Essential Commands for Network Diagnostics and Monitoring
Understanding ping, tracert, netstat, nslookup, and ipconfig/ifconfig.
Essential Commands for Network Diagnostics and Monitoring
In this article, you will learn about five essential commands for network diagnostics.
ipconfig (Windows) / ifconfig (Linux)pingtracertnetstatnslookup
ipconfig (Windows) / ifconfig (Linux)
The ipconfig command displays the network interfaces and configuration:
IP Address
Subnet Mask
Default Gateway
ipconfig
Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : example.com
IPv4 Address. . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1Output Explanation
Connection-specific DNS Suffix: Domain suffix that is appended to unqualified domain names (names without a period). It is typically set by the network administrator or DHCP server to help resolve local network names.
IPv4 Address: IP address assigned to your Ethernet adapter. In this case, it is 192.168.1.10. This address is unique to your device within the local network (LAN).
Default Gateway: This is the IP address of the router or gateway device that your computer uses to access other networks, including the Internet. In this case, it is 192.168.1.1.
ping
The ping command is used to test network reachability and latency. It also measures the so-called round-trip time (RTT) for messages sent from the originating host to a destination computer/server:
Round-Trip Time (RTT) - It’s the time taken for the packet to travel to the destination and back. RTT is displayed as `time=<value>ms`.
Packet Loss - The percentage of packets that were sent but did not receive a reply.
Time to Live (TTL) - The remaining life of the packet. It starts at a predefined value and decrements by one for each hop it makes. TTL is displayed as `TTL=<value>`.
ping substack.com
Pinging substack.com [104.18.33.245] with 32 bytes of data:
Reply from 104.18.33.245: bytes=32 time=2ms TTL=59
Reply from 104.18.33.245: bytes=32 time=4ms TTL=59
Reply from 104.18.33.245: bytes=32 time=4ms TTL=59
Reply from 104.18.33.245: bytes=32 time=3ms TTL=59
Ping statistics for 104.18.33.245:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 4ms, Average = 3msOutput Explanation
Pinging substack.com - Tells us that the command is trying to reach `substack.com`.
[104.18.33.245] - The IP address of substack.com. Domain names are translated to IP addresses using DNS (Domain Name System).
with 32 bytes of data - Each ping packet sent to the IP address contains 32 bytes of data by default.
Reply from 104.18.33.245 - The IP address that is replying to the ping request.
bytes=32 - The size of the packet that was returned, which in this case is the same as what was sent.
time=2ms - The time it took for the packet to go from my computer to the host and back (RTT) in milliseconds. Learn more…
TTL=59 - Indicates the maximum number of hops (routers) the packet can pass through before being discarded. Each router that forwards the packet decreases the TTL value by one. When TTL reaches zero, the packet is discarded, preventing network congestion. Learn more…
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss) - This section summarizes the overall results of the ping test.
Approximate round trip times in milli-seconds - This section provides the round trip times for the packets.
tracert (Windows) / traceroute (Linux)
The tracert command helps us diagnose and track the path packets take from the source to the destination host:
List of Hops - Each intermediate router (hop) along the path to the destination.
RTT for Each Hop - The round-trip time to each hop.
Routing Path - The path taken by packets to reach the destination.
tracert substack.com
Tracing route to substack.com [104.18.33.245]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.1.1
2 10 ms 10 ms 10 ms 10.0.0.1
3 15 ms 14 ms 14 ms 203.0.113.1
4 20 ms 20 ms 21 ms 142.250.190.78
Trace complete.Output Explanation
Tracing route to google.com [142.250.190.78] over a maximum of 30 hops - This indicates that the command will trace up to 30 routers (hops) to reach the destination.
1 1 ms 1 ms 1 ms 192.168.1.1 - The following lines show that three packets have been sent and RTT for each packet. The IP shown here is the address of the first router. The first router is typically your local router.
2 10 ms 10 ms 10 ms 10.0.0.1 - The second router is most likely the router of your Internet Service Provider (ISP).
3 15 ms 14 ms 14 ms 203.0.113.1 - This is an intermediary router, often part of the broader internet infrastructure.
4 20 ms 20 ms 21 ms 142.250.190.78 - The final IP address is of the final destination, which in this case is google.com.
netstat
The netstat command helps us monitor network connections and ports. It provides information on open ports, active connections, and network statistics:
Active Connections
Listening Ports
Network Statistics - This can be shown by running the netstat -s command.
netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 192.168.1.10:139 192.168.1.5:50419 ESTABLISHEDOutput Explanation
Proto - The protocol being used for the connection
Local Address - IP address and port number on your local machine (the device where you ran the command).
0.0.0.0:80: This means the server is listening on all available IP addresses (0.0.0.0) at port 80, which is typically used for HTTP web traffic.
192.168.1.10:139: This means a specific local IP address (192.168.1.10) at port 139, which is used for NetBIOS Session Service.
Foreign Address: IP address and port number of the remote machine that your local machine is connected to or listening for.
0.0.0.0:0: In the context of a listening state, this means the server is not currently connected to any remote address.
192.168.1.5:50419: This means the remote IP address is 192.168.1.5 and the remote port number is 50419.
State: The state of the TCP/UDP connection.
LISTENING: Indicates that the server is waiting for incoming connections on the specified port.
ESTABLISHED: Indicates that an active connection has been made between the local and remote addresses, meaning data can be sent and received.
nslookup
The nslookup command queries the Domain Name System (DNS) to obtain a domain name or IP address mapping:
IP Address for a Given Domain
Domain Name for a Given IP Address
nslookup substack.com
Server: UnKnown
Address: 192.168.0.1
Non-authoritative answer:
Name: substack.com
Addresses: 2606:4700:4400::ac40:9a0b
2606:4700:4400::6812:21f5
172.64.154.11
104.18.33.245Output Explanation
Server: The DNS server that nslookup is using to perform the query. In this case, it shows UnKnown, which typically means the DNS server does not have a name assigned in my local DNS configuration.
Address: IP address of the DNS server being used. Here, 192.168.0.1 is likely the IP address of my local router or a local DNS server.
Conclusion
By using these 5 commands together, we can gain detailed understanding of network performance and diagnose issues more effectively. Let’s recap:
ipconfig/ifconfig: Check network settings.
ping: Identify general connectivity or latency problems.
tracert/traceroute: Check where in the network path the issue occurs.
netstat: Monitor active connections and open ports.
nslookup: Verify DNS configurations.
Have questions or need further clarification? Leave a comment below or reach out directly.
✅ Thank you for reading my article on SA Space! I welcome any questions, comments, or suggestions you may have.
Keep Knowledge Flowing by following me for more content on Solutions Architecture, System Design, Data Engineering, Business Analysis, and more. Your engagement is appreciated. 🚀