When a service is unreachable, work the layers bottom-up and isolate where it breaks before guessing:

1. Reachability — ping (is the host up and routable?)
2. Path — traceroute / mtr (where does it stop?)
3. Name resolution — dig / nslookup (does DNS resolve?)
4. Transport/app — curl -v, nc, telnet (is the port open and answering?)
5. Local listeners — ss -tlnp (is anything bound to the port here?)

Each tool answers one question. The discipline is to confirm each layer works before moving up, so you find the first broken link instead of chasing symptoms.

ping -c 4 example.com           # reachable? round-trip times
mtr example.com                 # live traceroute + loss per hop
dig +short example.com          # does DNS resolve?
nc -zv example.com 443          # is port 443 open?
curl -v https://example.com     # full app-level request/response
ss -tlnp                        # local listening sockets + PIDs
ip addr ; ip route              # my addresses and routing table

1. Ping a host and a made-up name; explain the difference in the errors.
2. Use nc -zv to test whether a known port is open on a server.
3. Run ss -tlnp and identify which process owns a listening port.
4. Given “ping works but the website won’t load”, list your next two checks.

• ↗ Linux ip command (iproute2)