Linux Network Troubleshooting Guide

Network troubleshooting is a critical skill for Linux system administration. This guide covers essential tools and techniques for diagnosing and resolving network issues.

Overview: Network Troubleshooting Tools

Tool	Purpose	Example
`ping`	Test connectivity	`ping google.com`
`traceroute`	Trace network path	`traceroute google.com`
`netstat`	Network statistics	`netstat -tunlp`
`ss`	Socket statistics	`ss -tunlp`
`ip`	Network configuration	`ip addr show`
`nslookup`	DNS lookup	`nslookup google.com`
`dig`	DNS queries	`dig google.com`
`tcpdump`	Packet capture	`tcpdump -i eth0`
`curl`	HTTP testing	`curl -I https://example.com`
`mtr`	Network diagnostics	`mtr google.com`

Testing Connectivity with ping

Basic ping Usage

# Ping a host
ping google.com

# Ping with packet count
ping -c 4 google.com

# Ping specific interface
ping -I eth0 192.168.1.1

# Set interval between pings
ping -i 2 google.com

# Flood ping (requires root)
sudo ping -f 192.168.1.1

# Set packet size
ping -s 1000 google.com

# Quiet output (summary only)
ping -c 10 -q google.com

Interpreting ping Results

$ ping -c 4 google.com
PING google.com (142.250.185.46): 56 data bytes
64 bytes from 142.250.185.46: icmp_seq=0 ttl=117 time=11.4 ms
64 bytes from 142.250.185.46: icmp_seq=1 ttl=117 time=10.8 ms
64 bytes from 142.250.185.46: icmp_seq=2 ttl=117 time=11.2 ms
64 bytes from 142.250.185.46: icmp_seq=3 ttl=117 time=11.0 ms

--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 10.8/11.1/11.4/0.2 ms

Key metrics: - ttl - Time to live (hops remaining) - time - Round-trip time (latency) - packet loss - Percentage of lost packets - rtt - Min/avg/max/standard deviation

Tracing Network Path

traceroute

# Trace route to host
traceroute google.com

# Use ICMP instead of UDP
traceroute -I google.com

# Set max hops
traceroute -m 15 google.com

# Don't resolve hostnames
traceroute -n 8.8.8.8

# Set number of queries per hop
traceroute -q 1 google.com

mtr - Enhanced traceroute

# Interactive network diagnostic
mtr google.com

# Report mode (10 cycles)
mtr -c 10 --report google.com

# Use TCP instead of ICMP
mtr --tcp google.com

# Show IP addresses
mtr -n google.com

# CSV output
mtr --csv google.com

Network Statistics

netstat - Network Statistics

# Show all listening ports
netstat -tunlp

# Show all connections
netstat -tun

# Show routing table
netstat -rn

# Show interface statistics
netstat -i

# Show TCP connections
netstat -tan

# Show UDP connections
netstat -uan

# Continuous monitoring
netstat -c

ss - Modern Socket Statistics

# Show all listening TCP ports
ss -tunlp

# Show all established connections
ss -tun

# Show listening sockets
ss -l

# Show TCP sockets
ss -t

# Show UDP sockets
ss -u

# Show specific port
ss -tunlp | grep :80

# Show socket memory usage
ss -m

# Show specific state
ss state established

DNS Troubleshooting

nslookup

# Basic DNS lookup
nslookup google.com

# Query specific DNS server
nslookup google.com 8.8.8.8

# Reverse DNS lookup
nslookup 8.8.8.8

# Query specific record type
nslookup -type=mx google.com
nslookup -type=ns google.com
nslookup -type=txt google.com

dig - DNS Information

# Basic query
dig google.com

# Short answer only
dig +short google.com

# Query specific DNS server
dig @8.8.8.8 google.com

# Query specific record type
dig google.com MX
dig google.com NS
dig google.com TXT
dig google.com AAAA

# Reverse lookup
dig -x 8.8.8.8

# Trace DNS resolution
dig +trace google.com

# No recursion
dig +norecurse google.com

# Show all information
dig google.com ANY

Testing DNS Resolution

# Test different DNS servers
dig @8.8.8.8 example.com        # Google DNS
dig @1.1.1.1 example.com        # Cloudflare DNS
dig @208.67.222.222 example.com # OpenDNS

# Compare response times
time dig google.com
time nslookup google.com

# Check DNS propagation
dig example.com @dns1.example.com
dig example.com @dns2.example.com

Network Interface Configuration

ip Command

# Show all interfaces
ip addr show

# Show specific interface
ip addr show eth0

# Show link status
ip link show

# Show routing table
ip route show

# Show neighbors (ARP table)
ip neighbor show

# Add IP address
sudo ip addr add 192.168.1.100/24 dev eth0

# Remove IP address
sudo ip addr del 192.168.1.100/24 dev eth0

# Enable interface
sudo ip link set eth0 up

# Disable interface
sudo ip link set eth0 down

# Show interface statistics
ip -s link show eth0

ifconfig (Legacy)

# Show all interfaces
ifconfig

# Show specific interface
ifconfig eth0

# Enable interface
sudo ifconfig eth0 up

# Disable interface
sudo ifconfig eth0 down

# Assign IP address
sudo ifconfig eth0 192.168.1.100 netmask 255.255.255.0

Packet Capture and Analysis

tcpdump

# Capture on interface
sudo tcpdump -i eth0

# Capture specific number of packets
sudo tcpdump -i eth0 -c 100

# Capture and save to file
sudo tcpdump -i eth0 -w capture.pcap

# Read from file
tcpdump -r capture.pcap

# Capture specific host
sudo tcpdump host 192.168.1.1

# Capture specific port
sudo tcpdump port 80

# Capture HTTP traffic
sudo tcpdump -i eth0 'tcp port 80'

# Capture DNS traffic
sudo tcpdump -i eth0 'udp port 53'

# Verbose output
sudo tcpdump -v -i eth0

# Show ASCII
sudo tcpdump -A -i eth0

Advanced tcpdump Filters

# Capture traffic from specific source
sudo tcpdump src 192.168.1.100

# Capture traffic to specific destination
sudo tcpdump dst 192.168.1.1

# Capture specific protocol
sudo tcpdump icmp

# Capture SYN packets
sudo tcpdump 'tcp[tcpflags] & tcp-syn != 0'

# Capture port range
sudo tcpdump portrange 1000-2000

# Exclude traffic
sudo tcpdump not port 22

# Combine filters
sudo tcpdump 'host 192.168.1.1 and port 80'

HTTP/HTTPS Testing

curl

# Basic GET request
curl https://example.com

# Show headers only
curl -I https://example.com

# Follow redirects
curl -L https://example.com

# Save output to file
curl -o output.html https://example.com

# Save with original filename
curl -O https://example.com/file.pdf

# Verbose output
curl -v https://example.com

# Show timing information
curl -w "@-" -o /dev/null -s https://example.com <<'EOF'
time_namelookup:  %{time_namelookup}\n
time_connect:  %{time_connect}\n
time_total:  %{time_total}\n
EOF

# Test with specific headers
curl -H "User-Agent: Custom" https://example.com

# POST request
curl -X POST -d "param1=value1" https://example.com/api

wget

# Download file
wget https://example.com/file.pdf

# Download to specific filename
wget -O myfile.pdf https://example.com/file.pdf

# Continue interrupted download
wget -c https://example.com/largefile.zip

# Mirror website
wget --mirror --convert-links https://example.com

# Limit speed
wget --limit-rate=200k https://example.com/file.zip

Common Network Issues and Solutions

Cannot Reach Host

# 1. Check if interface is up
ip link show

# 2. Check IP configuration
ip addr show

# 3. Test local connectivity
ping 127.0.0.1

# 4. Ping gateway
ip route show  # Find gateway
ping <gateway-ip>

# 5. Check DNS
ping 8.8.8.8
nslookup google.com

# 6. Check firewall
sudo iptables -L
sudo ufw status

DNS Resolution Problems

# Check DNS configuration
cat /etc/resolv.conf

# Test different DNS servers
dig @8.8.8.8 google.com
dig @1.1.1.1 google.com

# Flush DNS cache (systemd-resolved)
sudo systemd-resolve --flush-caches

# Restart DNS resolver
sudo systemctl restart systemd-resolved

# Test /etc/hosts
grep example.com /etc/hosts

Slow Network Performance

# Check bandwidth
speedtest-cli  # Install speedtest-cli first

# Monitor network usage
iftop  # Real-time bandwidth
nethogs  # Per-process bandwidth

# Check for packet loss
ping -c 100 google.com | tail -2

# Check MTU
ip link show | grep mtu

# Test specific route
mtr --report google.com

Port Connection Issues

# Check if port is listening
ss -tunlp | grep :80
netstat -tunlp | grep :80

# Test port connectivity
telnet example.com 80
nc -zv example.com 80

# Check firewall rules
sudo iptables -L -n
sudo ufw status

# Test from localhost
curl http://localhost:80

Firewall Troubleshooting

iptables

# List all rules
sudo iptables -L -n -v

# List rules with line numbers
sudo iptables -L --line-numbers

# Check specific chain
sudo iptables -L INPUT -n

# Save current rules
sudo iptables-save > /tmp/iptables.rules

# Test temporarily allowing traffic
sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT

ufw

# Check status
sudo ufw status verbose

# Show numbered rules
sudo ufw status numbered

# Allow port
sudo ufw allow 80/tcp

# Delete rule
sudo ufw delete allow 80/tcp

# Reset to defaults
sudo ufw reset

Network Performance Testing

iperf

# Server mode
iperf -s

# Client mode
iperf -c server-ip

# UDP test
iperf -u -c server-ip

# Bidirectional test
iperf -d -c server-ip

# Set duration
iperf -c server-ip -t 30

Quick Network Diagnostics Script

#!/bin/bash
# Quick network diagnostics

echo "=== Network Interfaces ==="
ip addr show

echo -e "\n=== Default Gateway ==="
ip route | grep default

echo -e "\n=== DNS Configuration ==="
cat /etc/resolv.conf

echo -e "\n=== Testing Connectivity ==="
ping -c 3 8.8.8.8

echo -e "\n=== Testing DNS ==="
nslookup google.com

echo -e "\n=== Listening Ports ==="
ss -tunlp | grep LISTEN

echo -e "\n=== Active Connections ==="
ss -tun | grep ESTAB | wc -l

Quick Reference

# Connectivity
ping host                  # Test reachability
traceroute host           # Trace route
mtr host                  # Continuous trace

# DNS
nslookup domain           # DNS lookup
dig domain                # Detailed DNS
dig +short domain         # Quick DNS

# Interfaces
ip addr show              # Show IP addresses
ip link show              # Show interfaces
ip route show             # Show routes

# Connections
ss -tunlp                 # Listening ports
ss -tun                   # All connections
netstat -tunlp            # Legacy connections

# Packet capture
tcpdump -i eth0           # Capture packets
tcpdump port 80           # Capture port

# Testing
curl -I url               # HTTP headers
nc -zv host port          # Test port
telnet host port          # Connect to port