After this lesson, you will be able to: Diagnose connectivity with ping, curl, wget, netstat, ss, and Nmap basics; read /etc/hosts.
When 'the app is down' the first question is usually 'can the server even reach the network?'. These commands answer it.
Each tool answers a different question.
ping example.com # is the host reachable? (ICMP)ping -c 4 example.com # 4 packets then stop# DNS lookupdig example.com # full DNS outputdig +short example.com # just the IPnslookup example.com # older alternative# HTTP request (the ops Swiss army knife)curl https://example.comcurl -I https://example.com # HEAD request, headers onlycurl -v https://example.com # verbose: see the whole TCP+TLS+HTTPcurl -X POST -d 'foo=bar' https://example.com/apicurl -H 'Authorization: Bearer xyz' https://api.example.com/mewget https://example.com/file.tar.gz # download a file
ss is the modern netstat; both answer 'who's listening on what port?'.
ss -tlnp # listening TCP ports + the process boundss -tunlp # also UDPss -s # summary stats# netstat (older but still everywhere)netstat -tlnpnetstat -anp | grep 8080 # find what's on port 8080# What's connected to me right now?ss -t state established
Nmap maps open ports; review the cs-pentest-ethics lesson before running anywhere else.
nmap localhost # scan your own machinenmap -sV 192.168.1.10 # version detectionnmap -p 22,80,443 host.example # specific portsnmap -sn 192.168.1.0/24 # discover live hosts on a /24# Don't scan random IPs on the internet without permission
Maps hostnames to IPs BEFORE DNS is consulted. Use for testing, dev, and overrides.
# /etc/hosts127.0.0.1 localhost127.0.1.1 myhostname# Pin staging to a specific IP for local testing10.0.5.42 staging.example.com# Block a domain by sending it to localhost0.0.0.0 ads.example.com# After editing, no daemon to reload; changes take effect immediately.
Trusting `ping` to verify HTTPS works. ICMP and HTTPS are different stacks; ping can fail while HTTPS works (firewall blocks ICMP). Running netstat on a busy server with thousands of connections; it's slow. Use `ss` instead. Scanning third-party servers with nmap and being surprised by abuse complaints. Editing `/etc/hosts` for production routing. It works for one machine; doesn't scale. Forgetting that DNS is cached. `dig` shows live; the OS / browser may have stale results.
Pick the highest-signal first check.
Sign in and purchase access to unlock this lesson.