WTFnet

WTFnet is a pure CLI toolbox for diagnosing network problems on Linux and Windows.

Highlights

• System snapshot: interfaces, IPs, routes, DNS config.
• Ports, neighbors, and trusted root certificates.
• Probing: ping, tcping, traceroute (best-effort).
• DNS: query/detect/watch with GeoIP, DoT/DoH, and SOCKS5 support.
• DNS leak detection with policy profiles and privacy modes (best-effort).
• GeoIP offline lookup via GeoLite2 Country/ASN.
• Subnet calculator: subnet/contains/overlap/summarize.
• Discover: mDNS/SSDP plus LLMNR/NBNS.

Quickstart

cargo run -p wtfnet-cli -- sys ifaces
cargo run -p wtfnet-cli -- dns query example.com A
cargo run -p wtfnet-cli -- calc subnet 192.168.1.10 255.255.255.0

Usage examples

# System snapshot
wtfn sys ifaces
wtfn sys ip --all
wtfn sys route --ipv4
wtfn sys dns

# Ports and neighbors
wtfn ports listen --tcp
wtfn ports who 443
wtfn neigh list --ipv6

# GeoIP and probing
wtfn geoip lookup 8.8.8.8
wtfn probe ping example.com --count 4
wtfn probe tcping example.com:443 --count 4
wtfn probe tcping example.com:443 --socks5 socks5://127.0.0.1:10808
wtfn probe trace example.com:443 --max-hops 20

# DNS
wtfn dns query example.com A
wtfn dns query example.com AAAA --server 1.1.1.1
wtfn dns query example.com A --transport doh --server 1.1.1.1 --tls-name cloudflare-dns.com
wtfn dns query example.com A --transport dot --server 1.1.1.1 --tls-name cloudflare-dns.com --socks5 socks5://127.0.0.1:10808
wtfn dns detect example.com --transport doh --servers 1.1.1.1 --tls-name cloudflare-dns.com
wtfn dns watch --duration 10s --filter example.com
wtfn dns watch --follow
wtfn dns leak status
wtfn dns leak watch --duration 10s --profile proxy-stub
wtfn dns leak watch --follow
wtfn dns leak report report.json

# TLS
wtfn tls handshake example.com:443
wtfn tls handshake example.com:443 --socks5 socks5://127.0.0.1:10808
wtfn tls cert example.com:443
wtfn tls verify example.com:443
wtfn tls alpn example.com:443 --alpn h2,http/1.1

# Discover
wtfn discover mdns --duration 3s
wtfn discover ssdp --duration 3s
wtfn discover llmnr --duration 3s
wtfn discover nbns --duration 3s

# Diag
wtfn diag --out report.json --json
wtfn diag --bundle report.zip

# Calc
wtfn calc contains 192.168.0.0/16 192.168.1.0/24
wtfn calc overlap 10.0.0.0/24 10.0.1.0/24
wtfn calc summarize 10.0.0.0/24 10.0.1.0/24

Command reference

See docs/COMMANDS.md for the full list of commands and flags (with descriptions).

GeoIP data files

GeoLite2 mmdb files should live in data/. Lookup order:

1. NETTOOL_GEOIP_COUNTRY_DB / NETTOOL_GEOIP_ASN_DB
2. data/ next to the CLI binary
3. data/ in the current working directory

Build

Only build binary

cargo build --release

Build and package

1. Prepare GeoLite2 databases (required GeoLite2-ASN.mmdb and GeoLite2-Country.mmdb ):

# Place your mmdb files under data/
mkdir data

Note

: This step requires python3 and just.

2. Use just to run build and package command (Note: you don't need bash environment on windows):

# You will find package under dist/, zip file on windows, tar.gz file on linux
just release

HTTP/3 (experimental)

HTTP/3 support is feature-gated and best-effort. Enable it only when you want to test QUIC connectivity.

To enable locally for testing:

cargo run -p wtfnet-cli --features wtfnet-http/http3 -- http head https://cloudflare-quic.com --http3

Roadmap

v0.1 (MVP)

• sys: ifaces/ip/route/dns
• ports: listen/who
• probe: ping + tcping
• calc: subnet/contains/overlap
• basic logging + --json everywhere

v0.2 (current requirements)

• dns: query + detect + watch (best-effort)
• geoip: local Country+ASN mmdb integration
• http: head/get (HTTP/2 required; HTTP/3 best-effort optional)
• tls: handshake/verify/cert/alpn
• neigh: ARP/NDP snapshot
• discover: mdns + ssdp (bounded)
• diag: bundle export (zip)

v0.3 (future upgrades)

• richer trace output (reverse lookup, per-hop loss, per-hop stats)
• HTTP timing accuracy (connect/tls)
• TLS extras: OCSP stapling indicator, richer cert parsing
• ports conns improvements (top talkers / summary)
• better baseline/diff for system roots
• optional LLMNR/NBNS discovery
• optional HTTP/3 (feature-gated; experimental, incomplete)

v0.4 (current requirements)

• dns leak detection (passive watch + report)
• process attribution (best-effort)
• policy profiles + privacy modes

Current stage

Implemented:

• Core CLI with JSON output and logging.
• sys, ports, neigh, cert roots.
• geoip, probe, dns query/detect/watch.
• http head/get with timing and GeoIP.
• tls handshake/verify/cert/alpn.
• DoT/DoH + SOCKS5 proxy support.
• discover mdns/ssdp/llmnr/nbns.
• dns leak detection (status/watch/report).
• diag report + bundle.
• calc subcrate with subnet/contains/overlap/summarize.
• CMake/Makefile build + package + install targets.
• Basic unit tests for calc and TLS parsing.

In progress:

• dns leak: DoH heuristic classification (optional).
• dns leak: Leak-D mismatch correlation (optional).

See docs/implementation_status.md for a design-vs-implementation view.

License

MIT (see LICENSE).