Skip to content

Instantly share code, notes, and snippets.

@michaellihs michaellihs/networking.md
Last active Mar 22, 2017

Embed
What would you like to do?
Networking Cheatsheet

Networking Cheat Sheet

Sniff Network Traffic from / to IP

tcpdump -n -i eth0 src SRC_IP  or dst DEST_IP

Create Routes

 sudo route add -net DESTINATION gateway GATEWAY
 sudo route add -net DESTINATION if INTERFACE

Show Routes

netstat -rn

Trace Routes

tracerouts <ADDRESS>

Show Ports

sudo netstat -tulpn

iptables

Basics

  • iptables organizes firewalls in chains (INPUT, OUTPUT, FORWARD)
  • each chain contains a set of rules. A rule defines
    • a protocol type
    • a source address
    • a destination address
    • an interface
    • ...
  • a packet either matches a rule or not
  • if a rule is matched, the associated action is taken - this action is called a target. A target can be  * ACCEPT
    • DROP
  • rules are processed in the order of appearence within a chain
  • each chain has a default policy that matches if no rule matches

Basic Commands

List Rules

iptables -n -L          # -n = disables DNS

use --list-numbers to show the numbers of rules in a chain.

List Commands to configure a Chain

iptables -S INPUT

shows all commands necessary to set up the INPUT chain

Adding a route

iptables 
  -A INPUT        = append
  -I INPUT <pos>  = insert
      -j      target (e.g. ACCEPT, DROP...)
      -p      protocol, e.g. tcp
      -dport  destination port, e.g. 80
      -i      interface name

Adding a default Policy

iptables -P INPUT DROP

Adds a DROP policy to the INPUTchain

Deleting a default Policy

Before you can delete a policy there must be no more rules in the policy. Afterwards, it's

iptables -X INPUT

Flushing current Rules

iptables rules are not persistent - therefore you can flush the rules with

iptables -F

Remind that policies are not flushed

Debugging

Althought there exist several logging mechanisms for iptables (see Further Resources) this will not work, unless you have the ipt_LOG module installed on your kernel.

Therefore this can be a workaround to see what's happening with your packets:

  1. watch the iptables -L command with

    watch -n 0.1 sudo iptables -L -n -v    

  1. Ping some host - you'll now see the packet counter of the affected rules increasing

Further Resources

Digital Ocean Tutorial on iptables

iptables in general

Networking in general

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.