Network Connection Error: Complete Diagnosis

When the client cannot establish a connection with the server

Network connection errors occur when the client (browser, monitoring tool, application) cannot establish communication with the server. Unlike HTTP errors (400, 500) which indicate the server responded with an error, a connection error means no communication could be established at all.

These errors can occur at different levels of the network stack: DNS resolution (the domain doesn't translate to IP), TCP establishment (the server refuses or doesn't respond), or TLS layer (certificate problem). Each level generates distinct error messages that guide the diagnosis.

For an online service, a connection error is critical because it completely prevents access. MoniTao monitors the connectivity of your services and alerts you immediately when a connection error is detected, specifying the error type to speed up diagnosis.

Types of connection errors

Each error type indicates a problem at a different connection level:

  • ERR_NAME_NOT_RESOLVED / DNS_PROBE_FINISHED_NXDOMAIN: the domain cannot be resolved to an IP address. The DNS doesn't know this domain name, either because it doesn't exist, or because the records are misconfigured.
  • ERR_CONNECTION_REFUSED: the server exists and is reachable, but it actively refuses the connection. This means no service is listening on the requested port (web server stopped, wrong port).
  • ERR_CONNECTION_TIMED_OUT: the server doesn't respond within the allotted time. It may be down, overloaded, or a firewall is silently blocking packets without rejecting them.
  • ERR_CONNECTION_RESET: the connection was established then abruptly terminated by the server. May indicate a server crash, a firewall cutting connections, or a TLS configuration problem.

Common causes of connection errors

Here are the most frequent causes for each stack level:

  • DNS misconfigured or not propagated: the domain has expired, DNS records point to wrong IP, or a DNS change hasn't propagated everywhere yet. First suspect for DNS_PROBE errors.
  • Web server not started: the server is up but Apache/Nginx/etc. isn't running. Typical cause after a reboot without auto-start configured, or a daemon crash.
  • Firewall blocking traffic: a firewall (server, network, cloud) blocks port 80/443. Iptables rules, AWS Security Groups, or network firewalls can all block.
  • Server overloaded or saturated: the server is so loaded it can no longer accept new connections. The TCP backlog is full, connections are refused or timeout.

Diagnosing connection errors

A methodical diagnosis quickly identifies the failing layer:

  • Test DNS resolution: use dig or nslookup to verify the domain resolves to the correct IP. Compare results from multiple DNS (Google 8.8.8.8, Cloudflare 1.1.1.1) to detect propagation issues.
  • Test network connectivity: use ping to verify the IP responds. Use traceroute to identify where traffic is blocked. Note: some servers block ICMP but work over HTTP.
  • Test the specific port: use telnet or nc (netcat) on port 80/443 to verify the service is listening. If connection refused here but ping OK, the problem is the web server.
  • Check server-side logs: check web server logs, system logs (dmesg, journalctl), and firewall logs. They may reveal refused connections or crashes.

Connectivity diagnostic commands

Here are the essential commands to diagnose connection errors:

# 1. Check DNS resolution
dig example.com +short
nslookup example.com 8.8.8.8

# 2. Test ICMP connectivity (ping)
ping -c 4 example.com
ping -c 4 93.184.216.34  # Direct IP

# 3. Trace network path
traceroute example.com
mtr example.com  # (more detailed)

# 4. Test TCP port
nc -zv example.com 80
nc -zv example.com 443
telnet example.com 80

# 5. Test full HTTP
curl -v --connect-timeout 5 https://example.com

# 6. Check what's listening on the server
ss -tlnp | grep -E ":80|:443"
netstat -tlnp | grep -E ":80|:443"

These commands walk through network layers: DNS → ICMP → TCP → HTTP. Identify at which level the connection fails to guide your diagnosis.

Connectivity monitoring with MoniTao

MoniTao monitors connectivity and precisely informs you of the error type:

  • Error type detection: MoniTao differentiates errors: timeout, connection refused, DNS error, TLS error. This information is crucial for quick diagnosis.
  • Immediate alerts: a connection error is critical. MoniTao alerts you immediately via your chosen channel (email, SMS, Slack, webhook).
  • Multi-point monitoring: check connectivity from multiple locations to distinguish global problems from regional routing issues.
  • History and patterns: analyze error history to identify patterns: peak hours, correlation with load, recurring problems.

Quick diagnostic checklist

  • Check DNS resolution (dig, nslookup)
  • Test network connectivity (ping)
  • Verify port 80/443 responds (nc, telnet)
  • Confirm web server is started
  • Check firewall rules
  • Check server logs for more details

Frequently asked questions about connection errors

How to differentiate connection error types?

Each error has a signature: DNS_PROBE indicates a DNS problem, CONNECTION_REFUSED means the server exists but refuses, TIMED_OUT means no response at all. MoniTao displays the precise type.

The error is intermittent. Why?

Intermittent errors may indicate: server overloaded at times, network issue between monitoring and server, failover between servers, or rate-limiting-based firewall rule.

The site works for me but not for monitoring. Why?

Possibilities: your browser has a DNS cache, the server has geo-restriction rules, or your ISP routes differently. Monitoring from a datacenter may have a different network path.

How to test connectivity manually?

Essential commands: dig/nslookup (DNS), ping (ICMP), nc/telnet (TCP), curl -v (full HTTP). Each command tests a different layer.

Ping works but HTTP doesn't. Why?

Ping uses ICMP, HTTP uses TCP on port 80/443. The server may respond to ping but have its web server stopped, or a firewall blocking HTTP port but not ICMP.

How to be alerted before users notice?

Configure MoniTao with short intervals (1 minute) and immediate alerts. Connection errors are detected in seconds and the alert is sent instantly.

React quickly to connection errors

A connection error completely prevents access to your service. Unlike HTTP errors where the server responds with an error code, here no communication is possible. It's one of the most critical situations for an online service.

MoniTao continuously monitors the connectivity of your services and alerts you immediately, specifying the error type. This information lets you know instantly where to look: DNS, network, web server, or firewall. Combined with methodical diagnosis, you can resolve most connection problems in minutes.

Useful Links

Ready to Sleep Soundly?

Start free, no credit card required.

Create My Account See pricing