Back to module
Hands-on Lab

#Lab: Network Debugging and Analysis

Master network troubleshooting with essential Linux tools.

#๐ŸŽฏ Objectives

  • Use tcpdump for packet capture
  • Analyze network traffic with netstat/ss
  • Troubleshoot connectivity issues
  • Debug DNS and routing problems

#๐Ÿ“‹ Prerequisites

  • Linux system or WSL2
  • Root/sudo access

#โฑ๏ธ Duration: 45 minutes

#Task 1: Network Connectivity Tools (10 min)

#Step 1.1: Test Connectivity

bash
1# Basic ping
2ping -c 4 google.com
3
4# Check specific port with nc
5nc -zv google.com 443
6
7# Test TCP connectivity with timeout
8timeout 5 bash -c 'cat < /dev/null > /dev/tcp/google.com/443' && echo "Open" || echo "Closed"

#Step 1.2: Trace Route

bash
1# Linux
2traceroute google.com
3
4# Alternative using TCP
5traceroute -T -p 443 google.com
6
7# MTR (combines ping and traceroute)
8mtr --report google.com

#Task 2: View Network Connections (10 min)

#Using ss (modern replacement for netstat)

bash
1# All listening TCP ports
2ss -tuln
3
4# All established connections
5ss -tun state established
6
7# Show process using port
8ss -tulnp | grep :80
9
10# Count connections by state
11ss -s

#Using netstat

bash
1# Listening ports with process
2netstat -tulnp
3
4# All connections to specific port
5netstat -an | grep :443
6
7# Connection statistics
8netstat -st

#Task 3: Packet Capture with tcpdump (15 min)

#Step 3.1: Basic Capture

bash
1# Capture on any interface
2sudo tcpdump -i any -c 10
3
4# Capture HTTP traffic
5sudo tcpdump -i any port 80 -c 10
6
7# Capture with more detail
8sudo tcpdump -i any -nn -v port 443 -c 5

#Step 3.2: Filter Traffic

bash
1# Capture specific host
2sudo tcpdump -i any host google.com -c 10
3
4# Capture specific network
5sudo tcpdump -i any net 192.168.1.0/24 -c 10
6
7# Capture DNS queries
8sudo tcpdump -i any port 53 -c 5
9
10# Combined filters
11sudo tcpdump -i any 'host google.com and port 443' -c 5

#Step 3.3: Save and Read Captures

bash
1# Save to file
2sudo tcpdump -i any -w capture.pcap -c 100
3
4# Read from file
5tcpdump -r capture.pcap
6
7# Read with filters
8tcpdump -r capture.pcap port 443

#Task 4: DNS Debugging (5 min)

bash
1# Detailed DNS lookup
2dig +trace google.com
3
4# Query specific DNS server
5dig @8.8.8.8 example.com
6
7# Check multiple record types
8for type in A AAAA MX NS TXT; do
9  echo "=== $type ==="
10  dig +short example.com $type
11done

#Task 5: Build Network Health Script (5 min)

bash
1cat << 'EOF' > ~/network-health.sh
2#!/bin/bash
3
4echo "=== Network Health Check ==="
5echo "Date: $(date)"
6echo ""
7
8# Basic connectivity
9echo "1. Internet Connectivity:"
10ping -c 2 8.8.8.8 > /dev/null 2>&1 && echo "   โœ“ OK" || echo "   โœ— FAILED"
11
12# DNS resolution
13echo "2. DNS Resolution:"
14dig +short google.com > /dev/null 2>&1 && echo "   โœ“ OK" || echo "   โœ— FAILED"
15
16# Listening ports
17echo "3. Listening Ports:"
18ss -tuln | grep LISTEN | wc -l | xargs -I {} echo "   {} ports listening"
19
20# Active connections
21echo "4. Active Connections:"
22ss -tun state established | wc -l | xargs -I {} echo "   {} established"
23
24echo ""
25echo "=== Complete ==="
26EOF
27
28chmod +x ~/network-health.sh
29~/network-health.sh

#โœ… Success Criteria

  • Used ping, nc, traceroute for connectivity tests
  • Viewed connections with ss and netstat
  • Captured packets with tcpdump
  • Created network health check script

#๐Ÿงน Cleanup

bash
rm -f capture.pcap ~/network-health.sh