πŸ› οΈ

Network Troubleshooting Tools Overview

Jun 16, 2025

Overview

This lecture covers essential network troubleshooting utilities available at the command line, including how to use them, their output, and what network information they reveal.

Ping Command

  • The ping command checks network connectivity to a device by sending ICMP (Internet Control Message Protocol) packets.
  • Successful pings indicate network reachability, showing bytes sent/received, sequence number, TTL (Time to Live), and round-trip time.
  • Time-out messages indicate communication failure to the target device.
  • Use Ctrl+C to stop continuous pings and view session statistics.

Traceroute Command

  • The traceroute command identifies each router (hop) between your device and the destination.
  • It works by sending packets with increasing TTL; each expired TTL generates a response from the router.
  • Output lists each hop's IP address and three round-trip response times.
  • Asterisks in output indicate filtered or blocked ICMP messages, often due to firewalls.
  • The Windows version of traceroute is called tracert; Linux/Mac OS use traceroute.

DNS Query Utilities: NSLookup & Dig

  • NSLookup and dig query DNS servers to resolve domain names to IP addresses and view other DNS records.
  • NSLookup is deprecated in favor of dig.
  • Both commands can show multiple IP addresses for a domain (for redundancy).
  • Dig is standard on Linux/Mac OS and available for Windows through third-party installation.

Packet Capture: tcpdump

  • The tcpdump utility captures and displays network packets in real time or saves them in pcap format for analysis.
  • Useful for troubleshooting and viewing detailed traffic information.
  • Netstat shows active network connections, protocols, local/remote IP addresses, port numbers, and executable names.

Viewing Network Configuration & ARP

  • Use ipconfig (Windows) or ifconfig/ip addr (Linux/Mac OS) to view local IP, subnet mask, gateway, and network adapter info.
  • ipconfig /all in Windows provides detailed configuration, including MAC address, DHCP, and DNS settings.
  • The arp -a command displays the Address Resolution Protocol cache, mapping IP addresses to MAC addresses.
  • The ARP cache updates when you communicate with a new device on the network.

Key Terms & Definitions

  • Ping β€” Command to test network connectivity using ICMP echo requests and replies.
  • ICMP β€” Internet Control Message Protocol, used for network diagnostics and error reporting.
  • Traceroute/tracert β€” Utility to trace the path of packets through network routers.
  • TTL (Time to Live) β€” Field limiting packet hops; decrements at each router.
  • NSLookup/Dig β€” Tools to query DNS servers for name resolution.
  • tcpdump β€” Command-line tool to capture network packets.
  • Netstat β€” Utility showing network connections and protocol statistics.
  • ipconfig/ifconfig/ip addr β€” Commands displaying network interface configurations.
  • ARP (Address Resolution Protocol) β€” Maps IP addresses to MAC addresses in a local cache.

Action Items / Next Steps

  • Practice using ping, traceroute, NSLookup, dig, tcpdump, netstat, ipconfig/ifconfig, and arp commands on your system.
  • Review the outputs to become familiar with each utility’s format.
  • Explore packet captures with tcpdump and load them into Wireshark if available.

Full transcript