Networking Cheatsheet
Essential networking commands for DevOps engineers — curl, netstat, dig, tcpdump, iptables, and Kubernetes networking debugging.
curl — HTTP Testing
curl -v https://api.example.com/healthVerbose — shows request/response headers
curl -s -o /dev/null -w '%{http_code}' https://example.comPrint only HTTP status code
curl -X POST https://api.example.com/data \
-H 'Content-Type: application/json' \
-d '{"key":"value"}'POST JSON request with headers
curl -H 'Authorization: Bearer TOKEN' https://api.example.comRequest with auth header
curl -L https://example.comFollow redirects
curl -o file.tar.gz https://example.com/release.tar.gzDownload file
curl -w '\nDNS: %{time_namelookup}s\nConnect: %{time_connect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\n' -s -o /dev/null https://example.comTime each phase of HTTP request
curl --resolve example.com:443:1.2.3.4 https://example.comTest specific IP without changing DNS
curl -k https://self-signed.example.comSkip TLS certificate verification
curl -x http://proxy:8080 https://example.comRequest through HTTP proxy
Verbose — shows request/response headers
Print only HTTP status code
POST JSON request with headers
Request with auth header
Follow redirects
Download file
Time each phase of HTTP request
Test specific IP without changing DNS
Skip TLS certificate verification
Request through HTTP proxy
DNS Lookup
dig example.comFull DNS lookup with details
dig example.com ALook up A (IPv4) record
dig example.com MXLook up mail server records
dig example.com TXTLook up TXT records (SPF, verification)
dig @8.8.8.8 example.comForce DNS query to Google's server
dig +trace example.comTrace full DNS resolution path
dig +short example.comPrint only the IP address
dig -x 1.2.3.4Reverse DNS — IP to hostname
nslookup example.comSimple DNS lookup
nslookup example.com 1.1.1.1DNS lookup using Cloudflare's server
host example.comQuick hostname lookup
Full DNS lookup with details
Look up A (IPv4) record
Look up mail server records
Look up TXT records (SPF, verification)
Force DNS query to Google's server
Trace full DNS resolution path
Print only the IP address
Reverse DNS — IP to hostname
Simple DNS lookup
DNS lookup using Cloudflare's server
Quick hostname lookup
Port & Connection Testing
nc -zv hostname 443Test if TCP port 443 is open
nc -zv hostname 22 80 443Test multiple ports
nc -zvu hostname 53Test UDP port (DNS)
ss -tlnpAll listening TCP ports with process info
ss -tlnp | grep ':8080'Find what's listening on port 8080
ss -sSocket statistics summary
netstat -tlnpListening ports (older systems)
lsof -i :8080Process using port 8080
lsof -i tcp -P -n | grep LISTENAll listening TCP connections
fuser 8080/tcpPID of process using port 8080
Test if TCP port 443 is open
Test multiple ports
Test UDP port (DNS)
All listening TCP ports with process info
Find what's listening on port 8080
Socket statistics summary
Listening ports (older systems)
Process using port 8080
All listening TCP connections
PID of process using port 8080
Network Interfaces & Routes
ip addr showShow all interfaces and IP addresses
ip addr show eth0Show specific interface details
ip route showShow routing table
ip route get 8.8.8.8Which interface routes to this IP
ip link showShow all network interfaces (without IPs)
ip neigh showShow ARP table (MAC to IP mapping)
route -nShow routing table (older style)
ifconfigNetwork interface info (older systems)
ethtool eth0Network interface speed and settings
ping -c 4 google.comSend 4 ICMP pings to test connectivity
mtr google.comContinuous traceroute with statistics
traceroute google.comTrace network path to destination
Show all interfaces and IP addresses
Show specific interface details
Show routing table
Which interface routes to this IP
Show all network interfaces (without IPs)
Show ARP table (MAC to IP mapping)
Show routing table (older style)
Network interface info (older systems)
Network interface speed and settings
Send 4 ICMP pings to test connectivity
Continuous traceroute with statistics
Trace network path to destination
Packet Capture — tcpdump
tcpdump -i eth0Capture all traffic on eth0
tcpdump -i eth0 port 80Capture HTTP traffic only
tcpdump -i eth0 host 10.0.0.5Capture traffic to/from specific IP
tcpdump -i eth0 -w capture.pcapSave capture to file (open in Wireshark)
tcpdump -r capture.pcapRead previously saved capture
tcpdump -i eth0 'tcp port 443 and host 1.2.3.4'Capture HTTPS traffic to specific IP
tcpdump -i any -A 'port 8080'Capture and print ASCII content on port 8080
tcpdump -i eth0 -n -q 'tcp[tcpflags] == tcp-rst'Capture TCP RST packets (connection resets)
Capture all traffic on eth0
Capture HTTP traffic only
Capture traffic to/from specific IP
Save capture to file (open in Wireshark)
Read previously saved capture
Capture HTTPS traffic to specific IP
Capture and print ASCII content on port 8080
Capture TCP RST packets (connection resets)
iptables & Firewall
iptables -L -n -vList all rules with packet counts
iptables -A INPUT -p tcp --dport 80 -j ACCEPTAllow incoming TCP on port 80
iptables -A INPUT -s 10.0.0.0/8 -j ACCEPTAllow traffic from subnet
iptables -A INPUT -j DROPDrop all other incoming traffic
iptables -D INPUT -p tcp --dport 80 -j ACCEPTDelete a specific rule
iptables -FFlush (delete) all rules
iptables-save > /etc/iptables/rules.v4Save current rules
iptables-restore < /etc/iptables/rules.v4Restore saved rules
ufw allow 22/tcpAllow SSH (Ubuntu firewall)
ufw status verboseShow UFW rules
List all rules with packet counts
Allow incoming TCP on port 80
Allow traffic from subnet
Drop all other incoming traffic
Delete a specific rule
Flush (delete) all rules
Save current rules
Restore saved rules
Allow SSH (Ubuntu firewall)
Show UFW rules
Kubernetes Networking Debug
kubectl run netdebug --image=nicolaka/netshoot --rm -it --restart=NeverLaunch debug pod with networking tools
kubectl exec netdebug -- curl my-service.my-namespace.svc.cluster.localTest service connectivity from inside cluster
kubectl exec netdebug -- nslookup my-service.my-namespaceDNS lookup from inside cluster
kubectl exec netdebug -- ss -tlnpCheck ports from inside cluster
kubectl get endpoints my-service -n my-namespaceCheck which pods are behind a service
kubectl describe networkpolicy -n my-namespaceShow NetworkPolicy rules
kubectl logs -n kube-system -l k8s-app=kube-dnsCoreDNS logs for DNS issues
kubectl exec pod -- wget -qO- http://10.96.0.1/api/v1/namespacesTest Kubernetes API server access from pod
Launch debug pod with networking tools
Test service connectivity from inside cluster
DNS lookup from inside cluster
Check ports from inside cluster
Check which pods are behind a service
Show NetworkPolicy rules
CoreDNS logs for DNS issues
Test Kubernetes API server access from pod