mag72

Best FREE Network Troubleshooting Tools & Software for Your IT Infrastructure & Help Desk Engineers!

best free network troubleshooting tools and software

Marc Wilson

At some point in time, we all have faced the same “No Internet” error message.

Some people decide to play the dinosaur video game, and others do nothing, then there are the ones that love to dig down into the nature of the problem.

no internet screen

In this post, we’ll share the Top 10 Free Network Troubleshooting Tools and Software that will help the problem-solving ones to get back on their feet, dig deep, and solve any problem that their network might be suffering.

Why are Troubleshooting Tools Important?

Systems fail all the time.

If your home Internet fails, you could probably call the provider or go somewhere else where there is a WiFi connection. But that is a different story when it happens to the network connection of a Large Business.

The employees can’t do what they need to do until they get back into the web server. Business comes to a halt (or shuts down temporariy) and is probably losing money. You think it could take a couple of hours, but it ends up taking three days.

Getting to know the problem and finding ways to fix it quickly, takes solid troubleshooting skills.

Network admins and engineers can solve problems with the help of a few specific tools. They have the skills, so they choose tools that are quick and fundamental. The network troubleshooting software described in the following list are the favorites among any experienced IT specialist.

  1. Ipconfig / ifconfig
  2. Ping
  3. Tracert / Traceroute
  4. NSLookup
  5. Netstat
  6. Route
  7. Subnet Calculator
  8. SpeedTest
  9. Wireshark
  10. NMap

Best Network Troubleshooting Tools & Software (FREE):

All the tools and commands work in many Operating Systems, including Windows and Major Linux variations. Although they have the same fundamentals, they have differences in their implementation. Most of the tools require you to open the Command Prompt “cmd” in Windows, the “terminal” in MacOS, or the “shell” in Linux. Others are web-based, and others require you to download an executable file.

1. Ipconfig/Ifconfig

Gathering information is the most important step when troubleshooting.

The ipconfig command stands for IP configuration and is used in Windows OS. The ifconfig stands for interface configuration and is used in Linux and MacOS. Both display all current TCP/IP configuration for all currently connected networks.

If your network is using a DHCP (Dynamic Host Configuration Protocol) Server to assign IPs to all hosts, then ipconfig is mandatory when troubleshooting. It also comes in handy when the IPs are statically assigned because there might not be proper documentation, or the IP address changed.

The ipconfig gives out all the network adapter’s information (when used without arguments), such as:

  • IPv4/IPv6 Address
  • Subnet Mask
  • Default Gateway

 Aside from showing information, the Ipconfig command can also release IP addresses, renew DHCP configuration, flush DNS cache, register DNS, and more.

ipconfig command

From the information shown in the results above, you can see that I am connected to two different networks, one Ethernet (wired) and the other, a Wireless. But there are other variations for the command (for Windows), for example:

  • ipconfig /all

    This command will display all information, including adapter description, MAC address, DHCP Server, Lease information, and more.

  • ipconfig /renew

    This command will renew the IP information for a specific adapter. Use it, when you suspect that there is an IP address conflict.

  • ipconfig /flushdns
    

    This command will purge the DNS resolver cache. It can be used to clear the DNS cache.

To find out more about this command type “ipconfig  -help” in Windows or “ifconfig” in Mac and Linux.

2. Ping

A good Ping represents a healthy network connection, a bad ping means a delay or packet loss, and an unresponsive ping represents no connection.

In networking, ping is a method that sends an ICMP (Internet Control Message Protocol) echo request to a destination and waits for the response (echo reply). While the source of the ping is waiting, a delay timer is counting the time it takes for the packet to go and come back.

With Ping you can perform a basic connectivity test between source and destination. If the target does not respond to the request, the connection is unavailable. You can also get statistics such as RTT and % of packet loss.

How to use Ping?

In the following ping test, we tested connectivity between our host and the gateway (192.168.0.1).

ping command

The results show 0% of packet loss and 1ms average in RTT (Round-Trip-Time). You can, of course, get creative and test different approaches. For example,

  • ping (destination_IP) -t

    Perform an extended (infinite) ping.

  • ping (destination_IP) -l (size in bytes)

    Vary the packet size in bytes.

  • ping (destination_IP) -n (number of packets)

    Send specific ICMP packets.

  • ping (destination_IP) -i (time)

    Determine the TTL.

To access the help manual of the tool, type “ping -help” in Windows and “ping” in MacOS and Linux.

 

3. Tracert / Traceroute

In networking, a route towards a destination is made out of hops. Each hop is a device capable of routing and forwarding packets.

The traceroute tool gives out information on each hop that leads to a destination, something that can never be done with traditional ping.

You can use traceroute when you think that a problem extends beyond the local network and you want to find information about the path, which includes all the devices that forward your packet to the destination. The traceroute will give out IPs, hostnames, and response time of each hop.

How does Traceroute Work?

Just like Ping, Traceroute also uses ICMP requests and replies. The difference is that it performs it, using a concept known as, hop limit. To get information from each device, it limits the next hop by modifying the TTL, for example, it sends an ICMP Echo request TTL=1, then the hop drops the package and returns a TIME EXCEEDED. The source of the traceroute interprets this as the first hop, records the IP/hostname information and sends the second packet by increasing the TTL to 2, and so on.

Some devices along the path, such as firewalls or DPIs are capable of detecting these requests and might not give information back; they only forward the packet to the next hop.

Let’s say we want to find out what is out there between my computer and google.com. Type in “tracert google.com” in Windows.

traceroute command

What can we see from the results?

  • We know that it takes fourteen hops to reach my destination (Google’s server: 172.217.168.174).
  • Each hop adds up delay time in ms, especially those hops with longer geographical distances.
  • We got information about some forwarding devices between me and my destination. Those Telefonica servers sent back their IP and hostname.

To find information about traceroute type “tracert -help” in Windows or “traceroute” in Mac or Linux.

 

4. Nslookup

Anyone using the Internet will indirectly use DNS. If you type google.com from your browser, the DNS will convert the name “google.com” to a machine-readable IP, so that your packet can be forwarded correctly.

How does your computer find its way to google.com?

  1. First, your computer checks its DNS cache, which is a memory of recent DNS lookups.
  2. If it does not find the name on the cache, it will send the request to the DNS Server.

If you are in a SOHO (Small Office Home Office) network, you might not have to deal with a DNS Server, and leave those problems to your ISP. But enterprise networks usually use a DNS server to convert all their internal server IPs to names.

Why is NSLookup Important?

The command nslookup (Name Server Look Up) is a way to find out if the DNS Server (not the cache) is resolving names. If it can’t translate a name, then there is likely a DNS issue.

Although ping and traceroute can resolve a domain name to an IP, they work based on NetBIOS information. The nslookup will consult the configured DNS server directly.

 nslookup command

In the example above, we sent an nslookup query to the DNS for the name “amazon.com.”

What can you see from the results?

  • The server returned three IPs that Amazon is currently using for that particular name.
  • A non-authoritative answer means that our DNS obtained the reply from another “authoritative” DNS, usually a server on a higher level of the DNS hierarchy.

 

5. Netstat

If you are connected to the Internet, there are probably some applications taking advantage of your connection. Not only your web browser is creating a link to a remote server, but also online video games, downloading software, and probably some background processes that you might be unaware of, such as backdoors or Malware. 

Netstat stands for Network Statistics. It gives detailed information about the state of all the current network connections on the computer.

Netstat is a fantastic tool for troubleshooting because It can let you see what ports are open and listening on your device and the remote servers that are creating a connection to your computer with the ports that they are using.

Running NETSTAT without any argument gives you:

  1. TCP/UDP information.
  2. Local IPv4/IPv6 and port number.
  3. Foreign IPv4/IPv6 and port number.
  4. The hostnames.
  5. The current state of the network connection (Established, Time-Wait, or Close-Wait)

The command uses the same format in Windows, Linux, or MacOS, but the results are displayed slightly differently, and the arguments change. To use netstat in a MacOS or Windows, type in “netstat” in the terminal or command, like seen below:

netstat

Netstat will create a report with a massive list of network connections, probably with over 1000 lines.

To troubleshoot network connections with netstat, you need to be able to filter this report. You can clean the output to your preferences using specific arguments.

For example, in a MacOS (note that these commands vary in Windows):

  • netstat -p TCP -a

    Display all active TCP connections, with open and active ports.

  • netstat -nr

    Display routing table information.

 

6. Route

With some tools listed before, such as “traceroute,” you learned how to analyze routes on a hop-by-hop basis. You are troubleshooting a “No Internet” issue, and you can quickly figure out the path that the packet is taking is not going through your Internet Gateway.

All your traffic is being re-routed somewhere else, and you don’t know why.

The “route print” command shows all configured routes on your machine. Route Print is a Windows command and is the equivalent for “Netstat -nr” in MacOS and Linux, showed before.

With the route print, you can keep track of the routes by:

  • Destination
  • Network Mask
  • Gateway
  • Interface
  • Metric

From the following “route print” output, you can see that there is one important route that is forwarding most of the traffic. The local machine forwards most of the packets going to a “least-significant” IP address destination, in this case, is 0.0.0.0/0 to the gateway (10.20.32.1).

The other local routes displayed here, are for management, localhost, multicasting, and broadcasting purposes.

route print command

You can also use “Route” for adding or removing routes to the local machine.

The “route” command might only be useful in situations where there is more than one IP address configured on the machine. For example, if you have two networks at home, one could be dedicated to media or storage and the other for accessing the Internet.

You can also use this command to add a new default route to your machine (or remove).

route add 0.0.0.0 mask 0.0.0.0 <gateway>

 

7. Subnet Calculator

 Unless you do it every single day, subnetting is a skill that takes time to master. Some network professionals can create subnets without a pen, paper, and calculator. They have been doing it for a while, that their minds can create subnets quickly.

But those that don’t have the skills need speed and error-less subnetting.

A subnet calculator will let you divide your network into subnets. It will help you define IP subnets, maks, and subnet addresses. Give it a range of IP addresses or CIDR notations, and it will create a list of subnets for you.

When you use a calculator, you can customize the output of the list of subnets. For example, you can vary the number and the size of subnets available in your network.

A favorite subnet calculator among network admins and engineers is SolarWinds Advanced Subnet Calculator. It is free, easy-to-use, lightweight, and fully compatible with Windows OS.

subnet calculator

Among its key features are:

  • Calculates IPs
  • Creates Subnets
  • Calculates CIDR
  • Creates a list of subnets.
  • Resolves DNS.

 

8. SpeedTest

Network admins use online speed tests to check the real bandwidth or throughput of an Internet connection. These tests are capable of measuring the time it takes to download or upload from the Internet to a specific host.

The results of these tests are great for testing newly deployed connections, making sure that the Internet Service Provider “ISP” is giving the offered bandwidth, or making sure that an SLA (Service-Level-Agreement) is met.

Online speed tests run right from your web browser using HTML-5 or Java. These tools depend entirely on TCP Port 80 (or 8080) and are real HTML throughput measurements between a server and a client.

Speedtest by Ookla is one of the most common. It is free and can display download, upload speed, and latency information.

speedtest

Recommendations when Troubleshooting with an Online speed test:

  • The given results are Throughput, not bandwidth or Internet Speed. Bandwidth is the “total” amount of information transferred from source to destination in a given time, while the throughput is the “actual” amount of information transferred, considering additional factors.
  • To get the most out of these tools, test at different times of the day and from multiple devices. Traffic loads vary during the time of day, and each device has different processing capabilities.

 

9. Wireshark

Wireshark is the defacto standard for network analyzers.

The IT industry has taken Wireshark as the most important software for network troubleshooting, optimization, and security. The tool alone is downloaded over 500,000 times a month and is used anywhere, from home networks, SMBs, to large enterprises.

Wireshark is a free and open source multiplatform network analyzer. It is the perfect tool for anyone that wants to monitor the security and performance of the network. It allows you to go deep into a TCP/IP network connection.

With Wireshark, you can analyze every packet exchange with a specific source and destination, and find faults in the communication process.

A List of Some of the Features of Wireshark:

  • Save and analyze network logs when there is unexpected behavior.
  • View live or saved data from file captures.
  • View statistics from end-points, layer protocols, and conversions.
  • It supports decryption.
  • It can capture network data from various interfaces.
  • Read and write different capture information, such as Snoop or Sniffer.
  • Filter logs and messages.
  • It includes a Macro system.
  • Export results to CVS, XML, PostScript or plain-text.

wireshark

10. NMap

Troubleshooting security vulnerabilities?

NMap “Network Mapper,” is a free and open source network scanner, inventorying, and security auditing tool. It is multi-platform, so it runs on various operating systems, including Windows, MacOS, Linux, FreeBSD, etc.

NMap is one of the best network troubleshooting utilities because it cannot only discover a network but also enumerate any information, which can be useful for security penetration testing.

Use NMap to Do any of the Following:

  • Discover Live hosts.
  • Identify open ports on a host.
  • Extract their services/process information.
  • Expose their OS, hardware information, and even software version.
  • Find vulnerabilities and Exploits.

When troubleshooting, NMap can help you test from your client computer to see if you have connectivity to open a TCP on a remote server. Nmap allows you to test and monitor a single host or multiple subnetworks at the same time.

To gather information, Nmap scans the ports in the network by sending raw packets. The tool waits and listens for responses and determines whether a port is open, closed or filtered by a firewall. To perform network scanning, Nmap uses several techniques, such as ICMP requests, TCP Connect (), TCP Reverse scanning, FTP bounce, etc.

nmap

Summary

Most of the tools listed above are within anyone’s reach. They are either quickly available through the native command line interface or terminal of the OS, through the web browser, or in downloadable freeware.

When you learn to use some or all of these tools effectively, you can reduce troubleshooting time exponentially, which means less wasted money and higher employee productivity.

Tools, such as ping, traceroute, ipconfig, netstat, nslookup, and Speedtest are easy to learn and extremely useful for any troubleshooting case. “Route” is also easy to implement but can be left for occasional uses, such as when there are multiple IPs and subnets.

Subnet calculators might not be the right fit for critical troubleshooting phases, but can be useful for finding IP conflicts, overlapping subnets, or just for capacity planning.

The last two tools, Wireshark and Nmap, are usually the favorite ones for experienced network professionals. They are not available in the OS, or online; you have to download them. Both of these tools take some time to master, but once you do, you’ll become the ninja network troubleshooter. No problem will stand in your way.