networking cheat sheet
Ethernet Frame
Preamble
SFD
Dest. MAC
Source MAC
[VLAN]
EtherType
Payload
FCS
GAP
IPV4 Header
IP version
Header Length
DSCP
ECN
Total Length
Identification
Flags
Fragment Offset
TTL
Protocol
Header Checksum
Source address
Destination address
Options
IPv6 Header
Version
Traffic Class
Flow Label
Payload Length
Next header
TTL
Source Address
Destination address
TCP Header
Source port
Destination port
Sequence number
Acknowledgment number
Data offset
Reserved
Flags
Window size
Checksum
Urgent pointer
Options
UDP Header
Source Port
Destination port
Length
Checksum
tcpdump
flags
-i nameCapture named interfaces, any for all
-c integerCapture amount of packages
-DShow available interfaces
-nDo not resolve host-names
-nnDo not resolve host-names or services (ports)
tcpCapture tcp
udpCapture udp, also works with others such as arp
host IPCapture data to or from this host only
src IPCapture data from this host only
dst IPCapture data sent to this host only
net CIDRCapture data to or from this subnet
port numberUse service name instead of port
tcp flags
[S] SYNC
[.|A] ACKNOWLEDGE
[R] RESET
[F] FINISHED
[P] PUSH
Flags can be displayed combined, [S.] means sync and acknowledge
nmap
IPScan host
LISTScan list
CIDRScan subnet
-iL fileScan targets from file
-iR numberRandom hosts of amount
--excludeExclude hosts
-iL fileScan targets from file
-sUUDP port scan
-nNo DNS resolution
-p-Scan ALL ports from 0 to 65353
-p n[-n]Scan port or range
-p U:n,T:nScan mixed ports, UDP and TCP
-FFast scan 100 ports
-sVTry to detect service
mtr
IPRun route to host
-zResolve ASN
-c numRun num cycles
-rReport mode, useful with -c
-wDo not truncate network names aka wide mode
-nNo RDNS
-uuse UDP instead of ICMP
-Tuse TCP instead of ICMP
-f numset first TTL, useful for skipping own router
-i floatset interval, default is 1 second