computer networking

Building and troubleshooting networked systems by understanding the TCP/IP stack, routing and switching, congestion control and protocols (HTTP, TCP, UDP, BGP), socket programming, network security, and using tools like Wireshark, iptables, and traceroute.

computernetworking

12-Month Skill Trend

Momentum and market value over time
Trending
Score
+20 in 12 mo
96
12 mo agoNow
Career
Value
+$12K in 12 mo
$42K/year
12 mo agoNow

Recommended Survey Paper

Quick overview of the field
View more

Must-Read Papers

Most classic and influential ideas
View more

This study investigates the non-deterministic nature of Internet user packet routing paths and the mechanisms by which they are influenced by service providers and IP protocol versions. Leveraging five years of large-scale traceroute measurements spanning six ISP types, twenty autonomous systems, and fourteen countries, the work systematically reveals—across multiple nations, diverse ISP categories, and an extended temporal scale—that user-level paths frequently deviate from geographically shortest routes, often exhibiting significant cross-border detours. The research further demonstrates that transitioning between ISPs or upgrading to IPv6 substantially alters routing policies and end-to-end latency, highlighting the pronounced impact of both administrative and protocol-level factors on path selection in real-world networks.

Internet service providersIP routingIPv4/IPv6

Inconsistent reassembly strategies for IP fragmentation and TCP segmentation across network protocol stack implementations cause divergent parsing of overlapping packets between NIDS and monitored hosts, enabling evasion attacks and other security vulnerabilities. Method: We propose PYROLYSE, the first formal testing framework to systematically audit IPv4/IPv6 and TCP reassembly behavior under *n* ≤ 3 overlapping fragments, covering 23 mainstream OSes, NIDS, and embedded protocol stacks. Contribution/Results: Our audit reveals 14–20 distinct behavioral classes and uncovers eight security defects—including CVE-identified vulnerabilities—demonstrating that binary-fragment-based NIDS detection logic fails to generalize to ternary or higher-order overlaps. Crucially, we show that reassembly behavior under multi-fragment overlap cannot be reliably inferred from pairwise fragment tests, underscoring the urgent need for formal verification methods targeting higher-order overlapping scenarios.

Analyzes IPv4, IPv6, TCP reassembly policy inconsistenciesIdentifies vulnerabilities in NIDSes and host OS packet interpretationProposes PYROLYSE tool to audit reassembly errors and security risks

Verification and Attack Synthesis for Network Protocols

Nov 02, 2025
MV
Max von Hippel
🏛️ Northeastern University

Ensuring functional correctness and performance resilience of network protocols under component failures and adversarial attacks remains a significant challenge. Method: This paper proposes a synergistic analysis framework integrating formal verification with attack synthesis. It models protocol behavior using a formal specification language and employs logical predicates, trace analysis, and model checking to achieve closed-loop verification—simultaneously establishing correctness guarantees and automatically generating realistic attack scenarios. Contribution/Results: Diverging from conventional unidirectional verification, our approach innovatively embeds attack-path generation directly into the verification workflow, enabling reproducible and interpretable failure attribution. Experimental evaluation across multiple mainstream network protocols demonstrates substantial improvements in vulnerability detection rates and attack-surface characterization accuracy. The results validate the feasibility and practicality of formal methods for deep, security-critical analysis of complex network protocols.

Applying formal methods to analyze protocols under normal and attack conditionsSynthesizing attacks that prevent protocol requirement achievementVerifying network protocol functionality and performance requirements

Formally Discovering and Reproducing Network Protocols Vulnerabilities

Mar 03, 2025
CC
Christophe Crochet
🏛️ Université catholique de Louvain

Detecting and reproducing boundary-case vulnerabilities—especially those arising from state machine logic flaws in network protocols—remains challenging for conventional fuzzing due to inadequate coverage and poor reproducibility. Method: This paper proposes the first closed-loop approach integrating formal protocol specification inference, lightweight symbolic execution, and controllable vulnerability trace generation. It leverages SMT-driven state modeling, automatic synthesis of protocol interaction constraints, and automated proof-of-concept (PoC) generation to achieve end-to-end automation from vulnerability discovery to precise reproduction. Contribution/Results: Evaluated on 12 mainstream protocol stacks, the method discovers 17 previously unknown vulnerabilities—including 6 assigned CVEs—with an average reproduction time under 8 seconds and a false positive rate below 3%. It significantly improves accuracy, interpretability, and reproducibility in deep protocol vulnerability detection.

Discover vulnerabilities in complex network protocolsReproduce vulnerabilities using attacker modelsTest single and multi-protocol interactions comprehensively

Verifying QUIC implementations using Ivy

Dec 07, 2021
CC
Christophe Crochet

Ambiguities in the IETF QUIC specification (draft-29) hinder precise implementation and complicate compliance verification. Method: This work presents the first comprehensive formal model of draft-29, built within the Ivy framework and integrating state-machine modeling, SMT-based constraint solving, and differential testing to automate compliance validation across seven mainstream QUIC client/server implementations. Contribution/Results: Leveraging formal reverse analysis, we systematically uncover specification ambiguities and propose actionable remediation paths. Our approach identifies multiple critical compliance violations across implementations and pinpoints several interoperability-affecting specification ambiguities—directly informing ongoing IETF standard revisions. The methodology establishes a scalable, end-to-end framework for protocol formal verification, bridging high-level specifications with executable conformance checks while supporting both automated bug detection and specification refinement.

Ensuring QUIC implementations comply with IETF specifications.Extending formal representation from draft-18 to draft-29.Identifying and suggesting corrections for ambiguities in QUIC specification.

Latest Papers

What's happening recently
View more

This study addresses the scalability bottleneck in unicast and multicast routing caused by the dual role of IP addresses as both identifiers and locators. It systematically traces the evolution of Internet routing scalability solutions, first articulating the map-and-encap architecture as a unifying paradigm and identifying the essential conditions for its successful deployment. Through historical protocol analysis, architectural comparisons, and conceptual abstraction—encompassing approaches such as BIER and tunnel encapsulation—the work reveals that BGP’s lack of intra-domain egress router topology abstraction is a fundamental limitation. The paper proposes core principles to guide future scalable routing designs, emphasizing the critical roles of locally driven incentives and effective topology abstraction in protocol evolution.

BGPIP addressingmap-and-encap

This work addresses the gap in current systems education, where learning resources often consist of superficial tutorials or AI-generated summaries that inadequately convey foundational design principles and thus fail to cultivate robust engineering capabilities. To remedy this, we propose a structured learning pathway centered on seminal research papers from distributed systems, operating systems, and big data domains. Integrating insights from leading academic curricula and industry practices, our approach emphasizes technical depth and problem-solving reasoning. By engaging learners in close reading of original literature, critical analysis of architectural trade-offs, and cross-domain synthesis, the framework fosters a deep understanding of underlying mechanisms and cultivates systems thinking—thereby equipping practitioners to effectively tackle complex engineering challenges and progress toward professional-level systems expertise.

big datadistributed systemsoperating systems

This work proposes a novel robustness-centered evaluation paradigm for network protocol assessment by introducing automated adversarial testing. Traditional approaches, which rely on manual testing or real-world traces, often fail to cover unanticipated network conditions and may overlook critical flaws. In contrast, the proposed method leverages machine learning to generate adversarial network environments and integrates adversarial optimization with noise-robustness techniques to systematically stress-test both single-path and multipath congestion control protocols. Applied to the Linux kernel, this approach successfully produced effective adversarial scenarios for 27 congestion control algorithms, uncovering previously unknown kernel vulnerabilities and protocol limitations. The results demonstrate a significant enhancement in the depth and breadth of robustness evaluation for network protocols.

adversarial environmentscongestion controlnetwork protocols

This work proposes a novel interactive analysis system centered on three-dimensional network topology to overcome the limitations of traditional PCAP analysis tools, which present data as linear lists and fail to reveal underlying communication structures. The system maps hosts, sessions, and protocols to nodes, edges, and visual clusters, respectively, and enables bidirectional synchronized filtering with the packet list. By adopting 3D space as the default view—implemented using Three.js—it intuitively encodes key features such as communication density, clustering structure, host centrality, and traffic volume through depth perception. Supporting parsing of PCAP/PCAPNG formats and decoding of over 90 protocols, the approach significantly enhances the observability of structural patterns in network traffic, facilitating efficient identification of anomalous communications, critical nodes, and protocol distributions.

interactive visualizationnetwork topologypacket analysis

Existing network traffic generation methods struggle to accurately model multi-flow interactions and TCP state machines because they directly decode raw packet fields, conflating behavioral semantics with protocol constraints and relying on heuristic post-hoc repairs. This work proposes TraceCodec, the first framework to integrate a neural codec with a deterministic protocol compiler in a collaborative architecture. By shifting the generation space from raw packet headers to a structured latent space of packet actions—each comprising a timestamp, an explicit flow slot, and transmission cues—and modeling sequences of continuous latent variables, TraceCodec decouples generative logic from protocol implementation. This enables synthesis of high-fidelity PCAP traces without requiring post-generation correction. Evaluated on the CICIDS2017 Monday dataset, TraceCodec achieves packet count, protocol composition, and flow size errors below 0.03%, significantly outperforming baselines in flow count accuracy, TCP state fidelity, and preservation of multi-flow interleaving structures.

multi-flow interleavingpacket trace generationprotocol-constrained synthesis

Hot Scholars

MM

Michael Menth

Chair of Communication Networks, Department of Computer Science, University of Tuebingen
Computer NetworksResource ManagementRoutingResilience
MR

Milena Radenkovic

University of Nottingham UK, Microsoft Research Ltd, Cambridge, UK
Complex networksComplex GraphsAI and ML and AnalyticsSecurity and Privacy
QW

Qihui Wu

Professor, Nanjing University of Aeronautics and Astronautics, Nanjing, China
Cognitive RadioUAV Communications
FI

Fabian Ihle

PhD student, University of Tübingen
Data Plane ProgrammingP4ResilienceMPLS
HD

Hans D. Schotten

Univ. of Kaiserslautern, RPTU Kaiserslautern, DFKI GmbH
Mobile and wireless communicationsindustrial radioindustrial internetsecurity