Essential Linux Network Troubleshooting: Ping, fping, tc, tcpdump & nmap Explained
This guide introduces essential Linux network troubleshooting tools—including ping, fping, tc, tcpdump, and nmap—provides command examples, usage tips, and option explanations to help users diagnose connectivity, monitor traffic, and perform security scans.
Network connectivity testing tools on Linux include:
ping – basic reachability test
ip route / route – display routing tables
traceroute / tracepath / mtr – trace routes
nslookup / host / dig – DNS queries
tcpdump / wireshark – packet capture
nmap – network scanning
netcat (nc) – versatile networking utility
tc – traffic control
Traffic Control (tc) Example
tc qdisc add dev eth0 root netem loss 50%tc qdisc add dev eth0 root netem delay 1000mstc qdisc show dev eth0tc qdisc delfping
fping is a program that sends ICMP probes to multiple hosts, similar to ping but much faster when testing many hosts. First released by Roland Schemers in 1992, it has become a standard tool for network diagnostics and statistics. It can read host lists from files and is available from the EPEL repository on CentOS.
# yum -y install fping# fping 10.0.0.710.0.0.7 is alive# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all# fping 10.0.0.710.0.0.7 is unreachable# fping -g 10.0.0.0/2410.0.0.1 is alive10.0.0.2 is alive10.0.0.8 is alive10.0.0.100 is alive# fping -g 10.0.0.5 10.0.0.1010.0.0.8 is alive# tee hosts.txt <<EOF10.0.0.710.0.0.6EOF# fping < hosts.txt10.0.0.6 is alive10.0.0.7 is unreachable# fping -s < hosts.txt10.0.0.6 is alive10.0.0.7 is unreachable2 targets1 alive1 unreachable0 unknown addressestcpdump
tcpdump is a packet capture and analysis tool that can filter by network layer, protocol, host, network, or port, using logical expressions such as and, or, and not to exclude irrelevant traffic.
tcpdump [-adeflnNOpqStvx] [-c<packet count>] [-dd] [-ddd] [-F<filter file>] [-i<interface>] [-r<file>] [-s<snaplen>] [-tt] [-T<type>] [-vv] [-w<file>] [expression]-a Resolve network and broadcast addresses to names-c<num> Stop after receiving the specified number of packets-d Print compiled packet filter in human‑readable form-dd Print compiled filter in C code-ddd Print compiled filter in decimal format-e Show link‑level header on each line-f Print IP addresses numerically-F<file> Read filter expression from file-i<iface> Capture on the specified interface-l Use line‑buffered output-n Do not resolve hostnames-N Do not print domain names-O Do not optimize the filter-p Do not put the interface into promiscuous mode-q Quiet output, only show minimal protocol info-r<file> Read packets from file-s<size> Set snapshot length-S Print absolute TCP sequence numbers-t Do not print a timestamp on each line-tt Print an unformatted timestamp-T<type> Translate the specified packet type-v Verbose output-vv More verbose output-x Print packet data in hex-w<file> Write captured packets to fileExample usage:
# tcpdump -D1. bond0 [Up, Running]2. eth1 [Up, Running]3. lo [Up, Running, Loopback]# tcpdump -i eth0 -nn icmp and src host 10.0.0.6 and dst host 10.0.0.7# tcpdump port 3000# tcpdump tcp# tcpdump tcp port 22 and src host 10.0.0.100# tcpdump ip host 10.0.0.101 and 10.0.0.102# tcpdump ip host 10.0.0.101 and ! 10.0.0.1# tcpdump tcp -i eth1 -t -s 0 -c 100 and dst port ! 22 and src net 192.168.1.0/24 -w ./target.cap# tcpdump -c 1000# tcpdump -n -vvv -c 1000 -w /tmp/tcpdump_save.capnmap
nmap is a powerful remote host scanning tool that goes far beyond simple ICMP ping. It can discover hosts, probe ports, detect operating systems, and enumerate services.
nmap [Scan Type(s)] [Options] {target specification}-sT TCP connect() scan (full open)-sS SYN half‑open scan (stealth)-sF, -sX, -sN FIN, Xmas, Null scans (bypass some firewalls)-sP Ping scan (host discovery)-sU UDP scan-sA ACK scan (traverse firewalls)-sW Window scan (similar to ACK)-sR RPC scan-b FTP bounce attack-P0 Skip ping before scanning-PT TCP ping for host discovery-PS SYN ping-PI ICMP echo ping-PB Default ping (ACK + ICMP)-O Enable OS fingerprinting-I Enable idle scan-f Fragment packets-v Verbose mode-S <IP> Spoof source address-g <port> Set source port-oN <file> Save normal output to file-oS Save output to standard output--host_timeout <ms> Set host timeout--max_rtt_timeout <ms> Set max RTT timeout--min_rtt_timeout <ms> Set min RTT timeout-M <count> Max parallel sockets for TCP connect()Example scans:
# nmap -n -PA --min-parallelism 2000 172.16.0.0/16# nmap -sL 10.0.0.0/24# nmap -sS 10.0.0.1# nmap -sU 10.0.0.1# nmap -sV 10.0.0.7# nmap -O 10.0.0.1# nmap -A 10.0.0.1Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.