Skip to content

Instantly share code, notes, and snippets.

@tappoz

tappoz/Networking-troubleshoot.md

Last active March 3, 2022 10:40
Show Gist options
  • Save tappoz/5950e48bea95d67f50d22d026a17f5f2 to your computer and use it in GitHub Desktop.
Save tappoz/5950e48bea95d67f50d22d026a17f5f2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Networking-troubleshoot.md

Find who's listening on TCP port 8081 (on Mac OSX / bash)

$ netstat -an | grep -E '\.8081.*LISTEN'
tcp4       0      0  127.0.0.1.8081        *.*                    LISTEN

$ cat /etc/services |grep 8081
sunproxyadmin   8081/tcp    # Sun Proxy Admin Service
sunproxyadmin   8081/udp    # Sun Proxy Admin Service

$ netstat -p tcp|grep sunpr

$ sudo lsof -i TCP:8081
Password:
COMMAND     PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
VBoxHeadl 10992 tppz   19u  IPv4 0x7e64438ddd743261      0t0  TCP *:sunproxyadmin (LISTEN)

Figuring out host from IP address

nslookup to query Internet name servers.

$ nslookup 192.30.252.120
Server:		127.0.1.1
Address:	127.0.1.1#53

Non-authoritative answer:
120.252.30.192.in-addr.arpa	name = github.com.

Authoritative answers can be found from:

$

dig DNS lookup utility with -x to reverse lookups, mapping IP addresses to names.

$ dig -x 192.30.252.120

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -x 192.30.252.120
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14700
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;120.252.30.192.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
120.252.30.192.in-addr.arpa. 3556 IN	PTR	github.com.

;; Query time: 48 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Tue May 10 19:43:30 BST 2016
;; MSG SIZE  rcvd: 80

$

host as a DNS lookup utility.

$ host 192.30.252.120
120.252.30.192.in-addr.arpa domain name pointer github.com.
$

Find your public IP address on the internet

dig +short myip.opendns.com @resolver1.opendns.com

Port scanning

nmap, the network exploration tool and security / port scanner. Using it with -v to increase verbosity.

$ nmap -v 192.30.252.120

Starting Nmap 6.40 ( http://nmap.org ) at 2016-05-10 19:44 BST
Initiating Ping Scan at 19:44
Scanning 192.30.252.120 [2 ports]
Completed Ping Scan at 19:44, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:44
Completed Parallel DNS resolution of 1 host. at 19:44, 0.10s elapsed
Initiating Connect Scan at 19:44
Scanning github.com (192.30.252.120) [1000 ports]
Discovered open port 22/tcp on 192.30.252.120
Discovered open port 443/tcp on 192.30.252.120
Discovered open port 80/tcp on 192.30.252.120
Discovered open port 9418/tcp on 192.30.252.120
Completed Connect Scan at 19:45, 9.90s elapsed (1000 total ports)
Nmap scan report for github.com (192.30.252.120)
Host is up (0.13s latency).
Not shown: 996 filtered ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
9418/tcp open  git

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 10.24 seconds
$

Using it with -sP to exploit ports and figure out which ports are open.

$ nmap -sP 192.30.252.120

Starting Nmap 6.40 ( http://nmap.org ) at 2016-05-10 19:45 BST
Nmap scan report for github.com (192.30.252.120)
Host is up (0.18s latency).
Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds
$

CIDR and IP range calculations

$ ipcalc 192.168.0.1/24
Address:   192.168.0.1          11000000.10101000.00000000. 00000001
Netmask:   255.255.255.0 = 24   11111111.11111111.11111111. 00000000
Wildcard:  0.0.0.255            00000000.00000000.00000000. 11111111
=>
Network:   192.168.0.0/24       11000000.10101000.00000000. 00000000
HostMin:   192.168.0.1          11000000.10101000.00000000. 00000001
HostMax:   192.168.0.254        11000000.10101000.00000000. 11111110
Broadcast: 192.168.0.255        11000000.10101000.00000000. 11111111
Hosts/Net: 254                   Class C, Private Internet

Ping host/port

nmap -p 9000 localhost
telnet localhost 9000
# allow for a timeout after 5 seconds, also: verbose
netcat -v -w5 www.google.com 80

Bare in mind sometimes localhost is bind only to ::1 IPv6 rather than 127.0.0.1 IPv4 (cf. /etc/hosts)!

Find open UDP/TCP sockets (internet connections in/out)

Count open sockets:

netstat -an | grep ESTABLISHED | wc -l

WiFi troubleshooting

See WiFi connections (and interfaces / devices):

$ nmcli connection show 
NAME                           UUID                                  TYPE       DEVICE 
MyUsualWifiNet                 d47721e3-fbbe-400d-85bc-be4d00957615  wifi       wlp2s0 
MyWifiNet                      c14f3cc3-4172-4417-9f9b-c8696bdc2c84  wifi       --   
...

See the network interfaces managed by NetworkManager:

$ nmcli dev
DEVICE             TYPE      STATE         CONNECTION     
wlp2s0             wifi      connected     MyWifiNet      
...
enp1s0             ethernet  unavailable   --             
docker0            bridge    unmanaged     --             
...          
lo                 loopback  unmanaged     --             
tap0               tun       unmanaged     --

Make Docker work with NetworkManager by dictating NetworkManager not to mess with bridge devices and try to manage them. Add the following lines to /etc/NetworkManager/NetworkManager.conf:

# if you're running just simple docker containers, they create a `veth*` bridge device, so this is enough:
# [keyfile]
# unmanaged-devices=interface-name:veth*
#
# otherwise this is more robust:
[keyfile]
unmanaged-devices=type:bridge;type:tun;driver:veth;interface-name:virbr*

To connect to a WiFi network from the command line (name, password etc), use: nmtui.

Bridge devices

To list all the network devices of type "bridge" use brctl show:

brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.02423fe85281       no
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment