Command-Line Tools for Network Troubleshooting

Accessing Command Line

 Windows:
o Open the Command Prompt by searching for "Command Prompt" in the start menu or typing cmd in
the Run window (press Windows + R).
 Linux:
o Open the terminal using Ctrl + Alt + T.
Key Commands and Examples
1. ping
 Description: Tests connectivity to another host by sending ICMP echo request packets. It measures the
round-trip time for messages sent from the originating host to a destination computer.
 Example:
bash
Copy
ping google.com
 Expected Output:
basic
Copy
PING google.com (142.250.72.14) 56(84) bytes of data.
64 bytes from 142.250.72.14: icmp_seq=1 ttl=117 time=14.8 ms
64 bytes from 142.250.72.14: icmp_seq=2 ttl=117 time=15.3 ms
64 bytes from 142.250.72.14: icmp_seq=3 ttl=117 time=14.5 ms
...
--- google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 14.4/14.8/15.3/0.4 ms
 Interpretation: A successful ping indicates that the host is reachable and provides the round-trip time for
each packet.
2. tracert (Windows) / traceroute (Linux)
 Description: Traces the route that packets take to reach a specified destination, showing each hop along the
way. This helps identify where packets are being lost or delayed.
 Example:
o Windows:
bash
Copy
tracert google.com
o Linux:
bash
Copy
traceroute google.com
 Expected Output:
apache
Copy
Tracing route to google.com [142.250.72.14]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms router.local [192.168.1.1]

2 1 ms 1 ms 1 ms 10.0.0.1
3 14 ms 12 ms 13 ms 172.217.0.14
...
10 15 ms 14 ms 15 ms google.com [142.250.72.14]

Trace complete.
 Interpretation: Each line represents a hop, showing the time taken to reach that hop and the IP address of the
device. The final line indicates the destination.
3. nslookup
 Description: Queries DNS to obtain domain name or IP address information. It helps troubleshoot DNS
issues by providing details about the DNS server and the resolved IP address.
 Example:
bash
Copy
nslookup example.com
 Expected Output:
Copy
 Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
Name: example.com
Addresses: 93.184.216.34
 Interpretation: Shows the DNS server used for the query and the IP address associated with the domain
name. If there are issues, it may indicate which server is not responding.
4. ipconfig (Windows)
 Description: Displays the current network configuration for all network interfaces, including IP address,
subnet mask, and default gateway.
 Example:
bash
Copy
ipconfig
 Expected Output:
Copy
Windows IP Configuration

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : home
IPv4 Address. . . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . . . : 192.168.1.1
 Interpretation: Provides critical information about the network interfaces. This is useful for identifying
issues with network connections.
5. ifconfig (Linux)
 Description: Displays the configuration of network interfaces, allowing you to view and modify settings.
 Example:
bash
Copy
ifconfig
 Expected Output:
apache
Copy
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.5 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::a00:27ff:fe4e:66c0 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:4e:66:c0 txqueuelen 1000 (Ethernet)
RX packets 101234 bytes 123456789 (123.4 MB)
TX packets 123456 bytes 987654321 (987.6 MB)
 Interpretation: Lists network interfaces with their IP addresses, netmasks, and statistics on transmitted and
received packets.
6. iptables/ Linux kernel /
 Description: Sets up and maintains firewall rules for the Linux kernel. It can be used to control incoming and
outgoing traffic.
 Example:
bash
Copy
iptables -L
 Expected Output:
Copy
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination
 Interpretation: Displays the current firewall rules. Each chain (INPUT, FORWARD, OUTPUT) shows the
policy and any specific rules applied.
7. netstat
 Description: Displays active network connections, routing tables, interface statistics, and more. It helps
diagnose network issues by showing what services are running.
 Example:
 bash
Copy
netstat -a
 Expected Output:
Copy
Proto Local Address Foreign Address State
TCP 192.168.1.5:80 0.0.0.0:0 LISTENING
TCP 192.168.1.5:12345 93.184.216.34:80 ESTABLISHED
 Interpretation: Lists all connections and their states. Useful for identifying open ports and established
connections.
8. tcpdump/ Linx/
 Description: Captures and displays packet information on a network interface, providing insights into
network traffic for troubleshooting.
 Example:
bash
Copy
tcpdump -i eth0
 Expected Output:
Copy
14:30:01.123456 IP 192.168.1.5.12345 > 93.184.216.34.80: Flags [P.], seq 1:2, ack 1, win
500, length 1
 Interpretation: Shows real-time packet data, including source and destination IP addresses, ports, and packet
flags.
9. pathping
 Description: Combines the functionalities of ping and tracert to provide detailed information about packet
loss and latency across the route to a destination.
 Example:
bash
Copy
pathping google.com
 Expected Output:
apache
Copy
Tracing route to google.com [142.250.72.14]
over a maximum of 30 hops:

0 yourrouter [192.168.1.1]
1 10.0.0.1
2 172.217.0.14
...

Summary statistics:
Packets: Sent = 30, Received = 30, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 20ms, Average = 15ms
 Interpretation: Provides a summary of latency and packet loss for each hop along the route.
10. nmap
 Description: Scans a network to discover hosts and services, providing detailed information about open ports
and running services.
 Example:
bash
Copy
nmap -sP 192.168.1.0/24
 Expected Output:
Copy
Nmap scan report for 192.168.1.1
Host is up (0.032s latency).

Nmap scan report for 192.168.1.5

Host is up (0.021s latency).
 Interpretation: Lists all active hosts on the specified subnet, indicating which IPs are reachable.
11. route
 Description: Displays and modifies the IP routing table, allowing you to troubleshoot routing issues.
 Example:
bash
 Copy
route print
 Expected Output:
excel
Copy
===========================================================================
Interface List
12...00 1A 2B 3C 4D 5E ......Ethernet
===========================================================================
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 10
 Interpretation: Shows the current routing table, detailing how packets are routed through the network.
12. arp
 Description: Displays and modifies the ARP cache, which maps IP addresses to MAC addresses. It helps
troubleshoot issues related to IP address resolution.
 Example:
bash
Copy
arp -a
 Expected Output:
apache
Copy
Interface: 192.168.1.5 --- 0x1
Internet Address Physical Address Type
192.168.1.1 00-1A-2B-3C-4D-5E dynamic
192.168.1.10 1A-2B-3C-4D-5E-6F dynamic
 Interpretation: Lists the current ARP cache entries, showing the mapping of IP addresses to MAC addresses.
13. dig / Linux /
 Description: Queries DNS servers for information about domain names, helping troubleshoot DNS resolution
issues.
 Example:
bash
Copy
dig example.com
 Expected Output:
yaml
Copy
; <<>> DiG 9.10.6 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com. IN A

;; ANSWER SECTION:
example.com. 3600 IN A 93.184.216.34
 Interpretation: Provides detailed DNS query results, including response status and the IP address associated
with the domain.