Troubleshooting Connectivity
ping, mtr, firewall vs routing vs DNS.
Learning objectives
- Follow a layered troubleshooting checklist
- Distinguish DNS, routing, firewall, and physical issues
- Use ping, mtr, and arp effectively
Layered checklist
When “the network is down,” start at the bottom — physical — and move up. Skipping layers wastes hours blaming DNS when a cable was unplugged.
- Physical — link lights, Wi‑Fi associated, correct VLAN port
- IP config — address, mask, gateway, DNS on device
- Local gateway — ping
192.168.10.1 - DNS — resolve
www.workshopco.ca - Remote host — ping/traceroute to
203.0.113.10 - Application — HTTPS port 443, web server up (Book 2)
Symptom matrix
| Symptom | Likely layer | Next step |
|---|---|---|
| Cannot ping gateway | Local L2/L3 | Check cable, VLAN, IP conflict |
| Gateway OK, DNS fails | DNS | dig @192.168.10.1 workshopco.ca |
| DNS OK, HTTPS fails | App / firewall | curl -v https://..., check outbound 443 |
| Intermittent drops | Wi‑Fi / duplex | mtr over 50 cycles, check AP placement |
Worked example — POS cannot reach payment API
Shop tablet pings gateway OK. DNS resolves. HTTPS to payment provider times out. Traceroute dies at ISP hop 3. Conclusion: not Workshop Co. LAN — open ticket with ISP. Meanwhile, enable offline payment mode per vendor docs.
If traceroute reaches the provider but TCP 443 fails, check firewall outbound rules on VLAN 20 — did someone block non-HTTP ports?
Some hosts block ICMP echo. Absence of ping does not prove the host is down. Test the actual service port (443, 22) with curl or nc.
Try it yourself — triage script
Write five commands (with expected success output) you would run from an office Mac when “workshopco.ca won’t load.”
Answer
ping -c 3 192.168.10.1
dig www.workshopco.ca +short
ping -c 3 203.0.113.10
curl -I https://www.workshopco.ca
traceroute 203.0.113.10Interpret where the chain breaks.
IP conflict scenario
Printer and laptop both claim 192.168.10.40. Describe two symptoms staff might report and how to find the duplicate.
Answer
Symptoms: print jobs fail randomly; laptop drops off Wi‑Fi. Check router DHCP log, ping .40 and compare ARP MAC addresses, verify reservation matches printer MAC only.
Quick quiz
- What does a successful gateway ping prove?
- DNS works but site fails — name two non-DNS causes.
- Why use mtr instead of one ping?
Answers
- Local IP config and L2 path to router are likely OK — not end-to-end internet.
- Web server down, TLS misconfig, firewall blocking 443, wrong IP in DNS.
- Continuous stats per hop — spot packet loss/latency patterns over time.