github logo

networking cheat sheet

Ethernet Frame

Preamble

SFD

Dest. MAC

Source MAC

[VLAN]

EtherType

Payload

FCS

GAP

IPV4 Header

IP version

Header Length

DSCP

ECN

Total Length

Identification

Flags

Fragment Offset

TTL

Protocol

Header Checksum

Source address

Destination address

Options

IPv6 Header

Version

Traffic Class

Flow Label

Payload Length

Next header

TTL

Source Address

Destination address

TCP Header

Source port

Destination port

Sequence number

Acknowledgment number

Data offset

Reserved

Flags

Window size

Checksum

Urgent pointer

Options

UDP Header

Source Port

Destination port

Length

Checksum

tcpdump

flags

-i nameCapture named interfaces, any for all -c integerCapture amount of packages -DShow available interfaces -nDo not resolve host-names -nnDo not resolve host-names or services (ports) tcpCapture tcp udpCapture udp, also works with others such as arp host IPCapture data to or from this host only src IPCapture data from this host only dst IPCapture data sent to this host only net CIDRCapture data to or from this subnet port numberUse service name instead of port

tcp flags

[S] SYNC [.|A] ACKNOWLEDGE [R] RESET [F] FINISHED [P] PUSH Flags can be displayed combined, [S.] means sync and acknowledge

nmap

IPScan host LISTScan list CIDRScan subnet -iL fileScan targets from file -iR numberRandom hosts of amount --excludeExclude hosts -iL fileScan targets from file -sUUDP port scan -nNo DNS resolution -p-Scan ALL ports from 0 to 65353 -p n[-n]Scan port or range -p U:n,T:nScan mixed ports, UDP and TCP -FFast scan 100 ports -sVTry to detect service

mtr

IPRun route to host -zResolve ASN -c numRun num cycles -rReport mode, useful with -c -wDo not truncate network names aka wide mode -nNo RDNS -uuse UDP instead of ICMP -Tuse TCP instead of ICMP -f numset first TTL, useful for skipping own router -i floatset interval, default is 1 second

Provided by tuxstash.de