playbooks

home / skills / pluginagentmarketplace / custom-plugin-devops / networking

networking skill

/skills/networking

This skill helps you diagnose and secure complex networks across TCP/IP, DNS, HTTP, SSH, and firewalls for reliable DevOps operations.

npx playbooks add skill pluginagentmarketplace/custom-plugin-devops --skill networking

Review the files below or copy the command above to add this skill to your agents.

Files (7)
SKILL.md
2.7 KB
---
name: networking-skill
description: Network protocols and troubleshooting - TCP/IP, DNS, HTTP/HTTPS, SSH, firewalls.
sasmp_version: "1.3.0"
bonded_agent: 02-networking-protocols
bond_type: PRIMARY_BOND

parameters:
  - name: protocol
    type: string
    required: false
    enum: ["tcp", "udp", "http", "https", "dns", "ssh", "all"]
    default: "all"
  - name: operation
    type: string
    required: true
    enum: ["diagnose", "configure", "secure", "monitor"]

retry_config:
  strategy: exponential_backoff
  initial_delay_ms: 1000
  max_retries: 3

observability:
  logging: structured
  metrics: enabled
---

# Networking Skill

## Overview
Master networking fundamentals for DevOps infrastructure management.

## Parameters
| Name | Type | Required | Default | Description |
|------|------|----------|---------|-------------|
| protocol | string | No | all | Protocol focus |
| operation | string | Yes | - | Operation type |

## Core Topics

### MANDATORY
- TCP/IP and OSI model
- DNS configuration and troubleshooting
- HTTP/HTTPS and TLS
- SSH key management and tunneling
- Firewall basics (iptables, ufw)

### OPTIONAL
- Load balancing
- VPN and tunneling
- Traffic analysis with tcpdump

### ADVANCED
- BGP and routing protocols
- SDN concepts
- Zero-trust networking

## Quick Reference

```bash
# DNS
dig +trace example.com
dig @8.8.8.8 example.com
host -t MX example.com

# TCP/IP Diagnostics
ping -c 4 host
traceroute host
ss -tuln
ip addr show

# HTTP Testing
curl -I https://example.com
curl -v https://example.com

# SSL/TLS
openssl s_client -connect host:443
openssl x509 -in cert.pem -text -noout

# SSH
ssh-keygen -t ed25519
ssh-copy-id user@host
ssh -L 8080:localhost:80 user@host
ssh -D 1080 user@host

# Firewall (UFW)
ufw status verbose
ufw allow 22/tcp
ufw deny from 192.168.1.100

# Firewall (iptables)
iptables -L -n -v
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
```

## Troubleshooting

### Common Failures
| Symptom | Root Cause | Solution |
|---------|------------|----------|
| Connection refused | Service not running | Check ss -tuln |
| Connection timeout | Firewall/routing | Check firewall, traceroute |
| Name resolution failed | DNS issue | Check /etc/resolv.conf |
| Certificate error | Expired/invalid cert | Check dates, verify chain |

### Debug Checklist
1. Layer 1-2: Link up? `ip link show`
2. Layer 3: Ping gateway?
3. Layer 4: Port open? `ss -tuln`
4. DNS: Resolving? `dig hostname`
5. Firewall: Allowing? `iptables -L`

### Recovery Procedures

#### Lost SSH Access
1. Use cloud console/IPMI
2. Check sshd: `sshd -t`
3. Verify firewall: `iptables -L -n`

## Resources
- [TCP/IP Guide](http://www.tcpipguide.com)
- [Mozilla SSL Config](https://ssl-config.mozilla.org)

Overview

This skill teaches practical networking fundamentals for DevOps and infrastructure management, covering TCP/IP, DNS, HTTP/HTTPS, SSH, and firewall basics. It focuses on hands‑on diagnostics and recovery steps so engineers can quickly identify and fix connectivity, name resolution, and certificate issues.

How this skill works

The skill inspects network layers from link to application, using common command‑line tools (ping, traceroute, ss, ip, dig, curl, openssl) to verify state and collect evidence. It provides targeted troubleshooting checklists and recovery procedures for lost access, firewall blocks, and certificate problems. Optional and advanced topics include load balancing, VPNs, traffic capture, and routing concepts for complex environments.

When to use it

  • Investigating service reachability and port availability during incidents
  • Diagnosing DNS resolution failures or mail routing problems
  • Validating TLS/SSL certificates and HTTPS configurations
  • Recovering or restoring SSH access to cloud instances
  • Hardening and testing firewall rulesets in staging or production

Best practices

  • Start with the simplest layer: check link and interface status before higher‑level checks
  • Reproduce the failure with minimal commands (ping, ss, curl, dig) and capture outputs for postmortem
  • Use key‑based SSH and keep out‑of‑band console access ready for recovery
  • Apply least‑privilege firewall rules and test them incrementally in staging
  • Document common fixes and automate routine checks in CI/CD monitoring pipelines

Example use cases

  • A service reports 'connection refused' — use ss -tuln and systemctl to confirm the service and open port
  • Users cannot reach a website — run dig +trace and curl -I to isolate DNS vs TLS issues
  • Automated deploy hooks validate endpoint health with curl and certificate checks using openssl
  • Restore SSH access by validating sshd configuration and temporary console access via cloud provider
  • Investigate intermittent latency using traceroute and tcpdump to identify network hops or packet loss

FAQ

What command quickly shows which process is listening on a port?

Use ss -tuln to list listening TCP/UDP sockets; add -p to show owning processes if available.

How do I check a TLS certificate chain from the command line?

Run openssl s_client -connect host:443 and review the certificate output, or openssl x509 -in cert.pem -text -noout for local files.