Cheatsheet

Display routing table

• ip r[oute]

  or

• route -n

  or

• routel

HTTP/2 support check

• curl -I --http2 <URL>

  If the site does support HTTP/2, you will see HTTP/2 200 in the header instead of HTTP/1.1 200.

Cheatsheet - Windows

Packet Monitor (pktmon)

pktmon is a modern built-in packet capture tool, and it doesn't need any installation or setup, and therefore is the latest and preferred packet capture tool in Windows.

• Tutorial

  PKTMON – the native Windows packet capture tool – part 1 (opens in a new tab)

• Reference

  Microsoft Learn - pktmon (opens in a new tab)

pktmon - Show current status

pktmon status

pktmon - List all filters

pktmon filter list

pktmon - Add a filter for TCP

• If we have multiple rules, the individual filter lines will be treated as OR statements.
• For the individual components to be treated as AND statements, they need to be entered on the same filter line.

pktmon filter add $filter_name -t $protocol -p $port

pktmon - Lists all active networking components that can be monitored

pktmon list -a

pktmon - Start packet capture

pktmon start -c -f $etl_file

pktmon - Convert ETL to PCAPNG

pktmon etl2pcap $ETL_FILE -o $PCAPNG_FILE

TCP/IP (opens in a new tab)

Application Layer

HTTP

HTTP - CONNECT

• Cloudflare - A Primer on Proxies (opens in a new tab)

Internet Layer

IP

• IP addressing methods

  • Unicast

    Single unique node in the network

  • Broadcast

    All nodes in the network

  • Multicast

  • Anycast

• Resources

  • Wikipedia - Anycast (opens in a new tab)

Get public IP address

• curl ifconfig.co

Subnet

• CIDR notation is equivalent to Subnet mask

  10.0.1.1/24

  216.202.192.66/22

  These are equivalent to

  IP address: 10.0.1.1 with subnet mask of 255.255.255.0

  IP address: 216.202.196.66 with a subnet mask example of 255.255.252.0

• RFC 1878 - Variable Length Subnet Table For IPv4 (opens in a new tab)

Routing

• Resources

  • Routing Decisions in the Linux Kernel - Part 1: Lookup and packet flow (opens in a new tab)
  • Routing Decisions in the Linux Kernel - Part 2: Caching (opens in a new tab)

Transport Layer

TCP

TCP - PROXY

• The PROXY protocol - Versions 1 & 2 (opens in a new tab)
• Accepting the PROXY Protocol | NGINX Documentation (opens in a new tab)

TCP - Cheatsheet

TCP - Cheatsheet - Send a raw TCP packet

• Java

  Doesn't support natively, need JNI, e.g GitHub - jpcap/jpcap (opens in a new tab)

• Python

  • Manually create and send raw TCP/IP packets (opens in a new tab)

TCP - Cheatsheet - Packet capture on Windows

pktmon is a modern built-in packet capture tool and should be preferred.

1. Start capture

   • Option 1: Using Network shell (netsh)

     netsh trace start capture=yes tracefile=C:\Temp\NetTraces\capture.etl persistent=yes maxsize=4096

   • Option 2: Using Packet Monitor (pktmon)

     pktmon filter add $filter_name -t $protocol -p $port

     pktmon start -c -f $ETL_FILE

2. Stop capture

   • Option 1: Using Network shell (netsh)

     netsh trace stop

   • Option 2: Using Packet Monitor (pktmon)

     pktmon stop

3. Convert ETL to PCAPNG

   • Option 1: Use etl2pcapng

     Install etl2pcapng from GitHub - microsoft/etl2pcapng (opens in a new tab)

     scoop install main/etl2pcapng

     etl2pcapng $ETL_FILE $PCAPNG_FILE

   • Option 2: Use pktmon to convert ETL to PCAPNG

     pktmon etl2pcap PktMon.etl -o PktMon.pcapng

4. Open PCAPNG in Wireshark

TCP - Implementation

• Java

  • Vert.x - Writing TCP servers and clients (opens in a new tab)

Network troubleshooting

• There are many tools available but focus on the following ones:

  • traceroute: works with TCP and UDP too

  • lsof

  • ss

  • ncat: modern Netcat replacement

• Connection refused

  • Connection refused means that the port you are trying to connect to is not actually open.

  • Connection refused is usually due to one of the following reasons:

    • The port is not open on the destination host.

    • A firewall is blocking the connection on the host or an intermediate network device.

    • The port is not open on the source host.

    • The source host's firewall is blocking the connection.

Applications

Chromium-based browsers

chrome://net-internals

Networks tools

chrome://net-export

Capture net logs

• Resources

  • Chrome Platform Status (opens in a new tab)
  • The Chromium Projects - Design Documents - Network stack (opens in a new tab)
  • The Performance of Open Source Software - High Performance Networking in Chrome (opens in a new tab)
  • A Crash Course in Debugging with chrome://net-internals (opens in a new tab)
  • Life of a URLRequest (opens in a new tab)
  • Network Service (opens in a new tab)

Firefox

Cheatsheet - Firefox

Honour system host file (/etc/hosts)

about:config
 
# Set to false
network.dns.offline-local = false

Linux

iptables

• Debian-based distributions such as Ubuntu can use a front-end program called Uncomplicated FireWall (ufw) for managing the iptables/Netfilter firewall stack. As its name implies, ufw is designed to make managing iptables rules easy (that is, uncomplicated).

Verifying the iptables Kernel Module is loaded

lsmod | grep ip_tables

Windows

Check Open TCP/IP Ports in Windows

• How to Check Open TCP/IP Ports in Windows (opens in a new tab)

Exclude a port occupied by Hyper-V

dism.exe /Online /Disable-Feature:Microsoft-Hyper-V
 
# Enable the target port
netsh int ipv4 add excludedportrange protocol=tcp startport=<PORT> numberofports=1
 
dism.exe /Online /Enable-Feature:Microsoft-Hyper-V /All

• StackOverflow - An attempt was made to access a socket in a way forbidden by its access permissions (opens in a new tab)

Check System Proxy Settings

• netsh winhttp show proxy (Does not work for PAC script)
• In Google Chrome: chrome://net-internals/#proxy
• In the case of PAC (opens in a new tab), download the script via the link specified in system proxy config, and find the proxy address and port in the script code. The script is written in JavaScript.

WSL - Networking with host

• Determine IP of Windows for access from WSL

  In Windows

  • ipconfig

    • Ethernet adapter vEthernet (WSL)

      • IPv4 Address

• Determine IP of WSL for access from Windows

  # In WSL
  ip addr show eth0

  # In Windows
  wsl hostname -I

• Resources

  • Microsoft Docs - Accessing network applications with WSL (opens in a new tab)

Library

Socket abstraction, broker-less

• NNG (opens in a new tab)

  Modern option

• nanomsg (opens in a new tab)

  Predecessor of NNG

• ZeroMQ (opens in a new tab)

  Predecessor of nanomsg

IPC

UNIX Domain Socket

• Favour UNIX Domain Socket over TCP/IP for local communication

  • UNIX Domain Socket is faster than TCP/IP loopback

    • Benchmarking IP and Unix domain sockets (for real) (opens in a new tab)

  • UNIX Domain Socket is more secure than TCP/IP loopback

    • Transit entirely through the kernel, no evesdropping
    • File system access control

Performance

DPDK

• Google Cloud - Enable faster network packet processing with DPDK (opens in a new tab)

Wireshark

Wireshark - Display Filter Reference

• Wireshark - Display Filter Reference (opens in a new tab)

Wireshark - Install on Fedora

• Install on Fedora (opens in a new tab)