Home » Network Troubleshooting Tools: ping, traceroute, nslookup, netstat และ Advanced CLI
Network Troubleshooting Tools: ping, traceroute, nslookup, netstat และ Advanced CLI
Network Troubleshooting Tools: ping, traceroute, nslookup, netstat และ Advanced CLI
Network Troubleshooting Tools เป็นเครื่องมือพื้นฐานที่ network engineer ต้องใช้ทุกวัน ping ทดสอบ connectivity และ latency, traceroute แสดง path ที่ packet เดินทาง, nslookup/dig ตรวจสอบ DNS resolution, netstat/ss แสดง connections และ listening ports และ Advanced CLI tools เช่น mtr, nmap, curl ช่วยวิเคราะห์ปัญหาที่ซับซ้อนกว่า
เมื่อ user แจ้งว่า “internet ช้า” หรือ “เข้าเว็บไม่ได้” ต้องมี systematic approach ในการ troubleshoot เริ่มจากเครื่องมือง่ายๆ (ping → traceroute → DNS check → port check) แล้วค่อย drill down ด้วย advanced tools ตาม OSI layer เพื่อระบุ root cause อย่างรวดเร็ว
Troubleshooting Methodology
| Step |
Action |
Tool |
| 1. Verify connectivity |
Ping destination → ถ้า fail → ping gateway → ping loopback |
ping |
| 2. Trace path |
หา hop ที่มีปัญหา (high latency, packet loss, timeout) |
traceroute / mtr |
| 3. Check DNS |
Verify domain resolves to correct IP |
nslookup / dig |
| 4. Check ports |
Verify service is listening + reachable |
netstat / ss / telnet / nmap |
| 5. Check application |
Test HTTP response, SSL certificate, headers |
curl / wget |
| 6. Capture traffic |
Deep analysis ของ packet-level issues |
tcpdump / Wireshark |
ping
| Command |
Purpose |
| ping 8.8.8.8 |
Test basic connectivity to Google DNS |
| ping -c 10 host |
Send 10 packets (Linux/Mac) — ดู packet loss % |
| ping -n 10 host |
Send 10 packets (Windows) |
| ping -s 1472 -M do host |
Test MTU (1472 + 28 header = 1500) — ถ้า fail = MTU issue |
| ping -t host |
Continuous ping (Windows) — monitor stability |
| ping -I eth0 host |
Ping from specific interface (Linux) |
| ping -f host |
Flood ping (Linux, root) — stress test |
ping Output Analysis
| Result |
Meaning |
Likely Cause |
| Reply OK, low latency |
Connectivity fine |
ปัญหาอาจอยู่ที่ application layer |
| Request timed out |
No response |
Host down, firewall blocking ICMP, routing issue |
| Destination unreachable |
Router says can’t reach |
No route, ACL blocking, interface down |
| High latency (>100ms LAN) |
Slow response |
Congestion, QoS issue, CPU overload on device |
| Intermittent loss |
Some packets lost |
Interface errors, duplex mismatch, congestion |
| TTL expired |
Packet looping |
Routing loop (TTL decremented to 0) |
traceroute / tracert
| Command |
Purpose |
| traceroute host (Linux) |
Show path to destination (UDP probes by default) |
| tracert host (Windows) |
Show path to destination (ICMP probes) |
| traceroute -I host |
Use ICMP instead of UDP (Linux) |
| traceroute -T -p 443 host |
TCP traceroute to port 443 (bypass ICMP filters) |
| traceroute -n host |
No DNS resolution (faster output) |
traceroute Output Analysis
| Pattern |
Meaning |
| * * * at a hop |
Router doesn’t respond to probes (may still forward traffic — not always a problem) |
| Latency jump at specific hop |
Congestion or distance increase at that hop |
| High latency from hop N onwards |
Problem is at hop N (all subsequent hops inherit delay) |
| High latency only at one hop |
Router ICMP rate-limiting (not real congestion — false positive) |
| Path loops back |
Routing loop (same hops repeat) |
nslookup / dig
| Command |
Purpose |
| nslookup example.com |
Basic DNS lookup (A record) |
| nslookup -type=MX example.com |
Query MX records (mail servers) |
| nslookup example.com 8.8.8.8 |
Query specific DNS server |
| dig example.com |
Detailed DNS query (Linux/Mac — more info than nslookup) |
| dig +short example.com |
Short output (IP only) |
| dig @8.8.8.8 example.com ANY |
Query all record types from Google DNS |
| dig +trace example.com |
Trace full DNS resolution path (root → TLD → authoritative) |
netstat / ss
| Command |
Purpose |
| netstat -an (Windows/Linux) |
Show all connections + listening ports (numeric) |
| netstat -tulnp (Linux) |
Show TCP/UDP listening ports with PID |
| ss -tulnp (Linux) |
Modern replacement for netstat (faster) |
| ss -s |
Summary statistics (total connections by state) |
| netstat -rn |
Show routing table |
| netstat -i |
Show interface statistics (errors, drops) |
Advanced CLI Tools
| Tool |
Purpose |
Example |
| mtr (My Traceroute) |
Combined ping + traceroute (continuous) |
mtr -n host → live hop-by-hop loss + latency |
| nmap |
Port scanning + service detection |
nmap -sV -p 80,443 host → check open ports + service version |
| curl |
HTTP testing (headers, timing, SSL) |
curl -I https://example.com → HTTP headers only |
| tcpdump |
Packet capture (CLI) |
tcpdump -i eth0 host 10.0.0.1 -w capture.pcap |
| arp -a |
Show ARP table (IP → MAC mapping) |
arp -a → verify L2 connectivity |
| ip route / route print |
Show routing table |
ip route get 8.8.8.8 → which route is used |
| telnet host port |
Test TCP port connectivity |
telnet 10.0.0.1 443 → test if port 443 is open |
| openssl s_client |
Test SSL/TLS connection |
openssl s_client -connect host:443 → check certificate |
curl Useful Commands
| Command |
Purpose |
| curl -I https://example.com |
Show HTTP headers only (status code, server, headers) |
| curl -o /dev/null -s -w “%{time_total}” https://example.com |
Measure total response time |
| curl -v https://example.com |
Verbose output (TLS handshake, headers, body) |
| curl -k https://example.com |
Skip SSL certificate verification |
| curl –resolve host:443:IP https://host/ |
Force DNS resolution to specific IP |
ทิ้งท้าย: Right Tool for the Right Layer
Troubleshooting Tools Layer 1-2: interface stats (errors, drops), arp -a (MAC resolution) Layer 3: ping (connectivity), traceroute/mtr (path), ip route (routing) Layer 4: netstat/ss (ports, connections), telnet (TCP test), nmap (scan) Layer 7: curl (HTTP), openssl (SSL/TLS), nslookup/dig (DNS) Methodology: ping → traceroute → DNS → port check → application → packet capture Best practice: systematic approach, OSI layer by layer, verify before assuming
อ่านเพิ่มเติมเกี่ยวกับ Network Troubleshooting Methodology และ Network Forensics Packet Capture ที่ siamlancard.com หรือจาก icafeforex.com และ siam2r.com
