Detailed view of blue ethernet cables connected to a network switch in a data center.

Network Troubleshooting Commands

/ Homelab Builds, Linux Fundamentals / By

“Is It the Network?”

Every outage starts with this question. Database timeout? Is it the network? Website slow? Is it the network? Application won’t connect? Is it the network?

Being able to quickly prove or eliminate network issues is what separates reactive helpdesk work from proactive infrastructure thinking. These commands are your diagnostic toolkit for answering “is it the network?” in under a minute.

When I moved from helpdesk to a junior infrastructure role, network troubleshooting was the skill that made the biggest difference. I could actually diagnose problems instead of just restarting things and hoping. That’s worth real money.

The Troubleshooting Ladder

Work through these in order. Each step narrows down the problem:

  1. Can I reach the internet at all? (ping)
  2. Where is the connection failing? (traceroute)
  3. Is DNS working? (dig/nslookup)
  4. What’s listening on this machine? (ss/netstat)
  5. Can I connect to the service? (curl/telnet/nc)
  6. Is there a firewall blocking? (iptables/ufw)

Connectivity Testing

ping – Basic Reachability

# Test internet connectivity
ping -c 4 8.8.8.8

# Test DNS resolution + connectivity
ping -c 4 google.com

# Continuous ping (Ctrl+C to stop)
ping google.com

# Ping with timestamp (useful for logs)
ping -D google.com

What the results tell you:

Result Meaning Next Step
Replies with low latency Network is working Problem is elsewhere
100% packet loss No connectivity Check routing, firewall
High latency Network congestion Use traceroute to find where
“Name resolution failed” DNS issue Test with IP address

Pro tip: Always ping by IP first, then by hostname. If IP works but hostname doesn’t, it’s DNS.

traceroute/tracepath – Finding the Break

# Trace the path to a host
traceroute google.com

# tracepath doesn't require root
tracepath google.com

# Faster with no DNS lookups
traceroute -n google.com

Read the output hop by hop:

 1  192.168.1.1     1.234 ms   # Your router
 2  10.0.0.1        10.456 ms  # ISP gateway
 3  * * *                      # No response (might be filtered)
 4  72.14.209.81    25.789 ms  # Getting further
 5  google.com      28.123 ms  # Destination

Look for sudden latency jumps or timeouts (*). That’s where the problem likely is.

DNS Troubleshooting

dig – DNS Lookups

# Basic lookup
dig google.com

# Short answer only
dig +short google.com

# Query specific DNS server
dig @8.8.8.8 google.com

# Check MX records
dig google.com MX

# Trace the DNS resolution path
dig +trace google.com

nslookup – Alternative DNS Tool

# Simple lookup
nslookup google.com

# Use specific DNS server
nslookup google.com 8.8.8.8

# Reverse lookup
nslookup 8.8.8.8

Common DNS issues:

Problem Test Solution
DNS not resolving dig +short domain.com Check /etc/resolv.conf
Wrong IP returned dig @8.8.8.8 domain.com DNS cache or propagation issue
Slow resolution time dig domain.com DNS server performance

Port and Service Checking

ss – Socket Statistics (Modern)

# List all listening ports
ss -tulpn

# TCP only
ss -tlpn

# UDP only
ss -ulpn

# Show established connections
ss -tn

# Show connections to specific port
ss -tn sport = :22

The flags: t=TCP, u=UDP, l=listening, p=process, n=numeric (don’t resolve names)

netstat – Classic Tool

# Listening ports with process info
netstat -tulpn

# All connections
netstat -an

# Routing table
netstat -r

ss is faster and more modern, but netstat is still everywhere. Know both.

Checking If a Port Is Open

# Using nc (netcat)
nc -zv hostname 80
nc -zv hostname 22

# Using telnet
telnet hostname 80

# Using curl (for HTTP)
curl -I http://hostname

# Check multiple ports
nc -zv hostname 80 443 22

Interface and IP Configuration

ip – Modern Tool

# Show all interfaces and IPs
ip addr

# Show specific interface
ip addr show eth0

# Show routing table
ip route

# Show default gateway
ip route | grep default

# Show neighbour table (ARP)
ip neigh

ifconfig – Legacy Tool

# Show all interfaces
ifconfig

# Show specific interface
ifconfig eth0

ip is the modern replacement, but you’ll see ifconfig in scripts and documentation. Understand both.

HTTP Troubleshooting

curl – The Essential Tool

# Get headers only (check response code)
curl -I https://example.com

# Follow redirects
curl -IL https://example.com

# Verbose output (see handshake)
curl -v https://example.com

# Check specific host header (virtual hosts)
curl -H "Host: www.example.com" http://server-ip

# Test POST request
curl -X POST -d "data=value" https://example.com/api

# See timing breakdown
curl -w "@timing.txt" -o /dev/null -s https://example.com

Quick timing template (save as timing.txt):

    time_namelookup:  %{time_namelookup}\n
       time_connect:  %{time_connect}\n
    time_appconnect:  %{time_appconnect}\n
   time_pretransfer:  %{time_pretransfer}\n
      time_redirect:  %{time_redirect}\n
 time_starttransfer:  %{time_starttransfer}\n
                    ----------\n
         time_total:  %{time_total}\n

Firewall Checking

iptables

# List all rules
sudo iptables -L -n -v

# List NAT rules
sudo iptables -t nat -L -n

# Check if traffic is being dropped
sudo iptables -L -n -v | grep DROP

ufw (Ubuntu)

# Check status
sudo ufw status verbose

# Check if specific port is allowed
sudo ufw status | grep 80

Real Troubleshooting Scenarios

Scenario 1: Website Won’t Load

# Step 1: Can we reach the server?
ping -c 3 server-ip

# Step 2: Is the web port open?
curl -I http://server-ip

# Step 3: Is DNS working?
dig +short www.example.com

# Step 4: Is the service running?
ssh server "systemctl status nginx"

# Step 5: Check the logs
ssh server "tail -20 /var/log/nginx/error.log"

Scenario 2: Database Connection Timeout

# Is the database reachable?
ping -c 3 db-server

# Is the port open?
nc -zv db-server 5432

# Check from the app server's perspective
ss -tn | grep 5432

# Traceroute if latency is suspected
traceroute db-server

Scenario 3: Slow Internal Network

# Check latency between hosts
ping -c 20 other-server

# Look for packet loss
ping -c 100 other-server | tail -3

# Check for interface errors
ip -s link show eth0

# Monitor real-time traffic
iftop -i eth0

Interview Questions

  • “A user reports the website is slow. Walk me through your troubleshooting.”
  • Answer: “First, I’d reproduce the issue and check if it’s specific to that user or widespread. Then I’d work through the network layer: ping the server to check basic connectivity and latency, curl the site to measure response time, check if DNS is resolving quickly. If the network is fine, I’d move to server-side: check CPU/memory with top, check if the service is healthy with systemctl status, and review application logs.”
  • “How do you check what ports are listening on a server?”
  • Answer:ss -tulpn shows all listening TCP and UDP ports with the process using each one. On older systems, netstat -tulpn does the same thing.”
  • “The application can’t connect to a remote service. How do you diagnose it?”
  • Answer: “I’d start by testing connectivity from the same server: ping the remote host to verify network path, nc or telnet to the specific port to check if it’s reachable, and if those fail, traceroute to see where packets are dropping. I’d also check local firewall rules with iptables or ufw.”

Essential Tool Installation

Some tools aren’t installed by default:

# Ubuntu/Debian
sudo apt install net-tools     # netstat, ifconfig
sudo apt install dnsutils      # dig, nslookup
sudo apt install traceroute    # traceroute
sudo apt install curl          # usually pre-installed
sudo apt install netcat-openbsd # nc

# Check what's installed
which dig ping traceroute ss nc curl

Quick Reference

# Connectivity
ping -c 4 hostname              # Basic reachability
traceroute hostname             # Path tracing
mtr hostname                    # Combined ping/traceroute

# DNS
dig +short hostname             # Quick DNS lookup
dig @8.8.8.8 hostname          # Query specific DNS server
nslookup hostname              # Alternative DNS tool

# Ports and services
ss -tulpn                       # Listening ports
netstat -tulpn                  # Legacy equivalent
nc -zv hostname port            # Test if port is open
curl -I http://hostname         # HTTP check

# Configuration
ip addr                         # IP addresses
ip route                        # Routing table
cat /etc/resolv.conf           # DNS config

# Firewall
sudo iptables -L -n             # List rules
sudo ufw status                 # UFW status

The Career Translation

Skill Level What You Can Do Role Level
Basic ping, basic curl Helpdesk (£25-30k)
Intermediate Full troubleshooting ladder Junior Sysadmin (£32-40k)
Advanced + tcpdump, Wireshark, complex scenarios Network/Infrastructure (£45-55k)
Expert + performance analysis, capacity planning Senior/Architect (£55k+)

Network troubleshooting is the skill that proves you can diagnose problems, not just report them. That’s the difference between support and engineering.

Next Steps

  • tcpdump and Wireshark – Packet-level analysis for complex issues
  • MTR – Combined traceroute and ping for continuous monitoring
  • Network fundamentals – Understanding TCP/IP, subnetting, NAT
  • Firewall configuration – Beyond just reading rules

Every infrastructure role involves network troubleshooting. The faster you can isolate network vs application issues, the faster you solve problems.

Part 5 of the Linux Fundamentals series. Next: understanding sudo and privilege escalation—the security concept every admin must master.

Linux Fundamentals Series – Part 5 of 12

Previous: Linux File Permissions Deep Dive

Next: Understanding sudo

View the full series

Scroll to Top