What Wirebump Can See (And How to Verify)

You’re putting a new piece of software between your modem and your router. That deserves scrutiny. Here’s the trust model.

Position: Outside Your LAN

Wirebump sits between your router and your modem. It does not sit inside your network.

This matters because:

• Your router’s firewall remains intact
• Your VLANs and network segmentation remain intact
• Wirebump only handles traffic you were already sending out to the public internet

Think of it this way: Wirebump sees the same traffic your ISP would see. The difference is that Wirebump encrypts that traffic and sends it through your VPN providers instead of sending it in the clear to your ISP.

It cannot see individual devices. It cannot see traffic between devices on your LAN. It only sees the aggregate traffic leaving your network for the internet.

Verification: Wireshark It

You do not have to take my word for any of this. If you have network equipment that supports traffic monitoring, put a port mirror on the WAN side and see for yourself.

You should see:

• Pings (ICMP health checks)
• WireGuard traffic to your VPN endpoints
• Nothing else

If you see anything else, something is wrong. Let me know on X @KColemanGT, either a DM or a public tag. I cannot promise when anything gets fixed, but I appreciate hearing from people who are using this.

This is verifiable with standard network tools. Wireshark, tcpdump, or whatever you prefer. No special access required.

What If Wirebump Were Compromised?

Let’s think through the worst case.

If an attacker gained control of Wirebump, the most valuable thing they could do is turn off VPN protection. Your traffic would then flow directly to your ISP, unencrypted, which is the same state you were in before installing Wirebump. That’s not good, but it speaks to what Wirebump protects you from in the first place.

What about VPN credentials?

• If an attacker obtained your Mullvad VPN or Proton VPN credentials from Wirebump, they could connect to those services as you.
• Your VPN providers are supposedly no-logs, so past traffic should not be exposed.
• You would see extra devices in your account dashboard. Delete them and rotate your credentials.

The traffic an attacker could intercept is traffic you were already sending to the public internet. They could not reach devices inside your LAN without going through your router’s firewall. Your router is still your perimeter defense.

Compare this to the trust you already place in your VPN providers, your router firmware, and your ISP. Wirebump is not asking for more trust than you have already extended to those parties.

What If Things Break?

Separate from attackers, what happens if Wirebump crashes or misbehaves?

The status page shows your VPN connection state. If something looks wrong, check from a device on your LAN that you are connecting through the VPN server you intended. Services like whatismyipaddress.com will show you where your traffic is exiting.

You have several recovery options:

• Disable VPN: One click from the header puts Wirebump into pass-through mode. Traffic flows directly to your ISP while you troubleshoot.
• Redeploy circuit: One click rebuilds your VPN tunnels. This has been my most common fix.
• Rescue mode: On the settings page, this runs a partial bootstrap and deactivates the VPN to get you back to a working pass-through state.
• Rerun bootstrap: Run the bootstrap command again to reset everything.
• Physical bypass: Unplug the cable from your upstream modem, skip Wirebump, and plug directly into your router. You are back to your pre-Wirebump setup in seconds.

This is still early software. Have a recovery plan in place.

Honest Limitations

Wirebump is personal software that I built for my own networks. I am sharing it because several of my technical friends wanted to use it on theirs. It is a free giveaway, not a product. With that in mind:

Expect bugs. This is early software. Rough edges and breaking changes are likely. For now, treat it as ephemeral and disposable. Running from an Ubuntu Live USB means you can wipe and restart fresh anytime. In my testing, I can go from a clean Ubuntu boot to online through the VPN in under two minutes. If you run into issues, a fresh bootstrap is fast. See the install guide to try it yourself.

Closed source for now. I have open sourced other projects and may open source this one in the future, but only if there is real interest from people who would maintain and advance it. For now, keeping it closed leaves my options open. It is still free, and still something I depend on daily.

Local storage. Wirebump stores VPN credentials on the local filesystem and writes logs during operation. If you run from a live USB, power cycling clears everything since nothing touches persistent storage. For a permanent install, consider using one of Ubuntu’s encrypted filesystem options during setup.

One piece of the stack. Wirebump protects your network traffic. It does not protect you from doxing yourself through browser fingerprinting, logging into personal accounts, posting identifying information, or any of the other ways people compromise their own privacy. No matter how many VPNs you hop through, you can still expose yourself through behavior.

Assume leaks exist. I do not see how Wirebump could leak more than you were already exposing by sending all your traffic directly to your ISP. But I am not claiming perfection. Treat it as one layer in your privacy posture, not a guarantee.

No promises, no guarantees. Wirebump LLC makes no warranty that this will work on your hardware, meet your expectations, or protect you from anything. It is personal software that I depend on for my own networks. That’s the extent of the commitment.

The Trust Calibration

If you are evaluating whether to trust Wirebump, the right question is not “is this perfectly trustworthy?” Nothing is.

The right question is: does the trust ask make sense given the value delivered?

Wirebump asks for about the same trust you already give your VPN providers and your router firmware. It sits outside your LAN where it cannot see internal traffic. It is verifiable with standard tools. And it solves real problems that alternatives do not solve well.

If that trade-off works for you, learn more about how it works or try the install.