Network Cheat Sheet

Understanding Routing Table Entry | Baeldung on Computer Science

the packs go through the gateway of interface. the same interface can have multiple gateways and different interfaces can have the same gateway.

route diagnosis

3 Ways to Find Which Linux Process Listening on a Port

Monitoring Network Status With the netstat Command - System Administration Guide: IP Services

System Administration Guide

How to look up the geographic location of an IP address from the command line

#geolocation-of-ip

A tcpdump Tutorial with Examples — 50 Ways to Isolate Traffic - Daniel Miesslersearchmailmailmail

TCPDump cheatsheet

An introduction to using tcpdump at the Linux command line | Opensource.com

Knowing simultaneously these three things for failing and working circumstances would be quite useful.

Get IP address

Linux

rms@rms:~$ ip addr

Windows

PS C:\Users\Frank> ipconfig

PS C:\Users\Frank> netsh interface ip show address

Get IP address of a specific network interface

Linux

rms@rms:~$ ip addr show enp0s31f6
5: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:4e:01:fc:39:50 brd ff:ff:ff:ff:ff:ff
    inet 10.6.64.184/24 brd 10.6.64.255 scope global enp0s31f6
       valid_lft forever preferred_lft forever
    inet6 fe80::24e:1ff:fefc:3950/64 scope link
       valid_lft forever preferred_lft forever

rms@rms:~$ hostname -I | awk '{print $1}'
10.6.64.184

Windows

PS C:\Users\Frank> netsh interface ip show address "Ethernet"

Configuration for interface "Ethernet"
    DHCP enabled:                         Yes
    IP Address:                           10.6.64.243
    Subnet Prefix:                        10.6.64.0/24 (mask 255.255.255.0)
    Default Gateway:                      10.6.64.1
    Gateway Metric:                       0
    InterfaceMetric:                      25

PS C:\Users\Frank> netsh interface ip show address "Ethernet" | findstr "IP Address"

Show Routing Table

# linux
route
# osx
netstat -rn

The -r flag means to show routes.

The -n flag means to not resolve IPs to hostnames.

Find Gateway Used for Routing

# linux
ip route get 8.8.8.8
# osx
route get 8.8.8.8

Show Routes across Network

traceroute
# en0 interface
traceroute -i en0

Ping Through Specific Interface

# linux
ping -I en0 sslvpn.astri.org
# osx
ping -b en0 sslvpn.astri.org

Find Out Address Used by Which Process

# osx
netstat -avn -p tcp

Add a Route

# osx
route -n add 10.0.0.0/24 10.0.0.1
# linux
route -n add -net 10.0.0.0/24 gw 10.0.0.1

FireWall Rule

osx:

# show all information/stats
sudo pfctl -sa
# show rules
sudo pfctl -sr
# sanity check edited configuration file
sudo pfctl -v -n -f /etc/pf.conf
# load pf with new rules
sudo pfctl -f /etc/pf.conf
# enable pf
sudo pfctl -e
# disable pf
sudo pfctl -d
# add information on the fly
sudo pfctl -t localsub -T add 127.0.0.0/24
# flush added rules later
sudo pfctl -Fa -f /etc/pf.conf

sudo pfctl -si
sudo pfctl -q

Get Geolocation of IP Address

curl ipinfo.io/103.216.223.161

Packet Analyzer

Monitor TCP packet on network interfaces

# list which interfaces are available for capture
tcpdump --list-interfaces
# capture all packets in any interface
sudo tcpdump --interface any
# limit the number of packets captured then stop `-c number`
sudo tcpdump -i any -c 5
# disable name resolution with using `-n` and port resolution with `-nn` 
sudo tcpdump -i any -c 5 -nn
# filter packets by protocol, only capture `ICMP` packets
sudo tcpdump -i any -c 5 icmp
# capture packets related with host `8.8.8.8`
sudo tcpdump -i any -c 5 -nn host 8.8.8.8
# capture packets related with port `80`
sudo tcpdump -i any -c 5 -nn port 80
# capture packets with source address 192.168.0.1
sudo tcpdump -i any -c 5 -nn src 192.168.0.1
# capture packets with destination address 8.8.8.8
sudo tcpdump -i any -c 5 -nn dst 8.8.8.8
# capture either port `80` or port `443`
sudo tcpdump -i enp0s31f6 -nn port 80 or port 443
# display payload
sudo tcpdump -i enp0s31f6 port 80 -A -s 0

In the above command:

-i specifies the network interface, and any means all interfaces.
-c specify the number of packets to capture, omitting -c to capture packets continuously.
-nn display IP address and port as numbers rather than attempting to resolve them to hostname.
-A display the packet payload in ASCII format.
-s 0 means capturing the entire packet.

Monitor HTTP message on network interfaces

tcpflow
# monitor on the interface: `enp0s31f6`
sudo tcpflow -p -c -i enp0s31f6 port 80
# just show HTTP message of `GET` and `POST` HTTP methods
sudo tcpflow -p -c -i enp0s31f6 port 80 | grep -oE '(GET|POST) .* HTTP/1.[01]|Host: .*'

In the above command:

-p disables promiscuous mode
-c means only print the output to the console and don’t create files
-i specifies the network interface
grep
- -o means show only the matching parts of the lines that match the pattern
- -E means the pattern is an extended regular expression (ERE)

USB Virtual Ethernet

An explanation on the USB virtual ethernet

Access WSL 2 from local area network(LAN)

After enabling systemd in WSL 2, I have to forward the Windows host port to the WSL 2 distribution.

Find WSL 2 IP address that can be reached from Windows host

$ ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1420 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:98:b5:99 brd ff:ff:ff:ff:ff:ff
    inet 172.29.6.23/20 brd 172.29.15.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fe98:b599/64 scope link
       valid_lft forever preferred_lft forever

Add proxy

netsh interface portproxy add v4tov4 listenport=8082 connectport=8082 connectaddress=172.29.6.23,127.0.0.1

[Optional] Add firewall rule

netsh advfirewall firewall add rule name= "Open Port 8082" dir=in action=allow protocol=TCP localport=8082

Check current proxy

netsh interface portproxy show all

Clean up

netsh interface portproxy delete v4tov4 listenport=8082

netsh advfirewall firewall delete rule name="Open port 8082"

Configure Static IP Address

Ubuntu 17.10 and later uses Netplan as the default network management tool. The previous Ubuntu versions were using ifconfig and its configuration file /etc/network/interfaces to configure the network.

Edit or create a file under /etc/netplan, such as /etc/netplan/01-netcfg.yaml.

/etc/netplan/01-netcfg.yaml
network:
 version: 2
 renderer: networkd
 ethernets:
   enp0s31f6:
     dhcp4: no
     addresses: [10.6.64.12/24]
     gateway4: 10.6.64.1
     nameservers:
         addresses: [8.8.8.8,8.8.8.4]

Options:

enp0s31f6: configure the network interface enp0s31f6 of the device type ethernets.
dhcp4: no: don't obtain IP address from the DHCP server.
addresses: [10.6.64.12/24]: use static IP address 10.6.64.12 in subnet 10.6.64.0/24.

Once done, save the file and apply the changes by running the following command:

$ sudo netplan apply

Verify the changes by typing:

$ ip addr show enp0s31f6

note

For Ubuntu server which is provisioned with cloud-init, you may need to disable it. To do so, create the following file: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg as,

network: {config: disabled}

Network Cheat Sheet

Get IP address​

Get IP address of a specific network interface​

Show Routing Table​

Find Gateway Used for Routing​

Show Routes across Network​

Ping Through Specific Interface​

Find Out Address Used by Which Process​

Add a Route​

FireWall Rule​

Get Geolocation of IP Address​

Packet Analyzer​

Monitor TCP packet on network interfaces​

Monitor HTTP message on network interfaces​

USB Virtual Ethernet​

Access WSL 2 from local area network(LAN)​

Find WSL 2 IP address that can be reached from Windows host​

Add proxy​

[Optional] Add firewall rule​

Check current proxy​

Clean up​

Configure Static IP Address​