As a network engineer, you will spend a significant amount of time resolving issues that occur within the IT infrastructure or addressing problems related to network conditions.
While many Windows or Linux commands can be used on the host to check various connection issues, a professionalâs âtoolboxâ should include many other software tools for troubleshooting various network situations.
When users start blaming network issues for slow internet connections, slow transfers to file or backup servers, or the inability to connect to internal domain servers, network administrators must quickly pinpoint the true cause of the problem.
Below, I have collected some network troubleshooting tools that you should be familiar with if your work involves managing IT or network infrastructure in an enterprise environment.
Some of these are simply utilities or OS commands you already have installed on any Windows or Linux host.
Of course, when combined with other management and monitoring software suites that provide an overall view of the entire network environment, the following tools become even more effective.
PingPlotter
/>
PingPlotter is a utility for solving network problems from a single computer. It can be installed and run on Windows or Mac computers and offers three versions:
- Free version
- Standard version (perpetual license $39.99 or monthly subscription $6.99)
- Professional version (perpetual license $349 or monthly subscription $29)
This program uses a unique combination of traceroute, ping, and whois to track network data over time. It can export and analyze this data to identify network issues (over time), performance problems, and more.
The data can be analyzed within the program, allowing network engineers to determine the source of possible network disruptions. The data is displayed graphically.
TotalView
/>
TotalView is an âall-in-oneâ solution for network monitoring and troubleshooting that proactively alerts IT administrators when significant problems occur.
TotalView not only provides general warnings but also pinpoints the exact location and cause of network issues.
The program even considers IoT devices and allows administrators to monitor cloud services their company pays for, ensuring they get their moneyâs worth.
It has numerous additional features, such as identifying and optionally blocking devices with unpatched vulnerabilities and visualizing network path monitors.
It supports infrastructure from many vendors, including Cisco, Juniper, Aruba, F5, Linksys, HP, Arista, and more.
Cisco Network Assistant
From networking company Cisco, this tool serves as a free network monitoring utility supporting up to 80 devices.
Particularly useful for network administrators already using Cisco networking devices, it also provides access to Ciscoâs âActive Advisorâ for important information about monitored devices, such as those with outdated or unsupported firmware.
Common operations and firmware upgrades can also be performed simultaneously on all devices connected to the network.
It features configurable network alerts and diagnostic information to help administrators gain insights into network issues.
It does not provide the same âplain English descriptions,â but any networking professional should be able to derive information from the utility and resolve issues in a short time.
The tool supports Cisco routers, switches, wireless controllers, and access points, which are displayed on a neat visual map with all interconnecting links.
Netfort LANGuardian
LANGuardian is a tool that allows network administrators to âdrill downâ into very specific information affecting the network, as it allows for deep packet inspection of network traffic.
Initially, administrators can view activity on the WAN and LAN and then drill down to individual devices and users, easily pinpointing bandwidth hogs!
Administrators can even retrospectively review individual data transfers, making it one of the few tools integrated with Active Directory.
This allows recording specific network-based operations using the logged-in userâs name and the name of the device on the network.
Finally, the utility also shows network engineers potential improvements and ways to block ports and protocols to optimize the network by still allowing legitimate business traffic but blocking activities that have already been rejected.
Because the tool inspects the actual packets passing through your network, it can also identify security threats such as ransomware or intrusion attempts.
Its pricing is based on licensing obtained by the number of users and the number of sensors you wish to install.
Wireshark
Wireshark is arguably the worldâs most popular protocol analyzer and is available for free. Compared to some network analyzers, it has a somewhat steep learning curve, but once network administrators become proficient, Wireshark becomes an invaluable tool for solving network problems.
Combined with WinPcap, Wireshark can âsniffâ packets from the network and generate detailed real-time traffic logs that can be filtered within the program and drilled down to individual devices and users.
Wireshark is also notable for being open source; it can run on every major operating system and analyze almost any packets extracted by other protocol analyzers!
From an advanced real-time network view to when a specific user on a specific computer downloaded a prohibited file, almost everything can be examined using Wireshark.
Tamos Throughput Test
This diagnostic utility is designed to run when your network is not in use, and it must configure a âserverâ to send data and a âclientâ to receive data.
The program tests the bandwidth your network can handle by sending a massive amount of UDP and TCP packets and measuring throughput, packet loss, etc. (similar to other packet generators).
The utility then outputs a complete report about uplink and downlink speeds, packet loss rates, and a general performance assessment.
Network engineers can use it to determine whether new equipment or larger links are needed, and Tamos also provides a paid utility to perform similar operations over WLAN.
Ping
Ping is one of the simplest yet most effective troubleshooting tools, included in every Windows and Linux machine or many other network devices like routers, firewalls, etc.
Basically, it sends ICMP packets to a target and waits to see if an ICMP reply is received from the target.
If an ICMP reply is received from the target, it primarily indicates that the target host is active and that the network path from the source to the target is also available.
One of the most useful options in Ping that I frequently use when troubleshooting network issues is to send ICMP packets continuously with the â -t â option, as shown below:
There is always a Ping command running continuously from the source to the destination to observe when the network path opens or closes during network changes (such as changing routing configurations, replacing links, upgrading routers, etc.).
traceroute
This is another network utility available on both Windows and Linux operating systems. On Windows, the command is âtracert,â and on Linux, the command is âtraceroute.â
This is a useful command when you want to see all the hops a packet takes between the source and the destination.
The command sends 3 packets, so it shows the time (in milliseconds) each packet takes between each hop.
This command is useful if you have multiple links to the destination (for example, you may have two links with two ISPs) and want to see which link/ISP is actually being used to the Internet.
Nslookup
Another network-related utility that can be used as a command on Windows and Linux machines.
Its main purpose is to resolve DNS-related issues. The basic function of nslookup is to find the mapping between domain names and IP addresses by querying DNS servers and vice versa.
As shown in the figure above, after running ânslookup www.google.com,â we get two IP addresses for Google (one IPv4 and one IPv6).
Nmap
Although primarily used for security assessments, this tool can also be extensively used for network troubleshooting.
A scenario: The server administrator has just installed a brand new web server machine in the DMZ area behind a firewall.
Customers are calling to complain that their machines cannot access this web server from the Internet. What was done here is running Nmap from the Internet to scan the web serverâs IP address (port 443 or 80).
If Nmap does not show the above ports as âopen,â it means the firewall administrator might not have allowed those ports yet.
Conclusion
This article introduced 10 network troubleshooting tools:
