Size up an unfamiliar or misbehaving machine fast — check uptime and load, memory and disk, who has logged in and failed to, then trace network paths and capture packets to pinpoint a problem.
When you land on a server that "feels wrong", run a quick health sweep. uptime shows how long it has been up and the load average (roughly, how many tasks are waiting — compare it to your CPU count). Pair it with free -h for memory and df -h for disk. These three commands catch the most common causes of trouble in seconds.
Uptime + load average (the three numbers: 1, 5, and 15-minute load)
uptimeMemory: is it nearly full / heavily swapping?
free -hDisk: is any filesystem full?
df -hKnowing who has access — and who has tried — matters for both debugging and security. who shows who is logged in right now; last shows recent login history. On a server you also watch the authentication log, where every SSH login and sudo use is recorded — a sudden burst of failures is a red flag worth investigating.
Who is logged in right now
whoRecent login history (most recent first)
last | headWatch authentication events live (SSH logins, sudo use)
sudo tail -f /var/log/auth.logWhen a remote host is slow or unreachable but ping to your gateway works, traceroute shows every hop a packet takes to the destination and the delay at each one — so you can see where the path stalls or dies. It is the next step after ping when the problem is "out there" rather than local.
Show every hop to a destination and the latency at each
traceroute google.com(Install once if missing: sudo apt install traceroute)
When you must prove what is actually arriving on the wire — is the request even reaching this server? — tcpdump captures live network traffic. Filter by interface (-i), port, or host so you see only what matters. It is the ground truth when higher-level tools disagree; press Ctrl+C to stop. This needs sudo.
Capture traffic on port 80 on a given interface (Ctrl+C to stop)
sudo tcpdump -i eth0 port 80Only traffic to/from one host, not resolving names (-n is faster)
sudo tcpdump -n host 203.0.113.10