Linux Cheatsheet 04 — Networking

ip a                         # interfaces + addrs
ip a show eth0
ip link                      # interface state
ip link set eth0 up/down

ip a add 192.168.1.5/24 dev eth0
ip a del 192.168.1.5/24 dev eth0

ip r                         # routes
ip route add default via 192.168.1.1
ip route add 10.0.0.0/8 via 192.168.1.254
ip route del 10.0.0.0/8

ip n                         # ARP / neighbor table
ip -s link                   # statistics

ss -tlnp                     # TCP listening
ss -ulnp                     # UDP listening
ss -tnp                      # TCP connections
ss -s                        # summary stats
ss -t state established
ss dst 192.168.1.10
ss sport :443
ss -tnp '( dst :443 )'

dig example.com
dig @1.1.1.1 example.com
dig example.com MX
dig example.com NS
dig +trace example.com
dig +short example.com

host example.com
nslookup example.com

systemd-resolve --status     # if systemd-resolved
resolvectl query example.com

127.0.0.1   localhost
192.168.1.10 myserver.local myserver

nameserver 1.1.1.1
nameserver 8.8.8.8
search example.com

curl https://example.com
curl -v https://example.com
curl -L https://example.com           # follow redirects
curl -o file.zip url                  # save to file
curl -O url                           # save with same name
curl --resolve host:443:1.2.3.4 https://host/   # bypass DNS
curl -H "Auth: x" -d '{"name":"a"}' -X POST url
curl --max-time 10 url
curl -w "@curl-format.txt" url        # custom output
curl -u user:pass url                 # basic auth
curl --cacert ca.pem url
curl -k url                           # skip cert validation

wget url
wget -c url                           # resume
wget -r --no-parent url               # mirror
wget -q -O - url                      # to stdout

ping -c 4 example.com
ping6 example.com
mtr example.com                       # combines ping + traceroute, live
traceroute example.com
traceroute -n example.com             # no DNS

tcpdump -i any -n
tcpdump -i eth0 host 1.2.3.4
tcpdump -i eth0 port 80
tcpdump -i eth0 'src host x and dst port 443'
tcpdump -A -s 0 'port 80'             # ASCII
tcpdump -w out.pcap                   # write
tcpdump -r out.pcap                   # read

nmap example.com
nmap -p 80,443 example.com
nmap -p- example.com                  # all ports
nmap -sV example.com                  # version detect
nmap -A example.com                   # aggressive
nmap -sn 192.168.1.0/24               # ping scan only

# ufw (Ubuntu)
ufw status
ufw allow 22/tcp
ufw allow from 192.168.1.0/24 to any port 22
ufw deny 80
ufw delete allow 80
ufw enable
ufw reset

# firewalld (RHEL)
firewall-cmd --state
firewall-cmd --list-all
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --reload

nft list ruleset
nft add table inet filter
nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }
nft add rule inet filter input iifname lo accept
nft add rule inet filter input ct state established,related accept
nft add rule inet filter input tcp dport 22 accept

iptables -L
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
iptables-save > rules.v4

cat /proc/net/tcp
cat /proc/net/dev
cat /proc/net/route

ethtool eth0                          # link status
ethtool -i eth0                       # driver
ethtool -S eth0                       # stats

ip netns add myns
ip netns exec myns ip a
ip netns delete myns

ip link add link eth0 name eth0.100 type vlan id 100
ip link set eth0.100 up
ip a add 192.168.100.5/24 dev eth0.100

ip link add br0 type bridge
ip link set br0 up
ip link set eth0 master br0

conntrack -L                          # list connections
conntrack -E                          # follow events
conntrack -D -s 1.2.3.4               # delete by src

arp -a                                # legacy
ip neigh
ip neigh flush all