Category
Networking
Every tool and article in this category, gathered in one place.
Tools
CIDR / Subnet Calculator
Break down any IPv4 CIDR block into network and broadcast addresses, usable host range, host count, and netmask. Runs entirely in your browser.
dig output explainer
Paste real dig output and get a decoded, explained breakdown: the header and flags, the EDNS OPT pseudo-section, every record in each section, and the query stats. Parsed entirely in your browser, nothing is resolved or sent anywhere.
IPv6 Toolkit
Parse an IPv6 address or prefix to see its canonical (RFC 5952) and fully expanded forms, special-use classification, prefix math, an EUI-64 MAC if present, and its ip6.arpa reverse-DNS name. Runs entirely in your browser.
nslookup output explainer
Paste real nslookup output and get a decoded, explained breakdown: the resolver it used, whether the answer is authoritative, every record (with MX / SRV / SOA field breakdowns), and any failures. Parsed entirely in your browser, nothing is resolved or sent anywhere.
Syslog PRI decoder + encoder
Decode a syslog PRI such as 134 into its facility and severity, or encode them back, all in your browser.
Articles
How IPv4 addresses work
The 32 bits behind every dotted-quad address, and what private, loopback, and special ranges mean.
ReadThe Syslog PRI: One Number, Two Meanings
Every syslog message starts with a PRI, a number in angle brackets that packs a facility and a severity into a single value. The formula is small and the arithmetic is easy once you have seen it: PRI equals facility times eight plus severity.
ReadSubnetting basics
How to divide one network into smaller subnets, and why borrowing host bits is the whole trick.
ReadSyslog Facilities and Severities, Explained
Syslog defines 24 facilities and 8 severities. The severities are a clean urgency scale from emergency down to debug; the facilities are a mix of genuinely useful categories and historical Unix leftovers, plus eight local slots that network devices lean on heavily.
ReadCIDR notation explained
What the slash in 192.168.1.0/24 actually means, and how a prefix length defines a block of IP addresses.
ReadSyslog on Network Devices: Which Facility Does What
Firewalls, load balancers, and switches almost all log to the local facilities, but each vendor picks a different default. Knowing that FortiGate defaults to local7, Cisco ASA to local4, and F5 BIG-IP to local0 turns a wall of PRI numbers into a map of which box said what.
ReadSyslog Message Formats: RFC 3164 vs RFC 5424
The PRI is the same everywhere, but what follows it is not. Legacy BSD syslog (RFC 3164) has a loose, year-less format, while the modern format (RFC 5424) is precise and structured. Knowing which one you are looking at explains missing timestamps, ambiguous fields, and why parsers disagree.
ReadVLSM: splitting a block into unequal subnets
How to carve one address block into subnets of different sizes without wasting space, and the largest-first rule that keeps it tidy.
ReadA VLSM allocation, worked end to end
A full variable-length subnet allocation for a realistic network: sizing each segment, sorting largest-first, assigning the actual addresses, and accounting for the space left over.
ReadHow Syslog Travels: UDP, TCP, and TLS
Syslog can ride over plain UDP, over TCP, or over TLS, and the choice decides whether messages can be silently lost, reordered, or read in transit. This covers the three transports, the ports involved, and why anything you rely on for audit should not be sent over UDP.
ReadSupernetting and route aggregation
How contiguous prefixes combine into a shorter one, the alignment rule that decides whether two blocks can merge, and the difference between exact aggregation and a single covering supernet.
ReadRoute summarization
Why one summary route can replace many specific ones, the contiguous and aligned allocation it depends on, and the black-hole risk of summarizing a range you do not fully own.
ReadSubnet overlaps and gaps
What it means for two prefixes to overlap or contain one another, why longest-prefix match makes some overlaps intentional, and how to find the unallocated gaps in an address plan.
ReadPrivate IPv4 address space and RFC 1918
The three private ranges, why they are not routable on the Internet, and the other special blocks the CIDR tool flags.
ReadUnderstanding IPv6 Addressing
How a 128-bit IPv6 address is structured and written, the rules for compressing it canonically, what the address types and scopes mean, and how interface identifiers and reverse DNS work.
ReadHow IPv6 hosts get addresses: SLAAC and DHCPv6
How an IPv6 host configures itself from link-local up, what router advertisements decide, and the difference between SLAAC, privacy addresses, and DHCPv6.
ReadIPv6 subnetting and the /64 boundary
Why IPv6 subnetting is about structure rather than scarcity, why a single subnet is almost always a /64, and how prefix delegation hands out address space.
ReadNeighbor Discovery: how IPv6 replaces ARP
How IPv6 finds neighbors on a link using ICMPv6 and multicast instead of broadcast ARP, the five Neighbor Discovery messages, and why broadcast is gone.
ReadRunning IPv6 and IPv4 together: dual-stack and translation
How the internet bridges two incompatible address families: dual-stack, Happy Eyeballs, NAT64, and the IPv4-embedded addresses that make it work.
ReadReading dig Output From Top to Bottom
A dig answer has a fixed shape: a version line, the header, the flags line, the OPT pseudo-section, the four sections, and the query stats. Once you know what each block is, you can read any response at a glance and spot the one line that explains a resolution problem.
ReadThe DNS Header: Opcode, Status, and Flags
The header line and the flags line hold the message-level facts: what kind of query this is, whether it succeeded, and seven single-bit flags (qr, aa, tc, rd, ra, ad, cd) that tell you who answered and how. Reading them correctly is the difference between a two-minute diagnosis and an hour of guessing.
ReadReading the Records in a dig Answer
Every record in a dig section is five columns: name, TTL, class, type, and rdata. This walks the columns and then the rdata of the record types you actually meet, from A and CNAME to MX, SOA, SRV, and CAA, so a wall of records reads as plain facts.
ReadEDNS and the OPT Pseudo-Section
The OPT pseudo-section is not a record and not something you queried: it is EDNS(0) metadata that dig surfaces near the top of an answer. It carries the UDP payload size, the DO flag that requests DNSSEC, and options like COOKIE, and it quietly explains a whole class of resolution failures.
ReadDNSSEC Records in dig Output
Add +dnssec and a dig answer grows a new family of records: RRSIG, DNSKEY, DS, and the NSEC or NSEC3 denial records. This explains what each one is, how they chain from the root down to a zone, and what the ad flag really certifies.
ReadReading nslookup Output
nslookup prints a Server / Address header for the resolver it used, an optional Non-authoritative answer marker, and then the answer in a per-type prose format. Knowing that shape lets you read any result quickly and see at a glance whether it succeeded, where it came from, and what it means.
Readnslookup vs dig: Which to Use
nslookup and dig both query DNS, but nslookup is terser and hides the header flags and TTLs that dig shows in full. This maps one output onto the other and gives a simple rule for which to reach for.
ReadHow nslookup Prints Each Record Type
Instead of dig's fixed columns, nslookup labels each record in prose: mail exchanger =, canonical name =, nameserver =, and a multi-line block for SOA. A short guide to reading each type's line.
ReadAuthoritative vs Non-Authoritative Answers
The Non-authoritative answer marker in nslookup means the result came from a resolver's cache, not from a server that actually holds the zone. This explains the difference, why it is usually fine, and how to get an authoritative answer when you need one.
Readnslookup Errors and What They Mean
When a lookup fails, nslookup prints a line like ** server can't find NAME: CODE. The code is the whole diagnosis. This covers NXDOMAIN, SERVFAIL, REFUSED, and timeouts, what each one tells you, and the first thing to check for each.
ReadReverse DNS Lookups with nslookup
Reverse DNS maps an IP address back to a name through PTR records that live under in-addr.arpa for IPv4 and ip6.arpa for IPv6. nslookup does this automatically when you hand it an address. This covers how the special reverse name is built, why mail servers care, and why the forward and reverse can legitimately disagree.
Readnslookup Interactive Mode
Run nslookup with no arguments and it drops into an interactive prompt where you can switch resolvers, change the record type, turn on debug output, and look up many names in one session. This covers the handful of commands worth knowing and when interactive beats a one-shot query.
Readdig Query Options and Output Control
dig's real power is its options: choosing the server to ask, the record type, and exactly how much of the answer to print. This covers the handful you will actually use every day, from @server and -t to +short and the +noall +answer combination that trims dig down to just the records.
ReadFollowing Delegation with dig +trace
dig +trace resolves a name the way the internet actually does it: starting at the root, following the delegation to the TLD, and then to the domain's own authoritative servers, printing each hop. It is the single best way to see where resolution breaks and to understand how DNS is stitched together.
ReadReading a curl Command
A curl command is a shell command: the word curl, a set of options, and a URL. Reading it means seeing how the shell splits the line first (quotes, backslashes, line continuations) and then how curl reads short, long, and clustered flags.
Readcurl Data Flags and the Content-Type Trap
curl has several ways to attach a body, and they differ in encoding and default Content-Type. The big surprise is that -d defaults to form encoding, not JSON, so a JSON body can be mislabeled and rejected.
ReadTranslating curl to fetch()
The browser fetch API and curl describe the same request differently. Method, headers, and body map across cleanly, but a couple of differences (implicit form Content-Type, cookies, and TLS verification) need care.
ReadHeaders, Authentication, and Cookies in curl
Headers, auth, and cookies are how a request identifies and authorizes itself. -H adds headers, -u is HTTP Basic, a bearer token is just a header, and -b/-c handle cookies. All of them are sensitive.
ReadHow curl Infers the HTTP Method
curl does not always need -X to choose a method. Body data implies POST, -I implies HEAD, -G forces GET, and an explicit -X always wins. Knowing the rules tells you at a glance what a request will do.
Readcurl Flags That Change Security Posture
A few curl flags change how safe a request is: -k disables TLS verification, http sends everything in clear text, and credentials in the URL can leak. None make a request malicious, but each is worth reading before you run or share a command.
Read