When networks fail, you need systematic approaches and the right tools to diagnose issues. This module covers the essential troubleshooting toolkit every engineer should master.
Estimated Time: 3-4 hours Difficulty: Intermediate Prerequisites: All previous modules
Layer 7: Application "Is the application configured correctly?"Layer 6: Presentation "Is data being encrypted/decoded properly?"Layer 5: Session "Is the session established?"Layer 4: Transport "Is the port open? Is TCP/UDP working?"Layer 3: Network "Can I reach the IP? Is routing correct?"Layer 2: Data Link "Is the MAC address reachable?"Layer 1: Physical "Is the cable plugged in? Is there power?"
# Linux/Mactraceroute google.com# Windowstracert google.com# Using TCP instead of ICMP (bypasses ICMP blocks)traceroute -T -p 443 google.com
Output:
Copy
traceroute to google.com (142.250.190.46), 30 hops max 1 192.168.1.1 (192.168.1.1) 1.234 ms 1.123 ms 1.456 ms 2 10.0.0.1 (10.0.0.1) 5.678 ms 5.432 ms 5.789 ms 3 * * * ← No response 4 72.14.215.85 (72.14.215.85) 10.123 ms 9.876 ms 5 142.250.190.46 (142.250.190.46) 12.345 ms 11.987 ms
Interpreting Results:
Pattern
Meaning
* * *
Hop doesn’t respond to probes (firewall/ICMP blocked)
# Linux (ss is modern replacement for netstat)ss -tuln # TCP/UDP listening portsss -tunp # Include process namesss -s # Summary statistics# Windowsnetstat -an # All connections, numericnetstat -ano # Include process IDsnetstat -b # Show executable names (admin required)# Macnetstat -an | grep LISTEN # Listening portslsof -i -P # Better alternative
Common Flags:
Flag
Meaning
-t
TCP connections
-u
UDP connections
-l
Listening sockets only
-n
Numeric (don’t resolve names)
-p
Show process
Output Example:
Copy
State Recv-Q Send-Q Local Address:Port Peer Address:PortLISTEN 0 128 0.0.0.0:22 0.0.0.0:* ← SSH listeningLISTEN 0 128 0.0.0.0:80 0.0.0.0:* ← HTTP listeningESTAB 0 0 192.168.1.10:52431 93.184.216.34:443 ← Active HTTPS
# nslookup (simple, cross-platform)nslookup google.comnslookup google.com 8.8.8.8 # Use specific DNS servernslookup -type=MX google.com # Query MX records# dig (more detailed, Linux/Mac)dig google.comdig google.com MX # MX recordsdig @8.8.8.8 google.com # Use specific serverdig +trace google.com # Show full resolution pathdig +short google.com # Just the IP
dig Output Explained:
Copy
$ dig example.com;; QUESTION SECTION:;example.com. IN A;; ANSWER SECTION:example.com. 3600 IN A 93.184.216.34 ↑ ↑ TTL Answer;; Query time: 25 msec;; SERVER: 8.8.8.8#53
Check if a port is open and accepting connections.
Copy
# telnet (basic)telnet google.com 443telnet mail.example.com 25# netcat (more powerful)nc -zv google.com 443 # Test if port is opennc -zv google.com 80-443 # Scan port rangenc -l 8080 # Listen on port (create server)# Test with timeoutnc -zv -w 5 google.com 443 # 5 second timeout
# 1. Check if you have networkping 8.8.8.8# 2. Check DNS resolutionnslookup example.com# 3. Check if website respondscurl -I https://example.com# 4. Check your routingtraceroute example.com# 5. Check if port is blocked locallysudo iptables -L -n # Linuxnetsh advfirewall show allprofiles # Windows
# Service is not running or not listening on that port# 1. Check if service is runningsystemctl status nginxps aux | grep nginx# 2. Check what's listeningss -tuln | grep 80# 3. Check if it's bound to the right interface# 0.0.0.0:80 = all interfaces# 127.0.0.1:80 = localhost only