Best Network Diagnostics and Troubleshooting Tools

Like with most jobs, when it comes to network troubleshooting, the software you use can make a world of difference.

Network analysis can show you the leading causes of network problems, such as slow speeds, network connection problems, and packet loss center on overloaded network devices, such as switches and routers, or missing information in your routing table and other system databases, such as the DNS server or the DHCP system.

By using all of the network diagnostic tools in this list, you can put together a workflow that will give you information on all potential network problems. If the network engineers planned your network correctly, it should never encounter the problems that cause the system to slow down, and network analysis and management should be an enjoyable task.

Here’s our list of the best network diagnostic tools and troubleshooting software:

  1. SolarWinds Network Configuration Manager EDITOR’S CHOICE An essential system security and administration tool that automatically checks on device settings. The NCM will gather all device configurations, allow the creation of standard settings, and ensure that any unauthorized changes are immediately rolled back. Start 30-day free trial.
  2. SolarWinds Port Scanner (FREE TOOL) Check the TCP and UDP port status (open, closed, or filtered) of the IP addresses on your network devices to ensure that you don’t have unattended ports open. Great for resolving IP conflicts and can be run from the command line with the option to export results to file.
  3. Datadog Network Performance Monitoring (FREE TRIAL) A cloud-based network monitoring and management service that includes troubleshooting tools.
  4. SolarWinds RMM (FREE TRIAL) A remote monitoring and management tool that enables central IT departments to manage networks on several remote sites.
  5. Paessler Network Troubleshooting with PRTG Infrastructure management system that includes port monitoring.
  6. Ping Simple command-line utility that checks on the speed of connections.
  7. Tracert Free command-line utility that lists the probable hops to a network or internet destination address.
  8. Ipconfig This command-line tool reports the IPv4 and IPv6 addresses, subnets, and default gateways for all network adapters on a PC.
  9. Netstat This tool displays active connections on your computer.
  10. Nslookup Available for Windows, Unix, Linux, and Mac OS, this tool gives you DNS server diagnostics.
  11. Speed and up/down test sites A list of websites that will test your internet connections.
  12. Sysinternals Set of Microsoft tools for Windows that help troubleshoot and configure Active Directory.
  13. Wireshark Free packet sniffer that will help you analyze traffic flows.
  14. Nmap Network security and monitoring tool that needs a companion utility, Zenmap, as a user interface.

The best network diagnostics tools & troubleshooting software

When curating this list, we considered the reliability of the tool in use in diverse situations, ease of setting up and use, documentation and support, and how up to date the diagnostic software is kept.

Five of the tools in our list (ping, tracert, ipconfig, netstat, & nslookup) can be executed directly from a Windows command prompt (cmd.exe) without installing any additional programs for advanced troubleshooting. The rest of the network analysis tools can be used alone or in combination for network discovery.

1. SolarWinds Network Configuration Manager (FREE TRIAL)

solarwinds network configuration management

The SolarWinds Network Configuration Manager offers the opportunity to automate system troubleshooting and problem resolution. Busy systems managers often overlook the settings of network devices. The network could be performing badly because you don’t have all of the settings of your devices coordinated. The Network Configuration Manager saves you time by seeking out all devices, the network device health, importing their settings into a central manager, and allowing you to create a standard configuration for each device type and make.

The configuration manager rolls out the standard configurations that you write into the central dashboard. This standardization should fix a lot of the problems that you experience on your network because it will wipe out inappropriate settings for network devices, such as routers and switches that might be slowing down data transfers. Once the standard configurations have been stored, they can only be changed through the password-protected dashboard of the Network Configuration Manager.

This system configuration troubleshooter is an important security tool. Unauthorized intruders can be traced or blocked through the network devices of the network, so altering settings is a common intrusion strategy. The Network Configuration Manager constantly monitors the configurations of all network devices and automatically restores the authorized settings, stored as images, should any change be detected.

SolarWinds produces a range of IT whole infrastructure monitoring and network management tools, and many of these are created on a common platform, called Orion. This makes it possible for the independent tools to interact, and the Network Configuration Manager is one of these Orion-based utilities. The central network monitoring tool in the suite is the Network Performance Monitor and this is usually the lead utility in any monitoring system, which is complemented by the Network Configuration Manager. However, SolarWinds NCM can also be used as a standalone tool.

Key Features:

  • Standardizes configurations
  • Backs up configurations
  • Rolls back unauthorized setup changes
  • Spots intruder activity

The Network Configuration Manager is a paid tool. However, SolarWinds makes it available on a 30-day free trial.

EDITOR'S CHOICE

The SolarWinds Network Configuration Manager is our top choice on this list because it automates network troubleshooting by examining the settings of all switches and routers. The services of this tool save a lot of time on research and they ensure that no changes can be made to network devices without authorization.

The NCM is an essential security tool because it closes off the intruder strategy of altering switch and router settings to facilitate unauthorized monitoring through these devices. Changes can only be made to device configurations through the NCM dashboard, making system control easier.

Official Site: solarwinds.com/network-configuration-manager

OS: Windows Server 2016 or 2019

2. SolarWinds Port Scanner (FREE TOOL)

SolarWinds free port scanner

SolarWinds free port scanner offers benefits similar to those of the popular nmap port scanner (which we discuss in this list too) with a GUI that is intuitive and easy to get started with. If you’re looking to dive right into the world of network troubleshooting and port scanning, this tool is a great place to start. The ease of use helps eliminate some of the technical barriers to entry other similar tools may have.

Free Download:SolarWinds Port Scanner Tool

This scanner is a portable executable that can be run on Windows operating systems. In addition to scanning TCP and UDP ports to determine whether they’re open/closed/filtered, SolarWinds Port Scanner can detect MAC addresses and operating systems. Scan results can be saved in .csv, .xlsx, or .xml format.

SolarWinds Port Scanner is a powerful free tool that can provide you with a list of open, closed and filtered ports on each scanned IP. It can also resolve hostnames, provide an overview of MAC addresses, and more. Can run in a command-line and export results to file.

Key Features:

  • Seeks out open ports
  • Covers TCP and UDP
  • Reports operating system per device
  • Shows device MAC address
  • Free to use

You can download SolarWinds Port Scanner for free here.

SolarWinds Port Scanner Download 100% FREE Tool

3. Datadog Network Performance Monitoring (FREE TRIAL)

Datadog Network Monitor - Network view

Datadog is a cloud-based monitoring system for IT resources that is available as a menu of modules. The base package of the service is an Infrastructure module that covers network monitoring. However, this service can be enhanced by adding on the Network Performance Monitoring module.

The Network Performance Monitoring module of Datadog adds on analytical functions to the Infrastructure package and includes capacity planning and troubleshooting utilities. While the Infrastructure module looks at device statuses, the Network Performance Monitoring service examines traffic flows.

The Datadog system uses agent software on-site, but all processing and data storage is implemented on the Datadog server. Systems administrators access the Network Performance Monitoring console through any browser in order to see live statistics on current traffic flows on the network. Given that the service is based in the cloud, it can easily monitor remote networks, just as long as that network has the agent module installed on it.

The service doesn’t just display live network traffic data. It also stores that information for analysis. Administrators can trace the journey of a packet, view conversations between endpoints, segment traffic statistics per application or per origin or source, and identify the major bandwidth hogs on the network. The service can unify both onsite, cloud-based, and remote networks to give a complete picture of all network traffic generated by the business. The tool includes live network maps with traffic flows shown on them and it is also possible to see overloaded links or bottlenecks.

Key Features:

  • Drill down into network flows and traces
  • Locates traffic hogs
  • Can monitor containers, pods, and deployments
  • Great visualization and mapping

Datadog has a single plan level for its Network Performance Monitoring module. Charges are levied per host per month with a discount for paying annually in advance. The service is available for a 15-day free trial.

Datadog Network Performance Monitoring Start 15-day FREE Trial

4. SolarWinds RMM (FREE TRIAL)

SolarWinds RMM Insights

SolarWinds RMM is a cloud-based remote monitoring and management software package. As this system monitors the network, it also stores metrics for analysis. Having access to all aspects of a system, including endpoints and servers, SolarWinds has many channels of data for diagnostics and troubleshooting.

Among the benefits offered by SolarWinds RMM is a service called LOGICcards. This is a data source for a wide range of diagnostic projects. The main value of these feeds lies in security. However, they also give insights into how to improve efficiency and avoid system management mistakes.

LOGICcards gathers data from 5,000,000 endpoints on 4,000,000 networks. Comparing the data extracted from these studies, the LOGICcard system analyzes a network and is able to point out factors and settings that are missing from that system, compared to the organization of the majority of other networks.

Another LOGICcard service is a feed of warnings to look out for, such as patches that cause problems and should be held off or new internet-based scams. A guidance aspect to this service also identifies errors to avoid in network configuration and tips on how to optimize bandwidth usage. Furthermore, the topics covered by a LOGICcard feed adapt according to your responses to past advice.

The dashboard for SolarWinds RMM is resident on the cloud. It doesn’t require any special equipment to use the service – any standard web browser will do and there is also a SolarWinds RMM mobile app available.

Key Features:

  • Data retention for analysis
  • LOGICcard advice
  • 30-day free trial

SolarWinds RMM is a subscription service. This is a great attraction for startups because there are no upfront costs for getting set up. There are no setup fees and there is no need to fork out for a software package Instead, the subscribing company pays a little each month. Interested potential customers can access a 30-day free trial of SolarWinds RMM.

SolarWinds RMM Start 30-day FREE Trial

5. Paessler Network Troubleshooting with PRTG

Paessler Network Troubleshooting with PRTG

Paessler’s PRTG is a complete monitoring system. It can help you with troubleshooting because it can diagnose network issues right down the protocol stack and identify the root of the problem. Port monitoring is one of the network diagnostics techniques that you can use with this tool.

The PRTG system includes two port monitoring sensors. One homes in on a specified port on a particular device, the other will check a range of port numbers. This tool only monitors TCP ports. The port range sensor has one extra feature that the single port sensor does not have. You can set it to check the port with TLS protection. Both sensors report on the response time of the port and whether it is open or closed.

PRTG includes network traffic analysis tools to help you troubleshoot delivery speeds. The tool includes a range of traffic monitoring techniques including route tracing to a destination with Traceroute and a Ping sweep, which will give you the response times to each node on your network. A packet-sniffing utility can tell you which applications and endpoints are producing excessive traffic and you can query the health of the network devices to see which are congested to the point of queuing.

Paessler built a tool that covers servers and applications as well as network statuses, port response times, and services to monitor all conditions that can cause software performance issues. If you’ve got VMs on your network, PRTG can sort through their underlying connections, services, servers, and operating software. That monitoring is constant, so you will be able to trace back through events to spot the source of any performance issues.

Key Features:

Paessler delivers PRTG as a cloud service or you can install the diagnostic software on your premises. The tool installs on Windows Server environments. You can use the system for free for up to 100 sensors.

6. Ping

Ping is the ideal command to use when you need to confirm network connectivity, at the IP level, between two hosts, or to confirm the TCP/IP stack is working on your local machine. A successful ping confirms network connectivity between the two hosts and it also gives reports on packet loss.

Key Features:

  • Widely used
  • Connection error detection
  • Free to use

Below is an example of a successful run of the ping command to the “google.com” remote host.

C:\Users>ping google.com

Pinging google.com [172.217.9.46] with 32 bytes of data:

Reply from 172.217.9.46: bytes=32 time=38ms TTL=56

Reply from 172.217.9.46: bytes=32 time=12ms TTL=56

Reply from 172.217.9.46: bytes=32 time=14ms TTL=56

Reply from 172.217.9.46: bytes=32 time=12ms TTL=56

Ping statistics for 172.217.9.46:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milliseconds:

Minimum = 12ms, Maximum = 38ms, Average = 19ms

In addition to confirming IP connectivity to “google.com”, these results confirm that we are able to properly resolve domain names (i.e. DNS is working on the local machine).

That Loss figure that you see in the last line of the ping output is the number of lost packets followed by the packet loss rate in brackets.

A few pro-tips for working with the ping command for advanced troubleshooting:

  • Use ping –t to ping a host continuously. For example:
ping –t google.com

would continue to ping google.com until the ping was interrupted. Press control-c (the “CTRL” and “C” keys) to end a continuous ping.

  • If you cannot ping domain names like google.com, but you can ping IP addresses on the Internet like 8.8.8.8 (Google’s DNS servers), you may have a DNS-related problem.
  • If you cannot ping IP addresses on the Internet like 8.8.8.8, but you can ping hosts on your Local Area Network (LAN), you may have a problem with your default gateway.
  • You can use “ping localhost”, “ping::1”, or “ping 127.0.0.1” to test the TCP/IP stack on your local machine. “localhost” is a name that resolves to one of the loopback addresses of a local machine, “::1” is an IPv6 loopback address, and “127.0.0.1” is an IPv4 loopback address.

7. Tracert

Tracert is similar to ping, except it leverages Time To Live (TTL) values to show how many “hops” there are between two hosts. This makes it a helpful tool in determining where a network connectivity breakdown is occurring. Basically, tracert helps you understand if the router or network that is down between your computer and a remote host is one you control or not.

Key Features:

  • Connection path trace
  • Spots overloaded links
  • Free to use

Again using google.com as an example, we can see there were 10 hops between our PC and google.com.

C:\Users>tracert google.com

Tracing route to google.com [172.217.4.78]

over a maximum of 30 hops:

  1    1 ms   1 ms 3 ms  192.168.1.1

  2  246 ms    49 ms 56 ms  10.198.1.177

  3   58 ms    48 ms 54 ms  10.167.184.102

  4   63 ms    55 ms 85 ms  10.167.184.107

  5   50 ms    55 ms 56 ms  10.164.72.244

  6   72 ms   365 ms  69 ms 10.164.165.43

  7   92 ms    61 ms 45 ms  209.85.174.154

  8   67 ms    42 ms 58 ms  108.170.244.1

  9  372 ms    66 ms 46 ms  216.239.51.145

 10    64 ms  73 ms 44 ms  lga15s47-in-f78.1e100.net 172.217.4.78]

Trace complete.

8. Ipconfig

Determining the IP settings on your computer is an essential part of network troubleshooting. The ipconfig command helps you do just that. Entering ipconfig at a command prompt will return IPv4 and IPv6 addresses, subnets, and default gateways for all network adapters on a PC. This can help determine if your computer has the right IP configuration. Additionally, ipconfig can be used to change or update selected IP settings.

Key Features:

  • Lists interface statuses
  • Shows gateway address
  • Free to use

Pro-tips for working with ipconfig:

  • If ipconfig returns an IP address that starts with 169.254 (e.g. 169.254.0.5), your PC is likely configured for DHCP but was unable to receive an IP address from a DHCP server.
  • Use ipconfig /all to get the full TCP/IP configuration information for all network adapters and interfaces.
  • Use ipconfig /release to release the current DHCP assigned network parameters.
  • Use ipconfig /renew to renew the current DHCP assigned network parameters.
  • Use ipconfig /flushdns to clear the DNS cache when troubleshooting name resolution issues.

9. Netstat

Netstat allows you to display active connections on your local machine. This can be helpful when determining why users are unable to connect to a given application on a server or to determine what connections are made to remote hosts from a computer. Entering netstat at the command prompt will display all active TCP connections. Adding parameters to the netstat command will extend or alter the functionality.

Key Features:

  • Lists active ports on the device
  • Highlights port issues
  • Free to use

Here are a few helpful netstat commands and what they do:

  • netstat –a displays all active TCP connections and the TCP and UDP ports a computer is listening on.
  • netstat –n displays all active TCP connections just like the netstat command, but it does not attempt to translate addresses or port numbers to names and just displays the numerical values.
  • netstat –o displays all active TCP connections and includes the process ID (PID) for the process using each connection.

You can combine different parameters to extend the functionality of netstat. For example,

netstat –ano

would display all active TCP connections and the TCP and UDP ports a computer is listening on, use numerical values, and report the PID associated with the connections.

10. Nslookup

nslookup is a useful command-line utility that enables DNS troubleshooting and diagnostics. Nslookup is available on Windows and *nix operating systems. There are a variety of use cases for this flexible utility and it can be run in interactive mode or by entering commands directly at the command prompt.

To help you get started, we’ll review some nslookup commands that are helpful in three of the most common use cases: finding an IP address based on a domain name, finding a domain name based on an IP address, and looking up email servers for a domain.

Key Features:

  • Show DNS entry details
  • Troubleshoots address problems
  • Free to use

Below are examples of how to do each from a Windows command prompt.

Finding an IP address based on a domain name:

C:\Users>nslookup google.com

Server:  ns2.dns.mydns.net

Address:  192.168.247.45

Non-authoritative answer:

Name: google.com

Addresses:  2607:f8b0:4009:805::200e

       172.217.10.46

The output above shows us that the DNS server used on our local machine was ns2.dns.mydns.net and since ns2.dns.mydns.net is not an authoritative name server on Google’s domain, we get a “Non-authoritative answer”. If we wanted to specify a different DNS server in our query, we simply add the DNS server’s domain name or IP address after the command, like this (using the 1.1.1.1 DNS server from CloudFlare).

C:\Users>nslookup google.com 1.1.1.1

Server:  1dot1dot1dot1.cloudflare-dns.com

Address:  1.1.1.1

Non-authoritative answer:

Name: google.com

Addresses:  2607:f8b0:4009:812::200e

       216.58.192.174

Finding a domain name based on an IP address

Finding a domain name based on an IP address is similar to the previous process, you simply use an IP address instead of the domain name after the “nslookup” command. For example to find out what the fully-qualified domain name (FQDN) for the IP address 8.8.8.8 is we would use the command below:

C:\Users>nslookup 8.8.8.8

Server:  ns2.dns.mydns.net

Address:  192.168.247.45

Name: google-public-dns-a.google.com

Address:  8.8.8.8

Based on the output, we can see that the FQDN associated with 8.8.8.8 is “google-public-dns-a.google.com” which makes sense given 8.8.8.8 is one of the two popular public DNS servers available from Google.

Looking up email servers for a domain

Sometimes you may need to determine what email servers are available on a domain. To do that, we simply need to specify that we are looking for MX records using the –ty switch. In the example below, we’ll check what mail servers are returned for gmail.com:

C:\Users>nslookup -ty=mx gmail.com

Server:  ns2.dns.mydns.net

Address:  192.168.247.45

Non-authoritative answer:

gmail.com    MX preference = 40, mail exchanger = alt4.gmail-smtp-in.l.google.com

gmail.com    MX preference = 5, mail exchanger = gmail-smtp-in.l.google.com

gmail.com    MX preference = 30, mail exchanger = alt3.gmail-smtp-in.l.google.com

gmail.com    MX preference = 10, mail exchanger = alt1.gmail-smtp-in.l.google.com

gmail.com    MX preference = 20, mail exchanger = alt2.gmail-smtp-in.l.google.com

Here, five mail servers were returned along with an MX preference value. The lower the MX preference value, the higher the priority of that server (i.e. those servers should be used first).

11. Speed and up/down test sites

Sometimes you need to start troubleshooting by determining if the issue is with client computers accessing a website or with the website itself. There are many sites that can help you do just that. For example, Uptrends’ uptime check tool allows you to check the status and response time for a website from checkpoints across the globe.

Key Features:

  • Checks for website availability
  • Connection speeds checks
  • Some free to use

speed up down trends

This can be especially helpful if you need to determine why some users can reach your site and others cannot. For a more simple, but more ad-heavy, up/down check you can try Down For Everyone Or Just Me.

is site down?

Alternatively, you may want a quick and easy way to test your upload and download speeds to see if you have a bandwidth or latency issue. Our broadband speed test is a great way to do just that and help raise money for charity.

speedtest

 

12. Sysinternals

Microsoft’s Sysinternals networking utilities will well serve windows administrators that require advanced network diagnostic and troubleshooting tools. The Sysinternals utilities include tools that can help troubleshoot and configure Active Directory (AD), like AD Explorer and AD Insight. Other tools can help measure network performance (PsPing), scan file shares (ShareEnum), list or run processes remotely (PsTools), and more. If you only require one or a few of the Sysinternals utilities, you can install them separately as opposed to downloading the entire Sysinternals Suite.

Key Features:

  • Windows admin utilities
  • Manage Active Directory
  • Free to use

13. Wireshark

Wireshark is a protocol analyzer and one of the go-to networking tools for organizations of all sizes when network issues need to be troubleshot with a high level of granularity.

The benefit of using Wireshark to analyze network traffic is that you will be able to view the raw network packets, and this will often allow you to identify the root cause of an issue. This can be especially helpful in situations where it is unclear which application is not doing what it is supposed to or when you try to reverse engineer the functionality of a poorly-documented program.

The tradeoff here is that you will have a lot of data to parse through, so some technical knowledge may be required to drill down and identify the important information.

Key Features:

  • Packet capture
  • Protocol analyzer
  • Free to use

You can download Wireshark for free here.

Wireshark dashboard

On Windows operating systems, link-layer packet captures with WireShark are often made possible using Winpcap (either Winpcap or Npcap is required). In addition to enabling WireShark on Windows, Winpcap can enable the powerful Windump command line utility which is Windows answer to the popular tcpdump program found on many *nix operating systems. For a deeper dive on Winpcap, Windump, and tcpdump, check out our recent article on packet sniffers and network analyzers and download the tcpdump cheat sheet.

While WireShark is an excellent tool, the data generated isn’t always the easiest for the uninitiated to understand. If you are looking for detailed network visualization and parse through the data generated using WireShark, SolarWinds Response Time Viewer can help. This tool enables users to load and analyze .pcap files and provides easy to read summaries of the response times and data volumes.

SolarWinds Response Time viewer for Wireshark

SolarWinds Response Time Viewer for WireShark Download FREE Tool

14. Nmap

Nmap is a popular security auditing and network exploration tool released under a custom open source license based on GPLv2. While the most popular use cases for nmap are security scans and penetration testing, it can prove quite helpful as a network troubleshooting tool as well.

For example, if you are dealing with an unfamiliar app and want to find out what services are running and which ports are open, nmap can help. Nmap itself uses a command-line interface (CLI), but that doesn’t mean you are out of luck if you prefer a graphical user interface (GUI). Zenmap is the official nmap GUI and is a good way for beginners to start working with nmap.

Key Features:

  • Command-line utility
  • Network troubleshooter
  • Free to use

For more on Zenmap and a deeper dive on nmap, check out our 10 Best Free Port Checkers for 2018 article.
zenmap

Choosing a network diagnostics & troubleshooting tool

The tools we discussed here are great to have in your network troubleshooting toolbox and we recommend giving some of them a try the next time you find yourself dealing with a head-scratching network troubleshooting scenario. Did you try out our Editor’s choice – SolarWinds Network Configuration Manager? Did we leave any of your favorite network troubleshooting tools out, or do you have questions about the tools we mentioned here? Let us know in the comments section below.

Related post: PingPlotter Alternatives

Network Diagnostics & Troubleshooting FAQs

What are the six steps of the troubleshooting process?

Follow a formalized routine when troubleshooting networks:

  1. Identify the problem.
  2. Make an educated guess of the possible cause of the problem.
  3. Explore the system to check whether your idea is valid.
  4. Identify system elements in error; plan and implement remediation steps.
  5. Check that the solution worked and change procedures to prevent the problem from happening again.
  6. Document the problem, the solution, and recommendations for procedural change.

Steps 2 and 3 might need to be carried out recursively until you hit the problem. The documentation step is ongoing throughout the troubleshooting process with note-taking to contribute to an accurate record once the entire process is complete.

What causes intermittent network connection issues?

There are many possible causes for intermittent network connection issues:

  • Unreliable power source
  • Environmental interference
  • Queueing on a network device
  • A network device overloaded
  • A faulty network device
  • IP address renewal
  • IP address duplication
  • DNS server errors
  • Firewall software hanging
  • Network software jamming
  • Hacker attack
  • Automatic update of firmware taking a device offline
  • Interruption of external networks, e.g., the internet
  • Loose cable plug in an endpoint or network device
  • Damaged network cable
  • Loose wiring
  • Multiple domain server clashes
  • Lack of storage space on devices for traffic processing or logging
  • Security software blocking activity

Which utility or LAN command do you feel was the most useful for network troubleshooting?

Ping and Traceroute are the two LAN commands most often used for network troubleshooting. Ping shows whether an endpoint is contactable. Traceroute shows the most likely path to that endpoint. These two commonly used network utilities are usually integrated into most network monitors.

What are the most common issues that affect network performance and reliability?

The most common issues that affect network performance are:

  • Power source problems
  • Network device faults
  • Network cable faults
  • Defective cable connectors
  • System overloading
  • QoS prioritization
  • Incompatible network settings on different devices
  • Addressing issues
  • Security software
  • Hacker or intruder activity
  • Malware