curl -o /dev/null -w "%{http_code} %{time_total}s\n" https://example.comHTTP status code and total request time, good for health checks
curl --resolve example.com:443:1.2.3.4 https://example.comForce the IP, test a new server before DNS cutover
๐ฆ tcpdump, packet capture
tcpdump -i eth0 -nn port 80Capture HTTP on eth0, no name resolution (-nn)
tcpdump -i any -nn host 10.0.0.1All traffic to/from a specific host, any interface
tcpdump -i eth0 -w /tmp/capture.pcap -c 500Write first 500 packets to a file for Wireshark analysis
tcpdump -i eth0 -nn 'tcp[tcpflags] & tcp-syn != 0'Only SYN packets, see new connection attempts
๐ nc (netcat), quick port connectivity tests
nc -zv TARGET 443Test if TCP port 443 is open and reachable (no data sent)
nc -zu TARGET 53Test UDP port 53 (DNS), note UDP tests are less reliable
nc -l 12345Listen on port 12345, receive data from nc on another host
First principles of network debugging
Work the OSI model from the bottom up. Is the cable plugged in? Does the interface have an IP? Can you reach the default gateway? Can you reach the DNS server? Can you resolve a name? Can you reach the service's port? Each layer eliminates a class of problems and points you to the next one. ip route get is often the fastest way to confirm Layer 3 is working as expected.
When traceroute lies
Many service providers and cloud routers silently drop or rate-limit ICMP TTL-exceeded messages, so gaps and asterisks in a traceroute don't necessarily mean a broken hop, the hop may be forwarding traffic just fine. Use traceroute -T -p 443 (TCP mode) to probe paths that block ICMP, and use mtr for continuous monitoring across all hops at once.