Best Walkthrough for Understanding the Networking Commands

TL;DR: Networking commands are tools for checking connectivity, troubleshooting network issues, viewing IP settings, testing routes, and monitoring communication between devices. This guide explains essential networking commands, how they work, and when to use them for faster and more effective network troubleshooting.

What Are Networking Commands?

Every system is connected to numerous different networks and systems, through internal or external network channels. These network settings often cause issues and affect system performance. Such network problems can be resolved using computer network commands.

These commands are specifically designed to troubleshoot network problems with minimal complexity using the Windows Command Prompt. The Windows operating system provides its users with a powerful tool, i.e., cmd, which allows us to access and configure system settings and data. In this article on ‘Networking Commands’, we will look at some popular and basic networking commands to help troubleshoot no internet issues.

These network commands in Windows and cross-platforms help configure or troubleshoot our system's network settings.

Basic Networking Commands

1. ping

What it does: Checks whether a device or website is reachable and measures response time.

Syntax: ping [hostname or IP address]

Key flags: -c limit count (Linux/macOS), -n limit count (Windows), -t continuous ping (Windows)

When to use: When you want to test connectivity or check packet loss.

Interpret output: Look for reply time, packets sent/received, and packet loss. High latency or packet loss may indicate a network problem.

2. ipconfig / ifconfig

What it does: Displays IP address, subnet mask, gateway, and other network interface details.

Syntax: ipconfig (Windows), ifconfig (Linux/macOS older systems)

Key flags: /all for detailed output in Windows, interface name with ifconfig for specific adapter

When to use: When you need to check local network settings or troubleshoot incorrect IP configuration.

Interpret output: Verify IPv4 address, default gateway, DNS, and whether the system has a valid network configuration.

3. tracert / traceroute

What it does: Shows the path packets take from your system to a destination.

Syntax: tracert [hostname/IP] (Windows), traceroute [hostname/IP] (Linux/macOS)

Key flags: -d skip DNS lookup (Windows), -n numeric output (Linux/macOS)

When to use: When you want to find where delays or failures happen along the route.

Interpret output: Each hop shows a router or device in the path. Timeouts or long delays at a hop may point to routing issues.

4. nslookup

What it does: Queries DNS to find the IP address linked to a domain name.

Syntax: nslookup [domain]

Key flags: none commonly required; interactive mode can query record types

When to use: When a website is not resolving properly, or you want to verify DNS records.

Interpret output: Check the returned IP address and DNS server used. Wrong or missing results may indicate DNS issues.

5. netstat

What it does: Displays active connections, listening ports, and protocol statistics.

Syntax: netstat [flags]

Key flags: -a all connections, -n numeric addresses, -o process ID (Windows), -tuln common Linux combination

When to use: When you want to check open ports or identify suspicious connections.

Interpret output: Look for local and remote addresses, connection state, and listening services.

6. arp

What it does: Displays or modifies the ARP cache, which maps IP addresses to MAC addresses.

Syntax: arp -a

Key flags: -a display ARP table, -d delete entry

When to use: When diagnosing local network communication issues or MAC address conflicts.

Interpret output: Check whether the IP-to-MAC mappings for devices on the local network are correct.

7. hostname

What it does: Shows the name of the current system on the network.

Syntax: hostname

Key flags: Usually none for basic use

When to use: When identifying a machine in a networked environment.

Interpret output: The output is the current device name used on the network.

8. getmac

What it does: Displays the MAC addresses of network adapters on Windows.

Syntax: getmac

Key flags: /v verbose, /fo list list format

When to use: When you need the physical address of an adapter for troubleshooting or access control.

Interpret output: Match each listed MAC address to the correct adapter.

Prepare to Clear All Cyber Security CertificationsCyber Security Expert Master's ProgramExplore Program

Advanced Computer Networking Commands

1. tcpdump

What it does: Captures and analyzes network packets in real time.

Syntax: tcpdump [flags]

Key flags: -i interface, -n no DNS resolution, -c capture count, port filter by port

When to use: When you need deep packet-level troubleshooting or traffic analysis.

Interpret output: Review source, destination, protocol, and packet behavior to spot dropped, repeated, or suspicious traffic.

2. wireshark / tshark

What it does: Captures and inspects network traffic with detailed protocol analysis.

Syntax: tshark -i [interface]

Key flags: -i interface, -f capture filter, -Y display filter

When to use: When troubleshooting application traffic, protocol errors, or packet loss.

Interpret output: Inspect packet details, retransmissions, handshake failures, and protocol fields.

3. route

What it does: Displays or edits the system routing table.

Syntax: route print (Windows), route -n (Linux)

Key flags: print, add, delete

When to use: When traffic is taking the wrong path or gateway settings seem incorrect.

Interpret output: Check destination network, gateway, interface, and metric to confirm correct routing behavior.

4. ip

What it does: Manages network interfaces, addresses, and routes in Linux.

Syntax: ip [object] [command]

Key flags: addr, link, route

When to use: When viewing or changing Linux network configuration.

Interpret output: Verify interface state, assigned IPs, and route information.

5. nmap

What it does: Scans hosts, ports, and services on a network.

Syntax: nmap [target]

Key flags: -sS SYN scan, -p port range, -A aggressive scan, -O OS detection

When to use: When auditing network exposure or checking which ports are open.

Interpret output: Review open, closed, or filtered ports, detected services, and possible OS details.

6. dig

What it does: Performs detailed DNS queries and returns DNS record information.

Syntax: dig [domain]

Key flags: +short concise output, MX, A, AAAA, NS record type selection

When to use: When you need more detailed DNS troubleshooting than nslookup provides.

Interpret output: Focus on the answer section, query time, server used, and returned record values.

7. mtr

What it does: Combines ping and traceroute to continuously test route quality.

Syntax: mtr [hostname/IP]

Key flags: -r report mode, -c report count, -n numeric output

When to use: When diagnosing unstable latency or packet loss across multiple hops.

Interpret output: Check loss percentage and latency at each hop to locate the problem area.

8. ss

What it does: Displays socket statistics and active connections in Linux.

Syntax: ss [flags]

Key flags: -t TCP, -u UDP, -l listening, -n numeric, -p process info

When to use: When checking open sockets or replacing netstat on modern Linux systems.

Interpret output: Review listening services, established connections, and associated processes.

9. ethtool

What it does: Displays and changes Ethernet device settings.

Syntax: ethtool [interface]

Key flags: interface name, -S statistics

When to use: When checking link speed, duplex mode, or NIC health.

Interpret output: Confirm speed, duplex, link detected status, and adapter statistics.

10. nc (Netcat)

What it does: Reads and writes data across network connections for testing ports and services.

Syntax: nc [host] [port]

Key flags: -z scan mode, -v verbose, -l listen mode

When to use: When testing whether a specific port is open or a service is reachable.

Interpret output: A successful connection indicates the port is open and reachable; a failure suggests a block or service issue.

Learn from Top Cyber Security Mentors!Cyber Security Expert Master's ProgramExplore Program

Common Troubleshooting Workflows

Networking commands are most useful when used in a logical order. Instead of running random commands, it helps to follow a simple troubleshooting workflow based on the problem.

1. When a Website or Server is Not Reachable

Start by checking whether the destination is reachable.

Workflow:

ping → tracert / traceroute → nslookup

How it helps:

• ping checks basic connectivity
• tracert/traceroute shows where the connection is failing
• nslookup confirms whether the domain is resolving correctly

Example use case:

A user cannot open a website. First test reachability with ping, then trace the network path, and finally verify DNS resolution.

2. When the System Has No Internet Access

Check whether the local machine has a valid network configuration.

Workflow:

ipconfig / ifconfig / ip addr → ping gateway → ping 8.8.8.8 → nslookup google.com

How it helps:

• Check IP address, subnet mask, gateway, and DNS settings
• Ping the default gateway to test local network access
• Ping a public IP to confirm internet connectivity
• Use nslookup to see whether DNS is working

Example use case:

A laptop is connected to Wi-Fi but cannot browse the internet. This workflow helps identify whether the issue is local, gateway-related, internet-related, or DNS-related.

3. When a Specific Port or Service is Not Working

Check whether the service is listening and whether the target port is reachable.

Workflow:

netstat / ss → nc → telnet (if available) → nmap

How it helps:

• netstat/ss shows whether the service is listening on the expected port
• nc tests whether the destination port is open
• nmap scans ports and services in more detail

Example use case:

A web app is down on port 8080. Use these commands to confirm whether the application is listening and whether the port is blocked.

4. When DNS is Suspected

Check whether the issue is caused by domain name resolution rather than connectivity.

Workflow:

nslookup → dig → ping IP address

How it helps:

• nslookup checks whether the domain resolves
• dig provides more detailed DNS record information
• Pinging the IP directly helps confirm whether only DNS is failing

Example use case:

A website works by IP address, but not by domain name. That usually points to a DNS problem.

5. When the Network is Slow

Check latency, packet loss, and route quality.

Workflow:

ping → mtr → tracert / traceroute

How it helps:

• ping measures response time and packet loss
• mtr shows latency and loss across multiple hops in real time
• traceroute helps identify where delays begin

Example use case:

Users report that an application is loading very slowly. These commands help determine whether the local network, the ISP, or an upstream route is causing the slowdown.

Learn 30+ in-demand cybersecurity skills and tools, including Ethical Hacking, System Penetration Testing, AI-Powered Threat Detection, Network Packet Analysis, and Network Security, with our Cybersecurity Expert Masters Program.

Windows vs Linux/Mac Equivalents

Engineers routinely switch between different platforms and architectural systems today. Networking protocols stay consistent across devices, but command syntax differs noticeably. Consider this a basic table of Windows and Linux equivalents.

Key Takeaways

• Start diagnostic sessions with simple pings to rule out basic connectivity failures early on
• Evaluating performance metrics via pathping accurately isolates statistical packet losses
• Unusual active connections and listening ports get easily identified with routine netstat auditing

Build Your Network Security Skill Set Now!CEH v13 - Certified Ethical Hacking CourseExplore Program