Glossary

Defense terms in operator language

Short definitions for the concepts used across NetTools guides and playbooks.

Reference

Common terms

HoneyMesh uses JA4 as the primary TLS client fingerprint and keeps JA3 as a legacy compatibility field when present.

HoneyMesh can drop banned traffic at the Linux kernel's earliest packet-processing point by updating eBPF maps instead of reloading firewall rules.

HoneyMesh peer trust levels: L0 observe, L1 corroborated trust, L2 immediate enforcement, and L3 authoritative override.

IronClad Vault's 1MB recovery_megakey.bin file used for emergency recovery or Sentinel unlock. Losing it can make recovery impossible.

Windows native packet capture technology used by WireTuna so it can capture traffic without installing Npcap.

The Windows packet capture driver required by NetView and NetEye according to their manuals.

The dedicated folder P2P Chat uses as the allowed send and receive boundary for file transfers.