When the network goes down — or worse, starts behaving erratically — every second counts. The difference between a five-minute resolution and a five-hour outage often comes down to the tools available to your IT team and their proficiency in using them. Network troubleshooting is both an art and a science, requiring methodical investigation, a solid understanding of protocols, and the right utilities to isolate the problem.
This guide covers the essential network troubleshooting tools that every UK IT professional should have in their toolkit, from command-line classics to modern cloud-based platforms. Whether you are diagnosing a sluggish VPN connection at a remote branch office, tracking down a rogue DHCP server, or investigating intermittent packet loss across your WAN, these tools will help you find the answer.
The Troubleshooting Mindset
Before reaching for any tool, it is worth establishing the right approach. Effective troubleshooting follows a structured methodology: define the problem, gather information, analyse the data, formulate a hypothesis, test the hypothesis, and implement the fix. Rushing to conclusions without proper investigation leads to wasted time and, occasionally, makes things worse.
The OSI model provides a useful framework for structuring your investigation. Start at Layer 1 (Physical) — is the cable plugged in? Is the link light on? Then move up through Layer 2 (Data Link) — are there MAC address table issues? VLAN misconfigurations? Continue through Layer 3 (Network) — is routing correct? Are there IP conflicts? And on through the upper layers. Most network issues are found at Layers 1 through 3, so starting at the bottom and working upwards is usually the most efficient approach.
Command-Line Essentials
Ping
Ping is the most fundamental network troubleshooting tool, and it remains as useful today as it was when it was first written in 1983. It sends ICMP echo request packets to a target host and measures the response time, providing immediate confirmation of whether a host is reachable and how long the round trip takes.
Beyond simple reachability testing, ping can reveal latency issues, packet loss, and inconsistent response times that indicate congestion or routing problems. Use the continuous ping option (ping -t on Windows, or simply ping on Linux/macOS which runs continuously by default) to monitor a connection over time and spot intermittent issues that a single ping would miss.
Be aware that some hosts and firewalls block ICMP traffic, so a failed ping does not always mean the host is unreachable. Before concluding that a device is down, verify that ICMP is not being filtered by a firewall rule. In Meraki environments, check the MX firewall rules and any group policies that might block ICMP.
Traceroute
Where ping tells you whether a destination is reachable, traceroute tells you how you get there. It maps every hop between your device and the destination, displaying the IP address and response time of each intermediate router. This makes it invaluable for identifying where in the path a problem is occurring.
If traceroute shows normal latency for the first five hops and then a sudden spike at hop six, you know the issue is at or near that hop — likely an ISP peering point, a congested router, or a misconfigured route. On Windows, the command is tracert; on Linux and macOS, it is traceroute. For more detailed analysis, use MTR (My Traceroute), which combines the functionality of ping and traceroute into a single real-time display.
When troubleshooting WAN issues for UK businesses with multiple ISPs, run traceroute from both ends of the connection simultaneously. An asymmetric routing issue — where traffic takes a different path in each direction — is a common cause of intermittent connectivity problems and is only visible when you trace the route from both sides.
Nslookup and Dig
DNS resolution failures account for a surprising proportion of reported "network" issues. When a user says "the internet is down," what they often mean is that their browser cannot resolve domain names. Nslookup (available on all platforms) and dig (available on Linux and macOS, and installable on Windows) allow you to query DNS servers directly and verify that name resolution is working correctly.
Use these tools to check whether a specific domain resolves correctly, which DNS server is being used, whether the response is being cached, and how long the resolution takes. If you are running Meraki MX appliances with Cisco Umbrella integration, DNS queries are forwarded to Umbrella's resolvers — dig can help you verify that this is working as expected.
Nmap
Nmap (Network Mapper) is an open-source tool for network discovery and security auditing. In a troubleshooting context, it is invaluable for identifying which services are running on a host, which ports are open, and what operating system a device is running. If a user reports that they cannot access a specific application, nmap can quickly tell you whether the application's port is open and listening.
Use nmap responsibly. Scanning networks you do not own or manage may violate the Computer Misuse Act 1990 in the UK. Always ensure you have proper authorisation before scanning, and be mindful that aggressive scans can trigger intrusion detection systems.
| Tool | Primary Use | Platform | Layer | Skill Level |
|---|---|---|---|---|
| Ping | Reachability and latency testing | All | Layer 3 | Beginner |
| Traceroute / MTR | Path analysis and hop-by-hop latency | All | Layer 3 | Beginner |
| Nslookup / Dig | DNS resolution verification | All | Layer 7 | Beginner |
| Nmap | Port scanning and service discovery | All | Layers 3-7 | Intermediate |
| Wireshark | Deep packet capture and analysis | All | Layers 2-7 | Advanced |
| iPerf | Bandwidth and throughput testing | All | Layers 3-4 | Intermediate |
| NetFlow / sFlow | Traffic flow analysis | Network devices | Layers 3-4 | Intermediate |
| SNMP tools | Device health and performance metrics | Network devices | Layer 7 | Intermediate |
Packet Capture and Analysis
Wireshark
Wireshark is the gold standard for packet capture and analysis. It captures every packet on a network interface and presents it in a detailed, filterable, searchable format. When all other tools point to a network issue but cannot pinpoint the exact cause, Wireshark provides the definitive answer.
Common Wireshark use cases include diagnosing application-level issues (by examining the actual data exchanged between client and server), identifying malformed packets or protocol errors, detecting network scans or suspicious traffic, analysing VoIP call quality (using Wireshark's built-in RTP stream analysis), and verifying that VLAN tagging, QoS markings, and other Layer 2 configurations are working correctly.
The challenge with Wireshark is that it generates an enormous amount of data. On a busy network, a few minutes of capture can produce hundreds of thousands of packets. Learning to use display filters effectively is essential. For example, filtering by source or destination IP address, protocol, or port number allows you to focus on the traffic that matters.
Meraki MX and MS devices support packet capture directly from the dashboard, which is enormously convenient for remote troubleshooting. You can capture traffic on a specific switch port or VLAN and download the capture file for analysis in Wireshark, all without physical access to the device.
tcpdump
For Linux and macOS users, tcpdump provides command-line packet capture without the overhead of a graphical interface. It is especially useful for capturing traffic on remote servers and network devices via SSH, where running Wireshark is not practical. Capture files saved by tcpdump can be opened in Wireshark for detailed analysis.
Bandwidth and Performance Testing
iPerf
iPerf is a tool for measuring the maximum achievable bandwidth between two points on a network. Unlike speed tests that measure your internet connection speed, iPerf tests the throughput of your internal network — between offices, across VPN tunnels, or between a client and a server.
To use iPerf, you run the server component on one end and the client on the other. The client sends data to the server and reports the throughput, jitter, and packet loss. This is invaluable for validating that your network infrastructure can support the bandwidth your applications require. If you are deploying VoIP, for example, iPerf can verify that the link between your offices has sufficient bandwidth and low enough jitter for voice traffic.
Speed Testing
For testing internet connection speed, tools like Speedtest by Ookla, Fast.com, and the Meraki dashboard's built-in speed test provide quick measurements of download speed, upload speed, and latency to the nearest server. These are useful for verifying that your ISP is delivering the service you are paying for.
However, be cautious about relying on speed tests for troubleshooting application performance. A speed test measures throughput to a specific server, which may not be the same path your business applications take. A speed test showing 500 Mbps does not guarantee that your cloud accounting software will be fast — the bottleneck could be elsewhere in the path.
Cloud-Based and Platform-Specific Tools
Meraki Dashboard Tools
The Meraki dashboard includes several powerful built-in troubleshooting tools that are often overlooked. The Live Tools feature allows you to run ping, traceroute, and throughput tests directly from any Meraki device, eliminating the need for physical access or SSH. This is extraordinarily valuable for troubleshooting issues at remote UK sites.
The Event Log records every significant event on your Meraki network, from client associations and DHCP transactions to firewall blocks and VPN tunnel state changes. When a user reports an issue, the event log often reveals the cause within seconds. Filter by client MAC address, event type, or time range to narrow the results.
The Packet Capture feature allows you to capture traffic on specific interfaces or VLANs directly from the dashboard. Captures can be filtered by protocol, IP address, or port, and downloaded as pcap files for analysis in Wireshark. For cloud-managed networks, this eliminates one of the biggest pain points of remote troubleshooting — getting a packet capture from a device you cannot physically access.
Cable Test is a feature available on Meraki MS switches that tests the quality of the Ethernet cable connected to a specific port. It reports whether the cable passes, the estimated length, and the status of each pair. This is a quick way to rule out physical layer issues without dispatching an engineer to the site.
Cisco Umbrella
If your Meraki deployment includes Cisco Umbrella integration, the Umbrella dashboard provides detailed visibility into DNS traffic. You can see which domains are being queried, which are being blocked by security policies, and which are generating errors. For troubleshooting "cannot access website" issues, Umbrella's logs often reveal that the site is being blocked by a content filtering policy before you even start investigating the network layer.
Wireless-Specific Tools
Wi-Fi Analysers
Wireless troubleshooting requires specialised tools because the medium is inherently unpredictable. Wi-Fi analysers scan the wireless spectrum and display information about nearby access points, channel utilisation, signal strength, and interference. Popular options include inSSIDer, Acrylic Wi-Fi, and the Meraki dashboard's built-in RF spectrum analysis.
These tools are essential for diagnosing issues like co-channel interference (too many access points on the same channel), adjacent channel interference (overlapping channels), and non-Wi-Fi interference (from microwaves, Bluetooth devices, or other sources). In dense UK office environments, channel planning is critical, and a Wi-Fi analyser helps you visualise the RF landscape.
Site Survey Tools
For planned deployments and post-deployment validation, professional site survey tools like Ekahau and Hamina provide heatmap visualisations of signal strength, signal-to-noise ratio, and channel overlap across your floor plan. These tools go beyond what a simple Wi-Fi analyser provides, offering predictive modelling and design recommendations based on your building layout and device density.
Flow Analysis and Traffic Monitoring
NetFlow and sFlow
NetFlow (Cisco's flow monitoring protocol) and sFlow (an industry-standard alternative) provide visibility into traffic patterns by recording metadata about every flow traversing your network. A flow is defined as a unidirectional sequence of packets sharing common attributes — source IP, destination IP, source port, destination port, and protocol.
Flow data answers questions like: which applications are consuming the most bandwidth? Which users are generating the most traffic? Are there unusual traffic patterns that could indicate a security breach? For UK businesses, flow analysis is invaluable for capacity planning, security monitoring, and validating QoS policies.
Meraki MX appliances export flow data that can be consumed by third-party collectors and analysers. The Meraki dashboard also provides built-in traffic analysis showing top applications, top clients, and traffic by VLAN.
SNMP Monitoring
Simple Network Management Protocol (SNMP) provides access to a wealth of performance data from network devices — interface utilisation, error counts, CPU usage, memory consumption, and much more. SNMP polling tools like PRTG, Zabbix, LibreNMS, and Nagios query your devices at regular intervals and alert you when metrics exceed defined thresholds.
For UK businesses with mixed vendor environments, SNMP provides a vendor-neutral monitoring layer. Even in an all-Meraki environment, SNMP can complement the dashboard by feeding data into your existing monitoring platform, enabling correlation with data from servers, applications, and other infrastructure.
Building Your Troubleshooting Toolkit
Not every tool is appropriate for every situation, and having too many tools can be as counterproductive as having too few. We recommend building a layered toolkit that provides capabilities at each level of investigation.
At the first level, you need quick diagnostic tools for immediate use: ping, traceroute, nslookup, and the Meraki dashboard's live tools. These should be available to every member of your IT team and used as the first response to any reported issue. Most problems can be identified — if not resolved — with these tools alone.
At the second level, you need deeper analysis tools for issues that resist initial diagnosis: Wireshark, iPerf, Wi-Fi analysers, and flow analysis tools. These require more expertise and produce more detailed data. Train your senior engineers in their use and ensure they are available on team devices.
At the third level, you need specialised tools for complex or recurring issues: site survey tools, security scanning tools, and automated monitoring platforms. These represent a larger investment in both cost and training, but they are essential for organisations with complex networks or stringent performance requirements.
Common Troubleshooting Scenarios
Slow Internet at a Branch Office
Start with a speed test to establish baseline throughput. If the speed test shows normal results, the issue is likely not the internet connection itself but rather a specific application or path. Use Meraki Insight (if available) to check application health scores. If the speed test shows low throughput, run traceroute to identify where latency is being introduced. Check the MX dashboard for uplink utilisation — if the link is saturated, investigate which clients or applications are consuming the bandwidth using the traffic analysis feature.
Intermittent Wireless Connectivity
Check the Meraki wireless health dashboard for connection success rates and latency. If specific clients are affected, check their association history in the event log. If all clients on a specific access point are affected, examine the RF environment using the access point's channel utilisation data. Run a Wi-Fi analyser to check for co-channel interference from neighbouring access points or non-Wi-Fi sources.
VPN Tunnel Instability
Check the MX event log for VPN tunnel state changes. If the tunnel is flapping (repeatedly going up and down), check the uplink health on both sides. Use MTR to trace the path between the two sites and identify any hops with high latency or packet loss. Check whether the ISP is performing maintenance or experiencing issues — in the UK, ISP status pages and community forums like ISPreview are useful resources.
Conclusion
The tools covered in this guide represent a comprehensive troubleshooting toolkit for UK network professionals. From the simplicity of ping to the depth of Wireshark, from the convenience of Meraki's built-in tools to the power of flow analysis, each tool has its place in the troubleshooting process. The key is knowing which tool to reach for at each stage of the investigation and having the skills to interpret the results.
Invest in training your team on these tools. A well-equipped, well-trained IT team can resolve issues in minutes that would otherwise take hours. In a business environment where network downtime directly impacts productivity and revenue, that speed of resolution is worth its weight in gold.
Need Expert Network Troubleshooting?
When your team encounters an issue that exceeds their expertise or capacity, our network engineers are here to help. From remote diagnostics to on-site investigation, we provide rapid, expert troubleshooting for UK businesses running Cisco Meraki and mixed-vendor environments.
Get Expert Support
CloudSwitched
Centrally located in London, Shoreditch, we offer a range of IT services and solutions to small/medium sized companies.