A network administrator's routine responsibilities like management, monitoring, configuration, and troubleshooting don't require you to learn complicated third-party tools. Instead, you can perform all these tasks with readily available tools that come pre-installed with most Linux distributions.

This article focuses on the network troubleshooting part of a network administrator's responsibilities and covers tools that resolve these issues under different categories. It further covers how these utilities help in practical scenarios.

1. ifconfig

ifconfig is a command-line utility known for interface configuration in Linux/Unix operating systems. Network administrators also use it to query and manage interface parameters with the help of configuration scripts.

It helps you enable or disable a network interface and allows you to assign an IP address and netmask to the selected interface. You can also view all the available interfaces, IP addresses, hardware addresses, and maximum transmission unit size for active interfaces.

You can activate/deactivate any interface by using up/down parameters, as follows:

        sudo ifconfig up eth0
sudo ifconfig down eth0

To assign an IP address to an interface:

        sudo ifconfig eth0 192.168.120.5 netmask 255.255.255.0
    

However, this utility is not readily available in Linux distributions, and you may receive an error "ifconfig: command not found". You can resolve the issue by installing the net-tools package using your distribution's package manager.

On Ubuntu/Debian:

        sudo apt-get install net-tools
    

On Fedora, CentOS, and other RPM-based distros:

        yum install net-tools
    

On Arch Linux:

sudo pacman -S net-tools

2. ip

ip is an alternative to the good old ifconfig. However, the scope of its functionality covers two layers of TCP/IP protocol, the Data Link layer and the Network layer.

It displays network interfaces and configures network devices, just like the ifconfig utility. It also shows and modifies the kernel routing tables with the addition/removal of ARP cache entries.

To display all interfaces and their details:

        ip addr show
    

To add and remove interfaces:

        ip a add 192.168.120.174 dev eth0
ip a del 192.168.120.174 dev eth0

To enable/disable ARP protocol for the interface, use the on/off options:

        ip link set dev eth0 arp on
ip link set dev eth0 arp off

3. ping

The ping utility helps you identify the availability of a network and host. It checks if the host is reachable or if a service is running. You can also check for network connectivity issues like high latency and package drop using the ping command.

ping sends ICMP (Internet Control Message Protocol) echo request messages and waits for the ICMP echo reply packets to check host availability. The output contains the total sent and received messages with the time a packet takes to reach its destination.

        ping 8.8.8.8
    

4. netstat

netstat is a command-line utility that helps discover connected and listening TCP, UDP, and UNIX sockets. It displays information about routing tables, listening ports, and information statistics.

You can list both listening or closed connections by typing:

        netstat -a
    

To list only listening TCP connections:

        netstat -tl
    
Netstat Active TCP
Author's Screenshot

It also allows you to list the PID of the processes and program names using TCP connections:

        netstat -ptl 
    

5. host

host is a minimal yet most powerful CLI utility that performs DNS lookups and resolves hostname to IP addresses and vice versa. In addition to troubleshooting DNS server problems, it also displays and verifies NS and MX DNS record types and ISP DNS servers.

To find NX for the Google website:

        host -t ns google.com
    

You can also find MX records by running:

        host -n -t mx google.com
    

6. arp

The arp command manipulates the cache of the system ARP table by adding/deleting addresses and displaying them. ARP stands for Address Resolution Protocol and maps the IP address to the machine's MAC address. Hence, the arp command performs the task and belongs to the tools available inside the net-tools package.

Run the command without any parameters to view the table content:

        arp 
    
Arp Command
Author's Screenshot

You can also find the MAC address mapped to a specific IP by providing the IP address:

        arp <ip_address>
    

7. traceroute

Once the ping utility provides information about the network connectivity and the overall time a packet takes to reach the destination, you can use the traceroute command to figure out in-depth detail of the path the packet takes to the destination host and resolve that issue.

The output displays the packet route and all the intermediate hosts between the source and destination with their response time.

For instance, the following command outputs all the hops to the destination host 8.8.8.8 (Google) from the local machine:

        traceroute 8.8.8.8
    

The utility uses the time-to-live (TTL) field of the IP packet, which tells about its life in the network as it decreases a digit when the packet reaches the hop.

The utility also uses the concept of round-trip-time (RTT), which ensures that each intermediate node drops the packet and sends back the ICMP error message that helps traceroute in measuring the time a packet takes to reach each hop along the way.

This functionality helps network administrators to identify the root cause of internet connectivity issues and resolve the exact problem in the route.

8. dig

dig, an acronym for Domain Information Groper gathers DNS-related information and troubleshoots DNS problems.

The dns command output displays information available inside files containing DNS records and helps network administrators verify if the host to IP address name resolution is working fine.

You can perform the DNS lookup query as follows:

        dig google.com
    

Similarly, you can query all types of DNS records associated with a domain with the help of the ANY option:

        dig google.com ANY
    

9. Wireshark

Wireshark is a powerful and versatile open-source packet analyzer tool. It captures the traffic from your selected interface card in real-time. It allows network administrators to capture traffic based on protocol/port for monitoring and troubleshooting purposes.

Other than the capture filter, it also has a display filter with various options that help you view the traffic of concern.

Troubleshooting Networks on Linux

Network troubleshooting is part of the day-to-day activities of a network administrator. Knowing which tool to use in the absence of one or with a broader functionality is equally important for effective troubleshooting of a variety of network conditions.

You can learn more about analyzing network traffic with Wireshark and network connections with the ss command.