Networking Notes

1. DHCP

1.1. Function

  • Gleaned from here.

  • DHCP operates based on the client–server model. When a computer or other device connects to a network, the DHCP client software sends a DHCP broadcast query requesting the necessary information. Any DHCP server on the network may service the request. The DHCP server manages a pool of IP addresses and information about client configuration parameters such as default gateway, domain name, the name servers, and time servers. On receiving a DHCP request, the DHCP server may respond with specific information for each client, as previously configured by an administrator, or with a specific address and any other information valid for the entire network and for the time period for which the allocation (lease) is valid. A DHCP client typically queries this information immediately after booting, and periodically thereafter before the expiration of the information.

1.2. Tools

  • To identify which servers are providing DHCP on a network,

2. DNS

2.1. Record types

  • Record Types

    Type Definition Function

    A, AAAA

    Address record

    Used to map hostnames to an IP address of the host

    cname

    Canonical name record

    Alias of one name to another
    Table 1. example table
    cname a record IP

    app1.domain.com app2.domain.com

    a cname points to an a record

    prd-hostname.domain.com

    an a-record points to an ip

    192.168.1.62

    dr-hostname.domain.com

    an a-record points to an ip

    192.168.10.62
    dns-records
    Figure 1. Example of DNS Aliases pointing to the PRD A Record

2.2. Commands

3. Ports

3.1. Connections

  1. To show local and external port connections use the ss command.

    Command
    sudo ss -tuaprn state established | cat
    Example
    Netid Recv-Q Send-Q         Local Address:Port                   Peer Address:Port  Process
udp   0      0                 172.18.0.1:40435                    172.18.0.2:domain users:(("docker-proxy",pid=1413,fd=14))
udp   0      0                 172.18.0.1:40705                    172.18.0.2:domain users:(("docker-proxy",pid=1413,fd=13))
udp   0      0                 172.18.0.1:53314                    172.18.0.2:domain users:(("docker-proxy",pid=1413,fd=9))
udp   0      0          192.168.1.52%eth0:bootpc                  192.168.1.2:bootps users:(("NetworkManager",pid=468,fd=25))
udp   0      0                 172.18.0.1:50032                    172.18.0.2:domain users:(("docker-proxy",pid=1413,fd=8))
udp   0      0                 172.18.0.1:43902                    172.18.0.2:domain users:(("docker-proxy",pid=1413,fd=12))
udp   0      0                 172.18.0.1:60429                    172.18.0.2:domain users:(("docker-proxy",pid=1413,fd=10))
udp   0      0                 172.18.0.1:44359                    172.18.0.2:domain users:(("docker-proxy",pid=1413,fd=11))
tcp   0      0               192.168.1.52:ssh                    192.168.1.11:55989  users:(("sshd",pid=97699,fd=4),("sshd",pid=97620,fd=4))
tcp   0      0               192.168.1.52:ssh                    192.168.1.11:57113  users:(("sshd",pid=98906,fd=4),("sshd",pid=98862,fd=4))
tcp   0      0               192.168.1.52:ssh                    192.168.1.11:55990  users:(("sshd",pid=97743,fd=4),("sshd",pid=97622,fd=4))
tcp   0      0               192.168.1.52:ssh                    192.168.1.11:57115  users:(("sshd",pid=98969,fd=4),("sshd",pid=98864,fd=4))
tcp   0      0      [::ffff:192.168.1.52]:ms-wbt-server [::ffff:192.168.1.11]:56490  users:(("xrdp",pid=98264,fd=12))

  2. To find a specific port in use

3.2. Commands

  1. To find Ports in use

    Command
    sudo ss -ltnp

  2. To find a specific port in use

    Command
    sudo ss -ltnp | grep :53
    Example
    LISTEN 0      32     192.168.122.1:53         0.0.0.0:*    users:(("dnsmasq",pid=8108,fd=6))
LISTEN 0      4096   127.0.0.53%lo:53         0.0.0.0:*    users:(("systemd-resolve",pid=3691922,fd=14))