Docs / Networking / How to Troubleshoot Network Connectivity Issues

How to Troubleshoot Network Connectivity Issues

By Admin · Mar 15, 2026 · Updated Apr 23, 2026 · 407 views · 2 min read

When your server cannot reach the internet or clients cannot reach your server, a systematic troubleshooting approach saves time. This guide walks through the diagnostic process layer by layer.

Layer 1: Physical/Link Layer

# Check interface status
ip link show
# Look for: state UP vs state DOWN

# Check for link errors
ip -s link show eth0
# Look for: RX/TX errors, dropped packets

# Verify the interface has an IP
ip addr show eth0

Layer 2: IP Connectivity

# Can you reach the gateway?
ip route | grep default
ping -c 3 YOUR_GATEWAY_IP

# Can you reach an external IP?
ping -c 3 1.1.1.1
ping -c 3 8.8.8.8

# If ping to gateway fails: network configuration issue
# If ping to gateway works but external fails: routing issue

Layer 3: DNS Resolution

# Can you resolve hostnames?
dig google.com +short
# If this fails but ping to 1.1.1.1 works: DNS issue

# Check DNS configuration
cat /etc/resolv.conf

# Test with a specific DNS server
dig @1.1.1.1 google.com +short

Layer 4: Service Connectivity

# Can you reach a specific port?
nc -zv example.com 443
curl -v https://example.com

# Is YOUR service listening?
ss -tlnp | grep :80

# Is the firewall blocking?
sudo iptables -L -n | grep -E "80|443"
sudo ufw status

Diagnostic Decision Tree

# 1. Is the interface UP?
ip link show eth0
# NO → sudo ip link set eth0 up

# 2. Does the interface have an IP?
ip addr show eth0
# NO → Check DHCP or static config

# 3. Can you ping the gateway?
ping -c 3 $(ip route | awk "/default/ {print $3}")
# NO → IP config wrong, cable issue, or provider issue

# 4. Can you ping 1.1.1.1?
ping -c 3 1.1.1.1
# NO → Routing issue, check: ip route show

# 5. Can you resolve DNS?
dig google.com +short
# NO → Fix /etc/resolv.conf

# 6. Can you reach the service?
curl -v https://example.com
# NO → Firewall blocking, service not running, or remote issue

Useful Diagnostic Commands

# Full network status
ip addr show        # IP addresses
ip route show       # Routing table
ss -tlnp            # Listening ports
cat /etc/resolv.conf # DNS servers

# Test specific TCP connection
nc -zv hostname port

# Path analysis
mtr -r hostname

# Packet capture (for deep debugging)
sudo tcpdump -i eth0 port 80 -c 20

# Check firewall rules
sudo iptables -L -n -v
sudo ufw status verbose

Common Fixes

# Fix DNS
echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf

# Fix default route
sudo ip route add default via YOUR_GATEWAY dev eth0

# Restart networking
sudo systemctl restart systemd-networkd
# Or: sudo netplan apply

# Fix firewall lockout (if you still have console access)
sudo ufw disable
# Then fix rules and re-enable

Was this article helpful?

Related Articles