Tips-Of-Mine/Applications
2
0
Fork 0
Code Pull Requests Wiki Activity

update

Browse Source
This commit is contained in:
Hubert Cornet
2024-04-03 22:04:13 +02:00
parent 7e68609006
commit 0b373d31db
142 changed files with 7334 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
networking/arp-protocol.md Normal file
View File

@ -0,0 +1,19 @@
# ARP Protocol
The Address Resolution Protocol (ARP) is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is necessary because the data link and network layer addresses of a device can be different, and ARP provides a way to translate between them.
ARP operates within the Internet Protocol Suite's networking layer, and is used by network devices to map an IP address to a physical address, such as an Ethernet address. ARP is used for communication within a network segment (layer 2), while the Internet Protocol is used for communication across network segments (layer 3).
ARP is a stateless protocol, meaning that each request is independent of the previous request in the same session. ARP is also a broadcast protocol, meaning that it is used for one-to-all communication within a network.
## ARP Request
An ARP request is a message that is sent by a device to all other devices in a network to request their MAC addresses. The ARP request contains the IP address of the device that sent the request, and the MAC address of the device that is requesting the IP address. The ARP request is broadcast to all devices in the network, and the device that has the requested IP address responds with an ARP reply.
## ARP Reply
An ARP reply is a message that is sent by a device to another device in a network to provide its MAC address. The ARP reply contains the IP address of the device that sent the request, and the MAC address of the device that is requesting the IP address. The ARP reply is sent directly to the device that sent the ARP request.
## ARP Table
An ARP table is a table that is used by a device to store the IP addresses and MAC addresses of other devices in a network. The ARP table is used by the device to determine the MAC address of a device when it receives an ARP request from that device.

7
networking/autonegotiation.md Normal file
View File

@ -0,0 +1,7 @@
# Autonegotiation
**Autonegotiation** is a feature in Ethernet networking that allows two connected devices to automatically negotiate and establish the best possible parameters for communication. When two devices with **autonegotiation** capability are connected, they exchange information about their supported capabilities, such as link speed (e.g., 10 Mbps, 100 Mbps, 1 Gbps), duplex mode (e.g., half-duplex or full-duplex), and flow control.
Based on this information, the devices negotiate and agree upon the highest mutually supported settings for optimal communication.
**Autonegotiation** helps ensure compatibility and optimal performance between network devices. It eliminates the need for manual configuration and allows network devices to adapt to different speeds and duplex modes based on the capabilities of the connected devices.

13
networking/dns/dns-dnssec.md Normal file
View File

@ -0,0 +1,13 @@
# DNSSEC
DNSSEC (DNS Security Extensions) is a set of security extensions to the [[DNS]] (Domain Name System) protocol that provides authentication and integrity checking for DNS data. DNSSEC uses digital signatures to ensure that DNS responses have not been modified in transit and that they come from an authorized source.
With DNSSEC, each zone in the DNS hierarchy is signed with a private key, and the corresponding public key is published in the DNS. When a DNS resolver receives a DNS response, it can use the public key to verify the digital signature and ensure that the response has not been tampered with. If the signature is valid, the resolver can be confident that the response is authentic and has not been modified in transit.
DNSSEC provides several benefits, including:
- Data integrity: DNSSEC ensures that DNS responses have not been modified in transit, preventing DNS spoofing and other types of attacks that rely on DNS data tampering.
- Authentication: DNSSEC allows DNS resolvers to authenticate the source of DNS responses, providing an additional layer of security against DNS cache poisoning and other attacks.
- Trust hierarchy: DNSSEC allows for the creation of a trust hierarchy in the DNS, with each zone in the hierarchy being responsible for signing its own data and delegating trust to its child zones.
DNSSEC is supported by most modern DNS servers and resolvers, and is becoming increasingly important as a tool for securing the Internet's infrastructure.

0
networking/dns/dns-doh.md Normal file
View File

0
networking/dns/dns-dot.md Normal file
View File

71
networking/dns/dns-record-mailserver.md Normal file
View File

@ -0,0 +1,71 @@
# Mail Server DNS Records Cheat-Sheet
If you want to run a mail server on the public internet, you need to set up your [DNS Records](networking/dns-record-types.md) correctly. While some [DNS Records](networking/dns-record-types.md) are necessary to send and receive emails, others are recommended to build a good reputation.
## Required Mail Server DNS Records
### A Record
DNS A Record that will resolve to the public IP address of your mail server. This is also needed when your web server has a different IP address than your mail server.
**Recommended Settings Example:**
Type | Host | Points to | TTL
---|---|---|---
`A`|`mail`|`your-mail-servers-ipv4`|`1 hour`
### MX Record
The MX record is important when you want to receive emails. This tells everyone which IP address to contact.
If you have multiple Mail Servers that need to be load-balanced use the same **priority**. Lower numbers are prioritized. Higher numbers can be used as backup servers.
**Recommended Settings:**
Type | Host | Points to | Priority | TTL
---|---|---|---|---
`MX`|`@`|`mail.your-domain`|`0`|`1 hour`
### RDNS or PTR Record
The reverse DNS record or also called PTR (Pointer Resource Record) is important when you want to send mails. Almost all mail servers check the RDNS record to perform simple anti-spam checks. RDNS is just like a DNS query, just backward.
>Your RDNS record is not configured on your DNS server, instead, its configured on your hosting provider where you got your public IP address from.
## (Optional but recommended) DNS Records
### SPF Record
The SPF (Sender Policy Framework) is a TXT record on your DNS server that specifies which hosts are allowed to send mails for a given domain. When a mail server receives a mail that seems to come from your domain it can check if its a valid message. Some mail servers reject mails if they cant validate that the message comes from an authorized mail server.
**Recommended Settings:**
Type | Host | TXT Value | TTL
---|---|---|---
`TXT`|`@`|`v=spf1 ip4:your-mail-servers-ipv4 -all`|`1 hour`
### DKIM Record
DKIM (Domain Keys Identified Mail) allows the receiving mail server to check that an email was indeed sent by the owner of that domain. The sending mail server adds a digital signature to every mail that is sent. This signature is added as a header and secured with encryption. These signatures are not visible to the end-user.
>If you want to add DKIM to your mail server you first need to create a private and a public keypair
We use the tool [OpenSSL](tools/openssl.md) to generate a DKIM private and public keypair.
```sh
openssl genrsa -out dkim_private.pem 2048
openssl rsa -in dkim_private.pem -pubout -outform der 2>/dev/null | openssl base64 -A
```
**Recommended Settings:**
Type | Host | TXT Value | TTL
---|---|---|---
`TXT`|`dkim._domainkey`|`v=DKIM1;k=rsa;p=public-dkim-key`|`1 hour`
### DMARC Record
DMARC (Domain-based Message Authentication, Reporting, and Conformance) extends your existing SPF and DKIM records. It makes sure that the sender's emails are protected by SPF and DKIM and tells the receiving mail server what to do if these checks fail.
 
**Recommended Settings:**
Type | Host | TXT Value | TTL
---|---|---|---
`TXT`|`_dmarc`|`v=DMARC1;p=quarantine`|`1 hour`
## (Optional) DNS Records
### Autoconfiguration DNS Records
If youre using mail clients like Outlook, Thunderbird on your Computer, or Mobile devices they offer the ability to do an “autoconfiguration” also called “Autodiscover”. That means you just need to enter your email address and password and the mail client tries to resolve the mail server IP addresses, used ports, and encryption settings for IMAP and SMTP. You can achieve this by adding SRV DNS records that are defined in the [RFC 6186 standard](https://tools.ietf.org/html/rfc6186) and some specific records that are used in Outlook clients.

39
networking/dns/dns-record-types.md Normal file
View File

@ -0,0 +1,39 @@
# DNS Record Types
[[DNS]] (Domain Name System) record types are used to store different types of information about a domain name in the DNS database.
## Most common types of DNS Records
| Type | Description |
| ----- | -------------------------------------------------------------------------------------------------------------- |
| A | The record that holds the IP address of a domain. |
| AAAA | The record that contains the IPv6 address for a domain (as opposed to A records, which list the IPv4 address). |
| CNAME | Forwards one domain or subdomain to another domain, does NOT provide an IP address. |
| MX | Directs mail to an email server. |
| TXT | Lets an admin store text notes in the record. These records are often used for email security. |
| NS | Stores the name server for a DNS entry. |
| SOA | Stores admin information about a domain. |
| SRV | Specifies a port for specific services. |
| PTR | Provides a domain name in reverse-lookups. |
## Less commonly used DNS Records
| Type | Description |
| -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| APL | The address prefix list is an experiment record that specifies lists of address ranges. |
| AFSDB | This record is used for clients of the Andrew File System (AFS) developed by Carnegie Melon. The AFSDB record functions to find other AFS cells. |
| CAA | This is the certification authority authorization record, it allows domain owners state which certificate authorities can issue certificates for that domain. If no CAA record exists, then anyone can issue a certificate for the domain. These records are also inherited by subdomains. |
| DNSKEY | The DNS Key Record contains a public key used to verify Domain Name System Security Extension (DNSSEC) signatures. |
| CDNSKEY | This is a child copy of the DNSKEY record, meant to be transferred to a parent. |
| CERT | The certificate record stores public key certificates. |
| DCHID | The DHCP Identifier stores info for the Dynamic Host Configuration Protocol (DHCP), a standardized network protocol used on IP networks. |
| DNAME | The delegation name record creates a domain alias, just like CNAME, but this alias will redirect all subdomains as well. For instance if the owner of example.com bought the domain website.net and gave it a DNAME record that points to example.com, then that pointer would also extend to blog.website.net and any other subdomains. |
| HIP | This record uses Host identity protocol, a way to separate the roles of an IP address; this record is used most often in mobile computing. |
| IPSECKEY | The IPSEC key record works with the Internet Protocol Security (IPSEC), an end-to-end security protocol framework and part of the Internet Protocol Suite (TCP/IP). |
| LOC | The location record contains geographical information for a domain in the form of longitude and latitude coordinates. |
| NAPTR | The name authority pointer record can be combined with an SRV record to dynamically create URIs to point to based on a regular expression. |
| NSEC | The next secure record is part of DNSSEC, and its used to prove that a requested DNS resource record does not exist. |
| RRSIG | The resource record signature is a record to store digital signatures used to authenticate records in accordance with DNSSEC. |
| RP | This is the responsible person record and it stores the email address of the person responsible for the domain. |
| SSHFP | This record stores the SSH public key fingerprints; SSH stands for Secure Shell and its a cryptographic networking protocol for secure communication over an unsecure network. |

70
networking/dns/dns.md Normal file
View File

@ -0,0 +1,70 @@
# DNS
DNS (Domain Name System) is a hierarchical distributed naming system used to translate human-readable domain names, such as `www.example.com`, into [[IP]] (Internet Protocol) addresses, such as 192.0.2.1, that computers use to identify each other on the Internet. DNS allows users to access websites and other Internet resources using easy-to-remember domain names instead of having to remember the numerical IP addresses that correspond to them.
## How DNS works
DNS operates using a client-server architecture. When a user types a domain name into their web browser, the browser sends a DNS query to a DNS resolver, which is typically provided by the users Internet Service Provider (ISP). The resolver then sends a series of recursive queries to other DNS servers, working its way up the DNS hierarchy until it receives a response containing the IP address associated with the requested domain name.
DNS is organized into a hierarchical structure of domains, with the root domain at the top of the hierarchy. Each domain is divided into subdomains, with each level of the hierarchy separated by a dot (e.g., example.com is a subdomain of the com top-level domain). Each domain is managed by a domain name registrar, which is responsible for assigning domain names and IP addresses to organizations and individuals. DNS also supports advanced features such as [DNSSEC](dns-dnssec.md) (DNS Security Extensions), which provides authentication and integrity checking for DNS queries and responses.
## DNS Record Types
DNS records are an essential part of the DNS system, as they contain the information needed to translate domain names into IP addresses and vice versa. Each DNS record contains a specific type of information about a domain name, such as its IP address, mail exchange server, or authoritative name servers.
There are many different types of DNS records, each with a specific format and purpose. Some of the most commonly used DNS record types include A, AAAA, CNAME, MX, NS, PTR, SOA, SRV, and TXT records. Each record type has a specific format and purpose, and is used to provide different types of information about a domain name.
Here's a [[dns-record-types|List of all DNS Record Types]].
## Encryption
Ever since DNS was created in 1987, it has been largely unencrypted. Everyone between your device and the resolver is able to snoop on or even modify your DNS queries and responses.
The UDP source port is 53 which is the standard port number for unencrypted **DNS**. The [UDP](../networking/udp.md) payload is therefore likely to be a **DNS** answer.
Encrypting DNS makes it much harder for snoopers to look into your **DNS** messages, or to corrupt them in transit.
Two standardized mechanisms exist to secure the **DNS** transport between you and the resolver, [DNS over TLS](dns-dot.md), and [DNS queries over HTTPS](dns-doh.md).
Both are based on Transport Layer Security ([TLS](../networking/tls.md)) which is also used to secure communication between you and a website using [HTTPS](../networking/https.md).
As both DoT and DoH are relatively new, they are not universally deployed yet.
### DNS over HTTPS
DNS over HTTPS, or DoH, is an alternative to DoT. With DoH, DNS queries and responses are encrypted, but they are sent via the HTTP or HTTP/2 protocols instead of directly over UDP.
Like DoT, DoH ensures that attackers can't forge or alter DNS traffic. DoH traffic looks like other HTTPS traffic e.g. normal user-driven interactions with websites and web apps from a network administrator's perspective.
```txt
┌─────────────────┐ ──┐
│ 爵 HTTP Protocol │ │  encrypted
├─────────────────┤ ├── traffic
│  TLS Protocol │ │ via HTTPS
├─────────────────┤ ──┘
│ TCP Protocol │
│ (Port 443) │
├─────────────────┤
│ IP Protocol │
└─────────────────┘
GET/POST
url/dns-request?dns-...
```
### DNS over TLS
DNS over TLS, or DoT, is a standard for encrypting DNS queries to keep them secure and private. DoT uses the same security protocol, TLS, that HTTPS websites use to encrypt and authenticate communications. (TLS is also known as "SSL.") DoT adds TLS encryption on top of the user datagram protocol (UDP), which is used for DNS queries.
```txt
┌─────────────────┐ ──┐
│ DNS Protocol │ │  encrypted
├─────────────────┤ ├── traffic
│  TLS Protocol │ │ via TLS
├─────────────────┤ ──┘
│ UDP Protocol │
│ (Port 853) │
├─────────────────┤
│ IP Protocol │
└─────────────────┘
```

26
networking/mail/mail-ehlo-codes.md Normal file
View File

@ -0,0 +1,26 @@
# EHLO Response Codes
**EHLO Response Codes** are used by an **SMTP server** in response to an **EHLO command** issued by an **SMTP client**.
> Please note that the presence and specific **EHLO response codes** will depend on the **SMTP server software**, its version, and its configuration. The above table includes some commonly encountered **EHLO response codes**, but it may not cover every possible code or extension.
| EHLO Response Code | Description |
| --- | --- |
| 250 | Requested mail action okay, completed |
| 250-PIPELINING | Server supports command pipelining |
| 250-SIZE `<value>` | Server specifies maximum message size |
| 250-ETRN | Server supports the ETRN extension |
| 250-ENHANCEDSTATUSCODES | Server uses enhanced status codes |
| 250-8BITMIME | Server supports the 8BITMIME extension |
| 250-DSN | Server supports delivery status notifications (DSN) |
| 250-STARTTLS | Server supports TLS encryption |
| 250-AUTH `<authentication_types>` | Server specifies supported authentication types |
| 250-DELIVERBY | Server supports the DELIVERBY extension |
| 250-RSET | Server supports the RSET command |
| 250-HELP | Server provides help information |
| 250-BINARYMIME | Server supports binary MIME (Multipurpose Internet Mail Extensions) |
| 250-CHUNKING | Server supports chunking for message transmission |
| 250-EXPN | Server supports the EXPN command |
| 250-VRFY | Server supports the VRFY command |
| 250-X-EXPS `<extension>` | Server supports an additional extension |
| 250 X-LINK2STATE | Server provides link-related state information |

3
networking/mail/mail-imap.md Normal file
View File

@ -0,0 +1,3 @@
# IMAP (Internet Message Access Protocol)
**IMAP** is a protocol for retrieving mail from a **mail server**.

3
networking/mail/mail-pop3.md Normal file
View File

@ -0,0 +1,3 @@
# POP3 (Post Office Protocol version 3)
**POP3** is a protocol for retrieving mail from a **mail server**.

29
networking/mail/mail-smtp-codes.md Normal file
View File

@ -0,0 +1,29 @@
# SMTP Response Codes
**SMTP Response Codes**, also known as **SMTP Status Codes**, are used to indicate the success or failure of an **SMTP command**. They are typically sent by an **SMTP server** in response to an **SMTP command** issued by an **SMTP client**.
| Status Code | Description |
| --- | --- |
| 211 | System status or system help response |
| 214 | Help message |
| 220 | Service ready |
| 221 | Service closing transmission channel |
| 235 | Authentication successful |
| 250 | Requested mail action completed |
| 251 | User not local; will forward |
| 252 | Cannot verify the user; will attempt delivery |
| 354 | Start mail input; end with `<CRLF>.<CRLF>` |
| 421 | Service not available, closing transmission channel |
| 450 | Requested action not taken - mailbox unavailable |
| 451 | Requested action aborted: local error in processing |
| 452 | Requested action not taken - insufficient system storage |
| 500 | Syntax error, command unrecognized |
| 501 | Syntax error in parameters or arguments |
| 502 | Command not implemented |
| 503 | Bad sequence of commands |
| 504 | Command parameter not implemented |
| 550 | Requested action not taken - mailbox unavailable |
| 551 | User not local; please try `<forward-path>` |
| 552 | Requested mail action aborted - exceeded storage allocation |
| 553 | Requested action not taken - mailbox name not allowed |
| 554 | Transaction failed |

71
networking/mail/mail-smtp-troubleshooting.md Normal file
View File

@ -0,0 +1,71 @@
# SMTP Troubleshooting Cheat Sheet
[SMTP (Simple Mail Transfer Protocol)](mail-smtp.md) is a networking protocol for mail transfer. It's used to send emails from a mail client to a mail server and between mail servers.
## Test SMTP Server connectivity
```bash
telnet smtp.example.com 25
```
## Test SMTP Server connectivity with STARTTLS
```bash
openssl s_client -starttls smtp -ign_eof -crlf -connect smtp.example.com:587
```
## HELO
The HELO (or EHLO) command is a command used by the SMTP client when it initiates a connection with an SMTP server, to announce itself and establish communication.
```bash
EHLO example.com
```
In response to the HELO command, the SMTP server typically sends a reply code indicating the success or failure of the command. The server may also include additional information or instructions. Here's an example of an EHLO response:
```bash
250-FR3P281CA0133.outlook.office365.com Hello [***.***.***.***]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
```
*For more information about EHLO response codes see [EHLO Response Codes](ehlo-codes.md), and for SMTP response codes see [SMTP Response Codes](smtp-codes.md).*
## Authentication
SMTP servers typically require authentication before allowing a user to send mail. Some authentication methods, such as `LOGIN` and `PLAIN`, are supported by default, while others may need to be enabled by the server administrator.
```bash
AUTH LOGIN
your-base64encoded-username
your-base64encoded-password
```
To encode a string in base64, you can use the `base64` command:
```bash
echo -n "username" | base64
```
## Send Email
To test sending an email using the `MAIL FROM`, `RCPT TO`, and `DATA` commands:
```bash
MAIL FROM: <sender@example.com>
RCPT TO: <recipient@example.com>
DATA
Subject: This is the subject line
This is the message body.
You can write multiple lines.
.
```

23
networking/mail/mail-smtp.md Normal file
View File

@ -0,0 +1,23 @@
# SMTP (Simple Mail Transfer Protocol)
**SMTP (Simple Mail Transfer Protocol)** is a networking protocol for [mail](mail.md) transfer. It's used to send emails from a mail client to a mail server and between mail servers.
Server-to-Server communication is typically done over port `25`. Client-to-Server communication is typically done over port `587`. Alternatively, port `465` can be used for client-to-server communication with [TLS](../tls.md).
## Configuration
### SMTP Server
The SMTP server is a mail server that receives emails from a mail client and forwards them to their intended recipients. It's also responsible for receiving emails from other mail servers and delivering them to their intended recipients.
### SMTP Client
The SMTP client is a mail client that sends emails to a mail server for delivery. It's also responsible for receiving emails from other mail servers and delivering them to their intended recipients.
## Troubleshooting
[SMTP Troubleshooting Cheat Sheet](smtp-troubleshooting.md)
## References
- [SMTP (Simple Mail Transfer Protocol)](https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol)

11
networking/mail/mail.md Normal file
View File

@ -0,0 +1,11 @@
# Mail
**Mail** or **Email** is a digital method of exchanging messages between people using devices like computers, tablets, and mobile phones. Today's email systems are based on a store-and-forward model, allowing users to send and receive messages without needing to be online simultaneously.
## Mail Protocols
Mail Servers typically use the [SMTP](mail-smtp.md) protocol to send and receive mail. The [IMAP](mail-imap.md) and [POP3](mail-pop3.md) protocols are used to retrieve mail from a mail server.
## Mail Server Records
Mail Servers are identified by [MX Records](../dns/dns-record-mailserver.md) in the [DNS](../dns/dns.md) system.

3
networking/ssh.md Normal file
View File

@ -0,0 +1,3 @@
# Secure Shell (SSH)
**'SSH (Secure Shell)'** is a cryptographic network protocol used for secure remote communication and secure data transfer between two computer systems. It provides a secure and encrypted connection over an unsecured network, such as the internet. SSH is commonly used for remote administration, file transfer, and secure access to the command-line of a remote computer.

2
networking/tcp.md Normal file
View File

@ -0,0 +1,2 @@
# TCP

43
networking/tls.md Normal file
View File

@ -0,0 +1,43 @@
# TLS
## TLS Handshake
In a TLS/SSL handshake, clients and servers exchange SSL certificates, cipher suite requirements, and randomly generated data for creating session keys.
TLS handshakes are a foundational part of how HTTPS works.
SSL, or Secure Sockets Layer, was the original encryption protocol developed for HTTP. SSL was replaced by TLS, or Transport Layer Security, some time ago. SSL handshakes are now called TLS handshakes, although the "SSL" name is still in wide use.
```
┌───────────┐ ┌───────────┐
│  Client │ │  Server │
└─────┬─────┘ └─────┬─────┘
│ │
│ │
│ ─────────────────────────► │ ──┐
│ 1. SYN │ │
│ │ │
│ │ │ TCP
│ ◄───────────────────────── │ │
│ 3. ACK 2. SYN ACK │ ──┘
│ │
│ -------------------------- │
│ │
│ ─────────────────────────► │ ──┐
│ 4. ClientHello │ │
│ │ │
│ ◄───────────────────────── │ │
│ 5. ServerHello │ │
│ Certificate │ │
│ ServerHelloDone │ │
│ │ │ TLS
│ ─────────────────────────► │ │
│ 6. ClientKeyExchange │ │
│ ChangeCipherSpec │ │
│ Finished │ │
│ │ │
│ ◄───────────────────────── │ │
│ 7. ChangeCipherSpec │ │
│ Finished │ ──┘
```

61
networking/twisted-pair-cables.md Normal file
View File

@ -0,0 +1,61 @@
# Twisted Pair Cables Cheat-Sheet
## Cable Types
### Unshielded Twisted Pair (UTP)
As the title states, a UTP cable has no shielding. This is the most used and most basic type of cable. The cable contains pairs of wires twisted together to help reduce and prevent electromagnetic interference.
### Shielded Twisted Pair (STP)
STP cables are similar to UTP cables, where the wires are twisted together and then wrapped with a shielding or screening material which consits of foil wrapping or a copper braid jacket.
### Foil Twisted Pair (FTP)
With FTP cables, each twisted pair of cables is wrapped in a shielding of foil to protect the cable from EMI and crosstalk.
### Shielded Foil Twisted Pair (S/FTP)
A cable that is classified as S/FTP or Shielded Foil Twisted Pair is a combination of both FTP and STP shielding. The wires inside the cable are twisted and then shielded with a foil wrapping, then the 4-pair grouping of foiled wires are shielded by a wrapping of either foil or a flexible braided screening. This provides the highest level of protection against EMI and crosstalk.
## Wiring
### TIA/EIA 568A Wiring
| PIN | COLOR | COLOR-TEXT|
| ---|---|---|
| 1 | <span style="color:green"></span><span style="color:green"></span><span style="color:green"></span>█ | White and Green|
| 2 | <span style="color:green">██████</span> | Green|
| 3 | <span style="color:orange"></span><span style="color:orange"></span><span style="color:orange"></span>█ | White and Orange|
| 4 | <span style="color:blue">██████</span> | Blue|
| 5 | <span style="color:blue"></span><span style="color:blue"></span><span style="color:blue"></span>█ | White and Blue|
| 6 | <span style="color:orange">██████</span> | Orange|
| 7 | <span style="color:brown"></span><span style="color:brown"></span><span style="color:brown"></span>█ | White and Brown|
| 8 | <span style="color:brown">██████</span> | Brown|
### TIA/EIA 568B Wiring
| PIN | COLOR | COLOR-TEXT |
| --- | ------------------------------------------------------------------------------------------------------------ | ---------------- |
| 1 | <span style="color:orange"></span><span style="color:orange"></span><span style="color:orange"></span>█ | White and Orange |
| 2 | <span style="color:orange">██████</span> | Orange |
| 3 | <span style="color:green"></span><span style="color:green"></span><span style="color:green"></span>█ | White and Green |
| 4 | <span style="color:blue">██████</span> | Blue |
| 5 | <span style="color:blue"></span><span style="color:blue"></span><span style="color:blue"></span>█ | White and Blue |
| 6 | <span style="color:green">██████</span> | Green |
| 7 | <span style="color:brown"></span><span style="color:brown"></span><span style="color:brown"></span>█ | White and Brown |
| 8 | <span style="color:brown">██████</span> | Brown |
## Categories
| CATEGORY | MHz | Speed |
| ---------- | ------- | --------------------- |
| CAT 3 UTP | 16MHz | 10Mps up to 100m |
| CAT 4 UTP | 20MHz | 16Mps up to 100m |
| CAT 5 UTP | 100MHz | 100Mbps up to 100m |
| CAT 5e UTP | 100MHz | 1000Mbps up to 100m |
| CAT 5e STP | 100MHz | 1000Mbps up to 100m |
| CAT 6 UTP | 250MHz | 10Gbps over to 33-55m |
| CAT 6a STP | 500MHz | 10Gbps over 100m |
| CAT 7 STP | 600MHz | 10Gbps over 100m |
| CAT 7a STP | 1000MHz | 10Gbps over 100m |
| CAT 8 STP | 2000MHz | 25/40Gps up to 30m |

3
networking/udp.md Normal file
View File

@ -0,0 +1,3 @@
# UDP
TODO: WIP

3
networking/vpn.md Normal file
View File

@ -0,0 +1,3 @@
# VPN
TODO:

98
networking/wakeonlan.md Normal file
View File

@ -0,0 +1,98 @@
# Wake On LAN (WOL)
**Wake on LAN (WoL)** is a network protocol that allows a device to be powered on remotely over a network connection. It works by sending a special frame, called a **magic packet**, to the device's MAC address, which triggers the device to power on from a low-power state.
## Magic Packet
The **magic packet** contains the device's MAC address and a special sequence of bytes that the device recognizes as a **magic packet**. It consists of a 6-byte header (FF FF FF FF FF FF) followed by the repetition of the target device's MAC address 16 times, resulting in a total packet size of 102 bytes.
It is typically sent as a broadcast using the [UDP](../networking/udp.md) protocol on port 0, 7, or 9 or directly over Ethernet as EtherType 0x0842. However, it's worth noting that **Wake on LAN (WoL)** can also be sent as a unicast packet. In a unicast configuration, the **magic packet** is sent directly to the specific IP address of the target device instead of being broadcasted to all devices on the network. This requires knowing the IP address of the device in advance.
## Enabling Wake on LAN (WoL)
The target device must be properly configured to listen for and respond to the **magic packet**, in order for **Wake on LAN (WoL)** to work. This usually involves enabling **Wake on LAN (WoL)** in the BIOS or UEFI settings of the device, and enabling **Wake on LAN (WoL)** for the network interface in the operating system.
Additionally, some networking equipment or firewalls might block or restrict UDP broadcasts, which could affect the successful transmission of the **magic packet**.
### Enable Wake on LAN (WoL) in BIOS or UEFI
Most modern computers have a setting in the BIOS or UEFI settings that allows you to enable or disable **Wake on LAN (WoL)** for the network interface. This setting is usually found under the **Power Management** or **Power Options** section of the BIOS or UEFI settings.
### Enable Wake on LAN (WoL) in the operating system
Some operating systems have settings that can enable or disable **Wake on LAN (WoL)** for network interfaces. For example, on [Linux](../linux/linux.md), you can use the [ethtool](../linux/ethtool.md) command to enable **Wake on LAN (WoL)** for a network interface.
#### Enable Wake on LAN (WoL) on Linux
Use the following command to check if your network interface supports Wake On LAN (WoL):
```sh
sudo ethtool interface_name | grep "Wake-on"
```
This is an example output:
```txt
Supports Wake-on: pumbg
Wake-on: d
```
If the output shows "Wake-on: d", it means that Wake On LAN (WoL) is disabled.
The following table shows the different values that can be displayed for the "Wake-on" setting:
| Value | Description |
| --- | --- |
| `d` | Wake On LAN (WoL) is disabled |
| `p` | Wake On LAN (WoL) is enabled for unicast packets |
| `u` | Wake On LAN (WoL) is enabled for unicast and broadcast packets |
| `m` | Wake On LAN (WoL) is enabled for multicast packets |
| `b` | Wake On LAN (WoL) is enabled for broadcast packets |
| `a` | Wake On LAN (WoL) is enabled for ARP packets |
| `g` | Wake On LAN (WoL) is enabled for Magic packets |
To enable Wake On LAN (WoL), use the following command:
```sh
sudo ethtool -s interface_name wol g
```
### Make the Wake On LAN (WoL) setting persistent across reboots
To make the Wake On LAN (WoL) setting persistent across reboots, add the following line to the `/eth/network/interfaces` file:
```sh
post-up /usr/sbin/ethtool -s interface_name wol g
```
## Sending Magic Packets
Once **Wake on LAN (WoL)** is enabled, you can use a utility like [etherwake](../linux/etherwake.md) or `wakeonlan` to send **magic packets** to wake up the device remotely.
## Troubleshooting
If you are having trouble getting **Wake on LAN (WoL)** to work, here are some things you can try:
1. Make sure that **Wake on LAN (WoL)** is enabled in the BIOS or UEFI settings of the device you are trying to wake up.
2. Make sure that **Wake on LAN (WoL)** is enabled for the network interface on the device you are trying to wake up.
3. Make sure that the network interface is connected to a network that is configured to allow **Wake on LAN (WoL)**.
If you're still not able to get **Wake on LAN (WoL)** to work, you can try using a different utility to send the magic packet. For example, if you're using [etherwake](../linux/etherwake.md), you can try using `wakeonlan` instead.
### Capturing Wake on LAN (WoL) packets
If you're having trouble getting **Wake on LAN (WoL)** to work, you can try capturing the magic packet with a packet sniffer like [Wireshark](../tools/wireshark.md), or [TcpDump](../tools/tcpdump.md) to see if it is being sent correctly. If you don't see any packets being sent, then there may be a problem with the network interface or network configuration.
```sh
tcpdump -ni any ether proto 0x0842 or udp port 9 2>/dev/null
```
This is an example packet.
```sh
16:19:27.965101 enp3s0 Out IP 10.50.0.19.43610 > 10.50.0.5.9: UDP, length 102
```
### Logging Wake on LAN (WoL) packets
Starting with Windows Vista, the operating system logs all wake sources in the `system` event log. The Event Viewer and the `powercfg.exe /lastwake` command can retrieve them.

76
networking/wireguard.md Normal file
View File

@ -0,0 +1,76 @@
# WireGuard
WireGuard is an extremely simple yet fast and modern [VPN Protocol](networking/vpn.md) that utilizes state-of-the-art. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances.
---
#### Create Wireguard keys (private & publickey)
```
wg genkey | tee privatekey | wg pubkey > publickey
```
#### Example of server config
for example:
```
nano /etc/wireguard/wg0.conf
```
Example server config:
```
[Interface]
Address = 192.168.8.1/0 #ip of the wireguard server
SaveConfig = true
ListenPort = 51820 # default port you can change it
FwMark = 0xca6c
PrivateKey = #paste here your privatekey
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o ens2 -j MASQUERADE
PostDown = iptables -A FORWARD -i wg0 -j ACCEPT
PostDown= iptables -t nat -A POSTROUTING -o ens2 -j MASQUERADE
# change here your peers conf
[Peer]
PublicKey = #paste here your pub key of your client
AllowedIPs = 192.168.8.3/32 # change ip in your range
PersistentKeepalive = 25
[Peer]
PublicKey = #paste here your pub key of your client
AllowedIPs = 192.168.8.2/32 # change ip in your range
PersistentKeepalive = 25
```
#### Example of the client config
```
[Interface]
Address = 192.168.8.2/32 # change this to the ip that you want for your client
MTU = 1420
SaveConfig = true
ListenPort = 47991
FwMark = 0xca6c
PrivateKey = # set here the privatekey of your client.
[Peer]
PublicKey = # paste here the public key of your wireguard server
AllowedIPs = 0.0.0.0/0
Endpoint = your-external-ip:51820
PersistentKeepalive = 15
```
## Troubleshooting
With this command you can enable the debug logging in WireGuard:
```bash
echo 'module wireguard +p' | sudo tee /sys/kernel/debug/dynamic_debug/control
```
And the same command with -p can disable it again:
```bash
echo 'module wireguard -p' | sudo tee /sys/kernel/debug/dynamic_debug/control
```

3
networking/zerotrust-networkaccess.md Normal file
View File

@ -0,0 +1,3 @@
# Zero Trust Network Access (ZTNA)
**'Zero Trust Network Access (ZTNA)'** is a specific implementation or technology within the broader Zero Trust security framework. ZTNA focuses on providing secure access to internal resources and applications for authorized users, regardless of their location or the network they are connecting from.