Network & DevOps Reference Cheatsheet Cheatsheet

🔌

Well-Known Network Ports

ESSENTIAL

Web & Application Ports

Port	Protocol	Description
20-21	FTP	File Transfer Protocol (data/control)
22	SSH	Secure Shell remote login
23	Telnet	Unencrypted remote login (legacy)
25	SMTP	Simple Mail Transfer Protocol
53	DNS	Domain Name System
80	HTTP	Hypertext Transfer Protocol
110	POP3	Post Office Protocol v3
143	IMAP	Internet Message Access Protocol
443	HTTPS	HTTP over TLS/SSL
465	SMTPS	SMTP over SSL (deprecated)
587	SMTP	SMTP with STARTTLS (submission)
993	IMAPS	IMAP over SSL
995	POP3S	POP3 over SSL
8443	HTTPS Alt	Alternate HTTPS port

Database Ports

Port	Database	Description
3306	MySQL	MySQL/MariaDB default
5432	PostgreSQL	PostgreSQL default
27017	MongoDB	MongoDB default
6379	Redis	Redis default
1433	MSSQL	Microsoft SQL Server
1521	Oracle	Oracle DB default
9042	Cassandra	Cassandra CQL native
9200	Elasticsearch	Elasticsearch HTTP
9300	Elasticsearch	Elasticsearch transport
5984	CouchDB	Apache CouchDB
26257	CockroachDB	CockroachDB SQL
7687	Neo4j	Neo4j Bolt protocol
8529	ArangoDB	ArangoDB HTTP
8086	InfluxDB	InfluxDB HTTP

Middleware & Messaging

Port	Service	Description
5672	RabbitMQ	AMQP protocol default
15672	RabbitMQ	RabbitMQ management UI
9092	Kafka	Apache Kafka broker
2181	ZooKeeper	Apache ZooKeeper
8080	HTTP Alt	Common dev server / proxy
3000	Dev Server	Node.js / Next.js / Express
5432	GraphQL	Sometimes used for GraphQL
8123	ClickHouse	ClickHouse HTTP
9000	PHP-FPM	FastCGI Process Manager
8888	Jupyter	Jupyter Notebook
6443	K8s API	Kubernetes API server
2379	etcd	etcd client (K8s storage)
10250	K8s Kubelet	Kubernetes Kubelet API
10256	K8s Proxy	kube-proxy health check

Infrastructure Ports

Port	Service	Description
67/68	DHCP	Dynamic Host Configuration
69	TFTP	Trivial File Transfer Protocol
123	NTP	Network Time Protocol
161/162	SNMP	Simple Network Management
389	LDAP	Lightweight Directory Access
636	LDAPS	LDAP over SSL
8140	Puppet	Puppet agent/master
4505/4506	Salt	SaltStack pub/sub
7946	Weave Net	Weave Net gossip/control
4789	VXLAN	VXLAN overlay network
500/4500	IPSec	IPSec (key/NAT-T)
179	BGP	Border Gateway Protocol
2601	Zebra	Zebra routing daemon

📡

Network Protocols

PROTOCOLS

Protocol Comparison

Protocol	Transport	Multiplexing	Binary	Push	Key Feature
HTTP/1.1	TCP	No (1 req/conn)	No	No	Text-based, simple
HTTP/2	TCP	Yes (streams)	Yes	No (server push)	Header compression, multiplexing
HTTP/3	UDP (QUIC)	Yes (streams)	Yes	No	Zero RTT, no HOL blocking
WebSocket	TCP	Yes (messages)	Yes/No	Yes	Full-duplex, persistent
gRPC	HTTP/2	Yes (streams)	Yes	Yes	Code generation, streaming
GraphQL	HTTP	No	No	Yes (sub)	Query language, flexible
SSE	HTTP	No	No	Yes	Server-sent events, one-way
TCP	IP	No (streams)	Yes	N/A	Reliable, ordered delivery
UDP	IP	No (datagrams)	Yes	N/A	Fast, unreliable
QUIC	UDP	Yes (streams)	Yes	N/A	Fast handshake, TCP replacement

HTTP Status Codes (Key Codes)

Code	Category	Description
200	Success	OK - Request succeeded
201	Success	Created - Resource created
204	Success	No Content - Success, no body
301	Redirect	Moved Permanently
302	Redirect	Found (temporary redirect)
304	Redirect	Not Modified (cached)
307	Redirect	Temporary Redirect (preserve method)
308	Redirect	Permanent Redirect (preserve method)
400	Client	Bad Request
401	Client	Unauthorized (not authenticated)
403	Client	Forbidden (no permission)
404	Client	Not Found
405	Client	Method Not Allowed
408	Client	Request Timeout
409	Client	Conflict
422	Client	Unprocessable Entity
429	Client	Too Many Requests (rate limit)
500	Server	Internal Server Error
502	Server	Bad Gateway
503	Server	Service Unavailable
504	Server	Gateway Timeout

💡

HTTP/3 uses QUIC over UDPinstead of TCP, eliminating head-of-line blocking at the TCP level. This means one lost packet doesn't block all other streams. It also enables 0-RTT connection establishment for returning clients (vs 3-way TCP + TLS handshake).

🌐

DNS Records

DOMAIN

DNS Record Types

Type	Name	Purpose	Example
A	Address	IPv4 address mapping	example.com → 93.184.216.34
AAAA	IPv6 Address	IPv6 address mapping	example.com → 2606:2800:220:1::
CNAME	Canonical Name	Alias to another domain	www.example.com → example.com
MX	Mail Exchange	Mail server priority	example.com → mail.example.com
TXT	Text	Arbitrary text (SPF, DKIM)	v=spf1 include:_spf...
NS	Name Server	Authoritative DNS servers	example.com → ns1.dns.com
SOA	Start of Authority	Primary name server info	Primary, admin email, serial
PTR	Pointer	Reverse DNS (IP to name)	34.216.184.93 → example.com
SRV	Service	Service location (port+host)	_sip._tcp.example.com
CAA	Cert Authority	Allowed certificate CAs	issue letsencrypt.org
CNAME	Alias	Domain alias (no MX allowed)	blog.example.com → github.io
DKIM	TXT record	Email authentication	v=DKIM1; k=rsa; p=...

DNS Commands

Command	Description
dig example.com	Full DNS lookup
dig example.com A	Query A records only
dig example.com MX	Query mail records
dig +short example.com	Short answer (IP only)
dig example.com @8.8.8.8	Query specific DNS server
dig -x 93.184.216.34	Reverse DNS (PTR) lookup
dig +trace example.com	Trace DNS resolution path
nslookup example.com	Simple DNS lookup
host example.com	Simple DNS query
whois example.com	Domain registration info

DNS Resolution Flow

Step	Description
1. Browser Cache	Check local browser DNS cache
2. OS Cache	Check OS resolver cache
3. Hosts File	Check /etc/hosts (Linux/Mac)
4. Recursive Resolver	ISP or public DNS (8.8.8.8)
5. Root NS	Returns TLD name servers (.com NS)
6. TLD NS	Returns authoritative NS for domain
7. Authoritative NS	Returns final IP (A/AAAA)
8. Cache & Return	Result cached at each level

🔐

SSL/TLS Basics

SECURITY

TLS Versions

Version	Status	Key Features
SSL 3.0	Deprecated	Insecure (POODLE attack)
TLS 1.0	Deprecated	Weak ciphers, no forward secrecy
TLS 1.1	Deprecated	Weak ciphers, limited support
TLS 1.2	Supported	AES-GCM, SHA-256, ECDHE (secure)
TLS 1.3	Recommended	0-RTT, ChaCha20, AES-256-GCM

Certificate Chain

Component	Description
End-entity Cert	Your domain certificate (leaf)
Intermediate CA	Bridges trust between root and leaf
Root CA	Self-signed, trusted by browsers
Full Chain	All certs combined for verification
CSR	Certificate Signing Request (generate key)
Private Key	Must be kept secret, never shared
Public Key	Embedded in certificate, shared openly

bash/ssl-commands.sh

# SSL/TLS debugging commands

# Check certificate details
openssl s_client -connect example.com:443 -servername example.com
openssl x509 -in cert.pem -text -noout

# Check certificate expiration
echo | openssl s_client -connect example.com:443 2>/dev/null | \
  openssl x509 -noout -dates

# Generate self-signed certificate
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem \
  -days 365 -nodes -subj "/CN=localhost"

# Generate CSR (Certificate Signing Request)
openssl req -newkey rsa:2048 -nodes -keyout domain.key \
  -out domain.csr -subj "/CN=example.com"

# Certbot (Let's Encrypt)
sudo certbot certonly --standalone -d example.com -d www.example.com
sudo certbot renew --dry-run
sudo certbot install --nginx -d example.com

🚫

TLS 1.3 removed support for RSA key exchange and weak cipher suites. It only supports AEAD ciphers (AES-256-GCM, ChaCha20-Poly1305) and requires forward secrecy (ECDHE key exchange). All major browsers and servers support TLS 1.3 as of 2024.

🐳

Docker Compose Reference

CONTAINERS

docker-compose.yml

# Docker Compose v2+ reference
version: "3.9"

services:
  app:
    image: node:20-alpine
    working_dir: /app
    command: npm run start
    ports:
      - "3000:3000"
    environment:
      - NODE_ENV=production
      - DB_HOST=db
    env_file:
      - .env
    volumes:
      - .:/app
      - node_modules:/app/node_modules
    depends_on:
      db:
        condition: service_healthy
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    deploy:
      resources:
        limits:
          cpus: "0.5"
          memory: 512M
    networks:
      - frontend
      - backend

  db:
    image: postgres:16-alpine
    environment:
      POSTGRES_DB: myapp
      POSTGRES_USER: admin
      POSTGRES_PASSWORD: secret
    volumes:
      - pgdata:/var/lib/postgresql/data
    ports:
      - "5432:5432"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U admin"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - backend

  nginx:
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./ssl:/etc/nginx/ssl
    depends_on:
      - app
    networks:
      - frontend

volumes:
  node_modules:
  pgdata:

networks:
  frontend:
    driver: bridge
  backend:
    driver: bridge
    internal: true  # no external access

Compose Commands

Command	Description
docker compose up -d	Start in detached mode
docker compose down	Stop and remove containers
docker compose down -v	Also remove volumes
docker compose build	Build/rebuild images
docker compose pull	Pull latest images
docker compose logs -f app	Follow logs for service
docker compose ps	List running containers
docker compose exec app sh	Execute command in container
docker compose run app npm test	Run one-off command
docker compose config	Validate & view config
docker compose restart app	Restart a service
docker compose scale app=3	Scale replicas
docker compose top	Show running processes
docker compose images	List images in use

depends_on Strategies

Strategy	Description
short syntax	depends_on: [db, redis] — just starts first
long syntax + condition: service_started	Waits for container start
long syntax + condition: service_healthy	Waits for healthcheck pass
long syntax + condition: service_completed	Waits for successful exit

🔄

CI/CD Concepts

PIPELINES

.github/workflows/ci.yml

# GitHub Actions - CI/CD Pipeline
name: CI/CD Pipeline
on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [18, 20]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'npm'
      - run: npm ci
      - run: npm run lint
      - run: npm run test
      - run: npm run build

  deploy:
    needs: test
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@v4
      - name: Deploy to production
        run: |
          echo "Deploying to production..."
          # Add deployment commands here

Conventional Commits

Prefix	Usage	Example
feat:	New feature	feat: add user login endpoint
fix:	Bug fix	fix: resolve null pointer in parser
docs:	Documentation	docs: update API reference
style:	Formatting	style: fix indentation in utils.ts
refactor:	Code refactor	refactor: simplify auth middleware
test:	Tests	test: add integration tests for orders
chore:	Maintenance	chore: update dependencies
perf:	Performance	perf: optimize database queries
ci:	CI/CD changes	ci: add GitHub Actions workflow
build:	Build system	build: update Dockerfile base image
revert:	Revert commit	revert: feat: add login endpoint
BREAKING CHANGE:	Breaking	feat!: change API response format

.env Best Practices

File	Purpose	Git?
.env	Default values (committed)	Yes (template)
.env.local	Local overrides	No (gitignored)
.env.development	Dev environment	No (gitignored)
.env.test	Test environment	Committed
.env.production	Production values	No (gitignored)
.env.example	Template for team	Yes (committed)

.gitignore best practices

# .gitignore essential entries
.env
.env.local
.env.*.local
node_modules/
dist/
build/
.next/
.DS_Store
*.log
coverage/
.vscode/
.idea/
*.pem
*.key
credentials.json
secrets.yml

📊

Monitoring & Logging

OBSERVABILITY

Prometheus Basics

Concept	Description
Metrics	Numeric time-series data (counters, gauges, histograms)
Counter	Monotonically increasing value (requests total)
Gauge	Value that can go up/down (temperature, memory)
Histogram	Distribution of values (latency buckets)
Summary	Client-side quantiles (p50, p95, p99)
PromQL	Query language for Prometheus
Alertmanager	Manages alerts and notifications
Scrape Interval	How often Prometheus pulls metrics
Retention	How long data is stored (default 15d)

ELK Stack Components

Component	Tool	Purpose
E	Elasticsearch	Search engine, stores & indexes logs
L	Logstash	Log ingestion, parsing, transformation
K	Kibana	Visualization dashboard for logs
F	Filebeat	Lightweight log shipper
M	Metricbeat	System & service metrics collector
A	Auditbeat	Audit data collection
H	Heartbeat	Uptime monitoring

Structured Logging Best Practices

Practice	Description
JSON format	Log as JSON objects for easy parsing
Correlation IDs	Include trace/request ID in all log entries
Log levels	Use ERROR, WARN, INFO, DEBUG consistently
Timestamps	ISO 8601 format with timezone
Context	Include service name, version, environment
No secrets	Never log passwords, tokens, or PII
Sensitive fields	Mask or redact email, phone, SSN
Structured fields	Use key-value pairs, not free text
Error stack traces	Include full stack trace on ERROR
Rate limiting	Don't spam logs on repeated errors

prometheus/promql-examples.yml

# Common Prometheus / Grafana Queries (PromQL)

# HTTP request rate (requests/sec)
rate(http_requests_total[5m])

# 95th percentile latency
histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m]))

# CPU usage by container
rate(container_cpu_usage_seconds_total{name="myapp"}[5m]) * 100

# Memory usage percentage
container_memory_usage_bytes{name="myapp"} / container_spec_memory_limit_bytes{name="myapp"} * 100

# Error rate percentage
rate(http_requests_total{status=~"5.."}[5m]) / rate(http_requests_total[5m]) * 100

# Uptime (time since last restart)
time() - process_start_time_seconds

🎯

Interview Q&A

PREP

Q: What happens when you type a URL into the browser?1) DNS resolution (cache → recursive → root → TLD → auth NS), 2) TCP handshake (SYN, SYN-ACK, ACK), 3) TLS handshake (if HTTPS), 4) HTTP request sent, 5) Server processes request (routing, middleware, DB), 6) Server sends HTTP response, 7) Browser renders HTML, parses CSS/JS, builds DOM, paints, 8) Browser executes JavaScript.

Q: Explain HTTP/2 improvements over HTTP/1.1.HTTP/2 introduces: binary framing (instead of text), header compression (HPACK), multiplexing (multiple streams over one connection), server push (proactively sending resources), and stream prioritization. It eliminates the need for domain sharding and connection pipelining.

Q: What is the difference between TCP and UDP?TCP is connection-oriented, reliable, ordered, with flow control (3-way handshake, ACKs, retransmission). UDP is connectionless, unreliable, unordered, no overhead. TCP for web, email, files. UDP for streaming, gaming, DNS, VoIP where speed matters more than reliability.

Q: What is a CDN and why use one?A Content Delivery Network caches content at edge servers worldwide. Users are routed to the nearest edge, reducing latency and server load. CDNs handle static assets (JS, CSS, images), DDoS protection, SSL termination, and video streaming. Examples: Cloudflare, AWS CloudFront, Fastly.

Q: Explain the TLS handshake process.Client sends ClientHello (supported ciphers, TLS version). Server responds with ServerHello + certificate. Client verifies cert, generates pre-master secret, encrypts with server public key. Both derive session keys. Client sends Finished. Server sends Finished. Encrypted communication begins.

Q: What is DNS and how does resolution work?DNS translates domain names to IP addresses. Resolution: browser cache → OS cache → hosts file → recursive resolver (ISP/8.8.8.8) → root nameserver → TLD nameserver → authoritative nameserver → cache result. Records: A (IPv4), AAAA (IPv6), CNAME (alias), MX (mail), TXT (text), NS (nameservers).

💡

Key networking topics for interviews: OSI model, TCP vs UDP, HTTP/1.1 vs HTTP/2 vs HTTP/3, DNS resolution, TLS handshake, REST API design, CORS, WebSocket vs SSE, load balancing algorithms, CDN, Docker networking, Kubernetes Service types, and CI/CD pipeline concepts.

⏳

Loading cheatsheet...