and coordinate their interactions. Maestro is a platform for achieving automatic and programmatic network control functions using these modularized applications. Although this project focuses on building an OpenFlow controller using Maestro, Maestro is not only limited to OpenFlow networks.
Encrypted
See Security
Reticulum
- Reticulum Network - the cryptography-based networking stack for building local and wide-area networks with readily available hardware. It can operate even with very high latency and extremely low bandwidth. Reticulum allows you to build wide-area networks with off-the-shelf tools, and offers end-to-end encryption and connectivity, initiator anonymity, autoconfiguring cryptographically backed multi-hop transport, efficient addressing, unforgeable delivery acknowledgements and more.
The vision of Reticulum is to allow anyone to be their own network operator, and to make it cheap and easy to cover vast areas with a myriad of independent, inter-connectable and autonomous networks. Reticulum is not one network. It is a tool for building thousands of networks. Networks without kill-switches, surveillance, censorship and control. Networks that can freely interoperate, associate and disassociate with each other, and require no central oversight. Networks for human beings. Networks for the people.
Reticulum is a complete networking stack, and does not rely on IP or higher layers, but it is possible to use IP as the underlying carrier for Reticulum. It is therefore trivial to tunnel Reticulum over the Internet or private IP networks. Having no dependencies on traditional networking stacks frees up overhead that has been used to implement a networking stack built directly on cryptographic principles, allowing resilience and stable functionality, even in open and trustless networks. No kernel modules or drivers are required. Reticulum runs completely in userland, and can run on practically any system that runs Python 3.
- I made the prepper version of the Internet : preppers - Since 2014, I have been trying to solve the problem of being able to build reliable communications networks in the case of mass failure of existing infrastructure. A lot of fragmented solutions and limited tools exist, but in reality, what was really missing was a complete communications stack designed for use by normal people without centralised coordination of any kind. A sort of "Internet Protocol for the people" if you will. A system that would allow anyone to easily build secure and resilient long-range networks with simple, available tools. Systems that would work and allow secure and private comms even when SHTF. So in 2014 I set out to do build that system. Well, it's been a while, and while it is by no means perfect, the Reticulum Network Stack now exists, and it does exactly that. It allows you to build networks over LoRa or Packet Radio, WiFi or fiber optics (or anything actually), and to connect those networks together.
rnsh
- https://github.com/acehoss/rnsh - a command-line utility written in Python that facilitates shell sessions over Reticulum networks and aims to provide a similar experience to SSH.
lxmf
- https://github.com/markqvist/lxmf - LXMF is a simple and flexible messaging format and delivery protocol that allows a wide variety of implementations, while using as little bandwidth as possible. It is built on top of Reticulum and offers zero-conf message routing, end-to-end encryption and Forward Secrecy, and can be transported over any kind of medium that Reticulum supports. LXMF is efficient enough that it can deliver messages over extremely low-bandwidth systems such as packet radio or LoRa. Encrypted LXMF messages can also be encoded as QR-codes or text-based URIs, allowing completely analog paper message transport.
NomadNet
- https://github.com/markqvist/NomadNet - you to build private and resilient communications platforms that are in complete control and ownership of the people that use them. No signups, no agreements, no handover of any data, no permissions and gatekeepers. Nomad Network is build on LXMF and Reticulum, which together provides the cryptographic mesh functionality and peer-to-peer message routing that Nomad Network relies on. This foundation also makes it possible to use the program over a very wide variety of communication mediums, from packet radio to fiber optics. Nomad Network does not need any connections to the public internet to work. In fact, it doesn't even need an IP or Ethernet network. You can use it entirely over packet radio, LoRa or even serial lines. But if you wish, you can bridge islanded networks over the Internet or private ethernet networks, or you can build networks running completely over the Internet. The choice is yours.
Sideband
- https://github.com/markqvist/Sideband - an LXMF client for Android, Linux and macOS. It allows you to communicate with other people or LXMF-compatible systems over Reticulum networks using LoRa, Packet Radio, WiFi, I2P, Encrypted QR Paper Messages, or anything else Reticulum supports.
Project V / V2Ray / Vmess
- Project V - a set of tools to help you build your own privacy network over internet. The core of Project V, named V2Ray, is responsible for network protocols and communications. It can work alone, as well as combine with other tools. This website is mainly a manual for V2Ray, with some additional information regarding the whole project.
- Multiple inbound/outbound proxies: one V2Ray instance supports in parallel multiple inbound and outbound protocols. Each protocol works independently.
- Customizable routing: incoming traffic can be sent to different outbounds based on routing configuration. It is easy to route traffic by target region or domain.
- Multiple protocols: V2Ray supports multiple protocols, including Socks, HTTP, Shadowsocks, VMess etc. Each protocol may have its own transport, such as TCP, mKCP, WebSocket etc.
- Obfuscation: V2Ray has built in obfuscation to hide traffic in TLS, and can run in parallel with web servers.
- Reverse proxy: General support of reverse proxy. Can be used to build tunnels to localhost.
- Multiple platforms: V2Ray runs natively on Windows, Mac OS, Linux, etc. There is also third party support on mobile.
- VMess
- Unveiling the Power of V2Ray Protocol: A Secure and Versatile Communication Tool | by Omid Kzm | Medium - V2Ray, short for “V2Ray Versatile Routing,” is an open-source platform developed to offer efficient and versatile communication between clients and servers. It boasts a robust set of features that enable users to create secure and flexible network proxy services. The name “VMess” stands for “V2Ray + Mess (Message),” indicating the protocol’s extensibility and adaptability.
- mKCP - a reliable stream transport. It is an UDP based protocol. mKCP sends more traffic for lower latency. To transfer the same amount of data, mKCP usually requires more throughput than TCP does.
Project X
- Project X - Fear not the clouds that obscure the view, golden eyes like a torch brighten the sky
- High-speed protocol: Original VLESS and XTLS protocols, free from redundant encryption, release CPU power
- Free combination: Perfect fallback mechanism, effectively prevent active detection, multi-service sharing ports
- Ultra-low occupancy: OpenWRT RaspberryPi and other simplified devices can be used
- Powerful routing: Highly customizable routing system to meet various usage requirements and fully exploit network performance
- Full compatibility: Fully compatible with v2ray-core configuration files and API calls
- Affinity: Active community discussions and contributions, MPL 2.0 open source license
- VLESS | Project X - a stateless lightweight transport protocol, which is divided into inbound and outbound parts, and can be used as a bridge between Xray clients and servers. Unlike VMess, VLESS does not rely on system time, and the authentication method is also UUID.
Mesh
See Mesh
UK ISPs
- How to Build a Low-tech Internet - LOW-TECH MAGAZINE - ]https://lobste.rs/s/02ziqt/how_build_low_tech_internet]
Wireless broadband
Scotland
to sort
View The Daily Show, etc. in the UK, etc. Mofity HTTP headers; X-Forwarded-For "12.13.14.15" [39]
- http://queue.acm.org/detail.cfm?id=2076798 - buffer bloat
- GLIF, the Global Lambda Integrated Facility, is an international consortium that promotes the paradigm of lambda networking.
- OpenSignalMaps - database of cell phone towers, cell phone signal strength readings, and Wi-Fi access points around the world
- https://news.ycombinator.com/item?id=14681561 - minitel
- https://news.ycombinator.com/item?id=18781820
- Pi-hole - Network-wide ad blocking via your own Linux hardware
- https://github.com/ervanalb/lens - lens stands for "live editing of network streams"lens is a framework that allows you to tap live cabling for inspection and injection.