Network Troubleshooting: A Systematic Approach

Network troubleshooting is the process of identifying, diagnosing, and resolving network connectivity and performance issues. A systematic approach using the right tools and methodologies can quickly isolate problems and restore service. This comprehensive guide provides a structured framework for troubleshooting network issues.

The OSI Model Approach

Layer-by-Layer Troubleshooting

Working through the OSI model from bottom to top provides a systematic troubleshooting methodology.

Layer 1 - Physical:

Check: Cables, connectors, power
Indicators: Link lights, physical damage
Tools: Cable tester, visual inspection
Common issues: Loose cables, bad ports

Layer 2 - Data Link:

Check: MAC addresses, switches, VLANs
Indicators: ARP issues, switch errors
Tools: ARP table, switch logs
Common issues: Wrong VLAN, switch misconfiguration

Learn more about MAC addresses and ARP.

Layer 3 - Network:

Check: IP addresses, routing, subnets
Indicators: Ping failures, routing errors
Tools: Ping, traceroute, routing table
Common issues: Wrong IP, subnet mismatch, routing problems

Learn more about IP addresses, routing, ping & traceroute, and subnet masks.

Layer 4 - Transport:

Check: TCP/UDP ports, connections
Indicators: Port unreachable, timeouts
Tools: Telnet, netstat, ss
Common issues: Firewall blocking, service not running

Layer 5-7 - Application:

Check: Application configuration, DNS
Indicators: Application errors, DNS failures
Tools: nslookup, dig, application logs
Common issues: DNS problems, application misconfiguration

Systematic Troubleshooting Process

Step 1: Define the Problem

Gather information:

What is not working?
When did it start?
Who is affected?
What changed recently?
Can you reproduce it?

Specific vs general:

One user or many?
One service or all?
One location or multiple?
Intermittent or constant?

Document:

Symptoms
Error messages
Affected systems
Timeline
Recent changes

Step 2: Establish Baseline

What should work:

Normal network behavior
Expected performance
Typical configuration
Known good state

Compare:

Current state vs baseline
Working vs non-working
Before vs after change

Step 3: Isolate the Problem

Divide and conquer:

Test each layer
Eliminate possibilities
Narrow scope
Identify pattern

Test systematically:

Local vs remote
Wired vs wireless
One protocol vs all
Specific service vs general

Step 4: Test Hypothesis

Form hypothesis:

Based on symptoms
Considering changes
Using experience
Logical deduction

Test theory:

Make one change
Observe results
Document findings
Repeat if needed

Step 5: Implement Solution

Fix the problem:

Apply solution
Test thoroughly
Verify resolution
Monitor stability

Document:

Problem description
Root cause
Solution applied
Verification steps

Step 6: Prevent Recurrence

Long-term fix:

Address root cause
Update documentation
Improve monitoring
Train users

Common Network Issues

No Connectivity

Symptoms:

Cannot reach any network resources
No internet access
All services unavailable
Complete network failure

Troubleshooting steps:

1. Check physical layer:

# Check link status
ip link show eth0
# Look for: state UP

# Windows
ipconfig /all
# Look for: Media State: Media disconnected

# Check cable
# Visual inspection
# Try different cable
# Test with cable tester

2. Check IP configuration:

# Linux
ip addr show

# Windows
ipconfig /all

# macOS
ifconfig

# Verify:
# - IP address assigned
# - Correct subnet
# - Gateway configured
# - DNS servers set

3. Test local connectivity:

# Ping gateway
ping 192.168.1.1

# If fails: Local network issue
# If succeeds: Problem beyond gateway

4. Test external connectivity:

# Ping external IP
ping 8.8.8.8

# If fails: Routing/gateway issue
# If succeeds: DNS issue

5. Test DNS:

# Ping by hostname
ping google.com

# If fails but IP works: DNS issue
# If both fail: Routing issue

Intermittent Connectivity

Symptoms:

Connection drops randomly
Periodic timeouts
Inconsistent performance
Works sometimes, fails others

Troubleshooting:

1. Check for interference (wireless):

WiFi analyzer
Check channel congestion
Test different channels
Move closer to AP
Check for obstacles

2. Monitor packet loss:

# Continuous ping
ping -t google.com  # Windows
ping google.com     # Linux/macOS

# Look for:
# - Packet loss percentage
# - Latency spikes
# - Request timeouts

3. Check for duplex mismatch:

# Linux
ethtool eth0 | grep -i duplex

# Should match on both ends
# Auto-negotiation recommended

4. Review logs:

# System logs
journalctl -xe
dmesg | grep -i network

# Look for:
# - Interface resets
# - Driver errors
# - Hardware issues

5. Test different times:

Peak hours vs off-peak
Identify patterns
Correlate with events
Check for congestion

Slow Performance

Symptoms:

High latency
Slow downloads
Timeouts
Poor application performance

Troubleshooting:

1. Measure baseline:

# Ping test
ping -c 100 gateway

# Speed test
speedtest-cli

# iperf (bandwidth test)
iperf3 -c server-ip

2. Check for congestion:

# Monitor bandwidth
iftop
nload
bmon

# Check for:
# - High utilization
# - Bandwidth hogs
# - Unusual traffic

3. Trace route:

# Find slow hop
traceroute google.com
mtr google.com

# Look for:
# - High latency at specific hop
# - Packet loss
# - Routing loops

4. Check MTU:

# Test MTU
ping -M do -s 1472 google.com

# If fails, reduce size
# MTU issues cause fragmentation

5. Analyze traffic:

# Capture packets
tcpdump -i eth0 -w capture.pcap

# Analyze with Wireshark
# Look for:
# - Retransmissions
# - Errors
# - Unusual protocols

DNS Issues

Symptoms:

Cannot resolve hostnames
"Server not found" errors
Works with IP, not hostname
Slow name resolution

Troubleshooting:

1. Test DNS resolution:

# nslookup
nslookup google.com

# dig
dig google.com

# host
host google.com

# Should return IP address

2. Check DNS configuration:

# Linux
cat /etc/resolv.conf

# Windows
ipconfig /all | findstr DNS

# Verify:
# - DNS servers configured
# - Correct DNS IPs
# - Reachable DNS servers

3. Test DNS server:

# Ping DNS server
ping 8.8.8.8

# Query specific DNS
nslookup google.com 8.8.8.8

# If works: Local DNS issue
# If fails: DNS server problem

4. Flush DNS cache:

# Windows
ipconfig /flushdns

# macOS
sudo dscacheutil -flushcache

# Linux (systemd-resolved)
sudo systemd-resolve --flush-caches

5. Try alternative DNS:

# Temporarily use Google DNS
# Linux
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf

# Windows
netsh interface ip set dns "Ethernet" static 8.8.8.8

# If works: Original DNS server issue

Essential Troubleshooting Tools

Connectivity Testing

ping:

# Basic connectivity
ping 8.8.8.8

# Continuous
ping -t 8.8.8.8  # Windows
ping 8.8.8.8     # Linux (Ctrl+C to stop)

# Count
ping -c 10 8.8.8.8

# Interval
ping -i 2 8.8.8.8  # 2 seconds

# Packet size
ping -s 1000 8.8.8.8

traceroute/tracert:

# Trace path
traceroute google.com  # Linux
tracert google.com     # Windows

# ICMP-based
traceroute -I google.com

# TCP-based
traceroute -T -p 80 google.com

# Shows each hop and latency

mtr (My Traceroute):

# Combined ping and traceroute
mtr google.com

# Report mode
mtr -r -c 100 google.com

# Shows:
# - Packet loss per hop
# - Latency statistics
# - Real-time updates

Network Configuration

ip (Linux):

# Show interfaces
ip link show

# Show IP addresses
ip addr show

# Show routes
ip route show

# Show neighbors (ARP)
ip neigh show

# Statistics
ip -s link show eth0

ifconfig (Legacy):

# Show all interfaces
ifconfig

# Specific interface
ifconfig eth0

# Configure IP
sudo ifconfig eth0 192.168.1.100 netmask 255.255.255.0

ipconfig (Windows):

# Show configuration
ipconfig /all

# Release DHCP
ipconfig /release

# Renew DHCP
ipconfig /renew

# Flush DNS
ipconfig /flushdns

# Display DNS cache
ipconfig /displaydns

Port and Service Testing

telnet:

# Test port connectivity
telnet google.com 80

# If connects: Port open
# If fails: Port closed or filtered

nc (netcat):

# Test TCP port
nc -zv google.com 80

# Test UDP port
nc -zvu server 53

# Listen on port
nc -l 1234

# Send data
echo "test" | nc server 1234

nmap:

# Scan single host
nmap 192.168.1.1

# Scan range
nmap 192.168.1.0/24

# Specific ports
nmap -p 80,443 192.168.1.1

# Service detection
nmap -sV 192.168.1.1

# OS detection
sudo nmap -O 192.168.1.1

DNS Tools

nslookup:

# Basic lookup
nslookup google.com

# Specific DNS server
nslookup google.com 8.8.8.8

# Reverse lookup
nslookup 8.8.8.8

# Query type
nslookup -type=MX google.com

dig:

# Basic query
dig google.com

# Specific DNS server
dig @8.8.8.8 google.com

# Query type
dig google.com MX
dig google.com AAAA

# Trace
dig +trace google.com

# Short answer
dig +short google.com

host:

# Basic lookup
host google.com

# Reverse lookup
host 8.8.8.8

# All records
host -a google.com

Traffic Analysis

tcpdump:

# Capture all traffic
sudo tcpdump -i eth0

# Specific host
sudo tcpdump host 192.168.1.100

# Specific port
sudo tcpdump port 80

# Save to file
sudo tcpdump -i eth0 -w capture.pcap

# Read from file
tcpdump -r capture.pcap

# Filter
sudo tcpdump 'tcp port 80 and host 192.168.1.100'

Wireshark:

GUI packet analyzer
Powerful filters
Protocol analysis
Statistics
Follow streams

netstat/ss:

# Active connections
netstat -an
ss -an

# Listening ports
netstat -ln
ss -ln

# TCP connections
netstat -tn
ss -tn

# With process
sudo netstat -tnp
sudo ss -tnp

# Statistics
netstat -s
ss -s

Bandwidth Monitoring

iftop:

# Monitor bandwidth by connection
sudo iftop -i eth0

# Shows:
# - Active connections
# - Bandwidth usage
# - Real-time updates

nload:

# Monitor interface bandwidth
nload eth0

# All interfaces
nload

# Shows:
# - Incoming/outgoing traffic
# - Current/average/max
# - Graph

iperf3:

# Server
iperf3 -s

# Client
iperf3 -c server-ip

# UDP test
iperf3 -c server-ip -u

# Reverse direction
iperf3 -c server-ip -R

# Tests actual bandwidth

Advanced Troubleshooting

Packet Capture Analysis

Capture strategy:

# Targeted capture
sudo tcpdump -i eth0 'host 192.168.1.100 and port 80' -w web.pcap

# Time-limited
sudo timeout 60 tcpdump -i eth0 -w capture.pcap

# Size-limited
sudo tcpdump -i eth0 -w capture.pcap -C 100  # 100MB chunks

Analysis with Wireshark:

Filters:
- ip.addr == 192.168.1.100
- tcp.port == 80
- http
- dns

Statistics:
- Protocol hierarchy
- Conversations
- Endpoints
- IO graphs

Follow:
- TCP stream
- HTTP stream
- SSL stream

Performance Baselines

Establish baselines:

# Latency baseline
ping -c 1000 gateway > baseline_latency.txt

# Bandwidth baseline
iperf3 -c server > baseline_bandwidth.txt

# DNS baseline
dig google.com > baseline_dns.txt

Compare:

Current vs baseline
Identify deviations
Trend analysis
Capacity planning

Root Cause Analysis

Five Whys:

Problem: Website slow
Why? High latency
Why? Network congested
Why? Backup running
Why? Scheduled during business hours
Why? No off-hours window configured
Root cause: Backup scheduling

Fishbone diagram:

Categories:
- People (training, errors)
- Process (procedures, changes)
- Technology (hardware, software)
- Environment (power, cooling)

Identify contributing factors
Find root cause

Best Practices

Documentation

1. Keep records:

Network diagrams
IP address assignments
Configuration backups
Change logs
Troubleshooting notes

2. Document issues:

Problem description
Steps taken
Solution applied
Time to resolve
Lessons learned

3. Build knowledge base:

Common issues
Solutions
Workarounds
Contact information
Escalation procedures

Methodology

1. Be systematic:

Follow OSI model
Test one thing at a time
Document each step
Don't skip layers

2. Use proper tools:

Right tool for the job
Learn tool capabilities
Practice in lab
Keep tools updated

3. Verify fixes:

Test thoroughly
Monitor stability
Get user confirmation
Document resolution

Prevention

1. Proactive monitoring:

Monitor key metrics
Set up alerts
Regular health checks
Trend analysis

2. Regular maintenance:

Update firmware
Patch systems
Clean configurations
Review logs

3. Change management:

Plan changes
Test in lab
Document changes
Have rollback plan

Conclusion

Effective network troubleshooting requires a systematic approach, proper tools, and methodical testing. By working through the OSI model layers, using the right diagnostic tools, and following a structured process, most network issues can be quickly identified and resolved. Documentation and prevention are key to reducing future incidents.

Related Articles

Diagnostic Tools

• Ping and Traceroute - Connectivity testing
• Network Scanning - Network discovery
• IP Lookup - IP information
• WHOIS Lookup - Domain research

Common Issues

• Connection Problems - Connectivity issues
• IP Conflict - Address conflicts
• DNS Issues - DNS problems
• DHCP - DHCP troubleshooting

Network Fundamentals

• OSI Model - Network layers
• TCP/IP Model - Protocol stack
• Routing - Network routing
• Default Gateway - Gateway issues

Explore More

• Troubleshooting - Problem-solving hub
• Tools & Utilities - Diagnostic tools hub

Key takeaways: - Systematic approach: OSI model layer-by-layer - Define problem: Gather information, document symptoms - Isolate issue: Divide and conquer, test systematically - Essential tools: ping, traceroute, tcpdump, Wireshark - Common issues: No connectivity, intermittent, slow, DNS - Test hypothesis: One change at a time - Document everything: Problems, solutions, lessons learned - Prevention: Monitoring, maintenance, change management - Baselines: Establish and compare - Root cause: Address underlying issue, not symptoms

Network troubleshooting is most effective when following a systematic methodology. Start at the physical layer and work up through the OSI model, use appropriate diagnostic tools for each layer, document your findings, and always verify your solution. Prevention through monitoring, maintenance, and proper change management reduces the frequency and severity of network issues.