NetworkingNetwork+

Network Diagnostic Tools for CompTIA Network+ N10-009

Network diagnostic tools are tested throughout the CompTIA Network+ N10-009 Troubleshooting domain. Each tool serves a specific diagnostic purpose — using the right tool for the right problem is itself a tested skill. This topic consolidates the key tools, their syntax, and when to use them, building on the troubleshooting-tools topic with additional emphasis on correct tool selection for specific scenarios.

7 min

2 sections · 7 exam key points

1 practice questions

IP and Connectivity Tools

ping: 'ping 8.8.8.8' — ICMP RTT test. 'ping -t 8.8.8.8' (Windows, continuous). 'ping -c 100 8.8.8.8' (Linux, 100 packets for loss calculation). Use extended ping for loss measurement. traceroute (Windows: tracert): path discovery. 'tracert 8.8.8.8' (Windows), 'traceroute 8.8.8.8' (Linux). MTR: 'mtr 8.8.8.8' — continuous traceroute with per-hop loss and latency statistics.

nslookup / dig: 'nslookup google.com', 'dig google.com MX'. pathping: Windows tool combining ping and traceroute — shows per-hop packet loss statistics over multiple rounds. Useful for intermittent loss identification.

netstat: 'netstat -an' (all connections, numeric). 'netstat -rn' (routing table). 'netstat -s' (protocol statistics). 'netstat -e' (Ethernet statistics — packet counts, errors). ss: modern Linux replacement for netstat. arp: 'arp -a' (display ARP cache). 'arp -d IP' (delete ARP entry). route: 'route print' (Windows, routing table). 'route add' (add static route).

Scanning and Analysis Tools

nmap: network scanner — discovers hosts, open ports, OS fingerprinting, service versions. 'nmap -sV 192.168.1.0/24' scans a subnet for services. Used for network inventory and vulnerability assessment pre-scans. Requires authorization — unauthorized scanning is illegal.

iperf3: throughput testing. 'iperf3 -s' (server). 'iperf3 -c server-ip -t 30' (client, 30-second test). Measures maximum TCP/UDP throughput between endpoints. Wireshark: GUI packet capture and analysis. Decodes protocols, follows TCP streams, provides statistics. 'tcp.port == 443' display filter.

Curl / wget: test web server connectivity at HTTP/HTTPS layer. 'curl -v https://server' shows full HTTP request/response including TLS details. Useful for troubleshooting web server and certificate issues without a browser.

Key exam facts — Network+

ping: ICMP connectivity; traceroute/tracert: path discovery; MTR: both with per-hop stats
nslookup/dig: DNS queries; arp -a: ARP cache; netstat -an: active connections
iperf3: actual throughput measurement between two endpoints
nmap: network/port scanner — requires authorization
pathping (Windows): per-hop loss statistics over time
route print/netstat -rn: display routing table
Wireshark: full packet capture and protocol decode

Common exam traps

nmap is only for hackers

nmap is a standard network administration tool used by security teams, network engineers, and administrators for legitimate network inventory, firewall verification, and security auditing. Unauthorized use against systems you don't own is illegal; authorized use is an essential network management skill

Practice questions — Network Tools

These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.

Q1.A network engineer wants to determine if packet loss is occurring consistently at a specific router hop along a path to a server. Which tool provides per-hop packet loss statistics over continuous monitoring?

A.ping

B.traceroute

C.MTR (my traceroute)

D.nmap

Explanation: MTR (my traceroute) combines ping and traceroute into a continuous, real-time display showing per-hop RTT and packet loss statistics. It sends repeated probes to each hop and accumulates statistics, making intermittent loss visible. A single traceroute snapshot may miss intermittent loss. Ping only measures end-to-end RTT. nmap is a scanner, not a path analysis tool.

Frequently asked questions — Network Tools

What is the difference between traceroute using ICMP vs UDP?

Windows tracert uses ICMP echo requests with incrementing TTL. Linux/macOS traceroute uses UDP packets with incrementing TTL by default (can use ICMP with -I flag). The receiving host sends TTL Exceeded ICMP responses as each TTL expires, revealing intermediate hops. UDP traceroute may see fewer '*' responses on some networks since many routers rate-limit ICMP responses to ICMP differently than UDP TTL exceeded. Use '--protocol icmp' flag on Linux for ICMP-based traceroute.

Practice this topic

Network+practice questions

Test yourself on Network Tools

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime