Snippets for yer computer needs


Border Gateway Protocol


Running an AS

Getting an ASN



RFC 792



(as root)


list listening ports

netstat -plunt

Alarm when ping is successful

ping -i 60 -a $IPADDRESS

get external ip




IPv4 - subnetting

Natural mask

First bits of address default mask Decimal
0 x x x 8 bits long < 128
1 0 x x 16 bits long 128-191
1 1 0 x 24 bits long 192-223
1 1 1 0 multicast 224-239

Greater than 239 the address is reserved


Link local: FE80::/10

Site local: FEC0::/10 (Deprecated)

Reverse DNS nibble 4-bit boundaries

Named Data Networking

Network Names

Have a formal grammar for parsing

Don’t rely on institutional memory - a person with fresh eyes should know where and what everything is just by reading the records

Don’t use vendor type/make/model in DNS name

Use CNAMEs to wean off old names

Pre-derive all current names before committing to a name scheme

Spanning Tree

2 states:

Note that STP predates LAN switches, hence mention of bridges

Failed/shutdown interfaces are placed into an STP disabled state.

The bridge ID is an 8-byte value, unique to the switch. 2 byte priority field, and 6-byte for the MAC address.

Root switch is whatever has lowest priority, and in a tie, the lowest bridge ID.

If a switch hears a Hello with a lower BID, it stops advertising and forwards the superior Hello.

For best root cost tiebreakers,

  1. lowest neighbor bridge ID.
  2. lowest neighbor port priority.
  3. lowest neighbor internal port number.

STP root switch sends a new Hello BPDU every 2 seconds by default. When a switch hasn’t received a Hello (MaxAge is 10xHello, so 20 seconds by default) or gets different details, it reacts to the topology change. When transitioning from blocking to forwarding, it goes through Listening state (no forwarded frames, removes stale MAC table entries), then Learning (no forwarded frames, but learns MAC addresses of frames sent to interface). Forward delay state changes are 15 seconds each (so 30 seconds from blocking to forwarding). In summary, a topology change could lead to a 50 second delay using STP.

RSTP (IEEE 802.1w originally, 802.1Q today) is an improvement of STP, where network convergence can happen in a few seconds (10 seconds in worst case). It allows switches to replace their root parts without the blocking->forwarding transition wait time in some cases, the ability to replace a designated port without waiting for forwarding state, and lower wait times on the timers. MaxAge for Hello is 3 times the Hello timer. There are also messages that can be sent to neighboring switches asking if problems are occuring, reducing wait times. There is a concept of Alternate port (which can replace the root port when failing), and a Backup port (when the designated port is failing)

Bridge Protocol Data Units

Hello BPDU

Has root bridge ID, sender’s bridge ID, sender’s root cost, and timers on the root switch

Spanning Tree Algorithm

Elect a root switch, all ports in forwarding

Non-root switches determine which port has least cost to root switch (root cost). That “root port” is put in forwarding state.

With two switches on a link, the one with the lowest root cost is placed in a forwarding state. That switch is the “designated switch,” and the interface the “designated port”

Any leftover interfaces are put in a blocking state.


Spanning Tree IEEE 802.1D
Rapid Spanning Tree IEEE 802.1w
Multiple Spanning Tree IEEE 802.1s

all incorporated into 802.1Q-2014


# get POC info from ARIN
whois 'p ! + NAME-ARIN'



Hot Standby Router Protocol

RFC 2281

No RFC for V2


Simple Object Access Protocol

Use curl to send a request

curl -d @request.xml -H "Content-Type: application/soap+xml;charset=UTF-8" http://localhost:9090/thing

Home Network Administration Protocol (HNAP)

patent US7827252B2

Get modem details



Running arpwatch

arpwatch -i <interface> -u <non-root username>

Use a static ARP table

# Single address:
arp -s <ip> <mac>

# File:
arp -f <filepath>


Using dig

# Reverse lookup
dig -x [ip addr]

# get root servers
dig NS com

# Get nameserver glue records
dig NS

# Get SOA (serial, refresh, retry, expiry, minimum)
dig +short soa

Query name server for IP addresses

nslookup [name] [dns server]

Add Route53 subdomain to zone file

; drop this in the zone file

Protect domain that doesn’t use email



Check the SPF record of a domain

dig -t TXT +short | grep spf

SPF null record

If the domain should not be sending any email   IN  TXT  "v=spf1 -all"


Production ready



Look for UDP packet loss

mtr -u


Handy scripts

Script Description
ssl-enum-ciphers get list of available SSL/TLS headers
http-trace see if server has a TRACE method
http-server-header get details from the Server: header

Get list of available server ciphers

nmap --script ssl-enum-ciphers -p PORT SERVER

Specifying hosts

# Input from list
nmap -iL file ...


# Grepable
nmap -oG file ...
nmap -oX file ...


List scan
-sL # does reverse DNS lookup

Aggressive scan
-A # equal to -sV -sC -O --traceroute

-T4 # intensity (1-5, 4+ if on broadband)

-O # OS detection


Source repo

svn co

scripting engine



Doesn’t redirect UDP or FTP



bindaddress bindport connectaddress connectport binds to any every available local IP address


Get all ICMP packets

tcpdump icmp

See what’s connecting to a port

tcpdump dst port <PORT>

See what’s coming from an IP

tcpdump src

TCP Wrappers

# blank lines and lines starting with '#' ignored
<daemon list> : <client list> [: <option> : <option> : ...]

EST Protocol

RFC 7030



State Description
LISTEN accepting connections
ESTABLISHED connection up and passing data
SYN_SENT TCP; session has been requested by us; waiting for reply from remote endpoint
SYN_RECV TCP; session has been requested by a remote endpoint for a socket on which we were listening
LAST_ACK TCP; our socket is closed; remote endpoint has also shut down; we are waiting for a final acknowledgement
CLOSE_WAIT TCP; remote endpoint has shut down; the kernel is waiting for the application to close the socket
TIME_WAIT TCP; socket is waiting after closing for any packets left on the network
CLOSING TCP our socket is shut down; remote endpoint is shut down; not all data has been sent
FIN_WAIT1 TCP; our socket has closed; we are in the process of tearing down the connection
FIN_WAIT2 TCP; the connection has been closed; our socket is waiting for the remote endpoint to shut down



Setting up an OpenVPN server

# Set up a cert. authority
cd /etc/openvpn/easy-rsa/
# Edit the vars file
. ./vars
# Create server certs
./build-key-server server
# Create client certs
./build-key client1
# Build Diffie Hellman parameters


CLI misc

# See list of supported ciphers
openvpn --show-ciphers
# See list of supported HMACs
openvpn --show-digests
# See list of supported TLS cipher-suites
openvpn --show-tls

Using a static key

# generate static key
openvpn --genkey --secret static.key

In configuration files:

secret static.key
# or
Key contents


When connecting to a telco, ask for:

Registration Data Access Protocol (RDAP)

Machine-readable successor to WHOIS



Packet manipulation


# Convert raw packet capture
wpacap2john cap.raw > cap.john
john -form wpapsk cap.john


Writing RFCs

document #
RFC Style Guide 7322
RFC Series and RFC Editor 8729

Interesting bits

document #
30 Years of RFCs 2555


ssh desthost -L 5900:localhost:5900 x11vnc -display :0 -nopw vncviewer :0

Testing a connection

nc -v # should return "RFB ..."


Disabling MAC randomization in NetworkManager


# Randomize MAC for every ethernet connection
# Generate a random MAC for each WiFi and associate the two permanently.