Common Network Debugging Commands

Brandon Rozek

January 2, 2022

Below are list of commands that I use to debug common issues in a network. There is a wonderful tool called Wireshark which you can use to sniff packets in a network and filter by a wide range of options, but we’ll mainly focus on simple tools that you can use in the terminal.


The most commonly used networking command is ping. This allows you to see the time it takes to send and receive an ICMP packet from/to a specified address. Most people use Google’s DNS server as a quick test to see if they have access to the Internet.

PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=117 time=267 ms
64 bytes from icmp_seq=2 ttl=117 time=74.9 ms
64 bytes from icmp_seq=3 ttl=117 time=34.7 ms
64 bytes from icmp_seq=4 ttl=117 time=298 ms

Press CTRL-C when you are done looking at the output. Here is a list of common flags used in the ping command.

Flag Description
-c NUM Only send/receive an ICMP packet NUM number of times
-D Print the timestamp along with the roundtrip time
-W timeout Waits a timeout amount of seconds for the response before moving on to the next ICMP roundtrip


ping -c3 -D -W1
PING ( 56(84) bytes of data.
[1641156381.342990] 64 bytes from icmp_seq=1 ttl=57 time=52.6 ms
[1641156382.555358] 64 bytes from icmp_seq=2 ttl=57 time=263 ms
[1641156383.327286] 64 bytes from icmp_seq=3 ttl=57 time=34.3 ms

--- ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 34.275/116.670/263.116/103.823 ms

ip route

Without any extra flags or subcommands this will give you a view of your routing table. A routing table specifies for a given address range, which device to send the network traffic over. Normally you see a large routing table inside businesses (or if you access a lot of VPNs at once). Here is an example of a typical one in a household.

ip route
default via dev wlan0 proto dhcp metric 600 dev wlan0 proto kernel scope link src metric 600 

This says that any address between goes over the wlan0 device which on some computers denote WiFi. The first line shows what the default entry/gateway is, that is if the ip address you’re trying to access is not listed in the table it will go through the IP listed in that row first.

You can manually add and remove entries in the routing table as well.


sudo ip route add dev wlan0
sudo ip route del dev wlan0


This command is more useful if you have multiple segmented networks and you’re trying to figure out at which layer the connection failed. Recently I used this to debug some directional WiFi extenders.

traceroute to (, 64 hops max
  1  2.051ms  2.003ms  1.278ms 
  2  5.743ms  5.647ms  3.592ms 
  3  5.754ms  63.285ms  7.187ms 
  4  96.056ms  101.861ms  14.547ms 
  5  87.273ms  16.617ms  72.810ms 
  6  13.745ms  101.122ms  16.402ms 
  7  85.738ms  102.977ms  100.974ms 
  8  15.111ms  87.467ms  103.076ms 
  9  100.755ms  102.000ms  102.352ms 
 10  102.505ms  102.085ms  101.762ms 


We’ve been talking about IP addresses with the last few commands, but there can be problems in the domain name resolution as well. A domain name is what you commonly type in the browser such as Your computer will then ask the DNS server it knows about what the IP of that address is.


; <<>> DiG <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36469
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 65494
;                        IN      A

;; ANSWER SECTION:         149     IN      A

;; Query time: 88 msec
;; WHEN: Sun Jan 02 16:06:23 EST 2022
;; MSG SIZE  rcvd: 59

Most linux systems have a DNS cache server setup which makes it difficult to figure out what the upstream DNS server that it’s querying is. Mainly because it can be configured a myriad of ways. If you are using NetworkManager you can use the following command:

nmcli dev show | grep DNS

In some other cases it would be in /etc/resolv.conf

cat /etc/resolv.conf


Lastly at the lowest level, arp will tell you the MAC addresses of IP addresses you have communicated with before.

Address                  HWtype  HWaddress           Flags Mask            Iface              ether   10:1d:b1:1d:1f:91   C                     wlan0             ether   72:25:22:2c:72:72   C                     wlan0            ether   03:33:34:3b:23:39   C                     wlan0