Network Debugging CLI

traceroute, mtr.

Overview

The network debugging CLI toolbox covers every layer of the stack: traceroute and mtr for path discovery, ss for connection state, dig for DNS resolution, tcpdump for wire-level packet capture, curl for HTTP and TLS handshake investigation. Each tool answers a specific question, and the discipline is in matching the symptom to the right tool rather than reaching for the same one (usually tcpdump) and hoping for the best.

• traceroute / mtr. Path discovery and per-hop latency; the right tool when packets are taking the wrong path or losing traffic mid-route.
• ss. Connection state per process and per port; the right tool for "what connections does this process actually have open".
• dig. DNS investigation with query type, server, and trace; the right tool when name resolution is the suspect.
• tcpdump plus curl -v. Wire-level packet capture for when everything else is fine but packets are wrong; curl -v for HTTP and TLS handshake investigation.

The approach

The practical approach is to start with the symptom (slow request, no connection, DNS failure, wrong response), pick the layer where the symptom lives (network path, connection, name resolution, wire, HTTP), use the right tool for that layer, and drill down through layers when the answer is not at the first level. Reaching for tcpdump first wastes time; reaching for it after eliminating higher layers narrows the investigation.

• traceroute or mtr for path issues. When packets are taking the wrong path or dropping mid-route; the per-hop view shows where loss begins.
• ss for connection-level. When sockets are misbehaving; the per-process connection list reveals what is actually open.
• dig for DNS. When name resolution is suspect; +trace shows the full delegation chain.
• tcpdump for wire-level plus curl -v for HTTP. Wire-level when higher layers are fine but packets are wrong; curl -v for HTTP and TLS handshake.

Why this compounds

Network debugging fluency compounds across investigations. Each command teaches a layer of the stack; each correct tool choice produces faster root cause; the team builds a network model that pays off on every incident.

• Faster investigation. Right tool produces fast root cause; the time-to-answer drops because the question lands on the right layer.
• Network understanding. Each tool teaches a layer; the team builds a coherent network model rather than per-tool knowledge.
• Universal availability. All these tools ship on every Linux box; no dependencies, no installation friction at incident time.
• Institutional knowledge. Each command teaches the network; the team builds vocabulary for cross-layer investigation.

Network debugging CLI fluency is an operational discipline that pays off across years. Nova AI Ops integrates with network telemetry, surfaces investigation patterns, and supports the team’s investigation discipline.