Network Tools
Sandboxed reachability + performance: ping, traceroute, HTTP test, port scan, SNMP walk, packet capture, ASN lookup, BGP looking glass, IP reputation, geolocation, security-header audit, CVE lookup.
Reachability
- Ping — IPv4 or IPv6, configurable count, interval, timeout, packet size. Returns transmitted/received/loss % + RTT min/avg/max/jitter.
- Traceroute — renders hop-by-hop as a table with TTL, host/IP, and all RTT probes per hop.
- HTTP test — GET/HEAD/POST against a URL, follows redirects, shows the full request chain, response headers, and body preview.
- Port scan — nmap-backed, port-spec like
22,80,443or1-1024. Concurrency capped at 256. - SNMP walk — v1/v2c/v3, read-only. Pre-loaded MIBs from
snmp-mibs-downloaderwhen available. - Packet capture — tcpdump with a BPF filter, duration-capped, auto-uploaded to File Repo on finish.
Research (no target reachability required)
- ASN lookup — Team Cymru whois-over-dig. IP → ASN + org + country + BGP prefix.
- BGP LG — RIPEstat-backed. IP → covering prefix + origin ASN(s);
AS<n>→ holder + country. - IP reputation — 8 parallel DNSBL checks (Spamhaus, Barracuda, SpamCop, SORBS, CBL, PSBL, DroneBL, Lashback).
- Geolocation — ipapi.co free tier, rate-limited upstream.
- Header audit — HSTS / CSP / Frame-Options / XCTO / Referrer-Policy / Permissions-Policy / cookie flags with concrete fix recipes.
- CVE lookup — NVD API v2. Gives CVSS v3.1 vector, CWE chain, primary references, and cross-reference links to NVD, MITRE, GHSA, Debian, Ubuntu, Red Hat.
Gotchas
- Port scan on hostile networks can be disruptive. Scope Manager prevents scanning production ranges unless explicitly allowed.
- Packet capture needs
cap_net_rawon tcpdump (set automatically byinstall.sh). If pcap errors with "permission denied", check AppArmor profile. - Geolocation is ipapi.co; if you expect thousands of queries, swap in MaxMind GeoLite2 locally.