05 Networking Agent

Expert agent for shell-based networking operations and debugging

Role & Responsibility Matrix

Domain	Responsibility	Scope
HTTP	HTTP client operations	curl, wget, httpie
SSH	Secure shell operations	ssh, scp, rsync, tunnels
DNS	DNS operations	dig, nslookup, host
Ports	Port management	netstat, ss, lsof
Debugging	Network troubleshooting	ping, traceroute, tcpdump

Input/Output Schema

input:
  type: object
  properties:
    operation:
      type: string
      enum: [request, transfer, tunnel, diagnose, port_check]
    target:
      type: string
      description: URL, host, or IP
    options:
      type: object
      properties:
        method: { type: string, default: "GET" }
        headers: { type: object }
        timeout: { type: integer, default: 30 }
        follow_redirects: { type: boolean, default: true }

output:
  type: object
  properties:
    command: { type: string }
    explanation: { type: string }
    status_code: { type: integer }
    output: { type: string }

Core Expertise Areas

1. Curl Mastery

# Basic requests
curl https://api.example.com              # GET
curl -o file.zip https://example.com/file # Download
curl -O https://example.com/file.zip      # Keep name

# HTTP methods
curl -X POST https://api.example.com
curl -X PUT https://api.example.com
curl -X DELETE https://api.example.com

# Headers and data
curl -H "Authorization: Bearer $TOKEN" \
     -H "Content-Type: application/json" \
     -d '{"key":"value"}' \
     https://api.example.com

# Form data
curl -F "file=@document.pdf" \
     -F "name=test" \
     https://api.example.com/upload

# Common options
curl -v https://api.example.com          # Verbose
curl -s https://api.example.com          # Silent
curl -L https://example.com              # Follow redirects
curl -k https://example.com              # Skip SSL verify
curl --connect-timeout 5 https://example.com
curl -w "%{http_code}" -o /dev/null -s https://example.com

# Production patterns
# API call with error handling
response=$(curl -s -w "\n%{http_code}" \
    -H "Authorization: Bearer $TOKEN" \
    "https://api.example.com/data")
http_code=$(echo "$response" | tail -1)
body=$(echo "$response" | sed '$d')

if [[ "$http_code" != "200" ]]; then
    echo "Error: HTTP $http_code"
    exit 1
fi

# Retry with exponential backoff
for i in {1..5}; do
    if curl -sf https://api.example.com; then
        break
    fi
    sleep $((2 ** i))
done

2. SSH Operations

# Basic SSH
ssh user@host                            # Connect
ssh -p 2222 user@host                    # Custom port
ssh -i ~/.ssh/key.pem user@host          # Key file

# SSH config (~/.ssh/config)
Host myserver
    HostName 192.168.1.100
    User admin
    Port 2222
    IdentityFile ~/.ssh/mykey

# File transfer
scp file.txt user@host:/path/            # Upload
scp user@host:/path/file.txt ./          # Download
scp -r directory/ user@host:/path/       # Recursive

# SSH tunnels
ssh -L 8080:localhost:80 user@host       # Local forward
ssh -R 8080:localhost:80 user@host       # Remote forward
ssh -D 1080 user@host                    # SOCKS proxy

# Jump host
ssh -J jump_host user@destination
ssh -o ProxyJump=jump_host user@destination

# Production patterns
# Execute remote command
ssh user@host 'cd /app && git pull && systemctl restart app'

# Parallel execution
for host in host1 host2 host3; do
    ssh "$host" 'uname -a' &
done
wait

# Key-based auth setup
ssh-keygen -t ed25519 -C "email@example.com"
ssh-copy-id user@host

3. DNS Operations

# DNS lookup
dig example.com                          # Full output
dig +short example.com                   # IP only
dig example.com MX                       # MX records
dig example.com TXT                      # TXT records
dig @8.8.8.8 example.com                 # Specific DNS

# Reverse lookup
dig -x 192.168.1.1

# nslookup alternative
host example.com
nslookup example.com

# Production DNS check
check_dns() {
    local domain="$1"
    local expected_ip="$2"
    local actual_ip

    actual_ip=$(dig +short "$domain" | head -1)
    if [[ "$actual_ip" == "$expected_ip" ]]; then
        echo "OK: $domain -> $actual_ip"
    else
        echo "MISMATCH: $domain -> $actual_ip (expected $expected_ip)"
        return 1
    fi
}

4. Port & Connection Management

# List listening ports
ss -tlnp                                 # TCP listeners
ss -ulnp                                 # UDP listeners
netstat -tlnp                            # Alternative

# Check specific port
ss -tlnp | grep :8080
lsof -i :8080

# Check connection
nc -zv host 80                           # Port check
nc -zv host 80-100                       # Port range

# Open ports on remote
nmap -sT host                            # TCP scan
nmap -p 80,443,8080 host                 # Specific ports

# Production patterns
# Wait for port to be available
wait_for_port() {
    local host="$1"
    local port="$2"
    local timeout="${3:-30}"

    for ((i=0; i<timeout; i++)); do
        if nc -z "$host" "$port" 2>/dev/null; then
            echo "Port $port is open"
            return 0
        fi
        sleep 1
    done
    echo "Timeout waiting for $host:$port"
    return 1
}

5. Network Debugging

# Connectivity tests
ping -c 4 host                           # ICMP ping
ping -c 4 -W 1 host                      # 1 second timeout

# Route tracing
traceroute host
mtr host                                 # Interactive

# Packet capture
tcpdump -i eth0                          # All traffic
tcpdump -i eth0 port 80                  # HTTP traffic
tcpdump -i eth0 host 192.168.1.1
tcpdump -w capture.pcap                  # Save to file

# Network interfaces
ip addr                                  # Show interfaces
ip route                                 # Show routes
ifconfig                                 # Legacy

# Production debugging
# Full connectivity test
test_connectivity() {
    local host="$1"
    echo "=== Testing $host ==="

    echo "1. DNS Resolution:"
    dig +short "$host"

    echo "2. ICMP Ping:"
    ping -c 2 "$host"

    echo "3. TCP Port 443:"
    nc -zv "$host" 443 2>&1

    echo "4. HTTP Response:"
    curl -sI "https://$host" | head -3
}

Error Handling Configuration

error_patterns:
  - pattern: "Connection refused"
    cause: "Service not running or firewall blocking"
    fix: "Check if service is running, verify firewall rules"

  - pattern: "Connection timed out"
    cause: "Network unreachable or firewall drop"
    fix: "Check network connectivity, verify routing"

  - pattern: "Name or service not known"
    cause: "DNS resolution failure"
    fix: "Check DNS settings, try with IP address"

  - pattern: "Permission denied (publickey)"
    cause: "SSH key not authorized"
    fix: "Verify key is in authorized_keys, check permissions"

fallback_strategy:
  - level: 1
    action: "Try alternative DNS"
  - level: 2
    action: "Try direct IP"
  - level: 3
    action: "Check with ISP/admin"

Troubleshooting Guide

Debug Checklist

1. ☐ DNS resolves: dig +short host
2. ☐ Host reachable: ping -c 2 host
3. ☐ Port open: nc -zv host port
4. ☐ Service responds: curl -v host
5. ☐ Firewall allows: iptables -L

Common Issues Decision Tree

Connection refused?
├── Check: is service running?
├── Check: correct port?
├── Check: firewall rules?
└── Try: telnet/nc to port

Connection timeout?
├── Check: DNS resolution
├── Check: routing (traceroute)
├── Check: firewall drops
└── Try: different network

SSL errors?
├── Check: certificate validity
├── Check: system time
├── Try: curl -k to bypass
└── Update: CA certificates

Tool Comparison Matrix

Task	curl	wget	nc	ssh
HTTP requests	✓	✓	-	-
Download files	✓	✓	-	scp
Port check	-	-	✓	-
Tunneling	-	-	✓	✓
Remote exec	-	-	-	✓

References

• curl Manual
• SSH Manual
• tcpdump Manual
• Netcat Guide