I do not know which app is talking to the internet.
Use WireTuna to connect Windows traffic to the app, destination, protocol, and packet evidence.
Denshi Goshin Jutsu
Learn the Art of Digital Self Defense
Start with the problem you are seeing, choose the right NetTools app, and follow a documented playbook from evidence to action.
Common operator problems
Start with the pain point
Pick the thing that is bothering you, then move into the app or playbook that solves it.
One device is suddenly louder than the rest of the network.
Use NetView to map IP nodes, MAC addresses, packet counts, and chatty source groups.
The network feels slow, unstable, or hard to prove.
Use NetEye to measure latency, packet loss, jitter, uptime, and traceroute hop behavior.
Bots are scanning services or brute forcing exposed entry points.
Use HoneyMesh traps for behavior-based detection, then enforce with eBPF/XDP after allowlist review.
Sensitive files need encryption, clearance, and recovery discipline.
Use IronClad Vault for AES-256-GCM storage, classifications, RBAC, Sentinel, and Megakey recovery.
Two trusted people need direct encrypted file exchange.
Use P2P Chat for host/client encrypted transfer with an out-of-band key and a bounded file folder.
Apps that solve the work
A simple tool map
Each app has one job in the defense workflow: see, map, diagnose, trap, protect, or exchange.
Application-aware visibility
WireTuna
WireTuna shows which Windows app is talking, where it is talking, which protocol is involved, and what the flow likely means.
Best when
More info on WireTunaYou need to understand unknown Windows traffic
Connection mapping
NetView
NetView captures packets on a selected adapter and draws a live graph of IP nodes, links, protocol colors, MAC addresses, and active connection groups.
Best when
More info on NetViewYou want a live visual map of adapter traffic
Network health diagnostics
NetEye
NetEye helps operators measure connection health with live ping metrics and route analysis from a clean web interface.
Best when
More info on NetEyeCalls or streams are unstable
Mesh defense
HoneyMesh
HoneyMesh detects hostile activity with traps and analytics, can drop banned traffic at kernel speed with XDP/eBPF, and optionally shares signed intelligence with trusted Pro peers.
Best when
More info on HoneyMeshYou need Linux-side detection and enforcement
Data protection
IronClad Vault
IronClad Vault stores files locally with AES-256-GCM, Argon2id, a 1MB Megakey recovery file, role-based clearance, and Sentinel mode for remote client access.
Best when
More info on IronClad VaultYou need encrypted local storage
Secure exchange
P2P Chat
P2P Chat creates a direct encrypted connection between a host and client so they can exchange messages and files without third-party servers.
Best when
More info on P2P ChatTwo trusted parties need direct encrypted chat
Popular playbooks
Start with real operator problems
These guides are organized around what defenders actually see first.
Playbook
Unknown Process Talking To The Internet
Use WireTuna to identify the app, destination, protocol, meaning, and packet evidence before you decide whether to escalate.
Open guidePlaybook
Map A Chatty Device
Use NetView's graph, MAC hover, source grouping, packet counts, IP search, and export tools to identify the device and preserve a snapshot.
Open guidePlaybook
Diagnose A Bad Connection
Use NetEye continuous ping for latency, loss, jitter, and uptime, then traceroute to identify slow or timing-out hops.
Open guidePlaybook
Bot Scans And Brute Force Attacks
Use HoneyMesh traps for Behavior-Based Detection, confirm JA4-first context, then escalate to Kernel-Level Blocking with eBPF/XDP only after allowlist review.
Open guideGuided incident wizard
Choose your problem
Start with WireTuna traffic evidence. Identify app, destination, protocol, meaning, volume, and packet details.
- Select the adapter
- Use Unknown Activity or protocol filters
- Open flow details
- Export packet rows if needed
Ask NetTools
Ask the ecosystem
Dojo progression
Level up from first lesson to black belt proof
Each path now has a belt ladder. Start with the basics, then build toward operator-level evidence, safe execution, and clear explanation.
Latest lessons
Guides, tips, and tactical notes
Publish practical answers first, then grow the archive around repeated user questions.
Learn
Network Visibility Fundamentals
Combine WireTuna app-level flows, NetView connection graphs, and NetEye health metrics into one visibility habit.
Open guideLearn
WireTuna Traffic Analysis Without Panic
Use adapter selection, quick filters, flow details, packet rows, RDAP ownership, and Network Tools before deciding what matters.
Open guideTips
WireTuna Filters For Fast Triage
Start with Unknown Activity, protocol/search filters, needs review, and Back to Main View to reset focus.
Open guideTips
NetView First Checks
Check graph nodes, protocol-colored links, MAC hover, source grouping, packet counts, IP search, and export.
Open guideBlog
What The NetTools Ecosystem Actually Is
A practical tour of visibility, diagnostics, mesh defense, secure storage, and direct encrypted exchange.
Open guideBlog
The First Five Signs Your Network Needs Better Visibility
Unknown app traffic, chatty graph nodes, missing MAC context, packet loss, jitter, and route uncertainty.
Open guide