Network Troubleshooting Cheatsheet
Network issues are among the most common problems in operations and development. This cheatsheet brings together the most practical Linux network troubleshooting commands — covering the full diagnostic chain from physical interfaces and socket connections to DNS resolution, route tracing, packet capture, performance benchmarking, and TLS security checks. Every command includes a runnable example to help you quickly pinpoint network bottlenecks and failures.
Quick Reference
| Task | Command |
| List interfaces and IPs | ip addr show or ip a |
| List listening ports | ss -tuln |
| DNS resolution | dig example.com |
| Route tracing | traceroute example.com |
| Continuous trace + latency | mtr example.com |
| Basic connectivity test | ping -c 5 example.com |
| Port connectivity test | nc -vz host port |
| Packet capture | tcpdump -i eth0 |
| Bandwidth test | iperf3 -c server_ip |
| TLS handshake diagnosis | openssl s_client -connect host:443 |
Network Interfaces
``bash
# List all network interfaces and their states
ip link show
# Show IP addresses assigned to interfaces ip addr show # Shorthand ip a
# Bring an interface up or down ip link set eth0 up ip link set eth0 down
# Show interface statistics (packets, errors, drops) ip -s link show eth0
# Query NIC capabilities and current settings ethtool eth0
# Show driver info and firmware version ethtool -i eth0
# Check negotiated speed, duplex, and link status ethtool eth0 | grep -E 'Speed|Duplex|Link detected'
# Identify physical NIC via PCI info
lspci | grep -i ethernet
`
Sockets & Connections
`bash
# List all listening TCP/UDP ports (numeric)
ss -tuln
# Show established TCP connections with processes ss -tup
# Socket statistics summary (total, state breakdown) ss -s
# Filter connections by state (e.g., TIME-WAIT) ss -t state time-wait
# Show connections on a specific port ss -t sport = :22
# Legacy netstat equivalent for listening ports netstat -tuln
# Show network statistics per protocol netstat -s
# Test if a TCP port is open nc -vz example.com 443
# Test a UDP port nc -vzu example.com 53
# Create a simple TCP listener (for testing) nc -lk 9999
# TCP connect scan (full handshake) nmap -sT example.com
# SYN stealth scan (requires root) nmap -sS example.com
# Scan specific ports nmap -p 22,80,443 example.com
# Fast scan of most common ports
nmap -F example.com
`
DNS Resolution
`bash
# Detailed DNS query (A record)
dig example.com
# Query a specific DNS server dig @8.8.8.8 example.com
# Reverse DNS lookup (IP to domain) dig -x 8.8.8.8
# Query specific record type (MX) dig example.com MX
# Query all record types dig example.com ANY
# Short output (just the result) dig +short example.com
# Trace the DNS resolution path dig +trace example.com
# Basic DNS query (interactive available) nslookup example.com
# Query with specific DNS server nslookup example.com 8.8.8.8
# Quick lookup (concise output) host example.com
# Query a specific record type host -t AAAA example.com
# Reverse lookup
host 8.8.8.8
`
Routing & Path
`bash
# Show routing table
ip route show
# Shorthand
ip r
# Add a default gateway ip route add default via 10.0.0.1
# Add a static route ip route add 10.0.0.0/24 via 192.168.1.1
# Delete a route ip route del 10.0.0.0/24
# Check which route is used for a specific IP ip route get 8.8.8.8
# Trace the network path to a destination traceroute example.com
# Fast trace (no hostname resolution) traceroute -n example.com
# Set max hops and timeout traceroute -m 30 -w 3 example.com
# Use ICMP probes (bypass more firewalls) traceroute -I example.com
# Continuous trace + real-time latency stats mtr example.com
# Report mode (run N probes then exit) mtr -r -c 50 example.com
# Faster MTR (no hostname resolution) mtr -n example.com
# Basic ping (5 packets) ping -c 5 example.com
# Custom interval (0.2s between pings) ping -i 0.2 -c 20 example.com
# Flood ping (stress test, requires root)
ping -f -c 1000 target
`
Packet Capture & Analysis
`bash
# Capture all traffic on an interface
tcpdump -i eth0
# Limit number of captured packets tcpdump -i eth0 -c 100
# Capture traffic on a specific port tcpdump -i eth0 port 443
# Capture traffic to/from a specific host tcpdump -i eth0 host 10.0.0.1
# Combined conditions (and) tcpdump -i eth0 port 80 and host 10.0.0.1
# Combined conditions (or) tcpdump -i eth0 port 80 or port 443
# Save capture to file (for Wireshark analysis) tcpdump -i eth0 -w capture.pcap
# Read a saved capture file tcpdump -r capture.pcap
# Display hex and ASCII content tcpdump -i eth0 -X
# Show packet payload in ASCII tcpdump -i eth0 -A host example.com
# Don't resolve hostnames or ports (faster) tcpdump -i eth0 -nn
# Capture only ICMP traffic (e.g., ping) tcpdump -i eth0 icmp
# Capture packets larger than N bytes
tcpdump -i eth0 greater 1000
`
Network Performance
`bash
# Start iperf3 in server mode
iperf3 -s
# iperf3 client bandwidth test (default TCP) iperf3 -c 10.0.0.1
# iperf3 UDP test (specify bandwidth) iperf3 -c 10.0.0.1 -u -b 100m
# iperf3 reverse test (server-to-client) iperf3 -c 10.0.0.1 -R
# iperf3 bidirectional test (send and receive) iperf3 -c 10.0.0.1 --bidir
# iperf3 test duration in seconds iperf3 -c 10.0.0.1 -t 30
# iperf3 with multiple parallel streams iperf3 -c 10.0.0.1 -P 4
# Test MTU (Maximum Transmission Unit) ping -M do -s 1472 target
# Detect path MTU
traceroute --mtu target
`
TLS/SSL Diagnostics
`bash
# Test TLS handshake (certificates, ciphers)
openssl s_client -connect example.com:443
# Show full certificate chain openssl s_client -connect example.com:443 -showcerts
# SNI-aware TLS connection (required for multi-domain hosts) openssl s_client -connect 1.2.3.4:443 -servername example.com
# Check certificate validity dates openssl s_client -connect example.com:443 \ 2>/dev/null | openssl x509 -noout -dates
# Show certificate subject and issuer openssl s_client -connect example.com:443 \ 2>/dev/null | openssl x509 -noout -subject -issuer
# Specify TLS version openssl s_client -connect example.com:443 -tls1_2
# Test a specific cipher suite openssl s_client -connect example.com:443 \ -cipher 'ECDHE-RSA-AES128-GCM-SHA256'
# Verify certificate chain completeness openssl s_client -connect example.com:443 \ -verify_return_error -showcerts \ < /dev/null 2>/dev/null ``
Interfaces(5)
| Command | Level | ||
|---|---|---|---|
ip link showList all network interfaces and their states | Basic | ip link show | |
ip addr show / ip aShow IP addresses assigned to network interfaces | Basic | ip addr show | |
ip link set <iface> up/downBring a network interface up or down | Intermediate | ip link set eth0 up | |
ip -s link show <iface>Show interface transmit/receive statistics (packets, errors, drops) | Intermediate | ip -s link show eth0 | |
ethtool <iface>Query NIC driver capabilities and current settings (speed, duplex, etc.) | Intermediate | ethtool eth0 |
Sockets(9)
| Command | Level | ||
|---|---|---|---|
ss -tulnList all listening TCP/UDP ports in numeric format | Basic | ss -tuln | |
ss -tupShow established TCP connections with associated processes | Intermediate | ss -tup | |
ss -sShow socket statistics summary (total connections, state breakdown) | Intermediate | ss -s | |
netstat -tulnLegacy tool to list listening ports (net-tools compatibility) | Basic | netstat -tuln | |
nc -vz <host> <port>Test if a TCP port is reachable (port scan) | Basic | nc -vz example.com 443 | |
nc -lk <port>Create a simple TCP listener service (for testing) | Intermediate | nc -lk 9999 | |
nmap -sT <target>TCP connect scan (full three-way handshake) | Intermediate | nmap -sT example.com | |
nmap -sS <target>SYN stealth scan (half-open scan, requires root) | Expert | nmap -sS example.com | |
nmap -p <ports> <target>Scan one or more specific ports | Intermediate | nmap -p 22,80,443 example.com |
DNS(5)
| Command | Level | ||
|---|---|---|---|
dig <domain>Detailed DNS query (default: A record lookup) | Basic | dig example.com | |
dig @<server> <domain>Query a specific DNS server for resolution | Intermediate | dig @8.8.8.8 example.com | |
dig -x <ip>Reverse DNS lookup (IP address to domain name) | Intermediate | dig -x 8.8.8.8 | |
nslookup <domain>Basic DNS lookup tool (supports interactive mode) | Basic | nslookup example.com | |
host <domain>Quick DNS lookup (concise output) | Basic | host example.com |
Routing(8)
| Command | Level | ||
|---|---|---|---|
ip route showShow the system routing table | Intermediate | ip route show | |
ip route add <prefix> via <gateway>Add a static route or default gateway | Intermediate | ip route add default via 10.0.0.1 | |
ip route get <ip>Check the routing path decision for an IP | Intermediate | ip route get 8.8.8.8 | |
traceroute <host>Trace the network path to a destination host | Intermediate | traceroute example.com | |
traceroute -n <host>Trace path without hostname resolution (faster) | Intermediate | traceroute -n example.com | |
mtr <host>Continuous route trace with real-time latency statistics | Intermediate | mtr example.com | |
ping -c <count> <host>Send a specified number of ICMP Echo requests | Basic | ping -c 5 example.com | |
ping -f <host>Flood ping (high-frequency packets, requires root) | Expert | ping -f -c 1000 target |
Packet Capture(5)
| Command | Level | ||
|---|---|---|---|
tcpdump -i <iface>Capture packets on a specified network interface | Intermediate | tcpdump -i eth0 | |
tcpdump <filter>Capture specific traffic using BPF filter expressions | Intermediate | tcpdump -i eth0 port 443 or port 80 | |
tcpdump -w <file> -r <file>Save captured packets to file or read a saved capture | Intermediate | tcpdump -i eth0 -w capture.pcap && tcpdump -r capture.pcap | |
tcpdump -X / -ADisplay packet payload (hex + ASCII or plain ASCII) | Expert | tcpdump -i eth0 -X host example.com | |
tcpdump -nnDon't resolve hostnames or port names (faster, more secure) | Intermediate | tcpdump -i eth0 -nn |
Performance(5)
| Command | Level | ||
|---|---|---|---|
iperf3 -sStart iperf3 in server mode (waits for client connection) | Intermediate | iperf3 -s | |
iperf3 -c <server>iperf3 client bandwidth test (default TCP) | Intermediate | iperf3 -c 10.0.0.1 | |
iperf3 -u -b <bandwidth>iperf3 UDP test (specify target bandwidth) | Intermediate | iperf3 -c 10.0.0.1 -u -b 100m | |
iperf3 -Riperf3 reverse test (server-to-client direction) | Intermediate | iperf3 -c 10.0.0.1 -R | |
ping -M do -s <size> <host>MTU discovery (prohibit fragmentation, set payload size) | Expert | ping -M do -s 1472 target |
TLS/SSL(3)
| Command | Level | ||
|---|---|---|---|
openssl s_client -connect <host>:<port>Test TLS handshake and view certificates, cipher suites, etc. | Intermediate | openssl s_client -connect example.com:443 | |
openssl s_client -showcertsDisplay the full TLS certificate chain | Expert | openssl s_client -connect example.com:443 -showcerts | |
openssl s_client -servername <host>SNI-aware TLS connection (required for multi-domain hosts) | Expert | openssl s_client -connect 1.2.3.4:443 -servername example.com |