Network diagnostic tools are tested throughout the CompTIA Network+ N10-009 Troubleshooting domain. Each tool serves a specific diagnostic purpose — using the right tool for the right problem is itself a tested skill. This topic consolidates the key tools, their syntax, and when to use them, building on the troubleshooting-tools topic with additional emphasis on correct tool selection for specific scenarios.
Practice this topic
ping: 'ping 8.8.8.8' — ICMP RTT test. 'ping -t 8.8.8.8' (Windows, continuous). 'ping -c 100 8.8.8.8' (Linux, 100 packets for loss calculation). Use extended ping for loss measurement. traceroute (Windows: tracert): path discovery. 'tracert 8.8.8.8' (Windows), 'traceroute 8.8.8.8' (Linux). MTR: 'mtr 8.8.8.8' — continuous traceroute with per-hop loss and latency statistics.
nslookup / dig: 'nslookup google.com', 'dig google.com MX'. pathping: Windows tool combining ping and traceroute — shows per-hop packet loss statistics over multiple rounds. Useful for intermittent loss identification.
netstat: 'netstat -an' (all connections, numeric). 'netstat -rn' (routing table). 'netstat -s' (protocol statistics). 'netstat -e' (Ethernet statistics — packet counts, errors). ss: modern Linux replacement for netstat. arp: 'arp -a' (display ARP cache). 'arp -d IP' (delete ARP entry). route: 'route print' (Windows, routing table). 'route add' (add static route).
nmap: network scanner — discovers hosts, open ports, OS fingerprinting, service versions. 'nmap -sV 192.168.1.0/24' scans a subnet for services. Used for network inventory and vulnerability assessment pre-scans. Requires authorization — unauthorized scanning is illegal.
iperf3: throughput testing. 'iperf3 -s' (server). 'iperf3 -c server-ip -t 30' (client, 30-second test). Measures maximum TCP/UDP throughput between endpoints. Wireshark: GUI packet capture and analysis. Decodes protocols, follows TCP streams, provides statistics. 'tcp.port == 443' display filter.
Curl / wget: test web server connectivity at HTTP/HTTPS layer. 'curl -v https://server' shows full HTTP request/response including TLS details. Useful for troubleshooting web server and certificate issues without a browser.
nmap is only for hackers
nmap is a standard network administration tool used by security teams, network engineers, and administrators for legitimate network inventory, firewall verification, and security auditing. Unauthorized use against systems you don't own is illegal; authorized use is an essential network management skill
These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.
A network engineer wants to determine if packet loss is occurring consistently at a specific router hop along a path to a server. Which tool provides per-hop packet loss statistics over continuous monitoring?
Explanation: MTR (my traceroute) combines ping and traceroute into a continuous, real-time display showing per-hop RTT and packet loss statistics. It sends repeated probes to each hop and accumulates statistics, making intermittent loss visible. A single traceroute snapshot may miss intermittent loss. Ping only measures end-to-end RTT. nmap is a scanner, not a path analysis tool.
Windows tracert uses ICMP echo requests with incrementing TTL. Linux/macOS traceroute uses UDP packets with incrementing TTL by default (can use ICMP with -I flag). The receiving host sends TTL Exceeded ICMP responses as each TTL expires, revealing intermediate hops. UDP traceroute may see fewer '*' responses on some networks since many routers rate-limit ICMP responses to ICMP differently than UDP TTL exceeded. Use '--protocol icmp' flag on Linux for ICMP-based traceroute.
Try free Network Tools practice questions with explanations, topic links and progress tracking.