5 useful Linux network troubleshooting commands

Here are five commands that we can use to troubleshoot network issues in Linux.

ifconfig – configure and display network interface parameters

ifconfig: This command displays information about the network interfaces on your system, including their IP addresses, netmasks, and network statistics.

Suppose that you are having trouble connecting to the internet on your Linux machine. You open a terminal and run the command ifconfig to view the status of your network interfaces. 

If the interface is not properly configured, you are unable to connect to the internet. To fix this problem, you can try the following steps:

1. Check the physical connection to make sure that the ethernet cable is properly plugged in to both your computer and the router.
2. Run the command ifconfig eth0 up to bring the eth0 interface up. This will enable the interface and allow it to receive and transmit data.
3. Assign a valid IP address to the eth0 interface by running the command ifconfig eth0 [IP_ADDRESS] netmask [NETMASK]. Replace [IP_ADDRESS] with a valid IP address and [NETMASK] with the appropriate netmask for your network.
4. Test your internet connection to see if it is working properly.

 

related: Troubleshoot network issues with ifconfig command in Linux

However, some Linux distributions have deprecated the ifconfig command in favor of the ip command, which provides more advanced networking capabilities.

netstat – display network connections, routing tables, and other network statistics

netstat: This command displays a variety of network-related information in Linux, including active network connections, routing tables, and network statistics.

If you are having trouble connecting to a network resource, such as a web server, you can use netstat to see if there are any active connections to that server.

To do this, you can use the -a flag to display all active connections, and the -n flag to display the connections using numerical addresses rather than hostnames. For example:

$ netstat -an | grep <server_ip_address>

This will display any active connections to the server, along with their status and protocol. If there are no active connections, or if the connections are in a state such as TIME_WAIT or CLOSED, it could indicate a problem with the connection.

This article explains more about how to check network status in Linux.

Tcpdump – capture and analyze network traffic in Linux

tcpdump is a powerful command-line tool for capturing and analyzing network traffic in Linux. Here are the basic steps to use tcpdump in Linux:

Open a terminal window in Linux.

Type the following command to start tcpdump:

sudo tcpdump

Note: You must be logged in as a root user or have sudo privileges to use tcpdump.

By default, tcpdump captures traffic on all network interfaces. If you want to capture traffic on a specific interface, use the -i flag followed by the interface name. For example:

sudo tcpdump -i eth0

This captures traffic on the eth0 interface.

You can filter the captured traffic using various options. For example, to capture traffic only for a specific IP address, use the following command:

sudo tcpdump host 192.168.1.100

This captures traffic only for the IP address 192.168.1.100.

To save the captured traffic to a file, use the -w flag followed by the file name. For example:

sudo tcpdump -w mycapture.pcap

This saves the captured traffic to a file called mycapture.pcap.

To read a previously captured file, use the -r flag followed by the file name. For example:

sudo tcpdump -r mycapture.pcap

This reads the captured traffic from the file called mycapture.pcap.

Based on the analysis of the captured traffic, you can identify the root cause of the network issue. This could be issues such as misconfigured network devices, network congestion, or incorrect network settings.

These are some basic steps to use tcpdump in Linux. There are many more options available to customize the capture and filtering of network traffic using tcpdump.

You can refer to the tcpdump manual page by typing “man tcpdump” in the terminal window for more information.

ping –  test network connectivity by sending ICMP echo requests to a remote host and waiting for a response

ping: This command sends a small packet of data to a specified network host and measures the time it takes for the host to send a reply.

You can use this command to determine whether the host is reachable and to measure the round-trip time for packets sent to that host.

If you are having trouble accessing a network resource, such as a web server or a file share, you can use ping to test the connectivity between your system and the host.

To do this, you can use the ping command followed by the IP address or hostname of the target host. For example:

$ ping ip

This will send a series of ICMP request packets to the target host and display the results, including the round-trip time for each packet and the percentage of packets that were received.

If the host is reachable, you should see a series of replies from the host indicating that the packets were received.

If the host is not reachable, you will see a series of request timeouts indicating that the packets were not received. It could be a problem with the network connectivity between your system and the host.

You can use the traceroute command to see the route that packets are taking between your system and the host, which can help you identify the source of the connectivity issue.

nslookup – query DNS servers for information about a domain name or IP address

nslookup: This command allows you to query Domain Name System (DNS) servers to resolve domain names to IP addresses and vice versa.

You can use it to troubleshoot DNS-related issues or to find the IP address associated with a specific domain name.

Suppose that you are having trouble accessing a website on your computer. You receive an error message saying that the domain cannot be found.

To troubleshoot this issue, you can use the nslookup command to query the DNS server and try to resolve the domain name.

To do this, open a terminal and run the command nslookup [DOMAIN_NAME], replacing [DOMAIN_NAME] with the name of the website you are trying to access.

If the domain can be resolved, nslookup will return the IP address of the website. If the domain cannot be resolved, nslookup will return an error message indicating that the domain does not exist.