Troubleshooting - Learning Module

Loading content...

0/228

Common Issues

Patterns that Repeat Across Every Network

After years of network troubleshooting, experienced engineers recognize that the same problems appear repeatedly—different networks, different applications, but fundamentally the same root causes. This is both frustrating and powerful.

Frustrating because you'd think people would stop making the same mistakes. Powerful because once you recognize the pattern, diagnosis becomes fast.

This page catalogs the most common network issues you'll encounter in production environments. For each, we'll cover:

Symptoms — How the problem manifests
Root causes — What typically causes this issue
Diagnostic steps — How to confirm the diagnosis
Resolution — How to fix it
Prevention — How to stop it from recurring

Think of this as a field guide—a reference you'll return to throughout your career.

What You Will Learn

This comprehensive guide covers connectivity failures, slow performance, DNS problems, DHCP issues, routing problems, MTU/fragmentation issues, duplex mismatches, and security-related connectivity blocks. For each, you'll learn the classic symptoms and efficient diagnostic approaches.

Connectivity Failures

"I can't reach the server" — the most common complaint. Complete connectivity failures have many causes, but systematic diagnosis quickly identifies the layer at fault.

Symptom Categories:

Symptom	Likely Layer	First Check
No network icon / no link light	Layer 1 (Physical)	Cables, port, NIC
APIPA address (169.254.x.x)	Layer 2-3 (DHCP)	DHCP service
Can't ping gateway	Layer 2-3	ARP, VLAN, cables
Can ping gateway, can't ping internet	Layer 3	Routing, NAT, firewall
Can ping IP, can't access by name	DNS	Name resolution
Can resolve name, can't connect	Layer 4+	Port, firewall, service

Converting Mermaid diagram...

Issue: No Physical Connectivity

Symptoms:

No network icon or 'Network cable unplugged'
No link lights on NIC or switch port
ipconfig shows 'Media disconnected'

Diagnosis:

# Windows
ipconfig /all   # Look for 'Media State: Media disconnected'

# Linux
ip link show    # Look for 'state DOWN' or 'NO-CARRIER'
ethtool eth0    # Check 'Link detected: yes/no'

Common Causes:

Loose or damaged cable
Failed NIC
Wrong cable type (crossover vs straight-through, though auto-MDI/X usually handles this)
Dead switch port
Port administratively disabled

Resolution:

Try a different cable (most common fix)
Try a different switch port
Check switch port configuration (show interface on Cisco)
Test NIC with known-good cable/port
Update/reinstall NIC driver

Issue: APIPA/Link-Local Address

Symptoms:

IP address in 169.254.x.x range (Windows) or 169.254.x.x (Linux with zeroconf)
Can't reach anything outside local segment

Diagnosis:

# Check IP configuration
ipconfig /all              # Windows
ip addr show               # Linux

# Try to get new address
ipconfig /release          # Windows
ipconfig /renew

dhclient -r eth0           # Linux
dhclient eth0

# Check for DHCP traffic (on capture)
sudo tcpdump -i eth0 port 67 or port 68

Common Causes:

DHCP server down or unreachable
DHCP scope exhausted
VLAN mismatch (client and DHCP server on different VLANs without relay)
Firewall blocking DHCP (UDP 67/68)

Resolution:

Verify DHCP server is running
Check DHCP scope has available addresses
Verify VLAN configuration and DHCP relay (ip helper-address)
Use static IP as workaround while fixing DHCP

Systematic Layer Testing

For any connectivity issue, work through the layers systematically: (1) ping localhost (loopback test), (2) ping local IP (NIC binding), (3) ping gateway (local network), (4) ping external IP (routing/NAT), (5) ping by name (DNS), (6) test service port. The layer where testing first fails is where the problem lies.

Slow Network Performance

"The network is slow" — possibly the most frustrating complaint because 'slow' is subjective and can have dozens of causes. Systematic analysis is essential.

First: Quantify 'Slow'

Before investigating, establish baselines:

What is the expected performance?
What is the actual measured performance?
How consistently slow is it? (Always, peak times, random)

Performance Issue Categories:

Categories of Slow Performance
Category	Characteristics	Common Causes
High Latency	Ping times elevated (> expected for distance)	Congestion, suboptimal routing, satellite links
Low Throughput	Transfers take too long	Bandwidth saturation, duplex mismatch, TCP window issues
Packet Loss	Retransmissions, timeouts	Congestion, bad hardware, interference (wireless)
High Jitter	Variable latency	QoS issues, buffer bloat, competing traffic
DNS Delays	First connection slow, then fast	Slow/unreachable DNS server
Application Delay	Network fast, app slow	Server overload, inefficient queries

Issue: Network Congestion

Symptoms:

High latency during busy periods
Packet loss (retransmissions visible in captures)
Throughput lower than link capacity

Diagnosis:

# Check interface utilization on network devices
show interface GigabitEthernet0/1   # Cisco
# Look for 'input rate' and 'output rate' near link capacity

# From endpoints, use iperf to test capacity
iperf3 -c server-ip                  # Client
iperf3 -s                            # Server

# mtr to identify where latency increases
mtr -n target.example.com

Common Causes:

Insufficient bandwidth for traffic volume
Backup jobs during business hours
Streaming or large file transfers
Broadcast storms or loops

Resolution:

Identify the traffic causing congestion (NetFlow, sFlow, SNMP)
Reschedule bandwidth-intensive tasks to off-peak
Implement QoS to prioritize critical traffic
Upgrade link capacity if consistently saturated
Check for traffic loops (STP issues)

Issue: Duplex Mismatch

Symptoms:

Slow throughput despite available bandwidth
Increasing 'late collisions' on switch port
Performance degrades under load
Works okay for small transfers, terrible for large ones

Diagnosis:

# Check duplex settings on switch
show interface GigabitEthernet0/1
# Look for 'Half-duplex' when 'Full-duplex' expected
# Look for 'late collision' or 'CRC error' counters

# On Linux
ethtool eth0
# Check 'Duplex: Full' or 'Duplex: Half'

# On Windows
Get-NetAdapter | Format-List -Property *

What happens in a duplex mismatch:

One side set to full-duplex (doesn't check for traffic before sending)
Other side set to half-duplex (waits for clear channel)
Full-duplex side transmits while half-duplex side is sending
Half-duplex side detects collision, retransmits
Result: severe performance degradation under load

Resolution:

Set both ends to same duplex (ideally full-duplex)
Configure both ends to auto-negotiate (most reliable on modern gear)
If auto-neg fails, manually set both sides identical

The Duplex Mismatch Trap

Duplex mismatches are insidious because they don't completely break connectivity—small transfers work fine. The problem only appears under load, making it seem like a capacity issue. Always check duplex when investigating load-dependent slowness.

Issue: TCP Window Size Limitation

Symptoms:

Throughput much lower than bandwidth allows
High-latency links particularly affected
Single connections slow, multiple parallel connections faster

Explanation:

TCP window size limits how much data can be in-flight before acknowledgment. For high bandwidth-delay product links:

Max Throughput = Window Size / RTT

Example: 64 KB window, 100ms RTT
Max = 65536 bytes / 0.1 seconds = 655 KB/s = 5.2 Mbps

On a 100 Mbps link, you're limited to 5.2 Mbps!

Diagnosis:

Packet capture: Look at TCP window sizes in handshake and during transfer
Filter: tcp.analysis.zero_window or tcp.analysis.window_full

Resolution:

Enable TCP window scaling (usually default on modern OS)

Tune TCP buffer sizes:

# Linux - increase TCP buffers
sysctl -w net.core.rmem_max=16777216
sysctl -w net.core.wmem_max=16777216
sysctl -w net.ipv4.tcp_rmem='4096 87380 16777216'
sysctl -w net.ipv4.tcp_wmem='4096 65536 16777216'

For file transfers, use applications that support parallel streams

DNS Issues

"It's always DNS" — a meme in network engineering because it's often true. DNS issues cause symptoms that look like network problems but are actually name resolution failures.

Issue: DNS Server Unreachable

Symptoms:

Websites don't load by name, but IPs work
'Name or service not known' or 'DNS_PROBE_FINISHED_NXDOMAIN'
Inconsistent failures (some names work, others don't)

Diagnosis:

# Test DNS resolution explicitly
nslookup www.example.com
nslookup www.example.com 8.8.8.8   # Test alternate DNS

# Check configured DNS servers
cat /etc/resolv.conf               # Linux
ipconfig /all                      # Windows

# Ping DNS server
ping 192.168.1.1                   # Your DNS server IP

# Test DNS port
nc -zv 192.168.1.1 53              # TCP
nc -zuv 192.168.1.1 53             # UDP

Common Causes:

DNS server down or overloaded
Firewall blocking UDP/TCP 53
Incorrect DNS server configured
DHCP providing wrong DNS server

Issue: DNS Returning Wrong Answer

Symptoms:

Website shows wrong content or certificate error
Internal names resolve to external IPs or vice versa
Recent DNS changes not reflected

Diagnosis:

# Query authoritative server directly
dig www.example.com @ns1.example.com

# Check what your resolver returns
dig www.example.com

# Compare results - they should match

# Check TTL to see if cached
dig www.example.com   # Note TTL in answer section

# Flush cache
ipconfig /flushdns                  # Windows
sudo systemd-resolve --flush-caches # Linux (systemd-resolved)
sudo rndc flush                     # BIND server

Common Causes:

Cached stale record (wait for TTL expiry or flush)
Split-horizon DNS returning wrong view
DNS hijacking or poisoning
HOSTS file override
Local DNS server with stale zone

DNS Issue Quick Reference
Symptom	Likely Cause	Quick Fix
All lookups fail	DNS server unreachable	Check connectivity to DNS, try 8.8.8.8
Some lookups fail	Specific zone issue	Check authoritative server for that zone
Slow resolution	DNS server overloaded or far	Add local caching DNS or switch provider
Wrong IP returned	Cache poisoning or stale cache	Query authoritative directly, flush cache
Works externally, not internally	Split-horizon DNS issue	Check internal DNS zone configuration
Works by IP, not name	DNS broken, network fine	Verify DNS server and records

Issue: DNS Propagation Delay

Symptoms:

DNS change made, but old IP still returning
Different results from different locations
Complaints that 'it works for some people but not others'

Understanding TTL:

DNS records have a Time-To-Live (TTL) specifying how long resolvers should cache them. Until TTL expires, cached value is returned.

# Check current TTL
dig example.com

;; ANSWER SECTION:
example.com.        3600    IN    A    93.184.216.34
                    ^^^^
                    TTL in seconds (1 hour)

Resolution:

Before changing DNS, reduce TTL to 300 (5 min) 24-48 hours in advance
Make the change
Wait for old TTL to expire
Return TTL to normal value

For immediate change needs:

Old TTL must expire; you can't force remote caches
Upstream resolvers (ISP, 8.8.8.8) honor TTL
Some resolvers enforce minimum TTL regardless of record

Always Test with Direct Queries

When debugging DNS, query the authoritative server directly (dig @ns1.example.com domain.com) to see the ground truth. Then query your local resolver to see what's cached. The difference reveals caching or propagation issues.

MTU and Fragmentation Issues

MTU (Maximum Transmission Unit) issues cause frustrating partial failures: small packets work, large packets fail. This creates symptoms like:

Web pages partially load
SSH works, SCP fails
Ping works, applications fail
VPN connections mysteriously break

Understanding MTU:

Link Type	Typical MTU
Ethernet	1500 bytes
PPPoE	1492 bytes
VPN Tunnel	1400-1460 bytes (varies)
GRE Tunnel	1476 bytes
IPv6 minimum	1280 bytes

When a packet exceeds the path MTU, it must be fragmented or dropped. Modern hosts use Path MTU Discovery (PMTUD) to avoid fragmentation by discovering the smallest MTU along the path.

Issue: Black Hole Due to PMTUD Failure

Symptoms:

Connections establish (SYN/ACK works) but data transfer stalls
Small requests work, large ones timeout
Works on some networks, not others
Classic: 'SSH works, HTTPS doesn't'

What's Happening:

Host sends large packet with DF (Don't Fragment) bit set
Router in path can't forward (MTU exceeded)
Router should send ICMP 'Fragmentation Needed' message
But a firewall blocks ICMP, so message never arrives
Host never learns packet was too big
Host keeps retrying with same packet size
Connection stalls

Diagnosis:

# Test with large ping and DF bit
ping -M do -s 1472 target.example.com     # Linux
ping -f -l 1472 target.example.com        # Windows

# If this fails but smaller sizes work, MTU issue confirmed
ping -M do -s 1400 target.example.com

# Binary search to find path MTU
ping -M do -s 1450 target.example.com
ping -M do -s 1430 target.example.com
# ... continue until you find the breakpoint

# Packet capture: look for large packets with no response
sudo tcpdump -i eth0 -nn host target.example.com and greater 1400

MTU Problem Symptoms

•Small requests work, large fail
•Connections establish, then stall
•Ping works, file transfers don't
•Problems appear after VPN enabled
•Works on LAN, fails over WAN
•'Message too long' errors

MTU Problem Solutions

•Lower interface MTU to match path
•Enable MSS clamping on router/firewall
•Ensure ICMP 'Frag Needed' isn't blocked
•Configure VPN with appropriate MTU
•Use ip route ... mtu for specific paths
•Last resort: reduce MTU to 1280 (IPv6 min)

MTU Configuration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# Linux - set interface MTU
sudo ip link set eth0 mtu 1400
 
# Permanent (varies by distro)
# /etc/network/interfaces:
#   iface eth0 inet dhcp
#       mtu 1400
 
# Windows PowerShell (admin)
Set-NetIPInterface -InterfaceAlias "Ethernet" -NlMtu 1400
 
# Verify
ip link show eth0 | grep mtu    # Linux
netsh interface ipv4 show interfaces  # Windows

MSS Clamping: The Router Fix

MSS (Maximum Segment Size) clamping is often the best fix for MTU issues. Configured on routers/firewalls, it rewrites the TCP MSS value in SYN packets to match the path MTU. This prevents large packets from ever being generated, avoiding fragmentation and PMTUD issues entirely.

Routing Problems

Routing issues cause traffic to go to the wrong place—or nowhere at all. They range from simple (missing default gateway) to complex (routing loops, asymmetric routing).

Issue: Missing or Wrong Default Gateway

Symptoms:

Can reach local network but nothing beyond
'Network is unreachable' errors
Traceroute fails at first hop

Diagnosis:

# Check routing table
route -n                    # Linux
ip route show               # Linux
route print                 # Windows
Get-NetRoute               # PowerShell

# Is there a default route (0.0.0.0)?
ip route show | grep default

# Can you reach the gateway?
ping <gateway-ip>

Common Causes:

DHCP not providing gateway
Manual configuration error
Gateway router down or unreachable
Multiple default routes confusing routing

Issue: Asymmetric Routing

Symptoms:

Connections fail or are inconsistent
Stateful firewalls drop return traffic
tcpdump shows traffic going out but no return
But return traffic appears on a different interface/path

What's Happening:

Traffic from A to B takes Path X
Traffic from B to A takes Path Y
If a firewall on Path X sees outbound but not return, it may block return traffic as 'unsolicited'

Diagnosis:

# Traceroute from both endpoints
# On Host A
traceroute host-b

# On Host B
traceroute host-a

# If paths are different, you have asymmetric routing

# Check for multiple routes to same destination
ip route show
# Multiple routes with same metric cause unpredictable path selection

Resolution:

Ensure stateful firewalls are on symmetric path or use stateless rules
Adjust routing metrics to force symmetric path
Use policy-based routing to control path selection
Place firewalls at network chokepoints where all traffic passes

Issue: Routing Loop

Symptoms:

Packets never reach destination
TTL expires (ICMP Time Exceeded)
Traceroute shows same hops repeating
'TTL exceeded in transit' from intermediate routers

Example Traceroute with Loop:

 1  192.168.1.1    1.2 ms
 2  10.0.0.1       5.3 ms
 3  10.0.1.1      10.2 ms
 4  10.0.0.1      15.1 ms  <- Same as hop 2!
 5  10.0.1.1      20.3 ms  <- Same as hop 3!
 6  10.0.0.1      25.2 ms  <- Looping forever

Common Causes:

Misconfigured static routes pointing at each other
Routing protocol convergence issue
Default route pointing back to source
Route redistribution problems

Resolution:

Identify the routers in the loop
Check routing tables on each: where are they sending the traffic?
Find conflicting or circular routes
Fix static routes or wait for protocol convergence
Use debug ip routing (carefully!) to watch route changes

Routing Changes Have Broad Impact

Routing changes affect all traffic through that router, not just the problem you're fixing. Always have a rollback plan. Verify the change with a specific test, but also spot-check other traffic flows. And never make routing changes without a maintenance window for production networks.

Firewall and Security Blocks

Firewalls are the most common cause of 'It works from here but not from there' scenarios. Security controls exist to block traffic, so they're doing their job—but sometimes too well.

Issue: Traffic Blocked by Firewall

Symptoms:

Connection timeout (no response, firewall drops)
Connection refused or RST (firewall rejects)
Works from one source, not another
Works to one port, not another

Diagnosis:

# Test port connectivity
nc -zv target 443
telnet target 443
Test-NetConnection target -Port 443    # PowerShell

# Differentiate drop vs reject:
# - Timeout = DROP (packet silently discarded)
# - Connection refused = REJECT (explicit denial)

# Capture on firewall or destination
sudo tcpdump -i eth0 host source-ip
# See if packets arrive but aren't responded to

Common Firewall Issues:

Firewall Problem Patterns
Symptom Pattern	Likely Cause	Where to Check
Works internally, fails externally	Perimeter firewall blocking	Edge firewall rules
Works one direction, fails reverse	Stateful rule only allows established	Check if rule is unidirectional
Worked before, stopped working	Rule change or expiration	Recent firewall changes, time-based rules
Works for some users	Source IP ACL	Check source-based rules
Intermittent blocks	Rate limiting, connection limits	Firewall connection table, rate rules
Returns RST from unexpected IP	Firewall in path sending reset	Capture at both ends to see RST source

Issue: NAT Problems

Symptoms:

Outbound connections work, inbound fail
Applications see wrong source IP
Deep inspection breaks due to payload IP addresses
'Hairpin' scenarios fail (accessing external IP from inside)

Diagnosis:

# Check if NAT is expected
# Is your source IP private (10.x, 172.16-31.x, 192.168.x)?
ip addr show

# What IP does external service see?
curl ifconfig.me      # Shows your external IP

# Check NAT table on router (if accessible)
show ip nat translations   # Cisco
conntrack -L               # Linux

Common NAT Issues:

Issue	Symptom	Solution
PAT exhaustion	Connections fail intermittently	Increase NAT pool, reduce timeout
Missing inbound NAT	External users can't reach internal server	Add port forwarding/DNAT rule
Hairpin NAT	Can't access external IP from internal network	Enable NAT reflection/loopback
ALG breaking traffic	Complex protocols (SIP, FTP) fail	Disable/fix ALG, use STUN/TURN

Issue: Security Software False Positives

Symptoms:

Connection works sometimes, blocked others
Works until 'suspicious' pattern detected
IDS/IPS alerts correlate with failures
Antivirus or endpoint security blocking traffic

Diagnosis:

# Check security software logs
# Windows Defender
Get-WinEvent -LogName 'Microsoft-Windows-Windows Firewall With Advanced Security/Firewall'

# Check IDS/IPS for relevant alerts
grep 'blocked' /var/log/snort/alert   # Snort

# Temporarily disable (for testing ONLY) to confirm
# Be very careful with this in production

Resolution:

Check security software logs for blocks
Create exception rules for legitimate traffic
Work with security team to tune rules
Never permanently disable security; create targeted exceptions

The Firewall Investigation Pattern

When suspecting firewall: (1) List all firewalls in the path (host, network, cloud), (2) Test with packet capture at each stage—where does traffic stop?, (3) Check firewall logs for denies at suspicious times, (4) NEVER create 'allow any any' rules—create minimum necessary exceptions.

Wireless-Specific Issues

Wireless networks add a layer of complexity—literally. RF interference, channel congestion, and authentication add failure modes not present in wired networks.

Issue: Slow WiFi or High Packet Loss

Symptoms:

Throughput much lower than WiFi standard allows
High latency spikes
Intermittent disconnections
'Limited connectivity' messages

Diagnosis:

# Linux - check WiFi signal and link quality
iwconfig wlan0
# Look for: Signal level, Link Quality, Tx-Power

# Check what channel you're on
iwlist wlan0 channel

# Scan for competing networks
sudo iw dev wlan0 scan | grep -E 'SSID|signal|Channel'

# Windows - detailed WiFi report
netsh wlan show interfaces

# Check signal strength (RSSI)
# -30 to -50 dBm = Excellent
# -50 to -60 dBm = Good
# -60 to -70 dBm = Fair
# -70 to -80 dBm = Weak
# Below -80 dBm = Unusable

Common WiFi Issues and Solutions
Issue	Symptoms	Common Cause	Solution
Weak Signal	Slow speeds, drops	Distance, obstacles	Move closer, add AP, remove obstacles
Channel Congestion	Slow, inconsistent	Neighboring networks on same channel	Change channel, use 5 GHz
Interference	Random drops	Microwave, Bluetooth, cordless phone	Identify and remove interferer
Authentication Failure	Can't connect	Wrong password, expired cert	Verify credentials, check RADIUS
IP Issues Post-Connect	Connected but no internet	DHCP not responding, captive portal	Check DHCP, look for portal
Band Steering Issues	Keeps switching, drops	Aggressive band steering	Adjust AP settings, force band

Issue: Authentication Failures (Enterprise WiFi)

Symptoms:

'Unable to connect' or 'Can't connect to this network'
Prompts for credentials repeatedly
Works for some users, not others
Works on phone, not laptop (or vice versa)

Enterprise WiFi Components:

802.1X — Authentication framework
EAP — Extensible Authentication Protocol (EAP-TLS, PEAP, etc.)
RADIUS — Server that validates credentials
Supplicant — Client software requesting access

Diagnosis:

Check user credentials (expired password, locked account)
Verify certificate (expired, untrusted CA)
Check RADIUS server logs for authentication attempts
Compare working and non-working device EAP settings
Check if device certificate is required

Common Causes:

Password changed, stored credential stale
Certificate expired (server or client)
Device not in allowed list
EAP method misconfiguration
RADIUS server unreachable from AP

WiFi Troubleshooting is Multi-Layered

WiFi problems can be: RF (signal strength, interference), 802.11 (channel, band, rate), authentication (802.1X, WPA), IP (DHCP, ARP), or application. A weak WiFi signal might look like a DNS problem if DNS packets are being lost. Use WiFi analyzer tools to check RF layer before assuming it's a network issue.

Summary: The Troubleshooting Mindset

We've covered the most common network issues you'll encounter. But more important than memorizing specific problems is developing the troubleshooting mindset:

Gather data before theorizing — Collect symptoms, metrics, and error messages first
Isolate systematically — Use layers (OSI), segments, and time to narrow scope
Test one thing at a time — Make a change, verify, then proceed
Consider what changed — Most problems follow a change; find it
Know your baseline — Without knowing 'normal,' you can't identify 'abnormal'
Document as you go — Future you (or colleagues) will thank you

Quick Issue Reference Card
Problem Category	First Tool	Key Check
No connectivity	ping gateway	Link light, IP config, cables
Slow performance	ping + mtr	Latency, loss, congestion, duplex
DNS issues	nslookup / dig	Resolution, TTL, correct server
MTU/fragmentation	ping with DF bit	Large packet test, tunnel overhead
Routing problems	traceroute	Path, loops, missing routes
Firewall blocks	nc / telnet to port	Logs, capture at each stage
WiFi issues	iwconfig / signal check	RSSI, channel, interference

Module Complete: Key Takeaways

•Methodology beats heroics — Structured approaches outperform inspired guesswork.
•Layer-based diagnosis works — Physical → Data Link → Network → Transport → Application.
•The right tool for each layer — ping/traceroute for L3, tcpdump/Wireshark for deep analysis.
•Patterns repeat — Learn to recognize common issues and their symptoms.
•Document everything — For yourself, your team, and post-mortem analysis.
•Prevention beats cure — Every incident is a learning opportunity to prevent recurrence.

Module Complete:

You've completed the Troubleshooting module! You now have:

A systematic methodology for approaching any network problem
Command of essential diagnostic tools
Deep understanding of ping, traceroute, and packet capture
A mental catalog of common issues and their resolutions

These skills will serve you throughout your career in networking. Practice them regularly—even on working networks—so they become second nature when you need them most.

Module Complete: Network Troubleshooting

Congratulations! You've mastered the fundamentals of network troubleshooting—from methodology to tools to common issue resolution. These skills transform you from someone who can configure networks to someone who can diagnose and repair them under pressure. The next module covers numerical problems and calculations essential for network design and interview preparation.

Common Issues

Patterns that Repeat Across Every Network

Frustrating because you'd think people would stop making the same mistakes. Powerful because once you recognize the pattern, diagnosis becomes fast.

This page catalogs the most common network issues you'll encounter in production environments. For each, we'll cover:

Symptoms — How the problem manifests
Root causes — What typically causes this issue
Diagnostic steps — How to confirm the diagnosis
Resolution — How to fix it
Prevention — How to stop it from recurring

Think of this as a field guide—a reference you'll return to throughout your career.

What You Will Learn

Connectivity Failures

"I can't reach the server" — the most common complaint. Complete connectivity failures have many causes, but systematic diagnosis quickly identifies the layer at fault.

Symptom Categories:

Symptom	Likely Layer	First Check
No network icon / no link light	Layer 1 (Physical)	Cables, port, NIC
APIPA address (169.254.x.x)	Layer 2-3 (DHCP)	DHCP service
Can't ping gateway	Layer 2-3	ARP, VLAN, cables
Can ping gateway, can't ping internet	Layer 3	Routing, NAT, firewall
Can ping IP, can't access by name	DNS	Name resolution
Can resolve name, can't connect	Layer 4+	Port, firewall, service

Converting Mermaid diagram...

Issue: No Physical Connectivity

Symptoms:

No network icon or 'Network cable unplugged'
No link lights on NIC or switch port
ipconfig shows 'Media disconnected'

Diagnosis:

# Windows
ipconfig /all   # Look for 'Media State: Media disconnected'

# Linux
ip link show    # Look for 'state DOWN' or 'NO-CARRIER'
ethtool eth0    # Check 'Link detected: yes/no'

Common Causes:

Loose or damaged cable
Failed NIC
Wrong cable type (crossover vs straight-through, though auto-MDI/X usually handles this)
Dead switch port
Port administratively disabled

Resolution:

Try a different cable (most common fix)
Try a different switch port
Check switch port configuration (show interface on Cisco)
Test NIC with known-good cable/port
Update/reinstall NIC driver

Issue: APIPA/Link-Local Address

Symptoms:

IP address in 169.254.x.x range (Windows) or 169.254.x.x (Linux with zeroconf)
Can't reach anything outside local segment

Diagnosis:

# Check IP configuration
ipconfig /all              # Windows
ip addr show               # Linux

# Try to get new address
ipconfig /release          # Windows
ipconfig /renew

dhclient -r eth0           # Linux
dhclient eth0

# Check for DHCP traffic (on capture)
sudo tcpdump -i eth0 port 67 or port 68

Common Causes:

DHCP server down or unreachable
DHCP scope exhausted
VLAN mismatch (client and DHCP server on different VLANs without relay)
Firewall blocking DHCP (UDP 67/68)

Resolution:

Verify DHCP server is running
Check DHCP scope has available addresses
Verify VLAN configuration and DHCP relay (ip helper-address)
Use static IP as workaround while fixing DHCP

Systematic Layer Testing

Slow Network Performance

"The network is slow" — possibly the most frustrating complaint because 'slow' is subjective and can have dozens of causes. Systematic analysis is essential.

First: Quantify 'Slow'

Before investigating, establish baselines:

What is the expected performance?
What is the actual measured performance?
How consistently slow is it? (Always, peak times, random)

Performance Issue Categories:

Categories of Slow Performance
Category	Characteristics	Common Causes
High Latency	Ping times elevated (> expected for distance)	Congestion, suboptimal routing, satellite links
Low Throughput	Transfers take too long	Bandwidth saturation, duplex mismatch, TCP window issues
Packet Loss	Retransmissions, timeouts	Congestion, bad hardware, interference (wireless)
High Jitter	Variable latency	QoS issues, buffer bloat, competing traffic
DNS Delays	First connection slow, then fast	Slow/unreachable DNS server
Application Delay	Network fast, app slow	Server overload, inefficient queries

Issue: Network Congestion

Symptoms:

High latency during busy periods
Packet loss (retransmissions visible in captures)
Throughput lower than link capacity

Diagnosis:

# Check interface utilization on network devices
show interface GigabitEthernet0/1   # Cisco
# Look for 'input rate' and 'output rate' near link capacity

# From endpoints, use iperf to test capacity
iperf3 -c server-ip                  # Client
iperf3 -s                            # Server

# mtr to identify where latency increases
mtr -n target.example.com

Common Causes:

Insufficient bandwidth for traffic volume
Backup jobs during business hours
Streaming or large file transfers
Broadcast storms or loops

Resolution:

Identify the traffic causing congestion (NetFlow, sFlow, SNMP)
Reschedule bandwidth-intensive tasks to off-peak
Implement QoS to prioritize critical traffic
Upgrade link capacity if consistently saturated
Check for traffic loops (STP issues)

Issue: Duplex Mismatch

Symptoms:

Slow throughput despite available bandwidth
Increasing 'late collisions' on switch port
Performance degrades under load
Works okay for small transfers, terrible for large ones

Diagnosis:

# Check duplex settings on switch
show interface GigabitEthernet0/1
# Look for 'Half-duplex' when 'Full-duplex' expected
# Look for 'late collision' or 'CRC error' counters

# On Linux
ethtool eth0
# Check 'Duplex: Full' or 'Duplex: Half'

# On Windows
Get-NetAdapter | Format-List -Property *

What happens in a duplex mismatch:

One side set to full-duplex (doesn't check for traffic before sending)
Other side set to half-duplex (waits for clear channel)
Full-duplex side transmits while half-duplex side is sending
Half-duplex side detects collision, retransmits
Result: severe performance degradation under load

Resolution:

Set both ends to same duplex (ideally full-duplex)
Configure both ends to auto-negotiate (most reliable on modern gear)
If auto-neg fails, manually set both sides identical

The Duplex Mismatch Trap

Issue: TCP Window Size Limitation

Symptoms:

Throughput much lower than bandwidth allows
High-latency links particularly affected
Single connections slow, multiple parallel connections faster

Explanation:

TCP window size limits how much data can be in-flight before acknowledgment. For high bandwidth-delay product links:

Max Throughput = Window Size / RTT

Example: 64 KB window, 100ms RTT
Max = 65536 bytes / 0.1 seconds = 655 KB/s = 5.2 Mbps

On a 100 Mbps link, you're limited to 5.2 Mbps!

Diagnosis:

Packet capture: Look at TCP window sizes in handshake and during transfer
Filter: tcp.analysis.zero_window or tcp.analysis.window_full

Resolution:

Enable TCP window scaling (usually default on modern OS)

Tune TCP buffer sizes:

# Linux - increase TCP buffers
sysctl -w net.core.rmem_max=16777216
sysctl -w net.core.wmem_max=16777216
sysctl -w net.ipv4.tcp_rmem='4096 87380 16777216'
sysctl -w net.ipv4.tcp_wmem='4096 65536 16777216'

For file transfers, use applications that support parallel streams

DNS Issues

"It's always DNS" — a meme in network engineering because it's often true. DNS issues cause symptoms that look like network problems but are actually name resolution failures.

Issue: DNS Server Unreachable

Symptoms:

Websites don't load by name, but IPs work
'Name or service not known' or 'DNS_PROBE_FINISHED_NXDOMAIN'
Inconsistent failures (some names work, others don't)

Diagnosis:

# Test DNS resolution explicitly
nslookup www.example.com
nslookup www.example.com 8.8.8.8   # Test alternate DNS

# Check configured DNS servers
cat /etc/resolv.conf               # Linux
ipconfig /all                      # Windows

# Ping DNS server
ping 192.168.1.1                   # Your DNS server IP

# Test DNS port
nc -zv 192.168.1.1 53              # TCP
nc -zuv 192.168.1.1 53             # UDP

Common Causes:

DNS server down or overloaded
Firewall blocking UDP/TCP 53
Incorrect DNS server configured
DHCP providing wrong DNS server

Issue: DNS Returning Wrong Answer

Symptoms:

Website shows wrong content or certificate error
Internal names resolve to external IPs or vice versa
Recent DNS changes not reflected

Diagnosis:

# Query authoritative server directly
dig www.example.com @ns1.example.com

# Check what your resolver returns
dig www.example.com

# Compare results - they should match

# Check TTL to see if cached
dig www.example.com   # Note TTL in answer section

# Flush cache
ipconfig /flushdns                  # Windows
sudo systemd-resolve --flush-caches # Linux (systemd-resolved)
sudo rndc flush                     # BIND server

Common Causes:

Cached stale record (wait for TTL expiry or flush)
Split-horizon DNS returning wrong view
DNS hijacking or poisoning
HOSTS file override
Local DNS server with stale zone

DNS Issue Quick Reference
Symptom	Likely Cause	Quick Fix
All lookups fail	DNS server unreachable	Check connectivity to DNS, try 8.8.8.8
Some lookups fail	Specific zone issue	Check authoritative server for that zone
Slow resolution	DNS server overloaded or far	Add local caching DNS or switch provider
Wrong IP returned	Cache poisoning or stale cache	Query authoritative directly, flush cache
Works externally, not internally	Split-horizon DNS issue	Check internal DNS zone configuration
Works by IP, not name	DNS broken, network fine	Verify DNS server and records

Issue: DNS Propagation Delay

Symptoms:

DNS change made, but old IP still returning
Different results from different locations
Complaints that 'it works for some people but not others'

Understanding TTL:

DNS records have a Time-To-Live (TTL) specifying how long resolvers should cache them. Until TTL expires, cached value is returned.

# Check current TTL
dig example.com

;; ANSWER SECTION:
example.com.        3600    IN    A    93.184.216.34
                    ^^^^
                    TTL in seconds (1 hour)

Resolution:

Before changing DNS, reduce TTL to 300 (5 min) 24-48 hours in advance
Make the change
Wait for old TTL to expire
Return TTL to normal value

For immediate change needs:

Old TTL must expire; you can't force remote caches
Upstream resolvers (ISP, 8.8.8.8) honor TTL
Some resolvers enforce minimum TTL regardless of record

Always Test with Direct Queries

MTU and Fragmentation Issues

MTU (Maximum Transmission Unit) issues cause frustrating partial failures: small packets work, large packets fail. This creates symptoms like:

Web pages partially load
SSH works, SCP fails
Ping works, applications fail
VPN connections mysteriously break

Understanding MTU:

Link Type	Typical MTU
Ethernet	1500 bytes
PPPoE	1492 bytes
VPN Tunnel	1400-1460 bytes (varies)
GRE Tunnel	1476 bytes
IPv6 minimum	1280 bytes

When a packet exceeds the path MTU, it must be fragmented or dropped. Modern hosts use Path MTU Discovery (PMTUD) to avoid fragmentation by discovering the smallest MTU along the path.

Issue: Black Hole Due to PMTUD Failure

Symptoms:

Connections establish (SYN/ACK works) but data transfer stalls
Small requests work, large ones timeout
Works on some networks, not others
Classic: 'SSH works, HTTPS doesn't'

What's Happening:

Host sends large packet with DF (Don't Fragment) bit set
Router in path can't forward (MTU exceeded)
Router should send ICMP 'Fragmentation Needed' message
But a firewall blocks ICMP, so message never arrives
Host never learns packet was too big
Host keeps retrying with same packet size
Connection stalls

Diagnosis:

# Test with large ping and DF bit
ping -M do -s 1472 target.example.com     # Linux
ping -f -l 1472 target.example.com        # Windows

# If this fails but smaller sizes work, MTU issue confirmed
ping -M do -s 1400 target.example.com

# Binary search to find path MTU
ping -M do -s 1450 target.example.com
ping -M do -s 1430 target.example.com
# ... continue until you find the breakpoint

# Packet capture: look for large packets with no response
sudo tcpdump -i eth0 -nn host target.example.com and greater 1400

MTU Problem Symptoms

•Small requests work, large fail
•Connections establish, then stall
•Ping works, file transfers don't
•Problems appear after VPN enabled
•Works on LAN, fails over WAN
•'Message too long' errors

MTU Problem Solutions

•Lower interface MTU to match path
•Enable MSS clamping on router/firewall
•Ensure ICMP 'Frag Needed' isn't blocked
•Configure VPN with appropriate MTU
•Use ip route ... mtu for specific paths
•Last resort: reduce MTU to 1280 (IPv6 min)

MTU Configuration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# Linux - set interface MTU
sudo ip link set eth0 mtu 1400
 
# Permanent (varies by distro)
# /etc/network/interfaces:
#   iface eth0 inet dhcp
#       mtu 1400
 
# Windows PowerShell (admin)
Set-NetIPInterface -InterfaceAlias "Ethernet" -NlMtu 1400
 
# Verify
ip link show eth0 | grep mtu    # Linux
netsh interface ipv4 show interfaces  # Windows

MSS Clamping: The Router Fix

Routing Problems

Routing issues cause traffic to go to the wrong place—or nowhere at all. They range from simple (missing default gateway) to complex (routing loops, asymmetric routing).

Issue: Missing or Wrong Default Gateway

Symptoms:

Can reach local network but nothing beyond
'Network is unreachable' errors
Traceroute fails at first hop

Diagnosis:

# Check routing table
route -n                    # Linux
ip route show               # Linux
route print                 # Windows
Get-NetRoute               # PowerShell

# Is there a default route (0.0.0.0)?
ip route show | grep default

# Can you reach the gateway?
ping <gateway-ip>

Common Causes:

DHCP not providing gateway
Manual configuration error
Gateway router down or unreachable
Multiple default routes confusing routing

Issue: Asymmetric Routing

Symptoms:

Connections fail or are inconsistent
Stateful firewalls drop return traffic
tcpdump shows traffic going out but no return
But return traffic appears on a different interface/path

What's Happening:

Traffic from A to B takes Path X
Traffic from B to A takes Path Y
If a firewall on Path X sees outbound but not return, it may block return traffic as 'unsolicited'

Diagnosis:

# Traceroute from both endpoints
# On Host A
traceroute host-b

# On Host B
traceroute host-a

# If paths are different, you have asymmetric routing

# Check for multiple routes to same destination
ip route show
# Multiple routes with same metric cause unpredictable path selection

Resolution:

Ensure stateful firewalls are on symmetric path or use stateless rules
Adjust routing metrics to force symmetric path
Use policy-based routing to control path selection
Place firewalls at network chokepoints where all traffic passes

Issue: Routing Loop

Symptoms:

Packets never reach destination
TTL expires (ICMP Time Exceeded)
Traceroute shows same hops repeating
'TTL exceeded in transit' from intermediate routers

Example Traceroute with Loop:

 1  192.168.1.1    1.2 ms
 2  10.0.0.1       5.3 ms
 3  10.0.1.1      10.2 ms
 4  10.0.0.1      15.1 ms  <- Same as hop 2!
 5  10.0.1.1      20.3 ms  <- Same as hop 3!
 6  10.0.0.1      25.2 ms  <- Looping forever

Common Causes:

Misconfigured static routes pointing at each other
Routing protocol convergence issue
Default route pointing back to source
Route redistribution problems

Resolution:

Identify the routers in the loop
Check routing tables on each: where are they sending the traffic?
Find conflicting or circular routes
Fix static routes or wait for protocol convergence
Use debug ip routing (carefully!) to watch route changes

Routing Changes Have Broad Impact

Firewall and Security Blocks

Firewalls are the most common cause of 'It works from here but not from there' scenarios. Security controls exist to block traffic, so they're doing their job—but sometimes too well.

Issue: Traffic Blocked by Firewall

Symptoms:

Connection timeout (no response, firewall drops)
Connection refused or RST (firewall rejects)
Works from one source, not another
Works to one port, not another

Diagnosis:

# Test port connectivity
nc -zv target 443
telnet target 443
Test-NetConnection target -Port 443    # PowerShell

# Differentiate drop vs reject:
# - Timeout = DROP (packet silently discarded)
# - Connection refused = REJECT (explicit denial)

# Capture on firewall or destination
sudo tcpdump -i eth0 host source-ip
# See if packets arrive but aren't responded to

Common Firewall Issues:

Firewall Problem Patterns
Symptom Pattern	Likely Cause	Where to Check
Works internally, fails externally	Perimeter firewall blocking	Edge firewall rules
Works one direction, fails reverse	Stateful rule only allows established	Check if rule is unidirectional
Worked before, stopped working	Rule change or expiration	Recent firewall changes, time-based rules
Works for some users	Source IP ACL	Check source-based rules
Intermittent blocks	Rate limiting, connection limits	Firewall connection table, rate rules
Returns RST from unexpected IP	Firewall in path sending reset	Capture at both ends to see RST source

Issue: NAT Problems

Symptoms:

Outbound connections work, inbound fail
Applications see wrong source IP
Deep inspection breaks due to payload IP addresses
'Hairpin' scenarios fail (accessing external IP from inside)

Diagnosis:

# Check if NAT is expected
# Is your source IP private (10.x, 172.16-31.x, 192.168.x)?
ip addr show

# What IP does external service see?
curl ifconfig.me      # Shows your external IP

# Check NAT table on router (if accessible)
show ip nat translations   # Cisco
conntrack -L               # Linux

Common NAT Issues:

Issue	Symptom	Solution
PAT exhaustion	Connections fail intermittently	Increase NAT pool, reduce timeout
Missing inbound NAT	External users can't reach internal server	Add port forwarding/DNAT rule
Hairpin NAT	Can't access external IP from internal network	Enable NAT reflection/loopback
ALG breaking traffic	Complex protocols (SIP, FTP) fail	Disable/fix ALG, use STUN/TURN

Issue: Security Software False Positives

Symptoms:

Connection works sometimes, blocked others
Works until 'suspicious' pattern detected
IDS/IPS alerts correlate with failures
Antivirus or endpoint security blocking traffic

Diagnosis:

# Check security software logs
# Windows Defender
Get-WinEvent -LogName 'Microsoft-Windows-Windows Firewall With Advanced Security/Firewall'

# Check IDS/IPS for relevant alerts
grep 'blocked' /var/log/snort/alert   # Snort

# Temporarily disable (for testing ONLY) to confirm
# Be very careful with this in production

Resolution:

Check security software logs for blocks
Create exception rules for legitimate traffic
Work with security team to tune rules
Never permanently disable security; create targeted exceptions

The Firewall Investigation Pattern

Wireless-Specific Issues

Wireless networks add a layer of complexity—literally. RF interference, channel congestion, and authentication add failure modes not present in wired networks.

Issue: Slow WiFi or High Packet Loss

Symptoms:

Throughput much lower than WiFi standard allows
High latency spikes
Intermittent disconnections
'Limited connectivity' messages

Diagnosis:

# Linux - check WiFi signal and link quality
iwconfig wlan0
# Look for: Signal level, Link Quality, Tx-Power

# Check what channel you're on
iwlist wlan0 channel

# Scan for competing networks
sudo iw dev wlan0 scan | grep -E 'SSID|signal|Channel'

# Windows - detailed WiFi report
netsh wlan show interfaces

# Check signal strength (RSSI)
# -30 to -50 dBm = Excellent
# -50 to -60 dBm = Good
# -60 to -70 dBm = Fair
# -70 to -80 dBm = Weak
# Below -80 dBm = Unusable

Common WiFi Issues and Solutions
Issue	Symptoms	Common Cause	Solution
Weak Signal	Slow speeds, drops	Distance, obstacles	Move closer, add AP, remove obstacles
Channel Congestion	Slow, inconsistent	Neighboring networks on same channel	Change channel, use 5 GHz
Interference	Random drops	Microwave, Bluetooth, cordless phone	Identify and remove interferer
Authentication Failure	Can't connect	Wrong password, expired cert	Verify credentials, check RADIUS
IP Issues Post-Connect	Connected but no internet	DHCP not responding, captive portal	Check DHCP, look for portal
Band Steering Issues	Keeps switching, drops	Aggressive band steering	Adjust AP settings, force band

Issue: Authentication Failures (Enterprise WiFi)

Symptoms:

'Unable to connect' or 'Can't connect to this network'
Prompts for credentials repeatedly
Works for some users, not others
Works on phone, not laptop (or vice versa)

Enterprise WiFi Components:

802.1X — Authentication framework
EAP — Extensible Authentication Protocol (EAP-TLS, PEAP, etc.)
RADIUS — Server that validates credentials
Supplicant — Client software requesting access

Diagnosis:

Check user credentials (expired password, locked account)
Verify certificate (expired, untrusted CA)
Check RADIUS server logs for authentication attempts
Compare working and non-working device EAP settings
Check if device certificate is required

Common Causes:

Password changed, stored credential stale
Certificate expired (server or client)
Device not in allowed list
EAP method misconfiguration
RADIUS server unreachable from AP

WiFi Troubleshooting is Multi-Layered

Summary: The Troubleshooting Mindset

We've covered the most common network issues you'll encounter. But more important than memorizing specific problems is developing the troubleshooting mindset:

Gather data before theorizing — Collect symptoms, metrics, and error messages first
Isolate systematically — Use layers (OSI), segments, and time to narrow scope
Test one thing at a time — Make a change, verify, then proceed
Consider what changed — Most problems follow a change; find it
Know your baseline — Without knowing 'normal,' you can't identify 'abnormal'
Document as you go — Future you (or colleagues) will thank you

Quick Issue Reference Card
Problem Category	First Tool	Key Check
No connectivity	ping gateway	Link light, IP config, cables
Slow performance	ping + mtr	Latency, loss, congestion, duplex
DNS issues	nslookup / dig	Resolution, TTL, correct server
MTU/fragmentation	ping with DF bit	Large packet test, tunnel overhead
Routing problems	traceroute	Path, loops, missing routes
Firewall blocks	nc / telnet to port	Logs, capture at each stage
WiFi issues	iwconfig / signal check	RSSI, channel, interference

Module Complete: Key Takeaways

•Methodology beats heroics — Structured approaches outperform inspired guesswork.
•Layer-based diagnosis works — Physical → Data Link → Network → Transport → Application.
•The right tool for each layer — ping/traceroute for L3, tcpdump/Wireshark for deep analysis.
•Patterns repeat — Learn to recognize common issues and their symptoms.
•Document everything — For yourself, your team, and post-mortem analysis.
•Prevention beats cure — Every incident is a learning opportunity to prevent recurrence.

Module Complete:

You've completed the Troubleshooting module! You now have:

A systematic methodology for approaching any network problem
Command of essential diagnostic tools
Deep understanding of ping, traceroute, and packet capture
A mental catalog of common issues and their resolutions

These skills will serve you throughout your career in networking. Practice them regularly—even on working networks—so they become second nature when you need them most.

Module Complete: Network Troubleshooting