Network debugging methodology

Topic: Networking basics

When connectivity fails, work through layers in order: link and IP, routing, DNS, then service and firewall. Use ping, ip route, getent/dig, and ss/firewall rules to isolate the failure so you fix the right layer instead of guessing. Use this as the standard order for any network troubleshooting.

Intent: Troubleshooting

Quick answer

  • Layer 1: Is the interface up and do you have an IP? (ip addr). Can you ping the gateway? If no IP or no gateway reply, fix addressing or link first.
  • Layer 2: Is there a default route? (ip route). Can you ping a public IP (e.g. 8.8.8.8)? If not, the problem is routing or path. If yes, move to DNS.
  • Layer 3: getent and dig. If IP works but name fails, fix DNS. Layer 4: Is the service listening? (ss -tlnp). From client, can you reach the port? (nc -zv). Connection refused vs no route to host tells you listener/firewall vs routing.

Prerequisites

Steps

  1. Link and IP

    ip addr; ensure interface is UP and has an address. ping GATEWAY_IP. If no IP, fix DHCP or static config. If no gateway reply, fix link or gateway config.

  2. Routing

    ip route; ensure default route exists. ping 8.8.8.8 (or another public IP). If this fails, the problem is routing or path (NAT, firewall, carrier). If it works, continue to DNS.

  3. DNS

    getent hosts example.com; dig @8.8.8.8 example.com. If IP reachability works but DNS fails, fix resolver config or firewall for DNS. Use DNS debug methodology guide.

  4. Service and firewall

    On server: ss -tlnp (is the service listening?). From client: nc -zv SERVER PORT. Connection refused: nothing listening or firewall drop. No route to host: routing. Fix with the appropriate guide (firewall, listener, or route).

Summary

Troubleshoot in order: link and IP, routing, DNS, then service and firewall. Use this order so you fix the right layer; use the referenced guides for each layer.

Prerequisites

Steps

Check interface and IP; ping gateway. Fix addressing or link if needed.

Step 2: Routing

Check default route; ping a public IP. Fix routing or path if needed.

Step 3: DNS

Test getent and dig. Fix resolver or firewall for DNS if IP works but names fail.

Step 4: Service and firewall

Check listener (ss); test port from client (nc). Use connection refused vs no route to host to distinguish listener/firewall from routing.

Verification

You have a repeatable order and know which layer is failing; you apply the right fix (addressing, route, DNS, or service/firewall).

Troubleshooting

Unclear which layer — Start from step 1 and stop at the first failure; do not skip. Intermittent — Run the sequence multiple times; consider latency, packet loss, and path changes.

Next steps

Continue to