Common Connectivity Issues

Category: Network Troubleshooting
Type: Network Tools & Commands
Generated on: 2025-07-11 01:35:45
For: Network Engineering, Administration & Technical Interviews

This cheatsheet provides a practical guide to common network tools and commands for diagnosing and resolving connectivity issues. It’s designed for network administrators and engineers of all levels.

1. Tool Overview

Tool	Description	When to Use
`ping`	Tests basic connectivity to a host by sending ICMP echo requests.	Verify if a host is reachable. Quick check for network latency.
`traceroute`/`tracert`	Traces the route packets take to a destination, showing each hop along the way.	Identify bottlenecks or routing problems. Determine the path packets are taking.
`nslookup`/`dig`	Queries DNS servers to resolve domain names to IP addresses and vice versa.	Troubleshoot DNS resolution issues. Verify DNS records.
`netstat`/`ss`	Displays network connections, routing tables, interface statistics, and listening ports.	Identify open ports, established connections, and listening services. Investigate connection problems.
`tcpdump`/`Wireshark`	Captures and analyzes network traffic.	Deep dive into network packets. Troubleshoot protocol issues. Analyze network performance. Identify malicious traffic. Wireshark is the GUI version and more user-friendly for analysis. `tcpdump` is command-line based.
`ip`/`ifconfig`	(Linux) Manages network interfaces, IP addresses, routing tables, and more.	Configure network interfaces. View IP address information. Manage routing tables.
`ipconfig`	(Windows) Displays and configures network interface settings.	View IP address information. Release and renew DHCP leases.
`route`	Displays and manages the routing table.	View and modify the routing table. Useful for static routing configurations.
`nmap`	Network mapper; scans networks to discover hosts, services, and operating systems.	Network discovery. Security auditing. Vulnerability assessment.
`mtr`	Combines the functionality of `ping` and `traceroute` to provide a dynamic view of network latency.	Continuously monitor network latency and packet loss along a path.
`curl`/`wget`	Transfers data with URLs. Useful for testing HTTP/HTTPS connectivity.	Verify web server accessibility. Download files. Test API endpoints.

2. Basic Syntax

ping:
- ping <hostname_or_ip>
- Example: ping google.com
traceroute/tracert:
- traceroute <hostname_or_ip> (Linux/macOS)
- tracert <hostname_or_ip> (Windows)
- Example: traceroute 8.8.8.8
nslookup:
- nslookup <hostname>
- Example: nslookup example.com
dig:
- dig <hostname>
- Example: dig example.com
netstat:
- netstat -an (all connections and listening ports)
- netstat -ntlp (TCP listening ports with program names - Linux)
- Example: netstat -an | grep 80
ss:
- ss -lt (listening TCP sockets)
- ss -an (all sockets)
- Example: ss -ltp
tcpdump:
- tcpdump -i <interface> <filter>
- Example: tcpdump -i eth0 port 80
ip:
- ip addr show (show interface addresses)
- ip route show (show routing table)
- Example: ip addr show eth0
ifconfig:
- ifconfig <interface> (show interface configuration)
- Example: ifconfig eth0
ipconfig:
- ipconfig /all (show all interface information)
- ipconfig /release (release DHCP lease)
- ipconfig /renew (renew DHCP lease)
- Example: ipconfig /all
route:
- route -n (show routing table numerically)
- route add default gw <gateway_ip> (add default route)
- Example: route -n
nmap:
- nmap <target> (basic scan)
- nmap -p <ports> <target> (scan specific ports)
- Example: nmap 192.168.1.1
mtr:
- mtr <hostname_or_ip>
- Example: mtr google.com
curl:
- curl <URL>
- Example: curl https://www.example.com
wget:
- wget <URL>
- Example: wget https://www.example.com/file.txt

3. Practical Examples

Verify basic connectivity to Google:

ping google.com

PING google.com (142.250.184.142) 56(84) bytes of data.
64 bytes from fra16s54-in-f14.1e100.net (142.250.184.142): icmp_seq=1 ttl=119 time=7.89 ms
64 bytes from fra16s54-in-f14.1e100.net (142.250.184.142): icmp_seq=2 ttl=119 time=7.95 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 7.890/7.920/7.950/0.030 ms

Trace the route to a specific IP address:

traceroute 8.8.8.8

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  1.234 ms  1.345 ms  1.456 ms
 2  10.0.0.1 (10.0.0.1)  5.678 ms  5.789 ms  5.890 ms
 3  ...
 4  dns.google (8.8.8.8)  15.678 ms  15.789 ms  15.890 ms

Resolve a domain name to an IP address:

nslookup example.com

Server:         192.168.1.1
Address:        192.168.1.1#53

Non-authoritative answer:
Name:   example.com
Address: 93.184.216.34

Display all network connections:
Terminal window
```
netstat -an
```
(Output will vary depending on current connections)
Capture traffic on a specific interface (use with caution):
Terminal window
```
sudo tcpdump -i eth0 -n -s 0 port 80 or port 443
```
(Captures HTTP and HTTPS traffic on eth0. Requires root privileges.)
Check the IP address of an interface (Linux):
Terminal window
```
ip addr show eth0
```
Check the IP address of an interface (Windows):
Terminal window
```
ipconfig /all
```
Check the routing table (Linux/macOS):
Terminal window
```
route -n
```
Check the routing table (Windows):
Terminal window
```
route print
```
Scan for open ports on a host:
Terminal window
```
nmap 192.168.1.100
```
Monitor network latency to a destination:
Terminal window
```
mtr google.com
```
Test HTTP connectivity to a website:
Terminal window
```
curl -I https://www.example.com
```
(-I option retrieves headers only)

4. Common Options

Tool	Option	Description
`ping`	`-c <count>`	Number of ping packets to send.
	`-i <interval>`	Interval between ping packets (seconds).
	`-t`	(Windows) Ping continuously until stopped.
`traceroute`/`tracert`	`-m <max_hops>`	Maximum number of hops to trace.
`nslookup`	`<server>`	Specify a specific DNS server to query.
`dig`	`+trace`	Trace the DNS resolution path.
`netstat`/`ss`	`-n`	Display addresses and port numbers numerically (don’t resolve hostnames).
	`-t`	TCP connections only.
	`-u`	UDP connections only.
	`-l`	Listening sockets only.
	`-p`	Show the PID and program name associated with the connection (requires root).
`tcpdump`	`-i <interface>`	Specify the network interface to capture traffic on.
	`-n`	Don’t resolve hostnames or port names.
	`-s <snaplen>`	Specify the snapshot length (0 for full packet).
	`-w <file>`	Write captured packets to a file.
	`-r <file>`	Read captured packets from a file.
`ipconfig`	`/release`	Release the DHCP lease.
	`/renew`	Renew the DHCP lease.
`nmap`	`-p <ports>`	Specify the ports to scan (e.g., `22,80,443`).
	`-sV`	Service version detection.
	`-O`	Operating system detection.
`curl`	`-I`	Get headers only.
	`-v`	Verbose output.
	`-o <file>`	Save the output to a file.
`wget`	`-O <file>`	Save the output to a file.
	`-q`	Quiet mode (suppress output).

5. Advanced Usage

tcpdump with complex filters:
Terminal window
```
sudo tcpdump -i eth0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
```
(Captures HTTP traffic with payload data, excluding ACK-only packets)
nmap vulnerability scan:
Terminal window
```
nmap -sV --script vuln <target_ip>
```
(Performs service version detection and runs vulnerability scripts)
dig to query a specific DNS record type:
Terminal window
```
dig example.com MX
```
(Queries for the MX (mail exchange) records of example.com)
mtr with TCP:
Terminal window
```
mtr -T google.com
```
(Uses TCP packets instead of UDP/ICMP)
ss to find connections to a specific port:
Terminal window
```
ss -tan | grep :8080
```
(Finds all TCP connections to port 8080)

6. Troubleshooting Scenarios

Scenario	Tools to Use	Steps
Cannot reach a website	`ping`, `traceroute`/`tracert`, `nslookup`/`dig`, `curl`/`wget`	1. `ping` the website’s hostname. If it fails, check DNS resolution with `nslookup`/`dig`. 2. If DNS resolves, use `traceroute`/`tracert` to identify where the connection is failing. 3. Use `curl`/`wget` to test HTTP/HTTPS connectivity directly. 4. Check firewall rules on your local machine and any network firewalls.
Slow network performance	`ping`, `traceroute`/`tracert`, `mtr`, `tcpdump`/Wireshark	1. `ping` to measure latency. 2. `traceroute`/`tracert` or `mtr` to identify slow hops. 3. Use `tcpdump`/Wireshark to analyze network traffic for bottlenecks or retransmissions. 4. Check for high CPU or memory utilization on network devices.
DNS resolution issues	`nslookup`/`dig`, `ping`	1. Use `nslookup`/`dig` to query different DNS servers. 2. `ping` a known working IP address (e.g., 8.8.8.8) to rule out general network connectivity issues. 3. Check your DNS server settings. 4. Flush your DNS cache (`ipconfig /flushdns` on Windows, `sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder` on macOS).
Port is not listening	`netstat`/`ss`, `nmap`	1. Use `netstat`/`ss` to check if the service is listening on the expected port. 2. Use `nmap` to scan the host and verify the port’s status. 3. Check firewall rules to ensure the port is not blocked. 4. Verify the service is running and configured correctly.
DHCP issues	`ipconfig` (Windows), `ifconfig`/`ip` (Linux), `dhclient` (Linux)	1. Use `ipconfig /all` (Windows) or `ifconfig`/`ip` (Linux) to check your IP address and DHCP server settings. 2. Release and renew your DHCP lease (`ipconfig /release && ipconfig /renew` on Windows, `sudo dhclient -r <interface> && sudo dhclient <interface>` on Linux). 3. Check the DHCP server’s configuration and logs.
Intermittent connectivity	`ping`, `mtr`, `tcpdump`/Wireshark	1. Run `ping` with a large packet count to monitor for packet loss over time. 2. Use `mtr` to continuously monitor network latency and packet loss along a path. 3. Use `tcpdump`/Wireshark to capture traffic during periods of connectivity issues. 4. Check for interference or hardware problems.
VPN Connectivity Issues	`ping`, `traceroute`/`tracert`, `ipconfig`/`ifconfig`/`ip`, VPN client logs	1. Ping the VPN server’s address to ensure basic reachability. 2. Trace the route to the VPN server. 3. Check the IP address assigned by the VPN after connecting. 4. Review the VPN client logs for error messages. 5. Check firewall rules for VPN traffic.

7. Output Interpretation

ping: High latency or packet loss indicates network problems. Look for consistent timeouts or unreachable hosts.
traceroute/tracert: High latency or asterisks (*) indicate potential bottlenecks or routing issues. Changes in the path can suggest routing instability.
nslookup/dig: “Server failed” or “connection timed out” indicates DNS server problems. Incorrect IP addresses indicate DNS record errors.
netstat/ss: “TIME_WAIT” connections are normal, but a large number of them can indicate a problem with connection management. “ESTABLISHED” connections show active connections. “LISTEN” shows a service is listening on a specific port.
tcpdump: Analyze captured packets to identify protocol errors, retransmissions, or malicious traffic. Wireshark provides a GUI for easier analysis.
nmap: “Open” ports indicate a service is listening. “Closed” ports indicate the port is accessible but no service is listening. “Filtered” ports indicate a firewall is blocking the connection.
mtr: Displays latency and packet loss at each hop along the path. High packet loss at a specific hop indicates a problem at that location.

8. Security Considerations

tcpdump: Captures sensitive data. Use filters to limit captured traffic. Store captured files securely. Do not capture traffic without proper authorization.
nmap: Can be detected as a port scan. Use it responsibly and with permission. Avoid aggressive scanning options that could disrupt network services.
route add: Incorrectly modifying the routing table can disrupt network connectivity. Test changes in a non-production environment first.
General: Avoid running network tools from untrusted sources. Always use strong passwords and keep your systems updated with the latest security patches.

9. Platform Differences

Tool	Linux	Windows	macOS
`ping`	Standard command.	Standard command.	Standard command.
`traceroute`	Standard command.	`tracert` command.	Standard command.
`nslookup`	Standard command. Deprecated.	Standard command. Deprecated.	Standard command. Deprecated.
`dig`	Not always installed by default.	Not included by default. Requires installation or using WSL.	Not always installed by default.
`netstat`	Standard command.	Standard command.	Standard command.
`ss`	Modern alternative to `netstat`.	Not available by default. Requires installation or using WSL.	Not available by default. Requires installation or using brew.
`tcpdump`	Standard command. Requires root.	Not a standard command. Requires WinPcap/Npcap and tcpdump for Windows.	Standard command. Requires root.
`ip`	Standard command (iproute2 package).	Not available. Use `netsh` or PowerShell commands.	Standard command (iproute2 package)
`ifconfig`	Deprecated, but often available.	`ipconfig` command.	Deprecated, but often available.
`route`	Standard command.	`route print` command.	Standard command.
`nmap`	Standard command.	Requires installation.	Standard command.
`mtr`	Standard command.	Requires installation or using WSL.	Requires installation or using brew.
`curl`	Standard command.	Standard command.	Standard command.
`wget`	Not always installed by default.	Not a standard command. Requires installation or using WSL.	Not always installed by default.

This cheatsheet is a starting point. Mastering these tools requires practice and understanding of networking concepts. Always consult the tool’s manual pages (man <tool>) for complete documentation.