Troubleshooting Cheat Sheet

// ping · traceroute · nmap · tcpdump · netstat · dig · ss

// ping

LinuxWindowsMac Basic connectivity test:

ping 8.8.8.8                          # basic ping
ping -c 4 8.8.8.8                    # Linux/Mac: send 4 packets
ping -n 4 8.8.8.8                    # Windows: send 4 packets
ping -i 0.2 192.168.1.1              # Linux: fast ping every 200ms
ping -s 1400 192.168.1.1             # test MTU with large packet size
ping -M do -s 1472 192.168.1.1      # Linux: don't fragment (MTU test)

LinuxMac Traceroute:

traceroute 8.8.8.8                   # standard traceroute
traceroute -T 8.8.8.8                # use TCP instead of UDP
traceroute -n 8.8.8.8                # no DNS resolution (faster)
mtr 8.8.8.8                          # real-time traceroute (install mtr)
mtr --report -n 8.8.8.8             # mtr report mode, no DNS

Windows Tracert:

tracert 8.8.8.8
tracert -d 8.8.8.8                  # no DNS resolution
pathping 8.8.8.8                    # combined ping+tracert with loss stats

// interface & arp

Linux Interface info:

ip addr show                        # all interfaces and IPs
ip addr show eth0                   # specific interface
ip link show                        # link status
ip -s link show eth0               # stats: packets/errors/drops
ethtool eth0                        # NIC speed, duplex, link status

LinuxWindowsMac ARP table:

arp -a                              # show ARP cache (all OS)
ip neigh show                       # Linux: ARP/neighbour table
arp -d 192.168.1.1                 # delete ARP entry
arping -I eth0 192.168.1.1         # ARP ping (detect duplicate IPs)

// dig

dig gridwire.io                     # A record lookup
dig gridwire.io MX                 # mail records
dig gridwire.io ANY                # all records
dig +short gridwire.io             # short output — just the IP
dig @8.8.8.8 gridwire.io           # query specific DNS server
dig +trace gridwire.io             # full recursive trace from root
dig -x 8.8.8.8                     # reverse DNS lookup (PTR)
dig gridwire.io +dnssec            # check DNSSEC

// nslookup & host

nslookup gridwire.io               # all OS
nslookup gridwire.io 8.8.8.8       # use specific server
host gridwire.io                    # Linux/Mac quick lookup
host -t MX gridwire.io             # MX records

// common dns issues

# Flush DNS cache
sudo systemd-resolve --flush-caches   # Linux (systemd)
sudo dscacheutil -flushcache          # Mac
ipconfig /flushdns                     # Windows

# Check local DNS resolver
cat /etc/resolv.conf                   # Linux: current DNS servers
resolvectl status                      # Linux systemd-resolved status

// ss (modern replacement for netstat)

ss -tulpn                           # all listening TCP/UDP with process
ss -tnp                             # established TCP connections
ss -s                               # socket summary stats
ss -tnp state established           # only established
ss -lnp sport = :443               # who's listening on 443

// netstat

netstat -tulpn                      # Linux: listening ports with PID
netstat -ano                        # Windows: all connections with PID
netstat -rn                         # routing table (all OS)
netstat -i                          # interface stats
netstat -s                          # protocol statistics

// test port connectivity

telnet 192.168.1.1 80              # test TCP port (all OS)
nc -zv 192.168.1.1 443            # Linux/Mac: netcat port test
nc -zv 192.168.1.1 20-25         # scan port range
curl -v telnet://192.168.1.1:22   # curl TCP test
# Windows PowerShell:
Test-NetConnection 192.168.1.1 -Port 443

// tcpdump essentials

⚡ Run tcpdump with sudo. Use -n to skip DNS resolution for speed. Always specify an interface with -i.

tcpdump -i eth0                    # capture on eth0
tcpdump -i any -n                  # all interfaces, no DNS
tcpdump -i eth0 -w capture.pcap  # save to file (open in Wireshark)
tcpdump -r capture.pcap           # read saved capture
tcpdump -i eth0 -c 100           # capture only 100 packets

// tcpdump filters

tcpdump -i eth0 host 192.168.1.10          # traffic to/from host
tcpdump -i eth0 port 443                   # HTTPS traffic
tcpdump -i eth0 tcp port 80               # HTTP only
tcpdump -i eth0 net 192.168.1.0/24       # entire subnet
tcpdump -i eth0 'tcp[tcpflags] & tcp-syn != 0'  # SYN packets only
tcpdump -i eth0 icmp                       # ICMP only
tcpdump -i eth0 not port 22               # exclude SSH
tcpdump -i eth0 src 192.168.1.5 and dst port 80  # src+dst combo

// routing table

ip route show                       # Linux: routing table
ip route get 8.8.8.8               # which route will be used
route -n                            # Linux legacy
netstat -rn                         # all OS
route print                         # Windows

# Add/delete routes
ip route add 10.10.0.0/16 via 192.168.1.1    # add static route
ip route del 10.10.0.0/16                    # remove route
ip route add default via 192.168.1.1         # set default gateway

// bandwidth & performance

iperf3 -s                          # start iperf server
iperf3 -c 192.168.1.10             # test bandwidth to server
iperf3 -c 192.168.1.10 -u         # UDP test
iperf3 -c 192.168.1.10 -P 4      # 4 parallel streams
speedtest-cli                       # internet speed test (pip install)

⚠ Only run nmap against networks and hosts you own or have explicit permission to scan.

// nmap essentials

nmap 192.168.1.1                   # basic scan
nmap -sV 192.168.1.1               # version detection
nmap -O 192.168.1.1                # OS detection
nmap -A 192.168.1.1                # aggressive: OS+version+scripts
nmap -p 22,80,443 192.168.1.1    # specific ports
nmap -p- 192.168.1.1               # all 65535 ports
nmap -sn 192.168.1.0/24           # ping sweep (host discovery)
nmap -sU -p 53,67,161 192.168.1.1 # UDP scan
nmap -sS 192.168.1.1               # SYN stealth scan (root required)
nmap --script vuln 192.168.1.1    # run vulnerability scripts