Like with most jobs, when it comes to network troubleshooting, the software you use can make a world of difference.
Network analysis can show you the leading causes of network problems, such as slow speeds, network connection problems, and packet loss center on overloaded network devices, such as switches and routers, or missing information in your routing table and other system databases, such as the DNS server or the DHCP system.
By using all of the network diagnostic tools in this list, you can put together a workflow that will give you information on all potential network problems. If the network engineers planned your network correctly, it should never encounter the problems that cause the system to slow down, and network analysis and management should be an enjoyable task.
Here’s our list of the best network diagnostic tools and troubleshooting software:
- SolarWinds Network Configuration Manager EDITOR’S CHOICE An essential system security and administration tool that automatically checks on device settings. The NCM will gather all device configurations, allow the creation of standard settings, and ensure that any unauthorized changes are immediately rolled back. Start 30-day free trial.
- SolarWinds Port Scanner (FREE TOOL) Check the TCP and UDP port status (open, closed, or filtered) of the IP addresses on your network devices to ensure that you don’t have unattended ports open. Great for resolving IP conflicts and can be run from the command line with the option to export results to file.
- Datadog Network Performance Monitoring (FREE TRIAL) A cloud-based network monitoring and management service that includes troubleshooting tools.
- SolarWinds RMM (FREE TRIAL) A remote monitoring and management tool that enables central IT departments to manage networks on several remote sites.
- Paessler Network Troubleshooting with PRTG Infrastructure management system that includes port monitoring.
- Ping Simple command-line utility that checks on the speed of connections.
- Tracert Free command-line utility that lists the probable hops to a network or internet destination address.
- Ipconfig This command-line tool reports the IPv4 and IPv6 addresses, subnets, and default gateways for all network adapters on a PC.
- Netstat This tool displays active connections on your computer.
- Nslookup Available for Windows, Unix, Linux, and Mac OS, this tool gives you DNS server diagnostics.
- Speed and up/down test sites A list of websites that will test your internet connections.
- Sysinternals Set of Microsoft tools for Windows that help troubleshoot and configure Active Directory.
- Wireshark Free packet sniffer that will help you analyze traffic flows.
- Nmap Network security and monitoring tool that needs a companion utility, Zenmap, as a user interface.
The best network diagnostics tools & troubleshooting software
When curating this list, we considered the reliability of the tool in use in diverse situations, ease of setting up and use, documentation and support, and how up to date the diagnostic software is kept.
Five of the tools in our list (ping, tracert, ipconfig, netstat, & nslookup) can be executed directly from a Windows command prompt (cmd.exe) without installing any additional programs for advanced troubleshooting. The rest of the network analysis tools can be used alone or in combination for network discovery.
The SolarWinds Network Configuration Manager offers the opportunity to automate system troubleshooting and problem resolution. Busy systems managers often overlook the settings of network devices. The network could be performing badly because you don’t have all of the settings of your devices coordinated. The Network Configuration Manager saves you time by seeking out all devices, the network device health, importing their settings into a central manager, and allowing you to create a standard configuration for each device type and make.
The configuration manager rolls out the standard configurations that you write into the central dashboard. This standardization should fix a lot of the problems that you experience on your network because it will wipe out inappropriate settings for network devices, such as routers and switches that might be slowing down data transfers. Once the standard configurations have been stored, they can only be changed through the password-protected dashboard of the Network Configuration Manager.
This system configuration troubleshooter is an important security tool. Unauthorized intruders can be traced or blocked through the network devices of the network, so altering settings is a common intrusion strategy. The Network Configuration Manager constantly monitors the configurations of all network devices and automatically restores the authorized settings, stored as images, should any change be detected.
SolarWinds produces a range of IT whole infrastructure monitoring and network management tools, and many of these are created on a common platform, called Orion. This makes it possible for the independent tools to interact, and the Network Configuration Manager is one of these Orion-based utilities. The central network monitoring tool in the suite is the Network Performance Monitor and this is usually the lead utility in any monitoring system, which is complemented by the Network Configuration Manager. However, SolarWinds NCM can also be used as a standalone tool.
- Standardizes configurations
- Backs up configurations
- Rolls back unauthorized setup changes
- Spots intruder activity
The Network Configuration Manager is a paid tool. However, SolarWinds makes it available on a 30-day free trial.
The SolarWinds Network Configuration Manager is our top choice on this list because it automates network troubleshooting by examining the settings of all switches and routers. The services of this tool save a lot of time on research and they ensure that no changes can be made to network devices without authorization.
The NCM is an essential security tool because it closes off the intruder strategy of altering switch and router settings to facilitate unauthorized monitoring through these devices. Changes can only be made to device configurations through the NCM dashboard, making system control easier.
Official Site: solarwinds.com/network-configuration-manager
OS: Windows Server 2016 or 2019
SolarWinds free port scanner offers benefits similar to those of the popular nmap port scanner (which we discuss in this list too) with a GUI that is intuitive and easy to get started with. If you’re looking to dive right into the world of network troubleshooting and port scanning, this tool is a great place to start. The ease of use helps eliminate some of the technical barriers to entry other similar tools may have.Free Download:SolarWinds Port Scanner Tool
This scanner is a portable executable that can be run on Windows operating systems. In addition to scanning TCP and UDP ports to determine whether they’re open/closed/filtered, SolarWinds Port Scanner can detect MAC addresses and operating systems. Scan results can be saved in .csv, .xlsx, or .xml format.
SolarWinds Port Scanner is a powerful free tool that can provide you with a list of open, closed and filtered ports on each scanned IP. It can also resolve hostnames, provide an overview of MAC addresses, and more. Can run in a command-line and export results to file.
- Seeks out open ports
- Covers TCP and UDP
- Reports operating system per device
- Shows device MAC address
- Free to use
You can download SolarWinds Port Scanner for free here.
Datadog is a cloud-based monitoring system for IT resources that is available as a menu of modules. The base package of the service is an Infrastructure module that covers network monitoring. However, this service can be enhanced by adding on the Network Performance Monitoring module.
The Network Performance Monitoring module of Datadog adds on analytical functions to the Infrastructure package and includes capacity planning and troubleshooting utilities. While the Infrastructure module looks at device statuses, the Network Performance Monitoring service examines traffic flows.
The Datadog system uses agent software on-site, but all processing and data storage is implemented on the Datadog server. Systems administrators access the Network Performance Monitoring console through any browser in order to see live statistics on current traffic flows on the network. Given that the service is based in the cloud, it can easily monitor remote networks, just as long as that network has the agent module installed on it.
The service doesn’t just display live network traffic data. It also stores that information for analysis. Administrators can trace the journey of a packet, view conversations between endpoints, segment traffic statistics per application or per origin or source, and identify the major bandwidth hogs on the network. The service can unify both onsite, cloud-based, and remote networks to give a complete picture of all network traffic generated by the business. The tool includes live network maps with traffic flows shown on them and it is also possible to see overloaded links or bottlenecks.
- Drill down into network flows and traces
- Locates traffic hogs
- Can monitor containers, pods, and deployments
- Great visualization and mapping
Datadog has a single plan level for its Network Performance Monitoring module. Charges are levied per host per month with a discount for paying annually in advance. The service is available for a 15-day free trial.
SolarWinds RMM is a cloud-based remote monitoring and management software package. As this system monitors the network, it also stores metrics for analysis. Having access to all aspects of a system, including endpoints and servers, SolarWinds has many channels of data for diagnostics and troubleshooting.
Among the benefits offered by SolarWinds RMM is a service called LOGICcards. This is a data source for a wide range of diagnostic projects. The main value of these feeds lies in security. However, they also give insights into how to improve efficiency and avoid system management mistakes.
LOGICcards gathers data from 5,000,000 endpoints on 4,000,000 networks. Comparing the data extracted from these studies, the LOGICcard system analyzes a network and is able to point out factors and settings that are missing from that system, compared to the organization of the majority of other networks.
Another LOGICcard service is a feed of warnings to look out for, such as patches that cause problems and should be held off or new internet-based scams. A guidance aspect to this service also identifies errors to avoid in network configuration and tips on how to optimize bandwidth usage. Furthermore, the topics covered by a LOGICcard feed adapt according to your responses to past advice.
The dashboard for SolarWinds RMM is resident on the cloud. It doesn’t require any special equipment to use the service – any standard web browser will do and there is also a SolarWinds RMM mobile app available.
- Data retention for analysis
- LOGICcard advice
- 30-day free trial
SolarWinds RMM is a subscription service. This is a great attraction for startups because there are no upfront costs for getting set up. There are no setup fees and there is no need to fork out for a software package Instead, the subscribing company pays a little each month. Interested potential customers can access a 30-day free trial of SolarWinds RMM.
See also: Network Configuration & Backup Tools
Paessler’s PRTG is a complete monitoring system. It can help you with troubleshooting because it can diagnose network issues right down the protocol stack and identify the root of the problem. Port monitoring is one of the network diagnostics techniques that you can use with this tool.
The PRTG system includes two port monitoring sensors. One homes in on a specified port on a particular device, the other will check a range of port numbers. This tool only monitors TCP ports. The port range sensor has one extra feature that the single port sensor does not have. You can set it to check the port with TLS protection. Both sensors report on the response time of the port and whether it is open or closed.
PRTG includes network traffic analysis tools to help you troubleshoot delivery speeds. The tool includes a range of traffic monitoring techniques including route tracing to a destination with Traceroute and a Ping sweep, which will give you the response times to each node on your network. A packet-sniffing utility can tell you which applications and endpoints are producing excessive traffic and you can query the health of the network devices to see which are congested to the point of queuing.
Paessler built a tool that covers servers and applications as well as network statuses, port response times, and services to monitor all conditions that can cause software performance issues. If you’ve got VMs on your network, PRTG can sort through their underlying connections, services, servers, and operating software. That monitoring is constant, so you will be able to trace back through events to spot the source of any performance issues.
- TCP port auditor
- Port range checker
- 30-day free trial
Paessler delivers PRTG as a cloud service or you can install the diagnostic software on your premises. The tool installs on Windows Server environments. You can use the system for free for up to 100 sensors.
Ping is the ideal command to use when you need to confirm network connectivity, at the IP level, between two hosts, or to confirm the TCP/IP stack is working on your local machine. A successful ping confirms network connectivity between the two hosts and it also gives reports on packet loss.
- Widely used
- Connection error detection
- Free to use
Using Ping with Examples
Below is an example of a successful run of the ping command to the “google.com” remote host.
C:\Users>ping google.com Pinging google.com [184.108.40.206] with 32 bytes of data: Reply from 220.127.116.11: bytes=32 time=38ms TTL=56 Reply from 18.104.22.168: bytes=32 time=12ms TTL=56 Reply from 22.214.171.124: bytes=32 time=14ms TTL=56 Reply from 126.96.36.199: bytes=32 time=12ms TTL=56 Ping statistics for 188.8.131.52: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milliseconds: Minimum = 12ms, Maximum = 38ms, Average = 19ms
In addition to confirming IP connectivity to “google.com”, these results confirm that we are able to properly resolve domain names (i.e. DNS is working on the local machine).
That Loss figure that you see in the last line of the ping output is the number of lost packets followed by the packet loss rate in brackets.
A few pro-tips for working with the ping command for advanced troubleshooting:
ping –tto ping a host continuously. For example:
ping –t google.com
would continue to ping google.com until the ping was interrupted. Press control-c (the “CTRL” and “C” keys) to end a continuous ping.
- If you cannot ping domain names like google.com, but you can ping IP addresses on the Internet like 184.108.40.206 (Google’s DNS servers), you may have a DNS-related problem.
- If you cannot ping IP addresses on the Internet like 220.127.116.11, but you can ping hosts on your Local Area Network (LAN), you may have a problem with your default gateway.
- You can use “ping localhost”, “ping::1”, or “ping 127.0.0.1” to test the TCP/IP stack on your local machine. “localhost” is a name that resolves to one of the loopback addresses of a local machine, “::1” is an IPv6 loopback address, and “127.0.0.1” is an IPv4 loopback address.
Tracert is similar to ping, except it leverages Time To Live (TTL) values to show how many “hops” there are between two hosts. This makes it a helpful tool in determining where a network connectivity breakdown is occurring. Basically, tracert helps you understand if the router or network that is down between your computer and a remote host is one you control or not.
- Connection path trace
- Spots overloaded links
- Free to use
Using tracert with examples
Again using google.com as an example, we can see there were 10 hops between our PC and google.com.
C:\Users>tracert google.com Tracing route to google.com [18.104.22.168] over a maximum of 30 hops: 1 1 ms 1 ms 3 ms 192.168.1.1 2 246 ms 49 ms 56 ms 10.198.1.177 3 58 ms 48 ms 54 ms 10.167.184.102 4 63 ms 55 ms 85 ms 10.167.184.107 5 50 ms 55 ms 56 ms 10.164.72.244 6 72 ms 365 ms 69 ms 10.164.165.43 7 92 ms 61 ms 45 ms 22.214.171.124 8 67 ms 42 ms 58 ms 126.96.36.199 9 372 ms 66 ms 46 ms 188.8.131.52 10 64 ms 73 ms 44 ms lga15s47-in-f78.1e100.net 184.108.40.206] Trace complete.
Determining the IP settings on your computer is an essential part of network troubleshooting. The ipconfig command helps you do just that. Entering ipconfig at a command prompt will return IPv4 and IPv6 addresses, subnets, and default gateways for all network adapters on a PC. This can help determine if your computer has the right IP configuration. Additionally, ipconfig can be used to change or update selected IP settings.
- Lists interface statuses
- Shows gateway address
- Free to use
Pro-tips for working with ipconfig:
- If ipconfig returns an IP address that starts with 169.254 (e.g. 169.254.0.5), your PC is likely configured for DHCP but was unable to receive an IP address from a DHCP server.
ipconfig /allto get the full TCP/IP configuration information for all network adapters and interfaces.
ipconfig /releaseto release the current DHCP assigned network parameters.
ipconfig /renewto renew the current DHCP assigned network parameters.
ipconfig /flushdnsto clear the DNS cache when troubleshooting name resolution issues.
Netstat allows you to display active connections on your local machine. This can be helpful when determining why users are unable to connect to a given application on a server or to determine what connections are made to remote hosts from a computer. Entering
netstat at the command prompt will display all active TCP connections. Adding parameters to the netstat command will extend or alter the functionality.
- Lists active ports on the device
- Highlights port issues
- Free to use
netstat commands & example
Here are a few helpful netstat commands and what they do:
netstat –adisplays all active TCP connections and the TCP and UDP ports a computer is listening on.
netstat –ndisplays all active TCP connections just like the
netstatcommand, but it does not attempt to translate addresses or port numbers to names and just displays the numerical values.
netstat –odisplays all active TCP connections and includes the process ID (PID) for the process using each connection.
You can combine different parameters to extend the functionality of netstat. For example,
would display all active TCP connections and the TCP and UDP ports a computer is listening on, use numerical values, and report the PID associated with the connections.
nslookup is a useful command-line utility that enables DNS troubleshooting and diagnostics. Nslookup is available on Windows and *nix operating systems. There are a variety of use cases for this flexible utility and it can be run in interactive mode or by entering commands directly at the command prompt.
To help you get started, we’ll review some nslookup commands that are helpful in three of the most common use cases: finding an IP address based on a domain name, finding a domain name based on an IP address, and looking up email servers for a domain.
- Show DNS entry details
- Troubleshoots address problems
- Free to use
Below are examples of how to do each from a Windows command prompt.
Finding an IP address based on a domain name with nslookup:
C:\Users>nslookup google.com Server: ns2.dns.mydns.net Address: 192.168.247.45 Non-authoritative answer: Name: google.com Addresses: 2607:f8b0:4009:805::200e 220.127.116.11
The output above shows us that the DNS server used on our local machine was ns2.dns.mydns.net and since ns2.dns.mydns.net is not an authoritative name server on Google’s domain, we get a “Non-authoritative answer”. If we wanted to specify a different DNS server in our query, we simply add the DNS server’s domain name or IP address after the command, like this (using the 18.104.22.168 DNS server from CloudFlare).
C:\Users>nslookup google.com 22.214.171.124 Server: 1dot1dot1dot1.cloudflare-dns.com Address: 126.96.36.199 Non-authoritative answer: Name: google.com Addresses: 2607:f8b0:4009:812::200e 188.8.131.52
Finding a domain name based on an IP address with nslookup
Finding a domain name based on an IP address is similar to the previous process, you simply use an IP address instead of the domain name after the “nslookup” command. For example to find out what the fully-qualified domain name (FQDN) for the IP address 184.108.40.206 is we would use the command below:
C:\Users>nslookup 220.127.116.11 Server: ns2.dns.mydns.net Address: 192.168.247.45 Name: google-public-dns-a.google.com Address: 18.104.22.168
Based on the output, we can see that the FQDN associated with 22.214.171.124 is “google-public-dns-a.google.com” which makes sense given 126.96.36.199 is one of the two popular public DNS servers available from Google.
Looking up email servers for a domain with nslookup
Sometimes you may need to determine what email servers are available on a domain. To do that, we simply need to specify that we are looking for MX records using the –ty switch. In the example below, we’ll check what mail servers are returned for gmail.com:
C:\Users>nslookup -ty=mx gmail.com Server: ns2.dns.mydns.net Address: 192.168.247.45 Non-authoritative answer: gmail.com MX preference = 40, mail exchanger = alt4.gmail-smtp-in.l.google.com gmail.com MX preference = 5, mail exchanger = gmail-smtp-in.l.google.com gmail.com MX preference = 30, mail exchanger = alt3.gmail-smtp-in.l.google.com gmail.com MX preference = 10, mail exchanger = alt1.gmail-smtp-in.l.google.com gmail.com MX preference = 20, mail exchanger = alt2.gmail-smtp-in.l.google.com
Here, five mail servers were returned along with an MX preference value. The lower the MX preference value, the higher the priority of that server (i.e. those servers should be used first).
11. Speed and up/down test sites
Sometimes you need to start troubleshooting by determining if the issue is with client computers accessing a website or with the website itself. There are many sites that can help you do just that. For example, Uptrends’ uptime check tool allows you to check the status and response time for a website from checkpoints across the globe.
- Checks for website availability
- Connection speeds checks
- Some free to use
This can be especially helpful if you need to determine why some users can reach your site and others cannot. For a more simple, but more ad-heavy, up/down check you can try Down For Everyone Or Just Me.
Alternatively, you may want a quick and easy way to test your upload and download speeds to see if you have a bandwidth or latency issue. Our broadband speed test is a great way to do just that and help raise money for charity.
Microsoft’s Sysinternals networking utilities will well serve windows administrators that require advanced network diagnostic and troubleshooting tools. The Sysinternals utilities include tools that can help troubleshoot and configure Active Directory (AD), like AD Explorer and AD Insight. Other tools can help measure network performance (PsPing), scan file shares (ShareEnum), list or run processes remotely (PsTools), and more. If you only require one or a few of the Sysinternals utilities, you can install them separately as opposed to downloading the entire Sysinternals Suite.
- Windows admin utilities
- Manage Active Directory
- Free to use
Wireshark is a protocol analyzer and one of the go-to networking tools for organizations of all sizes when network issues need to be troubleshot with a high level of granularity.
The benefit of using Wireshark to analyze network traffic is that you will be able to view the raw network packets, and this will often allow you to identify the root cause of an issue. This can be especially helpful in situations where it is unclear which application is not doing what it is supposed to or when you try to reverse engineer the functionality of a poorly-documented program.
The tradeoff here is that you will have a lot of data to parse through, so some technical knowledge may be required to drill down and identify the important information.
- Packet capture
- Protocol analyzer
- Free to use
You can download Wireshark for free here.
On Windows operating systems, link-layer packet captures with WireShark are often made possible using Winpcap (either Winpcap or Npcap is required). In addition to enabling WireShark on Windows, Winpcap can enable the powerful Windump command line utility which is Windows answer to the popular tcpdump program found on many *nix operating systems. For a deeper dive on Winpcap, Windump, and tcpdump, check out our recent article on packet sniffers and network analyzers and download the tcpdump cheat sheet.
While WireShark is an excellent tool, the data generated isn’t always the easiest for the uninitiated to understand. If you are looking for detailed network visualization and parse through the data generated using WireShark, SolarWinds Response Time Viewer can help. This tool enables users to load and analyze .pcap files and provides easy to read summaries of the response times and data volumes.
Nmap is a popular security auditing and network exploration tool released under a custom open source license based on GPLv2. While the most popular use cases for nmap are security scans and penetration testing, it can prove quite helpful as a network troubleshooting tool as well.
For example, if you are dealing with an unfamiliar app and want to find out what services are running and which ports are open, nmap can help. Nmap itself uses a command-line interface (CLI), but that doesn’t mean you are out of luck if you prefer a graphical user interface (GUI). Zenmap is the official nmap GUI and is a good way for beginners to start working with nmap.
- Command-line utility
- Network troubleshooter
- Free to use
For more on Zenmap and a deeper dive on nmap, check out our 10 Best Free Port Checkers for 2018 article.
Choosing a network diagnostics & troubleshooting tool
The tools we discussed here are great to have in your network troubleshooting toolbox and we recommend giving some of them a try the next time you find yourself dealing with a head-scratching network troubleshooting scenario. Did you try out our Editor’s choice – SolarWinds Network Configuration Manager? Did we leave any of your favorite network troubleshooting tools out, or do you have questions about the tools we mentioned here? Let us know in the comments section below.
Related post: PingPlotter Alternatives
Network Diagnostics & Troubleshooting FAQs
What are the six steps of the troubleshooting process?
Follow a formalized routine when troubleshooting networks:
- Identify the problem.
- Make an educated guess of the possible cause of the problem.
- Explore the system to check whether your idea is valid.
- Identify system elements in error; plan and implement remediation steps.
- Check that the solution worked and change procedures to prevent the problem from happening again.
- Document the problem, the solution, and recommendations for procedural change.
Steps 2 and 3 might need to be carried out recursively until you hit the problem. The documentation step is ongoing throughout the troubleshooting process with note-taking to contribute to an accurate record once the entire process is complete.
What causes intermittent network connection issues?
There are many possible causes for intermittent network connection issues:
- Unreliable power source
- Environmental interference
- Queueing on a network device
- A network device overloaded
- A faulty network device
- IP address renewal
- IP address duplication
- DNS server errors
- Firewall software hanging
- Network software jamming
- Hacker attack
- Automatic update of firmware taking a device offline
- Interruption of external networks, e.g., the internet
- Loose cable plug in an endpoint or network device
- Damaged network cable
- Loose wiring
- Multiple domain server clashes
- Lack of storage space on devices for traffic processing or logging
- Security software blocking activity
Which utility or LAN command do you feel was the most useful for network troubleshooting?
Ping and Traceroute are the two LAN commands most often used for network troubleshooting. Ping shows whether an endpoint is contactable. Traceroute shows the most likely path to that endpoint. These two commonly used network utilities are usually integrated into most network monitors.
What are the most common issues that affect network performance and reliability?
The most common issues that affect network performance are:
- Power source problems
- Network device faults
- Network cable faults
- Defective cable connectors
- System overloading
- QoS prioritization
- Incompatible network settings on different devices
- Addressing issues
- Security software
- Hacker or intruder activity