Diagnosing network availability of web applications

General topics
1

Network outages, issues, and provider restrictions often affect even the largest services, which can be monitored, for example, via SBOY.RF or DownDetector.

SimpleOne is also a web service; to interact with it via a browser, network connectivity must exist between the user’s device and the infrastructure with servers hosting the application. If network connectivity is disrupted, TCP/IP requests from the client will not result in proper packet transmission and reception, leading to various errors such as DNS resolution failures, timeouts, connection resets, blank screens, freezes, etc.

In this guide, we collect useful tools and commands (provided for informational purposes only) to quickly localize the issue, determine at which level of the OSI model it occurred, and identify which party is responsible for restoring availability.

:hollow_red_circle: Curl

Curl is a command-line utility for sending network requests to URLs (resource addresses on the internet) with a wide range of additional flags and features.

curl -v https://home.simpleone.ru/

The -v flag provides detailed output of the connection process, request, and response. From this output, you can determine whether the domain name resolves to an IP address via DNS, whether that IP is reachable over the network, and whether a secure TLS connection is established.

When the resource is functioning correctly with acceptable speed, you will receive an HTTP/1.1 200 OK status code and a message indicating a successful connection, such as: Connection #0 to host home.simpleone.ru left intact.

{384F74ED-878D-4C4E-9231-9CA0BA923BA5}
{384F74ED-878D-4C4E-9231-9CA0BA923BA5}996×263 31.9 KB

It is important to verify that network issues are not local. To do this, check other websites within the same infrastructure or public resources to confirm whether any other sites are accessible and whether there is general internet connectivity, for example:

curl -v https://2ip.ru/  # returns your public IP address
curl -v https://www.google.com/

If you experience difficulties accessing any resources, better to test your internet speed using specialized services (https://speedtest.ru/) and contact your ISP.

:hollow_red_circle: Ping

Ping is a simple command to check whether a site or address is reachable. It helps determine:

  • Whether requests reach the resource and whether it responds
  • The response time in milliseconds
  • Whether there is packet loss in the network
# Ping domain name with 3 test packets
ping -c 3 home.simpleone.ru

# Ping Google Public DNS — commonly used to verify internet connectivity
ping 8.8.8.8

In the absence of network issues, response times should be low and stable (without spikes), and packet loss should be 0%.

{AECAFC0F-F5A4-4F06-96C7-A3D79355D61C}
{AECAFC0F-F5A4-4F06-96C7-A3D79355D61C}1138×439 77.7 KB

:hollow_red_circle: Traceroute

If ping shows packet loss or delays, use traceroute to examine the path packets take through intermediate nodes.

Traceroute tracks the route of network packets from the client to the target server, displaying all intermediate hops. It helps determine:

  • Where delays occur — on which intermediate hop they appear
  • Where packets are lost — on which segment of the route packet loss occurs
# On Windows
tracert test.simpleone.ru

# On Linux
traceroute test.simpleone.ru
mtr test.simpleone.ru   # real-time dynamic traceroute

The screenshot below shows an example of traceroute where packets reach the final node stably and without loss.

{9BAAEB9E-90C3-4C26-A8B7-64753EA7CC7E}
{9BAAEB9E-90C3-4C26-A8B7-64753EA7CC7E}1334×576 211 KB

The * * * symbols are not necessarily indicative of a problem; they simply mean that some intermediate nodes do not respond to ICMP requests.

The absence of a response from the final hop or increased latency at a specific hop can help localize the network issue.

:hollow_red_circle: Testing from Other Devices, Networks, and Locations

In many cases, accessing the site from a mobile device or another computer helps determine whether the issue is specific to a particular PC or network, or whether it occurs from other devices and locations as well.

There are also specialized services for checking availability:

  • Check-host — allows testing the availability of a specific internet resource from dozens of different locations. Supports HTTP requests, DNS, and Ping checks.

{55E3E8BF-2436-47E2-A07C-475900A15A44}
{55E3E8BF-2436-47E2-A07C-475900A15A44}592×430 22.5 KB

  • Interactive virtual web browser Browserling for testing website functionality over the internet

:glowing_star: We would appreciate it if you shared your own network troubleshooting techniques in the comments!

4 Likes
2

Let’s start with curl.
On macOS or Linux, it’s more or less the same program. But Microsoft Windows just couldn’t resist adding its own twist.
The curl command itself was introduced in Windows starting with Windows 10 Insider Preview build 17063 (a long time ago, in general). But Microsoft wouldn’t be Microsoft if it didn’t do things its own way: in PowerShell, curl is an alias for Invoke-WebRequest (iwr) and has a completely different syntax. If curl starts throwing errors and demanding something strange, check which environment you’re running it in.

The following discussion concerns the proper curl.
You can set the logging level by specifying multiple “v” flags. Five "v"s produce the most detailed log:
curl -vvvvv https://url...

If you’re working with an instance using a self-signed certificate, use the -k flag.
Otherwise, you’ll get a self-signed certificate validation error:

curl: (60) schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by a certification authority not trusted.
More details here: https://curl.se/docs/sslcerts.html

curl is a tool that easily replaces Postman—free of charge and easily integrable into various scripts.

1 Like
3

Let’s continue.
Before running curl, it’s useful to first check whether anyone is even listening for a connection on the server.
On Linux, there are several ways to do this.

  1. NetCat – a simple tool for checking port availability. Can test both TCP and UDP.
nc [HostName or IP] [PortNumber]

  1. nmap – a powerful all-in-one tool for cracking network scanning. Allows scanning an entire network or all open ports. Essentially, this tool is overkill for checking just a single open port.

  2. telnet – the classic approach. The only drawback is that it cannot test UDP.

telnet [HostName or IP] [PortNumber]
  1. And when nothing else is available – use bash. Simply attempt to read data from the network driver.
timeout 2 bash -c "</dev/tcp/[IP]/[PortNumber]" && echo "Port open" || echo "Port closed"

For Windows, the toolkit is somewhat more limited.

  1. telnet – identical to the Linux version.

  2. PowerShell has the cmdlet Test-NetConnection for checking connectivity:

Test-NetConnection -ComputerName [HostName or IP] -Port [PortNumber]

In abbreviated form:

tnc [HostName or IP] -p [PortNumber]
4

DNS Diagnosis.
Since SimpleOne is critically dependent on DNS records, don’t forget to verify the accuracy of the records received by clients from the DNS server.
Tools needed for verification:
nslookup - for Linux and Windows,
dig, host - for Linux.

I won’t describe them in detail, as the topic is quite extensive.