Network Troubleshooting

Reference notes.

A systematic approach to diagnosing network issues using command-line tools. Work from the bottom of the OSI Model upwards.

Troubleshooting Methodology

1. Physical layer - Cable connected? Link light on?
2. Data link - Interface up? MAC address visible?
3. Network - IP configured? Can ping gateway?
4. Transport - Port open? Service listening?
5. Application - Service responding? Correct response?

Essential Tools

ping

Test basic connectivity with ICMP echo requests.

No response? Check: IP config, gateway, firewall rules, ICMP blocked.

traceroute / tracepath / mtr

Show the path packets take to a destination, with latency at each hop.

• traceroute - Traditional, may need root
• tracepath - No root required
• mtr - Combined ping + traceroute, best for diagnosing packet loss

* * * in output indicates filtered/dropped packets at that hop.

ss / netstat

View socket statistics - listening ports, established connections.

Flag	Meaning
-t	TCP
-u	UDP
-l	Listening
-n	Numeric (no DNS)
-p	Show process

ip

Interface and route management on Linux.

• ip addr - Show IP addresses
• ip route - Show routing table
• ip neigh - Show ARP table
• ip link - Show interface status

tcpdump

Capture and analyse packets on an interface. Filter by host, port, protocol. Save to .pcap for analysis in Wireshark.

Wireshark

GUI packet analysis. Useful filters:

• ip.addr == 192.168.1.1
• tcp.port == 443
• http.request
• dns
• tcp.analysis.retransmission

nmap

Port scanning and host discovery.

• Quick scan: nmap <host>
• Service detection: nmap -sV <host>
• Ping sweep: nmap -sn <subnet>

nc (netcat)

Test TCP/UDP connectivity. Check if ports are open, send/receive data.

dig / nslookup

DNS queries. See DNS for detailed usage.

curl

HTTP testing - check responses, headers, timing, TLS handshakes. Supports HTTP/3 via --http3 flag (requires curl 8.x+ built with QUIC support).

iperf3

Bandwidth testing between two endpoints. Run server on one end, client on the other.

termshark

TUI (terminal UI) alternative to Wireshark. Useful for packet analysis on remote servers without a GUI. Built on tshark.

Quick Diagnostics Checklist

1. Check interface status
2. Check IP configuration
3. Check default route
4. Ping gateway
5. Ping external IP (e.g., 8.8.8.8)
6. Test DNS resolution
7. Check listening services
8. Check firewall rules

Common Issues and Solutions

Symptom	Likely Cause	Check
No link light	Cable/port issue	Physical connection
No IP address	DHCP failure	DHCP client, server
Can’t ping gateway	IP config, gateway down	Routes, ARP
Can ping IP, not DNS	DNS misconfiguration	Resolver config, dig
Connection refused	Service not running	ss -tlnp, service status
Connection timeout	Firewall blocking	Firewall rules, tcpdump
Slow connection	Congestion, packet loss	mtr, iperf3
Intermittent issues	Flapping, duplex mismatch	ethtool, dmesg

References

• tcpdump Tutorial
• Wireshark User Guide
• nmap Reference Guide
• Julia Evans - Networking Zines