Cheatsheets - Networking
How to debug network issue
Try
ping
hosts (by IP address or DNS name)- look at
ip link show
,ip address show
andip route show
- look at
/etc/resolv.conf
for name resolution issues. - look at the connection profiles that you have configured in
NetworkManager
(nmcli connection
andnmcli connection show "$PROFILE"
) and the configured interfaces (nmcli device
).
Private Networks IP Address Ranges
Assigned by Internet Assigned Numbers Authority (IANA).
- Class A:
10.0.0.0
to10.255.255.255
- Class B:
172.16.0.0
to172.31.255.255
- Class C:
192.168.0.0
to192.168.255.255
Shell Commands
Check IP Routes:
$ ip route
Display TCP/IP and other packets being transmitted or received over a network:
$ sudo tcpdump
Ping, sending ICMP echo request:
$ ping wikipedia.org
Trace the route
$ traceroute wikipedia.org
Query Name Servers:
$ nslookup wikipedia.org
Check all valid IPs in range
$ nmap -sn 192.168.1.0/24
Check if a port is open on a remote machine
Or "How to 'ping' a port".
nc
Use nc
(nc=netcat):
$ nc -vz <host> <port_number>
$ nc -vz <domain> <port_number>
-z
= setsnc
to simply scan for listening daemons, without actually sending any data to them.-v
= enables verbose mode.
Result:
- if failed:
nc: connect to xx.xx.xx.xx port 443 (tcp) failed: No route to host
- if succeeded:
Connection to xx.xx.xx.xx 443 port [tcp/https] succeeded!
nmap
Use nmap
(note that param order is different from nc
)
nmap -p <port> <ip>
Use telnet:
$ telnet <ip_address> <port_number>
$ telnet <domain_name> <port_number>
/dev/tcp/host/port
$ cat < /dev/tcp/xx.xx.xx.xx/443
-bash: connect: No route to host
-bash: /dev/tcp/xx.xx.xx.xx/443: No route to host
get your sshd header
$ cat < /dev/tcp/localhost/22
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.9
Check ip forward
$ sudo iptables-save
How to check if a port is being used?
$ lsof -i:$PORT # e.g. lsof -i:5000
# Linux
$ netstat -tulpn | grep LISTEN
$ ss -tln
# macOS
$ netstat -anp tcp | grep LISTEN
$ less /etc/services
How to check sockets?
Use ss
(socket statistics):
# displays TCP sockets
$ ss -t
# shows UDP sockets
$ ss -u
# lists listening sockets
$ ss -l
# shows both listening and non-listening sockets
$ ss -a
Network Interface Names
Naming conventions (what you may see in ip a
):
- if it has firmware or BIOS-provided index numbers for onboard devices. =>
eno1
- else if it has firmware or BIOS-provided PCI Express (PCIe) hot plug slot index numbers =>
ens1
- else if it has the physical location of the connector of the hardware =>
enp2s0
- else =>
eth0
(The traditional unpredictable kernel naming scheme.)
to config:
/usr/lib/systemd/network/99-default.link
=> NamePolicy
DNS
DNS (domain name system) translates domain names into numeric IP addresses.
/etc/resolv.conf
file defines how the system uses DNS to resolve host names and IP addresses. This file usually contains a line specifying the search domains and up to three lines that specify the IP addresses of DNS server./etc/systemd/resolved.conf
/etc/hosts
: list of hosts./etc/hostname
: the hostname of the machine.
$ cat /etc/hosts
127.0.1.1 example-hostname
# DNS lookup
$ host $HOST_NAME
$ host example-hostname
example-hostname.foo.bar.example.com has address 10.64.xxx.xxx
# Show hostname
$ hostname
$ cat /etc/hosts
# Show IP
$ hostname -i
# Show all IPs
$ hostname -I
# Set hostname
$ hostname newname
dig
dig
(domain information groper): DNS lookup utility
Unless it is told to query a specific name server, dig will try each of the servers listed in /etc/resolv.conf
.
Example
$ dig google.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13686
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 8 IN A xxx.xxx.xxx.xxx
;; Query time: 16 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Jan 01 20:24:55 PDT 2020
;; MSG SIZE rcvd: 55
nmcli
For controlling NetworkManager
. Read more: NetworkManager
iftop
There are top
-like tools for network, but need to be installed separately, e.g. iftop
Deprecated Commands
Deprecated Linux commands and their replacements:
deprecated | replaced by |
---|---|
arp | ip n (ip neighbor) |
ifconfig | ip a (ip addr), ip link, ip -s (ip -stats) |
iptunnel | ip tunnel |
iwconfig | iw |
nameif | ip link, ifrename |
route | ip route |
ipmaddr | ip maddr |
netstat | ip -s, nstat |
netstat -r | ip route |
netstat -i | ip -s link |
netstat -g | ip maddr |
HTTP Server
Java
Introduced in Java 18 (JEP 408: Simple Web Server).
$ jwebserver
# Specify port 9000
$ jwebserver -p 9000
Python
Start HTTP server
Python 3.x:
$ python -m http.server
Serving HTTP on 0.0.0.0 port 8000 ...
Python 2.x:
$ python -mSimpleHTTPServer 8080
Read Web Pages
Java
final URL url = new URL("http://ichart.finance.yahoo.com/table.csv?s=" + ticker);
final BufferedReader reader = new BufferedReader( new InputStreamReader(url.openStream()));
Python
Download pages from wikipedia
import urllib.request
opener = urllib.request.build_opener()
opener.addheaders =[('User-agent','Mozilla/5.0')]
infile = opener.open('http://en.wikipedia.org/w/index.php?title=Albert_Einstein&printable=yes')
page = infile.read()
Network
Java
In java.net
, Java programs can use TCP or UDP to communicate over the Internet. The URL
, URLConnection
, Socket
, and ServerSocket
classes all use TCP to communicate over the network. The DatagramPacket
, DatagramSocket
, and MulticastSocket
classes are for use with UDP.
java.net.URL vs java.net.URI: java.net.URL#equals
is blocking:
Two hosts are considered equivalent if both host names can be resolved into the same IP addresses; else if either host name can't be resolved, the host names must be equal without regard to case; or both host names equal to null. Since hosts comparison requires name resolution, this operation is a blocking operation.