Link Search Menu Expand Document

Linux-Networking Cheat Sheet


netcat Commands

  nc -l -p <port>       # Listen on port
  nc -w3 <ip> <port>  # Listen for connection from IP on port

  # Search banners
  echo | nc -v -n -w1 <ip> <port min>-<port max>

  # Port scan
  nc –v –n –z –w1 <ip> <port min>-<port max>
  # Perform request
  printf 'HTTP/1.0 GET /\n'  | nc <server> <port>
  # Simple echo server
  while true ; do nc -l -p 8080 -c 'echo -e "HTTP/1.1 200 OK\n\n $(date)"'; done

Disable IPv6

  echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6
  echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6

See also: cheetsheets for all network protocols (PDFs)


  • Resolve own IP

    dig +short
  • Resolve a name via nsswitch

    getent hosts <host name>
  • CloudShark: Sharing network traces
  • DNS Lookup

      dig <domain>
      dig <domain> +noall +answer
      dig <domain> +short
      dig MX <domain>
      dig NS <domain>
      dig ANY <domain>
      dig -x <IP>
      dig -x <IP> +short
      dig @ <domain>
      dig -f input.txt +noall +answer
  • DNS RR - warpsrv: CLI wrapper for DNS RR connections

      apt-get install -y wrapsrv netcat
      export eval $(wrapsrv <DNS name> "netcat -z %h %p && echo http_proxy=http://%h:%p")
  • DNSSEC - Verisign Online Tester
  • DNS - CAA Support: Providers and Tools

  • DNS server
    • Bind
    • PowerDNS
    • NSD
    • ldns
    • unbound
  • DNS over TLS/HTTPS resolvers
  • Public DNS over TLS/HTTPS resolvers
    • Google (
    • Cloudflare (
    • Quad9 (
    • Also see


  • ethtool - Usage

    ethtool eth0                       # Print general info on eth0
    ethtool -i eth0                    # Print kernel module info
    ethtool -S eth0                    # Print eth0 traffic statistics
    ethtool -a eth0                    # Print RX, TX and auto-negotiation settings
    ethtool -p eth0                    # Blink LED
    # Changing NIC settings...
    ethtool -s eth0 speed 100
    ethtool -s eth0 autoneg off
    ethtool -s eth0 duplex full
    ethtool -s eth0 wol g               # Turn on wake-on-LAN

    Do not forget to make changes permanent in e.g. /etc/network/interfaces.

  • ip - Usage

    ip link show
    ip link set eth0 up
    ip addr show
    ip neigh show
  • miitool - Show Link Infos

    # mii-tool -v
    eth0: negotiated 100baseTx-FD flow-control, link ok
      product info: vendor 00:07:32, model 17 rev 4
      basic mode:   autonegotiation enabled
      basic status: autonegotiation complete, link ok
      capabilities: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
      advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
      link partner: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  • Enable Jumbo Frames

    ifconfig eth1 mtu 9000
  • Allow binding IP that does not exist

      sysctl -w net.ipv4.ip_nonlocal_bind=1
  • NFS - Tuning Secrets: SGI Slides on NFS Performance


  • Black Hole Route: To block IPs create route on loopback

      route add -net gw lo   # for a subnet
      route add gw lo   # for a single IP
  • Quick Access Log IP Top List

      tail -100000 access.log | awk '{print $1}' | sort | uniq -c |sort -nr|head -25
  • Find out if IP is used before configuring it

      arping <IP>
  • Traceroute with AS and network name lookup

      lft -AN
  • Tracks DNS changes
  • Tuning network settings
  • Tracing using ad-hoc network namespace


  • vnstat - Short term measurement bytes/packets min/avg/max:

    vnstat -l      # Live listing until Ctrl-C and summary
    vnstat -tr     # 5s automatic traffic sample
  • vnstat - Long term statistics:

    vnstat -h      # last hours (including ASCII graph)
    vnstat -d      # last days
    vnstat -w      # last weeks
    vnstat -m     # last months
    vnstat -t       # top 10 days



  • LLDP

    lldpctl eth0
  • nmap commands

    # Network scan
    nmap -sP
    # Host scan
    nmap <ip>
    nmap -F <ip>      # fast
    nmap -O <ip>     # detect OS
    nmap -sV <ip>     # detect services and versions
    nmap -sU <ip>     # detect UDP services
    # Alternative host discovery
    nmap -PS <ip>     # TCP SYN scan
    nmap -PA <ip>     # TCP ACK scan
    nmap -PO <ip>     # IP ping
    nmap -PU <ip>     # UDP ping
    # Alternative service discovery
    nmap -sS <ip>      
    nmap -sT <ip>
    nmap -sA <ip>
    nmap -sW <ip>
    # Checking firewalls
    nmap -sN <ip>
    nmap -sF <ip>
    nmap -sX <ip>

Changing Capabilities

Allow user started daemon binding on ports <1024

setcap cap_net_bind_service=+ep <binary>

Check with

getcap <binary>


  • X-Trace - Multi-protocol tracing framework
  • iptraf - Real-time statistics in ncurses interfaces
  • mtr - Debug routing/package loss issues

    mtr --report <host>                     # ping based
    mtr --report --tcp --port 443 <host>    # connection based
  • netstat - The different modes

    # Typically used modes
    netstat -rn          # List routes
    netstat -tlnp       # List all open TCP connections
    netstat -tlnpc      # Continuously do the above
    netstat -tulpen    # Extended connection view
    netstat -a           # List all sockets
    # And more rarely used
    netstat -s            # List per protocol statistics
    netstat -su          # List UDP statistics
    netstat -M           # List masqueraded connections
    netstat -i            # List interfaces and counters
    netstat -o           # Watch time/wait handling
  • nttcp - TCP performance testing

    # On sending host
    nttcp -t -s
    # On receiving host
    nttcp -r -s
  • List Kernel Settings

    sysctl net
  • SNMP - Dump all MIBs: When you need to find the MIB for an object known only by name try

    snmpwalk -c public -v 1 -O s <myhost> .iso | grep <search string>
  • Hurricane Electric - BGP Tools: Statistics on all AS as well as links to their looking glasses.
  • darkstat - libpcap monitoring