Network Troubleshooting

When network issues arise, a systematic approach to troubleshooting saves time and reduces guesswork. This lesson covers a structured methodology, essential tools, and common problems with their solutions.

---

The Troubleshooting Methodology

Follow a layered, bottom-up approach using the OSI model:

Step-by-Step Process

1. Identify the problem — What is the symptom? Who is affected? When did it start?
2. Gather information — Collect logs, error messages, and topology diagrams
3. Develop a theory — Based on the evidence, what layer is likely affected?
4. Test the theory — Use tools and commands to confirm or eliminate
5. Implement a solution — Apply the fix
6. Verify — Confirm the issue is resolved and no new problems were introduced
7. Document — Record the problem, cause, and solution for future reference

---

Bottom-Up Troubleshooting with the OSI Model

Layer	Check	Tools / Commands
1 - Physical	Cables connected? Link lights on? Correct cable type?	Visual inspection, cable tester
2 - Data Link	MAC address learned? VLAN correct? Duplex mismatch?	ip link show, ethtool, switch logs
3 - Network	IP address assigned? Correct subnet? Gateway reachable?	ip addr, ping gateway, ip route
4 - Transport	Port open? Firewall blocking? Service listening?	ss -tuln, telnet host port, nmap
5-7 - Application	Service running? Correct config? Logs show errors?	systemctl status, curl, application logs

---

Essential Troubleshooting Tools

ping — Test Connectivity

# Test basic connectivity
ping 192.168.1.1

# Ping with a specific count
ping -c 4 google.com

# Ping with a specific packet size
ping -s 1472 -M do 192.168.1.1   # Tests MTU (1472 + 28 bytes header = 1500)

What ping tells you:

• Is the host reachable?
• What is the round-trip time (latency)?
• Is there packet loss?

traceroute / tracepath — Trace the Route

# Trace the path to a destination
traceroute google.com     # Linux/macOS
tracert google.com        # Windows

# UDP-based (default on Linux)
traceroute google.com

# ICMP-based
traceroute -I google.com

# TCP-based (useful when ICMP is blocked)
traceroute -T -p 443 google.com

What traceroute tells you:

• Each router (hop) between you and the destination
• Latency at each hop
• Where the path breaks or slows down

ip / ifconfig — Network Interface Configuration

# Show all interfaces and IP addresses
ip addr show

# Show only a specific interface
ip addr show eth0

# Show the routing table
ip route show

# Show ARP cache
ip neigh show

# Bring an interface up/down
sudo ip link set eth0 up
sudo ip link set eth0 down

ss / netstat — Connection and Port Information

# Show all listening TCP and UDP ports
ss -tuln

# Show established connections
ss -t state established

# Show which process is using a port
ss -tlnp

# Legacy equivalent (netstat)
netstat -tuln

dig / nslookup — DNS Troubleshooting

# Check A record
dig example.com

# Check specific record type
dig example.com MX

# Use a specific DNS server
dig @8.8.8.8 example.com

# Trace the full resolution path
dig example.com +trace

# Reverse lookup
dig -x 93.184.216.34

curl — Test HTTP/HTTPS

# Test a web server
curl -v https://example.com

# Show only response headers
curl -I https://example.com

# Test a specific port
curl http://192.168.1.10:8080

# Follow redirects
curl -L https://example.com

# Test with a timeout
curl --connect-timeout 5 https://example.com

tcpdump / Wireshark — Packet Capture

# Capture packets on an interface
sudo tcpdump -i eth0

# Capture packets to/from a specific host
sudo tcpdump -i eth0 host 192.168.1.100

# Capture only TCP traffic on port 80
sudo tcpdump -i eth0 tcp port 80

# Save capture to a file (for Wireshark analysis)
sudo tcpdump -i eth0 -w capture.pcap

# Read a capture file
tcpdump -r capture.pcap