Networking Commands¶

Diagnostics¶

WindowsLinux / macOSPowerShell

ipconfig /all
ipconfig /flushdns
ipconfig /release && ipconfig /renew

ping -n 10 8.8.8.8
tracert -d google.com
pathping google.com

netstat -ano
netstat -b  # show executable per connection (run as admin)

nslookup google.com 8.8.8.8
nslookup -type=MX domain.com

ip addr show
ip route show
resolvectl status  # systemd-resolved

ping -c 4 8.8.8.8
traceroute -n google.com
mtr --report google.com  # combined ping+traceroute

ss -tlnp
netstat -tlnp

dig google.com A @8.8.8.8
dig -x 8.8.8.8  # reverse lookup
host -t MX domain.com

Test-NetConnection -ComputerName google.com -Port 443
Test-NetConnection -ComputerName 10.0.0.1 -TraceRoute

Resolve-DnsName google.com -Type A
Resolve-DnsName google.com -Type MX
Resolve-DnsName google.com -Server 8.8.8.8

Get-NetTCPConnection -State Established
Get-NetTCPConnection -LocalPort 443

DNS Record Lookups¶

# Check SPF
dig TXT domain.com | grep spf

# Check DKIM
dig TXT selector._domainkey.domain.com

# Check DMARC
dig TXT _dmarc.domain.com

# Check MX records
dig MX domain.com

# Check NS records
dig NS domain.com

SSL / TLS¶

# Check certificate on a host
openssl s_client -connect domain.com:443 -showcerts </dev/null 2>/dev/null |
    openssl x509 -noout -dates -subject -issuer

# Check cert expiry only
echo | openssl s_client -servername domain.com -connect domain.com:443 2>/dev/null |
    openssl x509 -noout -enddate

# Test TLS versions
nmap --script ssl-enum-ciphers -p 443 domain.com

Firewall¶

Windows FirewallLinux (iptables)Linux (ufw)

# List rules
Get-NetFirewallRule | Where-Object { $_.Enabled -eq "True" } |
    Select-Object DisplayName, Direction, Action

# Allow inbound port
New-NetFirewallRule -DisplayName "Allow HTTPS" -Direction Inbound `
    -Protocol TCP -LocalPort 443 -Action Allow

# Block outbound to IP
New-NetFirewallRule -DisplayName "Block IP" -Direction Outbound `
    -RemoteAddress 1.2.3.4 -Action Block

iptables -L -n -v
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -d 1.2.3.4 -j DROP
iptables-save > /etc/iptables/rules.v4

ufw status verbose
ufw allow 443/tcp
ufw deny from 1.2.3.4
ufw delete allow 80/tcp