Perform baseline network diagnostics to validate local TCP/IP behavior, interface state changes, and listening service exposure. Use packet capture to confirm ICMP traffic on the wire and capture evidence for escalation.
The networking team reports intermittent connectivity issues on
several systems in the 192.168.1.0/24 subnet.
You’ve been asked to perform basic diagnostics on your host and
validate interface behavior. You will verify the local TCP/IP
stack, cycle an interface, inspect listening ports, and capture
ICMP packets for evidence.
This is baseline evidence collection before deeper routing, switchport, firewall, or MTU analysis. The goal is to prove local stack health, confirm interface transitions, and capture packet-level artifacts that support escalation.
tcpdump for packet
evidence.
ping -c to confirm the
host TCP/IP stack is functioning.
ifdown/ifup (legacy workflow).
netstat -tuln.
tcpdump filters (ICMP).
ping -c 2 127.0.0.1A successful loopback ping validates local IP processing and ICMP handling on the host. If this fails, network debugging should pause and you should focus on local stack issues.
2 packets transmitted, 2 received, 0% packet lossenp0s3.
sudo ifdown enp0s3Cycling an interface forces a state transition and can clear transient link issues. This is a controlled operation and should be coordinated on production hosts.
Bringing down interface enp0s3: [ OK ]
Network interface 'enp0s3' is now inactive.sudo ifup enp0s3Bringing the interface up should re-establish link and obtain addressing. This is where you confirm IP, mask, and gateway assignment are consistent with expectations.
Assigned IP address: 192.168.1.42/24
Gateway: 192.168.1.1netstat -tulnThis output provides a quick snapshot of what the system is exposing on the network. It helps confirm that expected services (like SSH) are listening and that no unexpected ports are open.
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTENsudo tcpdump icmpPacket capture confirms what actually traverses the interface. Filtering on ICMP provides a clean view of echo requests and replies, which is often enough to validate basic reachability and latency patterns.
listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes
IP 192.168.1.42 > 192.168.1.1: ICMP echo request, id 1234, seq 1, length 64
IP 192.168.1.1 > 192.168.1.42: ICMP echo reply, id 1234, seq 1, length 64
^C
4 packets captured
0 packets dropped by kernelping -c <count> <host>
: Sends a fixed number of ICMP echo requests.
-c <count>
: Limits the number of packets sent.
ifdown <iface>
: Brings a network interface down (legacy tooling; behavior
depends on distro/network stack).
ifup <iface>
: Brings a network interface up and applies configuration.
netstat -tuln
: Displays listening TCP/UDP sockets.
-t
: TCP sockets.
-u
: UDP sockets.
-l
: Listening sockets.
-n
: Numeric output (no name resolution).
tcpdump icmp
: Captures ICMP traffic for packet-level inspection.
-i <iface>
to select a specific interface.
-nn
to avoid DNS/service name resolution.