Network Troubleshooting: Part II

The course is part of this learning path

Linux Administration Bootcamp
Start course

This course covers the essentials of networking with Linux. This course is part of the Linux Administration Bootcamp learning path, designed to get you up and running with Linux.

Learning Objectives

  • Understand the TCP/IP protocol and the most important aspects of IP networking
  • Learn how DNS, hostnames, and IP addresses are used in networking on Linux
  • Learn about DHCP, as well as status and dynamic addressing
  • Learn some of the most common tools you can use to perform network diagnostics

Intended Audience

  • Anyone with basic knowledge of Linux who wants to learn more
  • System administrators or IT professionals who want to learn more about networking on Linux


This is an intermediate-level course so some knowledge of Linux is expected. If you're just starting out, then try our Linux Fundamentals course first.


The netstat command can be used to collect a wide variety of network information. I'll share with you some of my favorite and most used netstat options. The dash n option is used to display numerical IP addresses, and ports as opposed to host names and service names. You can use this option in conjunction with most other netstat options. To get a list of network interfaces on your system, you can use the dash I option. To display routing information, use dash R. I often use netstat dash RN to display the routes using IP addresses.

The dash P option displays the PID and program that is using a given socket. For example, if you are connecting via SSH to a server and you run netstat space dash P, you'll see the PID of the specific SSH process, you are connected to. Note that you'll need to use root privileges with the dash P option. The dash L option displays listening sockets. Use this option in conjunction with a P option to see what processes are listening on what ports.

On a web server for example, it will show that a process such as engine X or Apache is listening on port 80. If you cannot connect to a given port on a system run this command to make sure the process is actually listening on that port. You can limit the output of netstat to a specific protocol. To limit output to the TCP protocol use netstat dash T, for UDP use the dash U option. If you want to list of all programs that are listening on TCP ports you can use netstat space dash ntlp.

Here's some sample output from the netstat command. The first bit of output is a list of network interfaces from the netstat space dash I command. Next, the routing information is displayed when netstat dash RN. Finally, a list of programs that are listening on TCP ports is displayed. In this example, SSH is listening on port 22 and a program called master which is the postfix master process is listening on the SMTP port port 25.

Remember to use root privileges with a dash P option. I accomplished that by using the SU command in this example. Sometimes it's not enough to know that network connectivity is in place. Sometimes you need to examine the contents of network traffic to ensure payloads are actually being delivered. Perhaps one host is claiming to send data to another but to be sure that that data is reaching its destination, you can look at the traffic it is receiving. To do this, you'll want to use some sort of packet sniffing tools such as tcpdump.

Even though there are several other tools that perform the same task, tcpdump is one of the older and most commonly installed tools. tcpdump requires root privileges to run. If you run it without arguments, it prints out a description of the contents of network packets being received. It will display information such as a time stamp, the source system address and port, the destination system address and port and packet specific information. Tcpdump will continue to examine packets until you stop it with control C.

Like other networking commands we've covered, tcpdump has the dash N option to suppress DNS queries and to display numerical addresses and ports. To display information and ASCII or human readable format, use the dash capital A option. This will allow you to see human readable text. If that type of data is being received on the host. For example, if you're using tcpdump to examine incoming traffic on a web server you can see the URL paths that are being requested if you used the dash capital A option.

If you want even more output and information use the dash V option, to increase the verbosity use dash vv and for the most verbose output queues dash vvv. Here are some simple output from tcpdump. On the far left-hand side of the output is the timestamp. Next, is the source information followed by the destination. Finally, information about the network packet is displayed at the end of the line. The second output shows an example of verbose ASCII output. You'll notice that a client requests the slash about page from the web server on this host.

Remember to use root privileges when you run tcpdump. The Telnet command is practically obsolete. It was originally used to log into remote systems. Today, SSH has taken its place but Telnet can be used in network troubleshooting. Since Telnet has fallen out of favor for interactive logins it may not be installed by default on some Linux distributions. You can use Telnet to initiate a TCP connection to a host on a specific port.

Let's go back to a previous hypothetical situation. Let's say that we cannot ping from our hosts. We know that that doesn't necessarily mean that Google is down. To see if Google is accepting web traffic we can connect to the HTTP port, which is port 80. To do this, we type Telnet 80. If the port is open then we get a message like connected to If you want to, you can send data directly to the port by typing in some data. The HTTP protocol does accept human readable commands.

For example, to request a webpage, use get followed by the path. To get the homepage, use get space forward slash. Once you are ready to close the connection hold down the control key and press the right bracket key. This will bring you to a Telnet prom. To exit Telnet type quit and press enter. When you attempt a connection you may get a message like operation timed out or connection refused.

In the case of operation timed out, that means that a connection could not be established. This could be because traffic is silently getting dropped before it reaches the port or that port is not open on the host. If you get a connection refused message. That means the port is being blocked by a firewall. 

In this lesson, you learn how the ping command can be used to determine if network connectivity exists between two hosts. You also learned that even if a ping fails, it does not necessarily mean the host who are pinging is down. Next you learn how to trace the path network traffic takes on the way to a host. You also learn how to list network interfaces, show the route table and display the applications that are listening on ports by using the netstat command. We also covered how to sniff network packets using tcpdump. Finally, you learn how to test for port connectivity with a Telnet command.

About the Author
Jason Cannon
Founder, Linux Training Academy
Learning Paths

Jason is the founder of the Linux Training Academy as well as the author of "Linux for Beginners" and "Command Line Kung Fu." He has over 20 years of professional Linux experience, having worked for industry leaders such as Hewlett-Packard, Xerox, UPS, FireEye, and Nothing gives him more satisfaction than knowing he has helped thousands of IT professionals level up their careers through his many books and courses.

Covered Topics