Networking & Cybersecurity

Welcome to the world of Networking. An ongoing curated collection of awesome software, libraries, frameworks, talks & videos, best practices, learning tutorials and important practical resources about networking in cybersecurity. Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.

Table of Contents

• Network Foundations
  • TCP/IP Protocols
  • Courses
  • Tutorials
  • Books
  • Software
  • Certifications
  • Miscellaneous
• Network Design Resources
• Network Implementation
  • Routing
  • Switching
  • VPN
  • Network Services
  • Network Simulators and Traffic Generators
• Network Operations
  • Network Change Management
  • Network Automation
  • Network Monitoring
  • Security Monitoring
  • Network Inventory
• Related resources
  • DevNet Tools
  • DevNet Monitoring
  • DevNet Knowledgebase
  • DevNet Inventory
  • Knowledge Resources
• License

Network Foundations

• Computer networking refers to connected computing devices (such as laptops, desktops, servers, smartphones, and tablets) and an ever-expanding array of IoT devices (such as cameras, door locks, doorbells, refrigerators, audio/visual systems, thermostats, and various sensors) that communicate with one another.

TCP/IP Protocols

Note: Links without description are official RFCs from the Internet Engineering Task Force (IETF).

• DNS

  • DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION

  

  DNS, or the Domain Name System, translates human readable domain names (for example, www.amazon.com) to machine readable IP addresses (for example, 192.0.2.44).

• DHCP

  • DYNAMIC HOST CONFIGURATION PROTOCOL

Dynamic Host Configuration Protocol, or DHCP, is used to provide quick and centralized management of IP addresses and other TCP/IP settings on your network. These are things like host IP address, subnet mask, DNS settings, default gateway address, and so on (I call these “IP configuration settings”). When you power on your computer, a DHCP server likely provides these IP configuration settings to you. Even if you don’t have a stand-alone DHCP server, your default gateway likely has its own DHCP server feature.

DHCP really makes network management a lot easier. DHCP eliminates the need for manually assigning IP addresses to our devices. DHCP port number for server is 67 and for the client is 68. It is a Client server protocol which uses UDP services

• FTP

  • FILE TRANSFER PROTOCOL (FTP)

• HTTP

  • Hypertext Transfer Protocol -- HTTP/1.1
  • Hypertext Transfer Protocol Version 2 (HTTP/2)

• UDP

  • User Datagram Protocol

• TCP

  • TRANSMISSION CONTROL PROTOCOL

• IP

  • INTERNET PROTOCOL
  • Internet Protocol, Version 6 (IPv6) Specification

• Telnet

  • TELNET PROTOCOL SPECIFICATION

• SSH

  • The Secure Shell (SSH) Protocol Architecture

• NAT

  • The IP Network Address Translator (NAT)

Courses

• Cisco Networking Academy Courses - A various networking courses (Essentials, CCNA, CCNP, etc.).
• CBT Nuggets - An excelent place to start with the courses on various topics (Cisco, Juniper, CompTIA, etc.).
• ipSpace - Contains excelent courses and webinars on various network topics, for both beginners and advanced people.
• GNS3 Academy - A various number of courses related to the networking with GNS3 software.
• The Complete Networking Fundamentals Course - The most popular Networking Essentials course on Udemy.

Tutorials

• Networking - A series of YouTube tutorials about networking by Eli the Computer Guy.
• Wireshark Tutorial for Beginners - TheNewBoston Wireshark Tutorial for Beginners.
• MikroTik WinBox Manual - The official manual for MikroTik's WinBox software.

Books

• Computer Networking: A Top-Down Approach (7th Edition) - Excellent book for beginners (and advanced people) in networking.
• Internetworking with TCP/IP Volume One (6th Edition) - A rich introduction book to the TCP/IP protocols and Internetworking.
• Network Security Essentials: Applications and Standards (6th Edition) - A practical survey of network security applications and standards.
• Beej's Guide to Network Programming - A free digital book about socket programming by Brian "Beej" Hall.
• Red Hat Enterprise Linux 7 Networking Guide - The official Red Hat's networking guide for Red Hat Enterprise Linux.
• Practical Packet Analysis (3rd Edition) - An amazing book about analyzing network packets using Wireshark.
• Attacking Network Protocols - A Hacker's Guide to Capture, Analysis, and Exploitation by James Forshaw.
• Cisco Press - Cisco authorized book publisher where you can get all books and official guides for Cisco certifications.

Software and Tools

• Wireshark - The most popular free and open source network protocol analyzer.
• tcpdump - A powerful open source command-line packet analyzer.
• Nmap - A free and open source software for network discovery and security auditing.
• Zenmap - The official Nmap Security Scanner GUI.
• GNS3 - A powerful free and open source network simulator.
• Cisco Packet Tracer - Cross-platform network visual simulation tool designed by Cisco Systems.
• pfSense - An open source firewall/router computer software distribution based on FreeBSD.
• WinBox - Official MikroTik GUI software for administration of MikroTik RouterOS.
• Online nslookup - An online DNS client to view and debug DNS configuration.
• Online whois - An online whois record tool for getting information about domains.
• OUI Lookup Tool - An online OUI lookup for searching vendors of MAC addresses.
• Draw.io - An open source software for creating network diagrams and topologies.

Certifications

• Cisco certifications
• MikroTik certified training programs
• Juniper Certification Tracks
• CompTIA Network+

Miscellaneous

• Network Analysis - An awesome list of network analysis resources.
• Software Defined Networks (SDN) - An awesome list about Software Defined Network (SDN).
• Reddit Networking - Reddit group for networking.
• Network Engineering Stack Exchange - A question and answer site for network engineers.
• Server Fault - A question and answer site for system and network administrators.

Network Design Resources

• Cisco Design Zone
• Cumulus Networks Validated Design Guides
• Juniper Solution Center

Network Implementation

Routing

• Free Range Routing - IP routing protocol suite for Linux and Unix platforms which includes protocol daemons for BGP, IS-IS, LDP, OSPF, PIM, and RIP.
• VyOS - Open source network operating system that can be installed on physical hardware or a virtual machine on your own server, or a cloud platform.

SD-WAN

• Silver Peak - SD-WAN Solution(Commercial).

Switching

• snabb - Snabb (formerly "Snabb Switch") is a simple and fast packet networking toolkit.

VPN

• PiVPN - Simplest OpenVPN setup and configuration, designed for Raspberry Pi.

Network Services

• Pi-Hole - Network-wide ad blocking via your own Linux hardware.

Network Simulators and Traffic Generators

• GNS3 - Network software emulator that allows the combination of virtual and real devices, used to simulate complex networks.
• Mininet - Instant Virtual Network on your Laptop.
• WANem - Wide Area Network Emulator.
• Ostinato - Packet crafter, network traffic generator and analyzer with a friendly GUI.
• SIPp - Free Open Source test tool / traffic generator for the SIP protocol.
• StarTrinity SIP Tester™ - VoIP monitoring and testing tool, VoIP recorder.
• Multi-Generator - Open source software that provides the ability to perform IP network performance tests and measurements using TCP and UDP/IP traffic.
• Network-Conditions-Emulator - Artificially limit uplink and downlink bandwidth, delay and loss rate on selected interfaces.
• snabb - Snabb (formerly "Snabb Switch") is a simple and fast packet networking toolkit.
• vqfx10k-vagrant - Vagrant files to bring up Juniper virtual QFX instances
• Packet Communication Investigator - import network traffic into a graphtool to analyse packet interactions between machines and network
• SafePcap - GDPR and NISTIR 8053 Compliance for your Pcap files
• Arkime - Arkime augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access
• pyNTM - a network traffic modeler written in python 3.

Network Operations

Network Change Management

• Batfish - Network configuration analysis tool that can find bugs and guarantee the correctness of (planned or current) network configurations.
• Oxidized - Network device configuration backup tool. It's a RANCID replacement.
• Netshot - Network configuration and compliance management software.
• Jazigo - Jazigo is a tool written in Go for retrieving configuration for multiple devices, similar to rancid, fetchconfig, oxidized, Sweet.
• fetchconfig - fetchconfig is a Perl script for retrieving configuration of multiple devices
• sweet - Network device configuration backups and change alerts for the 21st century - inspired by RANCID!
• stockpiler - Stockpiler gathers network device configurations and stores them in a local Git repository.

Network Automation

• Napalm - Vendor neutral, cross-platform open source project that provides a unified API to network devices.
• netmiko - Multi-vendor library to simplify Paramiko SSH connections to network devices.
• trigger - Robust network automation toolkit written in Python that was designed for interfacing with network devices.
• Ansible - IT automation platform that makes your applications and systems easier to deploy by using SSH, with no agents to install on remote systems.
• nornir - Pluggable multi-threaded framework with inventory management to help operate collections of devices
• CNaaS-NMS - Campus Network-as-a-Service - Network Management System. Software to automate management of a campus network (LAN).
• pyats - pyATS enable network engineers to perform stateful validation of their device operational status
• itential.com - ow-Code Automation for Physical, Virtual, and Cloud Networks(commercial)
• AWX - the upstream project for Tower, a commercial derivative of AWX.
• Unimus Unimus makes Network Automation and Configuration Management easy (commercial)

Network Monitoring

• perfSONAR - Network measurement toolkit designed to provide federated coverage of paths, and help to establish end-to-end usage expectations.
• UDPing - Measure latency and packet loss across a link.
• Vaping - vaping is a healthy alternative to smokeping!
• veryflow - Continuous network verification system.
• Forward Networks - Network Behavior Analysis (Commercial).
• ToDD - Distributed, testing-on-demand system focused on testing network related conditions.
• pmacct - Small set of multi-purpose passive network monitoring tools, including Netflow or IPFIX generation.
• LibreNMS - Network monitoring system that supports automatic discovery, alerting, distributed polling and others.
• Observium - Low-maintenance auto-discovering network monitoring platform.
• Elastiflow - Netflow collector and reporting

Security Monitoring

• cPacket - Performance monitoring solutions that deliver real-time analysis and coverage (Commercial).
• Proxmox Mail Gateway - Open-source email security solution helping you to protect your mail server against all email threats the moment they emerge.
• FastNetMon - DDoS detection tool (Open Source or Commercial).
• PyREBox - Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU
• Canary - Honeypot solution (commercial)
• CanaryTokens - Free honeytoken
• Malcolm - Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs.
• Zeek - Zeek is an open source network security monitoring tool.
  • zeek2es - A Zeek log to Elastic/OpenSearch log converter.

Network Inventory

• phpipam - Open-source web IP address management application (IPAM).
• nsot - Network Source of Truth is an open source IPAM and network inventory database.
• netbox - IP address management (IPAM) and data center infrastructure management (DCIM) tool.
• ipfabric - Network Topology Mapping & Visualization (Commercial)
• drawthe.net - Draws network diagrams dynamically from a text file describing the placement, layout and icons.

Networking Labs

• VIRL - Virtual Internet Routing Lab by Cisco
• dCloud - Fully scripted, customizable environments available almost instantly in the cloud for free
• Cisco DevNet Labs - https://developer.cisco.com/site/sandbox/

Related resources

DevNet Tools

• Celery - Asynchronous task queue/job queue based on distributed message passing. It is focused on real-time operation, but supports scheduling as well.
• Ajenti - Manage a remote Linux box at any time using everyday tools like a web terminal, text editor, file manager and others.
• ProxMox Virtualiation Platform - Open-source platform for enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined storage and networking functionality on a single platform, and easily manages high availability clusters and disaster recovery tools with the built-in web management interface.
• ops_tcpdump_handler - Chef Cookbook to test network connectivity
• chromaterm - ChromaTerm is a Python module and script used for coloring the output to terminals
• telnetmyip.com - Simple service that returns your source IP information in a json format
• icanhaztraceroute.com - Simple service that returns a traceroute back to your source IP
• Who is my ISP? - Simple service that shows the ISP of an IP
• NsLookup.io - Simple service that shows all DNS records for a domain name
• netshoot - a Docker + Kubernetes network trouble-shooting swiss-army container

DevNet Monitoring

• netdata - Distributed real-time performance and health monitoring.
• Grafana - Open source software for time series analytics.
• monit -Small Open Source utility for managing and monitoring Unix systems. Monit conducts automatic maintnance and repair and can execute meaningful causal actions in error situations.
• Prometheus - Open-source systems monitoring and alerting toolkit originally built at SoundCloud.
• sensu - Monitor servers, services, application health, and business KPIs. Collect and analyze custom metrics. Get notified about failures before your users do. Give your business the competitive advantage it deserves. (Open Source or Commercial)
• ELK Stack
  • Elasticsearch - Open Source, Distributed, RESTful Search Engine.
  • LogStash - Transport and process your logs, events, or other data.
  • Kibana - Analytics and search dashboard for Elasticsearch.
• Graylog - Parse and enrich logs, wire data, and event data from any data source (Commercial, Free for less than 5GB/day).

DevNet Knowledgebase

• ITGlue - IT focused documentation solution (Commercial).

DevNet Inventory

• Snipe IT - Open Source Asset Management tool.

Knowledge Resources

• Packet Pushers Podcast - Podcast about data networking by network architects. Deeply technical & unabashedly nerdy.
• Risky Business Podcast - Features news and in-depth commentary from security industry luminaries.
• Software Gone Wild Podcast - Software Gone Wild is focusing on architectures, solutions and technologies that real networking engineers use in production networks
• Cisco DevNet Basics - Learn network programmability basics
• Cisco Tools - List of Cisco tools maintained by Cisco

License

MIT License & cc license

This work is licensed under a Creative Commons Attribution 4.0 International License.

To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work.

^ back to top ^