Skip to main content

Network Troubleshooting Cheatsheet

Network issues are among the most common problems in operations and development. This cheatsheet brings together the most practical Linux network troubleshooting commands — covering the full diagnostic chain from physical interfaces and socket connections to DNS resolution, route tracing, packet capture, performance benchmarking, and TLS security checks. Every command includes a runnable example to help you quickly pinpoint network bottlenecks and failures.

Updated: 2026-07-16·40 commands

Quick Reference

TaskCommand
List interfaces and IPsip addr show or ip a
List listening portsss -tuln
DNS resolutiondig example.com
Route tracingtraceroute example.com
Continuous trace + latencymtr example.com
Basic connectivity testping -c 5 example.com
Port connectivity testnc -vz host port
Packet capturetcpdump -i eth0
Bandwidth testiperf3 -c server_ip
TLS handshake diagnosisopenssl s_client -connect host:443

Network Interfaces

``bash # List all network interfaces and their states ip link show

# Show IP addresses assigned to interfaces ip addr show # Shorthand ip a

# Bring an interface up or down ip link set eth0 up ip link set eth0 down

# Show interface statistics (packets, errors, drops) ip -s link show eth0

# Query NIC capabilities and current settings ethtool eth0

# Show driver info and firmware version ethtool -i eth0

# Check negotiated speed, duplex, and link status ethtool eth0 | grep -E 'Speed|Duplex|Link detected'

# Identify physical NIC via PCI info lspci | grep -i ethernet `

Sockets & Connections

`bash # List all listening TCP/UDP ports (numeric) ss -tuln

# Show established TCP connections with processes ss -tup

# Socket statistics summary (total, state breakdown) ss -s

# Filter connections by state (e.g., TIME-WAIT) ss -t state time-wait

# Show connections on a specific port ss -t sport = :22

# Legacy netstat equivalent for listening ports netstat -tuln

# Show network statistics per protocol netstat -s

# Test if a TCP port is open nc -vz example.com 443

# Test a UDP port nc -vzu example.com 53

# Create a simple TCP listener (for testing) nc -lk 9999

# TCP connect scan (full handshake) nmap -sT example.com

# SYN stealth scan (requires root) nmap -sS example.com

# Scan specific ports nmap -p 22,80,443 example.com

# Fast scan of most common ports nmap -F example.com `

DNS Resolution

`bash # Detailed DNS query (A record) dig example.com

# Query a specific DNS server dig @8.8.8.8 example.com

# Reverse DNS lookup (IP to domain) dig -x 8.8.8.8

# Query specific record type (MX) dig example.com MX

# Query all record types dig example.com ANY

# Short output (just the result) dig +short example.com

# Trace the DNS resolution path dig +trace example.com

# Basic DNS query (interactive available) nslookup example.com

# Query with specific DNS server nslookup example.com 8.8.8.8

# Quick lookup (concise output) host example.com

# Query a specific record type host -t AAAA example.com

# Reverse lookup host 8.8.8.8 `

Routing & Path

`bash # Show routing table ip route show # Shorthand ip r

# Add a default gateway ip route add default via 10.0.0.1

# Add a static route ip route add 10.0.0.0/24 via 192.168.1.1

# Delete a route ip route del 10.0.0.0/24

# Check which route is used for a specific IP ip route get 8.8.8.8

# Trace the network path to a destination traceroute example.com

# Fast trace (no hostname resolution) traceroute -n example.com

# Set max hops and timeout traceroute -m 30 -w 3 example.com

# Use ICMP probes (bypass more firewalls) traceroute -I example.com

# Continuous trace + real-time latency stats mtr example.com

# Report mode (run N probes then exit) mtr -r -c 50 example.com

# Faster MTR (no hostname resolution) mtr -n example.com

# Basic ping (5 packets) ping -c 5 example.com

# Custom interval (0.2s between pings) ping -i 0.2 -c 20 example.com

# Flood ping (stress test, requires root) ping -f -c 1000 target `

Packet Capture & Analysis

`bash # Capture all traffic on an interface tcpdump -i eth0

# Limit number of captured packets tcpdump -i eth0 -c 100

# Capture traffic on a specific port tcpdump -i eth0 port 443

# Capture traffic to/from a specific host tcpdump -i eth0 host 10.0.0.1

# Combined conditions (and) tcpdump -i eth0 port 80 and host 10.0.0.1

# Combined conditions (or) tcpdump -i eth0 port 80 or port 443

# Save capture to file (for Wireshark analysis) tcpdump -i eth0 -w capture.pcap

# Read a saved capture file tcpdump -r capture.pcap

# Display hex and ASCII content tcpdump -i eth0 -X

# Show packet payload in ASCII tcpdump -i eth0 -A host example.com

# Don't resolve hostnames or ports (faster) tcpdump -i eth0 -nn

# Capture only ICMP traffic (e.g., ping) tcpdump -i eth0 icmp

# Capture packets larger than N bytes tcpdump -i eth0 greater 1000 `

Network Performance

`bash # Start iperf3 in server mode iperf3 -s

# iperf3 client bandwidth test (default TCP) iperf3 -c 10.0.0.1

# iperf3 UDP test (specify bandwidth) iperf3 -c 10.0.0.1 -u -b 100m

# iperf3 reverse test (server-to-client) iperf3 -c 10.0.0.1 -R

# iperf3 bidirectional test (send and receive) iperf3 -c 10.0.0.1 --bidir

# iperf3 test duration in seconds iperf3 -c 10.0.0.1 -t 30

# iperf3 with multiple parallel streams iperf3 -c 10.0.0.1 -P 4

# Test MTU (Maximum Transmission Unit) ping -M do -s 1472 target

# Detect path MTU traceroute --mtu target `

TLS/SSL Diagnostics

`bash # Test TLS handshake (certificates, ciphers) openssl s_client -connect example.com:443

# Show full certificate chain openssl s_client -connect example.com:443 -showcerts

# SNI-aware TLS connection (required for multi-domain hosts) openssl s_client -connect 1.2.3.4:443 -servername example.com

# Check certificate validity dates openssl s_client -connect example.com:443 \ 2>/dev/null | openssl x509 -noout -dates

# Show certificate subject and issuer openssl s_client -connect example.com:443 \ 2>/dev/null | openssl x509 -noout -subject -issuer

# Specify TLS version openssl s_client -connect example.com:443 -tls1_2

# Test a specific cipher suite openssl s_client -connect example.com:443 \ -cipher 'ECDHE-RSA-AES128-GCM-SHA256'

# Verify certificate chain completeness openssl s_client -connect example.com:443 \ -verify_return_error -showcerts \ < /dev/null 2>/dev/null ``

Interfaces(5)

CommandLevel
ip link show
List all network interfaces and their states
Basic
ip addr show / ip a
Show IP addresses assigned to network interfaces
Basic
ip link set <iface> up/down
Bring a network interface up or down
Intermediate
ip -s link show <iface>
Show interface transmit/receive statistics (packets, errors, drops)
Intermediate
ethtool <iface>
Query NIC driver capabilities and current settings (speed, duplex, etc.)
Intermediate

Sockets(9)

CommandLevel
ss -tuln
List all listening TCP/UDP ports in numeric format
Basic
ss -tup
Show established TCP connections with associated processes
Intermediate
ss -s
Show socket statistics summary (total connections, state breakdown)
Intermediate
netstat -tuln
Legacy tool to list listening ports (net-tools compatibility)
Basic
nc -vz <host> <port>
Test if a TCP port is reachable (port scan)
Basic
nc -lk <port>
Create a simple TCP listener service (for testing)
Intermediate
nmap -sT <target>
TCP connect scan (full three-way handshake)
Intermediate
nmap -sS <target>
SYN stealth scan (half-open scan, requires root)
Expert
nmap -p <ports> <target>
Scan one or more specific ports
Intermediate

DNS(5)

CommandLevel
dig <domain>
Detailed DNS query (default: A record lookup)
Basic
dig @<server> <domain>
Query a specific DNS server for resolution
Intermediate
dig -x <ip>
Reverse DNS lookup (IP address to domain name)
Intermediate
nslookup <domain>
Basic DNS lookup tool (supports interactive mode)
Basic
host <domain>
Quick DNS lookup (concise output)
Basic

Routing(8)

CommandLevel
ip route show
Show the system routing table
Intermediate
ip route add <prefix> via <gateway>
Add a static route or default gateway
Intermediate
ip route get <ip>
Check the routing path decision for an IP
Intermediate
traceroute <host>
Trace the network path to a destination host
Intermediate
traceroute -n <host>
Trace path without hostname resolution (faster)
Intermediate
mtr <host>
Continuous route trace with real-time latency statistics
Intermediate
ping -c <count> <host>
Send a specified number of ICMP Echo requests
Basic
ping -f <host>
Flood ping (high-frequency packets, requires root)
Expert

Packet Capture(5)

CommandLevel
tcpdump -i <iface>
Capture packets on a specified network interface
Intermediate
tcpdump <filter>
Capture specific traffic using BPF filter expressions
Intermediate
tcpdump -w <file> -r <file>
Save captured packets to file or read a saved capture
Intermediate
tcpdump -X / -A
Display packet payload (hex + ASCII or plain ASCII)
Expert
tcpdump -nn
Don't resolve hostnames or port names (faster, more secure)
Intermediate

Performance(5)

CommandLevel
iperf3 -s
Start iperf3 in server mode (waits for client connection)
Intermediate
iperf3 -c <server>
iperf3 client bandwidth test (default TCP)
Intermediate
iperf3 -u -b <bandwidth>
iperf3 UDP test (specify target bandwidth)
Intermediate
iperf3 -R
iperf3 reverse test (server-to-client direction)
Intermediate
ping -M do -s <size> <host>
MTU discovery (prohibit fragmentation, set payload size)
Expert

TLS/SSL(3)

CommandLevel
openssl s_client -connect <host>:<port>
Test TLS handshake and view certificates, cipher suites, etc.
Intermediate
openssl s_client -showcerts
Display the full TLS certificate chain
Expert
openssl s_client -servername <host>
SNI-aware TLS connection (required for multi-domain hosts)
Expert

FAQ

This cheatsheet is compiled from official tool documentation. Last updated: 2026-07-16.