Network Troubleshooting
Objective
Systematically diagnose network connectivity issues using a layered troubleshooting approach with standard diagnostic tools.
Tools & Technologies
pingtraceroutemtrssnmaptcpdump
Key Commands
ping -c4 -W1 8.8.8.8mtr --report 8.8.8.8ss -tunpnmap -sn 192.168.1.0/24tcpdump -i eth0 'host 8.8.8.8'Architecture Overview
flowchart TD
PROB[Problem Reported] --> L1{Layer 1\nPhysical OK?}
L1 -->|No - no link| FIX1[Check cable/NIC/port]
L1 -->|Yes| L2{Layer 2\nARP resolving?}
L2 -->|No - no ARP| FIX2[Check VLAN/switch config]
L2 -->|Yes| L3{Layer 3\nCan ping gateway?}
L3 -->|No| FIX3[Check IP/subnet/routing]
L3 -->|Yes| L4{Layer 4\nDNS resolving?}
L4 -->|No| FIX4[Check DNS server/records]
L4 -->|Yes| L5{Layer 7\nApp works?}
L5 -->|No| FIX5[Check app/firewall/port]
style PROB fill:#1a1a2e,stroke:#00d4ff,color:#e0e0e0
Step-by-Step Process
01
Layer 1-3: Physical to Network
Start at the bottom of the OSI stack.
# Layer 1: physical
ip link show eth0 # UP or DOWN?
ip -s link show eth0 # check error counters
# Layer 2: ARP
arp -n # ARP table
ping -c1 192.168.1.1 # can we reach gateway?
# Layer 3: routing
ip route show # routing table correct?
traceroute -n 8.8.8.8 # where does it stop?02
Layer 4: Transport & Ports
Check if services are listening and reachable.
ss -tunlp # all listening ports
ss -tunp | grep ':80' # who's on port 80
nc -zv 192.168.1.50 80 # test TCP connectivity
curl -v http://192.168.1.50 # full HTTP test03
Capture Packets
When everything looks right but doesn't work, capture traffic.
# Capture to screen
tcpdump -i eth0 'host 8.8.8.8'
tcpdump -i eth0 'tcp port 80'
# Save to file for Wireshark
tcpdump -i eth0 -w capture.pcap
# Count packets
tcpdump -i eth0 -c 100 'port 443'Challenges & Solutions
- ping success doesn't guarantee the application works — test at layer 7 too
- ICMP blocked by firewall gives false negatives with ping/traceroute
Key Takeaways
- mtr gives real-time latency and packet loss per hop — better than traceroute
- ss is the modern replacement for netstat