---
title: "Network Troubleshooting Commands"
description: "Quick-reference diagnostic commands for connectivity, port debugging, firewall rules, SSL certificates, DNS resolution, and bandwidth testing."
type: reference
domain: networking
tags: [troubleshooting, diagnostics, commands, firewall, ssl, dns, bandwidth]
---

# Network Troubleshooting Reference

## Connectivity Issues

### Basic connectivity tests
```bash
# Test connectivity
ping <target_ip>
ping -c 4 <target_ip>  # Linux (4 packets)

# Test specific port
telnet <target_ip> <port>
nc -zv <target_ip> <port>  # netcat
nmap -p <port> <target_ip>

# DNS resolution
nslookup <hostname>
dig <hostname>
host <hostname>
```

### Network interface debugging
```bash
# Show interfaces
ip addr show
ifconfig

# Show routing table
ip route
route -n

# Show network statistics
netstat -i
ss -i
```

## Service Issues

### Port and process debugging
```bash
# Show listening ports
netstat -tulpn
ss -tulpn
lsof -i :<port>

# Find process using port
fuser <port>/tcp
lsof -i tcp:<port>

# Show all connections
netstat -an
ss -an
```

### Service status
```bash
# Systemd services
systemctl status <service>
systemctl is-active <service>
systemctl is-enabled <service>

# Service logs
journalctl -u <service> -f
journalctl -u <service> --since "1 hour ago"
```

## Firewall Debugging

### iptables
```bash
# List rules
iptables -L -n -v
iptables -t nat -L -n -v

# Check if rule exists
iptables -C INPUT -p tcp --dport 80 -j ACCEPT

# Temporarily disable firewall
systemctl stop iptables  # CentOS/RHEL
ufw disable              # Ubuntu
```

### UFW (Ubuntu)
```bash
# Check status
ufw status verbose

# Show rules by number
ufw status numbered

# Check logs
tail -f /var/log/ufw.log
```

## SSL/TLS Issues

### Certificate debugging
```bash
# Check certificate details
openssl x509 -in certificate.crt -text -noout
openssl s_client -connect <hostname>:443 -servername <hostname>

# Check certificate chain
openssl s_client -connect <hostname>:443 -showcerts

# Test SSL connection
curl -vI https://<hostname>
wget --no-check-certificate -O /dev/null https://<hostname>
```

### Certificate expiration
```bash
# Check expiration date
openssl x509 -in certificate.crt -enddate -noout

# Check remote certificate expiration
echo | openssl s_client -servername <hostname> -connect <hostname>:443 2>/dev/null | openssl x509 -noout -dates
```

## DNS Issues

### DNS server testing
```bash
# Test specific DNS server
nslookup <hostname> <dns_server>
dig @<dns_server> <hostname>

# Flush DNS cache
# Linux (systemd-resolved)
systemctl restart systemd-resolved
# Linux (nscd)
systemctl restart nscd
```

### DNS configuration
```bash
# Check DNS settings
cat /etc/resolv.conf
cat /etc/systemd/resolved.conf

# Test DNS resolution order
getent hosts <hostname>
```

## Performance Issues

### Bandwidth testing
```bash
# iperf3 testing
# Server: iperf3 -s
# Client: iperf3 -c <server_ip>

# wget speed test
wget -O /dev/null http://speedtest.tele2.net/100MB.zip
```

### Network latency
```bash
# Continuous ping with timestamps
ping -D <target>

# MTR (better than traceroute)
mtr <target>
mtr --report <target>
```

## Quick Diagnostics

### One-liner network check
```bash
# Basic network health
ping -c 1 8.8.8.8 && echo "Internet OK" || echo "No Internet"

# Service accessibility
nc -zv localhost 80 && echo "HTTP service running" || echo "HTTP service down"
```

### Network interface stats
```bash
# Interface statistics
cat /proc/net/dev
watch -n 1 cat /proc/net/dev
```