When network issues arise, a systematic approach and the use of appropriate commands are essential for efficiently identifying the root cause.
General Troubleshooting Steps
Network troubleshooting generally follows a bottom-up approach through the OSI reference model layers.
- Physical Layer Check: Cable connections, network adapter status, LED indicators, etc.
- Data Link Layer / Network Layer Check: IP address configuration, subnet mask, gateway, routing, etc.
- Transport Layer Check: Port availability, firewall settings, etc.
- Application Layer Check: Whether services are running correctly, application settings, etc.
Key Commands
ping
Checks network connectivity with a specified host. Uses the ICMP protocol to measure whether packets can reach the destination and response times.
ping [options] destination_IP_or_hostname
-c <count>: Specifies the number of packets to send.-i <seconds>: Specifies the interval between packet transmissions.-n: Disables hostname resolution (displays IP addresses as-is).
Example:
ping -c 4 google.com # Send 4 pings to Google
telnet
Tests connectivity to a specific port on a specific host. Can be used for application layer connectivity checks.
telnet [options] destination_IP_or_hostname [port_number]
-l <username>: Specifies the login username.
Example:
telnet example.com 80 # Test connection to example.com's web server (HTTP)
traceroute / tracepath
Displays the packet path (routers traversed) from source to destination and the response time at each hop. Useful for identifying where delays or packet loss occur in the network.
traceroute [options] destination_IP_or_hostname
# Or (e.g., when traceroute is not installed)
tracepath destination_IP_or_hostname
-i <interface>: Specifies the sending interface.-T: Uses the TCP protocol.-I: Uses the ICMP protocol.-n: Disables hostname resolution.
Example:
traceroute -n 8.8.8.8 # Display the route to Google's DNS server using IP addresses
ip route
Displays and manipulates entries in the Linux kernel routing table.
ip route [subcommand]
show: Displays routing table information (default).add <network>: Adds an entry to the routing table.del <network>: Deletes an entry from the routing table.
Example:
ip route show # Display the current routing table
ss (socket statistics)
Displays socket-related information such as network connections, routing tables, and interface statistics. Recommended as a replacement for the netstat command.
ss [options]
-a: Displays all sockets (including those in LISTEN state).-l: Displays only sockets in LISTEN state.-n: Disables service name and hostname resolution (displays port numbers and IP addresses as-is).-t: Displays TCP sockets.-u: Displays UDP sockets.-p: Displays the processes using the sockets.
Example:
ss -tuln # Display TCP/UDP sockets in LISTEN state numerically
tcpdump
Captures and displays packets flowing through a network interface. Used for detailed analysis of network communications.
tcpdump [options] [filter_expression]
-c <packet_count>: Specifies the number of packets to capture.-i <interface>: Specifies the network interface to capture on.-n: Disables hostname and port number resolution.-w <filename>: Saves captured packets to a file.-v: Displays detailed information.
Filter expression examples:
host <IP_address>: Filters communication with a specific IP address.src <IP_address>: Specifies the source IP address.dst <IP_address>: Specifies the destination IP address.port <port_number>: Filters communication on a specific port number.tcp,udp,icmp: Specifies the protocol.
Example:
sudo tcpdump -i eth0 -n port 80 # Capture port 80 traffic on eth0 interface
Running tcpdump typically requires sudo.
Mastering these commands enables effective network troubleshooting in Linux environments.