Features

this page covers high level product features expressed as user stories each feature describes a practical benefit for the user and a real use case network features related to ip networking, internet access, sharing, and filtering classic wi fi router classic wi fi router a basic wi fi router with nat and a built in dhcp server eth0 is used as the wan port the remaining interfaces act as lan interfaces wi fi access point, eth1, and usb ethernet adapters user story i have an ethernet cable with internet access and need to share it via wi fi and a second ethernet port i want to replace my old, slow wi fi access point with flipper one and use fast wi fi 6 to distribute my wired internet connection optionally, i want to add traffic filtering, bandwidth shaping, ad blocking, or basic security monitoring multi phy wi fi (concurrent sta + ap) multi phy wi fi (concurrent sta + ap) a single wi fi chipset can operate simultaneously in client (sta) and access point (ap) modes ideally, each frequency band (e g , 2 4 ghz and 5 ghz) works as an independent interface, allowing concurrent uplink and downlink over different phys user story i have paid wi fi access that is limited to a single device (one mac address), but i want to share the connection with my family i connect flipper one to the paid wi fi network as a client on one band (for example, 2 4 ghz) and re share the internet over another band (for example, 5 ghz) as a local access point to pass the captive portal authorization, i connect my phone to flipper one’s 5 ghz access point and complete the login flow after that, all devices connected to flipper one get internet access through the same uplink usb wi fi / ethernet adapter usb wi fi / ethernet adapter flipper one can act as a usb network adapter by bridging either wi fi (sta mode) or eth0 to a usb ethernet interface, with mac address proxying nat is disabled in this mode wi fi sta proxying has limitations because wi fi access points allow only a single client mac address per connection for this reason, the user must explicitly select this mode before connecting flipper one to a wi fi access point as a client user story my pc has no built in wi fi or ethernet interface i want to use flipper one as a usb network adapter i want to transparently bridge all layer 2 traffic to my pc, so that the upstream router sees my pc as a single device with a single mac address this gives me full access to the local network, including lan devices, printers, mdns/bonjour services, and other local discovery protocols vpn gateway (leak proof mode) vpn gateway (leak proof mode) a router mode that tunnels all routed traffic through a vpn, preventing any direct internet access and eliminating traffic leaks this includes protection against common leakage paths such as dns and ipv6 traffic flipper one supports popular vpn protocols, including wireguard, ikev2, and openvpn common vpn providers can be configured with one click profiles for fast setup user story there is no simple way to guarantee that all traffic from my phone or pc always goes through a vpn modern operating systems may leak traffic outside the tunnel (for example, dns requests or ipv6 routes) i want a dedicated device that guarantees all internet traffic is forced through a vpn tunnel when i’m traveling or using untrusted networks, i connect my laptop or phone to flipper one and let it handle the vpn connection from the device’s point of view, the network is already “secure,” and it never has to manage vpn configuration itself ethernet mitm sniffer ethernet mitm sniffer flipper one can be placed inline between two ethernet devices and operate as a fully transparent bridge both eth0 and eth1 ports form a pass through link that is invisible to the monitored devices the mac addresses of flipper one’s ethernet interfaces are never exposed to the observed traffic this mode allows passive inspection and capture of network traffic without modifying the existing network topology or breaking the target device’s connectivity user story i have an ethernet device such as an ip camera or a voip phone, and i want to analyze and capture its network traffic to understand how it works which ip addresses it connects to and which dns names it resolves i don’t want to disrupt the existing setup or make my own mac address visible on the network to do this, i place flipper one inline between the device and the wired network and enable transparent sniffing mode i can view a compact, real time traffic log on the built in display (similar to tcpdump q), save full packet captures as pcap files to internal storage, or mirror traffic over usb ethernet to a pc for live analysis in wireshark or tcpdump lan discovery (passive & active) lan discovery (passive & active) an application that gradually enables network layers from l2 to l3 while simultaneously sniffing traffic in promiscuous mode both passive and active modes are available in passive mode, flipper one only listens and observes existing traffic in active mode, it can query the network (for example request an address, probe services, or enumerate basic network configuration) users see a list of observed networks and can proceed with the selected one user story i have access to an unknown lan and want to understand what’s happening inside it i want to learn the network configuration (ipv4 dhcp / ipv6), see which hosts are online by observing arp traffic, and discover what services are present i also want to know whether the ethernet port uses vlans and what ip settings i should configure to connect correctly first, i want a fully passive mode that does not generate traffic (for example, no dhcp requests) and only observes broadcasts like arp and ipv6 neighbor discovery then i want to manually step forward, layer by layer, enabling active discovery when i decide it’s safe — such as requesting an ip address, checking vlan tagging, and probing common services