Use tcpdump and Wireshark to capture and analyze packets for connectivity issues, filtering by port, protocol, or TCP flags. 2. Employ mtr and tcptraceroute for accurate path analysis, especially in firewall-restricted environments using TCP-based probes. 3. Replace legacy tools with ip for interface and route inspection, and ss for detailed socket statistics including process and connection states. 4. Diagnose DNS problems using dig with trace and multiple resolvers, and verify systemd-resolved status and queries. 5. Assess network performance via ping under load, hping3 for custom packet testing, and netperf for throughput benchmarking. 6. Identify bandwidth hogs with nethogs by process and iftop by connection, crucial during traffic anomalies. 7. Use netstat for interface and routing stats if needed, monitor kernel logs for network errors, and tune TCP and buffer settings via sysctl for optimal performance. Combining these tools enables precise diagnosis across all network layers, ensuring rapid resolution of complex Linux networking issues.

When working with Linux systems—especially in production environments—networking issues can quickly become critical. While basic tools like ping and ifconfig are helpful for simple checks, advanced networking problems demand deeper inspection and more powerful tools. Here’s a practical guide to advanced Linux networking tools and troubleshooting techniques that every sysadmin or DevOps engineer should know.

1. Diagnosing Connectivity with tcpdump and Wireshark

When packets aren’t reaching their destination or services behave unexpectedly, packet capture is your best friend.

• tcpdump lets you capture raw network traffic directly from the command line:

  

  tcpdump -i eth0 port 80 -n -c 10

  This captures 10 packets on port 80 without DNS resolution (-n) on interface eth0.

• Use -w to save captures for later analysis:

  

  tcpdump -i eth0 -w capture.pcap

  You can then open capture.pcap in Wireshark for a graphical, in-depth analysis—great for spotting malformed packets, TCP retransmissions, or TLS handshake failures.

Pro tip: Filter traffic by host, port, protocol (e.g., tcp, udp, icmp), or even specific flags like tcp[tcpflags] & tcp-syn != 0 to see SYN packets only.

2. Analyzing Network Paths with traceroute, mtr, and tcptraceroute

Standard traceroute uses ICMP or UDP probes, which may be blocked by firewalls—leading to misleading results.

• mtr (My Traceroute) combines ping and traceroute for real-time monitoring:

  mtr --report www.google.com

  It shows packet loss and latency at each hop, helping identify where a connection degrades.

• For services behind firewalls that drop ICMP/UDP, use tcptraceroute:

  tcptraceroute --port 443 www.example.com

  This uses TCP SYN packets to port 443, mimicking real connection attempts—much more reliable in restricted environments.

3. Inspecting Routing and Interfaces with ip and ss

Forget ifconfig and netstat—modern Linux systems use ip and ss from the iproute2 suite.

• ip addr and ip route give detailed interface and routing table info:

  ip addr show dev eth0
  ip route get 8.8.8.8

  The second command shows which route/kernel path is used to reach 8.8.8.8—including source IP and outgoing interface.

• ss (socket statistics) is faster and more detailed than netstat:

  ss -tuln

  Lists all listening TCP/UDP ports without DNS lookup. Add -p to see associated processes.

  For deeper inspection:

  ss -i  # show internal TCP info like congestion control
  ss -4 state established  # show IPv4 established connections

4. Troubleshooting Name Resolution with dig, nslookup, and systemd-resolved

DNS issues often masquerade as network outages.

• dig is the go-to DNS query tool:

  dig @8.8.8.8 example.com A  short
  dig example.com MX

  Use trace to follow the full DNS resolution path from root servers down.

• Compare results from different resolvers to isolate misconfigurations:

  dig @1.1.1.1 example.com
  dig @192.168.1.1 example.com  # your local DNS

• If using systemd-resolved, check its status:

  systemd-resolve --status
  resolvectl query example.com

  Misconfigured DNSSEC or stale caches can silently break connectivity.

5. Monitoring Performance and Latency with ping, hping3, and netperf

Sometimes the network works—but not well.

• ping with interval and flood options:

  ping -i 0.1 -f target.com  # flood ping (use carefully)

  Helps detect packet loss under load.

• hping3 lets you craft custom TCP/IP packets:

  hping3 -S -p 443 -c 10 www.example.com

  Sends 10 TCP SYN packets to port 443—useful for testing firewall rules or service responsiveness.

• netperf measures throughput and latency:

  netperf -H 192.168.1.100 -t TCP_STREAM

  Great for benchmarking network performance between servers (e.g., in cloud or data centers).

6. Checking for Bottlenecks with nethogs and iftop

When bandwidth is being consumed unexpectedly, you need per-process or per-connection visibility.

• nethogs shows bandwidth usage by process:

  sudo nethogs eth0

  Instantly reveals if a rogue script or service is uploading/downloading heavily.

• iftop shows real-time bandwidth per connection:

  sudo iftop -i eth0 -P

  The -P flag shows ports, helping you identify what services are active.

These tools are invaluable during DDoS events or data exfiltration attempts.

7. Advanced Diagnostics: netstat vs ss, and Kernel Tuning

Even though ss is preferred, netstat still has niche uses:

• netstat -i for interface statistics (collisions, errors).
• netstat -rn to view the routing table (equivalent to ip route show).

Also, check for network-related kernel issues:

dmesg | grep -i "error\|drop\|network"

Look for packet drops, buffer overflows, or driver issues.

Tune kernel parameters if needed:

sysctl net.core.rmem_max
sysctl net.ipv4.tcp_rmem

Adjust receive/send buffer sizes for high-latency or high-bandwidth networks.

Advanced Linux networking troubleshooting isn’t about knowing every command—it’s about choosing the right tool for the layer you’re diagnosing: physical, network, transport, or application. Combine packet inspection, route analysis, DNS checks, and performance tools to systematically isolate issues.

Basically, when the network’s on fire, these tools are your extinguishers.

The above is the detailed content of Advanced Linux Networking Tools and Troubleshooting. For more information, please follow other related articles on the PHP Chinese website!