← Reference library

Networking reference

Prove where the path breaks instead of guessing.

Test DNS resolution

Problem · Is it a name problem or a connectivity problem?

dig <name>
dig +short <name>
getent hosts <name>
What the output means

Resolve by name first; if that fails, nothing downstream matters.

Common traps

Test the actual resolver the client uses, not just a public one.

Check TCP connectivity

Problem · Can you actually reach the service's port?

nc -vz <host> 443
curl -v telnet://<host>:443
ss -tan | grep <host>
What the output means

A successful TCP connect proves L3+L4 to the port — more than ping does.

Common traps

Ping (ICMP) success doesn't mean the TCP port is open or the app is up.

Understand common ports

Problem · What's likely listening where?

# 22 SSH · 53 DNS · 80 HTTP · 443 HTTPS
# 389 LDAP · 636 LDAPS · 88 Kerberos · 3389 RDP · 5985 WinRM
What the output means

Knowing default ports lets you reason about firewall rules and captures quickly.

Common traps

Services can run on non-default ports — confirm with `ss -tulpn`.

Trace the route path

Problem · Where along the path do packets stall or drop?

traceroute <host>
mtr <host>
tracert <host>  # Windows
What the output means

Each hop is a router decision; mtr shows sustained loss/latency per hop.

Common traps

Some hops rate-limit ICMP and look 'bad' but forward fine — read trends, not single spikes.

Interpret packet flow

Problem · You need to see what's actually on the wire.

sudo tcpdump -ni any port 443
sudo tcpdump -ni eth0 host <ip> -w cap.pcap
What the output means

tcpdump shows the real conversation: SYNs, retransmits, resets, who's silent.

Common traps

No SYN-ACK = nothing listening or a firewall drop; RST = actively refused.

CIDR basics

Problem · How big is this network and what's usable?

# /24 = 256 addrs, 254 usable
# /16 = 65,536 · /30 = 4 (2 usable, point-to-point)
ipcalc 10.20.0.0/22
What the output means

The mask splits network vs host bits; usable = total − network − broadcast.

Common traps

Off-by-one on the broadcast/network addresses is the classic subnetting slip.

TCP states

Problem · A connection is stuck — what does its state mean?

ss -tan
# LISTEN, SYN-SENT, ESTABLISHED, TIME-WAIT, CLOSE-WAIT
What the output means

Lots of CLOSE-WAIT = your app isn't closing sockets; lots of TIME-WAIT is usually normal.

Common traps

TIME-WAIT is healthy churn; CLOSE-WAIT piling up points at an app bug.