Cheatsheet
Display routing table
-
ip r[oute]or
-
route -nor
-
routel
HTTP/2 support check
-
curl -I --http2 <URL>If the site does support
HTTP/2, you will seeHTTP/2 200in the header instead ofHTTP/1.1 200.
TCP/IP (opens in a new tab)
Application Layer
HTTP
HTTP - CONNECT
DNS
DNS Record Types
SOA
DNS - Specification
-
Resources
DNS - Performance
-
Resources
rDNS
-
Reverse DNS lookups query DNS servers for a
PTR(pointer) record; if the server does not have aPTRrecord, it cannot resolve a reverse lookup.PTRrecords storeIPaddresses with their segments reversed, and they append ".in-addr.arpa." to that. For example if a domain has anIPaddress of 192.0.2.1, thePTRrecord will store the domain's information under1.2.0.192.in-addr.arpa. -
In
IPv6,PTRrecords are stored within the".ip6.arpa"domain instead of".in-addr.arpa.". -
Resource
Multicast DNS / mDNS
DNSSEC
DNS - Software
systemd-resolved
- systemd-resolved - ArchWiki (opens in a new tab)
- More Efficient DNS with resolved from systemd (opens in a new tab)
Dnsmasq
-
Using
Dnsmasqas aNetworkManagerplugin-
Fedora Server
Fedora Server Editionrecommends the lightweightdnsmasqprogram to provideDHCP,DDNSandDNScaching service for a server and a small to medium-sized local network. It works as aNetworkManagerplugin to ensure a seamless interlocking of the components. It is the preconfigured default configuration and specifically supported.A typical usage of
Dnsmasqis to provide aDHCPservice for a private network. It is optionally supplemented by dynamicDNS, whereby aDHCPassignedIPaddress gets a temporaryDNSentry with the hostname of the device. -
Fedora Docs - Setting up dnsmasq - a lightweight DHCP and DNS server (opens in a new tab)
-
Fedora Magazine - Using the NetworkManager’s DNSMasq plugin (opens in a new tab)
-
-
Using
Dnsmasqindependently -
Troubleshooting
-
Logging
Run dnsmasq in terminal with output to stdout
dnsmasq --no-daemon --log-queries=extra --log-dhcp --log-debug -C $dnsmasq_conf -
Verify config
dnsmasq --test -C $dnsmasq_conf
-
BIND
- Fedora Magazine - How to setup a DNS server with bind (opens in a new tab)
- Enable Sysadmin - How to use the Linux BIND command to install and configure DNS (opens in a new tab)
Unbound
NGINX
-
Set up local DNS service
Google Admin Toolbox - Dig
Internet Layer
IP
-
IP addressing methods
-
Unicast
Single unique node in the network
-
Broadcast
All nodes in the network
-
Multicast
-
Anycast
-
-
Resources
Get public IP address
curl ifconfig.co
Subnet
-
CIDRnotation is equivalent to Subnet mask10.0.1.1/24216.202.192.66/22These are equivalent to
IP address:
10.0.1.1with subnet mask of255.255.255.0IP address:
216.202.196.66with a subnet mask example of255.255.252.0 -
RFC 1878 - Variable Length Subnet Table For IPv4 (opens in a new tab)
Routing
-
Resources
Transport Layer
TCP
TCP - PROXY
- The PROXY protocol - Versions 1 & 2 (opens in a new tab)
- Accepting the PROXY Protocol | NGINX Documentation (opens in a new tab)
TCP - Cheatsheet
Send a raw TCP packet
-
Java
Doesn't support natively, need JNI, e.g GitHub - jpcap/jpcap (opens in a new tab)
-
Python
TCP - Implementation
Network troubleshooting
-
There are many tools available but focus on the following ones:
-
traceroute: works with TCP and UDP too -
lsof -
ss -
ncat: modern Netcat replacement
-
-
Connection refused
-
Connection refusedmeans that the port you are trying to connect to is not actually open. -
Connection refusedis usually due to one of the following reasons:-
The port is not open on the destination host.
-
A firewall is blocking the connection on the host or an intermediate network device.
-
The port is not open on the source host.
-
The source host's firewall is blocking the connection.
-
-
Applications
Chromium-based browsers
-
Resources
- Chrome Platform Status (opens in a new tab)
- The Chromium Projects - Design Documents - Network stack (opens in a new tab)
- The Performance of Open Source Software - High Performance Networking in Chrome (opens in a new tab)
- A Crash Course in Debugging with chrome://net-internals (opens in a new tab)
- Life of a URLRequest (opens in a new tab)
- Network Service (opens in a new tab)
Firefox
Cheatsheet - Firefox
Honour system host file (/etc/hosts)
about:config
# Set to false
network.dns.offline-local = falseLinux
iptables
Debian-based distributionssuch asUbuntucan use a front-end program calledUncomplicated FireWall (ufw)for managing theiptables/Netfilterfirewall stack. As its name implies,ufwis designed to make managingiptablesrules easy (that is, uncomplicated).
Verifying the iptables Kernel Module is loaded
lsmod | grep ip_tablesWindows
Check Open TCP/IP Ports in Windows
Exclude a port occupied by Hyper-V
dism.exe /Online /Disable-Feature:Microsoft-Hyper-V
# Enable the target port
netsh int ipv4 add excludedportrange protocol=tcp startport=<PORT> numberofports=1
dism.exe /Online /Enable-Feature:Microsoft-Hyper-V /AllCheck System Proxy Settings
netsh winhttp show proxy(Does not work for PAC script)- In Google Chrome: chrome://net-internals/#proxy
- In the case of PAC (opens in a new tab), download the script via the link specified in system proxy config, and find the proxy address and port in the script code. The script is written in JavaScript.
WSL - Networking with host
-
Determine IP of Windows for access from
WSLIn
Windows-
ipconfig-
Ethernet adapter vEthernet (WSL)IPv4 Address
-
-
-
Determine IP of
WSLfor access from Windows# In WSL ip addr show eth0# In Windows wsl hostname -I -
Resources
Library
Socket abstraction, broker-less
-
Modern option
-
Predecessor of
NNG -
Predecessor of
nanomsg
IPC
UNIX Domain Socket
-
Favour
UNIX Domain SocketoverTCP/IPfor local communication-
UNIX Domain Socketis faster thanTCP/IPloopback -
UNIX Domain Socketis more secure thanTCP/IPloopback- Transit entirely through the kernel, no evesdropping
- File system access control
-