Linux Network Troubleshooting Cheatsheet
🔍 Network Interface & Configuration
View Network Interfaces
ip addr show # Show all interfaces with IP addresses
ip link show # Show all interfaces (link layer)
ifconfig -a # Legacy: show all interfaces
nmcli device status # NetworkManager: device status
ip -br addr # Brief output of interfaces and IPsInterface Statistics
ip -s link # Show interface statistics
ifconfig eth0 # Stats for specific interface
cat /proc/net/dev # Raw interface statistics
ethtool eth0 # Driver and hardware info
ethtool -S eth0 # Detailed NIC statisticsBring Interface Up/Down
ip link set eth0 up/down # Enable/disable interface
ifconfig eth0 up/down # Legacy method
nmcli con up/down "name" # NetworkManager method🌐 Connectivity Testing
Basic Connectivity
ping -c 4 8.8.8.8 # Test IPv4 connectivity
ping6 -c 4 2001:4860:4860::8888 # Test IPv6 connectivity
ping -i 0.2 host # Ping every 0.2 seconds
ping -s 1500 host # Test with specific packet size
ping -f host # Flood ping (careful!)Path Discovery
traceroute google.com # Trace route to destination
tracepath google.com # Similar, no root required
mtr google.com # Combines ping and traceroute
mtr -r -c 10 google.com # Report mode, 10 cycles
tcptraceroute google.com 443 # TCP-based traceroutePort Testing
nc -zv host 80 # Test TCP port 80
nc -zvu host 53 # Test UDP port 53
telnet host 443 # Test connectivity to port
timeout 1 bash -c 'cat < /dev/null > /dev/tcp/host/80' # Bash TCP test
nmap -p 80,443 host # Scan specific portsTCP Port Checking (Detailed)
# Using netcat (nc)
nc -zv host 80 # Check single TCP port
nc -zv host 80-90 # Check TCP port range
nc -zvw 3 host 443 # Set 3 second timeout
echo "" | nc -v host 80 # Verbose connection attempt
# Using nmap
nmap -p 80 host # Check specific port
nmap -p 80,443,8080 host # Check multiple ports
nmap -p 1-1000 host # Check port range
nmap -p- host # Scan all 65535 ports
nmap -sT host # TCP connect scan
nmap -sS host # TCP SYN scan (requires root)
nmap -Pn -p 80 host # Skip ping, just check port
# Using bash built-in /dev/tcp
timeout 1 bash -c '</dev/tcp/host/80' && echo "Port 80 open" || echo "Port 80 closed"
(echo >/dev/tcp/host/80) &>/dev/null && echo "open" || echo "closed"
# Using telnet
telnet host 80 # Interactive test
echo -e '\035' | telnet host 80 2>&1 | grep Connected # Non-interactive
# Using curl for HTTP/HTTPS ports
curl -I host:80 --connect-timeout 3 # HTTP port test
curl -I https://host:443 --connect-timeout 3 # HTTPS port test
# Using socat
socat - TCP:host:80,connect-timeout=3 # Test TCP connection
# Using python one-liner
python3 -c "import socket; s=socket.socket(); s.settimeout(3); result=s.connect_ex(('host',80)); print('open' if result==0 else 'closed')"
# Check local listening ports
ss -tlnp | grep :80 # Check if port 80 is listening locally
lsof -i TCP:80 # Show process using TCP port 80
fuser 80/tcp # Find process ID using port
netstat -tlnp | grep :80 # Legacy methodMass Port Scanning
# Scan common web ports
nmap -p 80,443,8080,8443 host
# Fast scan of top 100 ports
nmap -F host
# Scan with service version detection
nmap -sV -p 80,443 host
# Parallel checking multiple hosts
parallel -j 10 'nc -zv {} 80' ::: host1 host2 host3
# Check multiple ports with timeout
for port in 80 443 22 3306; do
timeout 1 bash -c "</dev/tcp/host/$port" 2>/dev/null && echo "Port $port open" || echo "Port $port closed"
done📊 DNS Troubleshooting
DNS Queries
nslookup google.com # Basic DNS lookup
dig google.com # Detailed DNS query
dig +short google.com # Just the answer
dig @8.8.8.8 google.com # Query specific DNS server
dig +trace google.com # Trace DNS delegation
host google.com # Simple hostname lookupDNS Configuration
cat /etc/resolv.conf # Current DNS servers
systemd-resolve --status # SystemD resolver status
resolvectl status # Modern systemd DNS info
nmcli dev show | grep DNS # NetworkManager DNS settingsDNS Cache
systemd-resolve --flush-caches # Flush systemd DNS cache
nscd -i hosts # Flush nscd cache
rndc flush # Flush BIND cache (if running)🔗 Routing
View Routing Table
ip route show # Current routing table
ip route get 8.8.8.8 # Show route to specific IP
route -n # Legacy: numeric routing table
netstat -rn # Alternative routing display
ip -6 route # IPv6 routing tableModify Routes
ip route add 192.168.1.0/24 via 10.0.0.1 # Add route
ip route del 192.168.1.0/24 # Delete route
ip route add default via 192.168.1.1 # Add default gateway
ip route replace 10.0.0.0/8 via 192.168.1.1 # Replace existing route🔌 Connection Monitoring
Active Connections
ss -tunap # All TCP/UDP connections
ss -lt # Listening TCP ports
ss -lu # Listening UDP ports
netstat -tunlp # Legacy: listening ports
lsof -i :80 # Process using port 80
fuser 80/tcp # Alternative to find processConnection Statistics
ss -s # Socket statistics summary
netstat -s # Protocol statistics
conntrack -L # Connection tracking table
cat /proc/net/nf_conntrack # Raw conntrack entries📈 Bandwidth & Performance
Traffic Monitoring
iftop -i eth0 # Real-time bandwidth by connection
nethogs eth0 # Bandwidth by process
bmon # Bandwidth monitor
vnstat -l # Live traffic monitor
tcptrack -i eth0 # TCP connection monitorThroughput Testing
iperf3 -s # Start iperf server
iperf3 -c server_ip # Test to iperf server
curl -o /dev/null http://speedtest.tele2.net/1GB.zip # Download speed test
speedtest-cli # Internet speed test🛡️ Firewall Troubleshooting
iptables (Legacy)
iptables -L -n -v # List all rules
iptables -t nat -L -n -v # List NAT rules
iptables -S # Show rules as commands
iptables-save # Dump all rulesnftables (Modern)
nft list ruleset # Show all rules
nft list table inet filter # List specific table
nft monitor # Monitor rule matchesfirewalld
firewall-cmd --list-all # Show all rules
firewall-cmd --get-active-zones # Active zones
firewall-cmd --list-services # Allowed services
firewall-cmd --list-ports # Open ports🎯 Packet Capture & Analysis
tcpdump
tcpdump -i eth0 # Capture on interface
tcpdump -i any -n port 80 # Capture port 80 traffic
tcpdump -i eth0 -w capture.pcap # Save to file
tcpdump -r capture.pcap # Read from file
tcpdump -i eth0 'tcp[tcpflags] & (tcp-syn) != 0' # SYN packets onlyAdvanced Filters
tcpdump host 192.168.1.1 # Traffic to/from host
tcpdump src 10.0.0.0/8 # Source network
tcpdump dst port 443 # Destination port
tcpdump 'icmp[icmptype] = 8' # ICMP echo requests🔧 Network Configuration Files
System Configuration
/etc/hostname # System hostname
/etc/hosts # Static host mappings
/etc/resolv.conf # DNS resolver config
/etc/nsswitch.conf # Name service switch config
/etc/services # Service port mappingsNetworkManager
/etc/NetworkManager/system-connections/ # Connection profiles
nmcli con show # List connections
nmcli con show "name" # Show connection details
nmcli general status # Overall statussystemd-networkd
/etc/systemd/network/ # Network configurations
networkctl list # List network links
networkctl status eth0 # Interface details🆘 Quick Diagnostics Commands
One-Liner Health Checks
# Check if network is up
ping -c 1 8.8.8.8 &>/dev/null && echo "Internet OK" || echo "Internet DOWN"
# Test DNS resolution
nslookup google.com &>/dev/null && echo "DNS OK" || echo "DNS FAIL"
# Check default gateway
ip route | grep default || echo "No default gateway!"
# List all listening services
ss -tulnp | grep LISTEN
# Show dropped packets
ip -s link | grep -A1 "RX errors"
# Quick connectivity test to multiple hosts
for host in google.com cloudflare.com github.com; do ping -c1 -W1 $host &>/dev/null && echo "$host OK" || echo "$host FAIL"; done📝 Common Troubleshooting Scenarios
No Internet Connection
- Check interface status:
ip link show - Verify IP address:
ip addr show - Test gateway:
ping <gateway_ip> - Check DNS:
nslookup google.com - Test external connectivity:
ping 8.8.8.8
Slow Network
- Check interface errors:
ip -s link - Monitor bandwidth:
iftop -i eth0 - Check duplex settings:
ethtool eth0 - Test throughput:
iperf3 -c server - Check MTU:
ping -M do -s 1472 host
DNS Issues
- Check resolver config:
cat /etc/resolv.conf - Test DNS servers:
dig @8.8.8.8 google.com - Flush cache:
systemd-resolve --flush-caches - Check nsswitch:
grep hosts /etc/nsswitch.conf
Port Connection Issues
- Check if port is listening:
ss -tlnp | grep :port - Test connectivity:
nc -zv host port - Check firewall:
iptables -L -n | grep port - Trace connection:
tcpdump -i any port <port>
💡 Pro Tips
- Use
-nflag to skip DNS lookups for faster output - Combine
watchwith commands for real-time monitoring:watch -n1 'ss -s' - Use
teeto save output while viewing:tcpdump -i eth0 | tee capture.txt - Enable timestamps in tcpdump:
tcpdump -tttt - Use
column -tfor better formatted output:ip route | column -t - Check command history for previous troubleshooting:
history | grep -E 'ping|dig|ip'
Remember: Some commands require root/sudo privileges. Always be cautious when modifying network configurations on production systems.