This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hey, i recently encountered internet errors that my provider couldnt fix for more than a month. Sympthoms are a whole lot of FEC and CRC errors, and after a while connection to my dns becomes impossible too. But around 11 pm all these issues suddenly stop, the line becomes crystal clear. It could still be a noisy line but all the cables were replaced already, nobody around me reports errors. My modem log displays this often, when the problems happen:

2017-02-20T23:03:27Z [Warning] IPV4 SIP UDP attack.

The line is adsl with voip. Could this be a false positive? Could someone please explain how i check this using wireshark? ( Or how can i save logs for someone expert to check) Please note that i am just an end-user, i have no knowledge about networking.

asked 21 Feb '17, 07:23

Casthaneda's gravatar image

Casthaneda
3114
accept rate: 0%

edited 21 Feb '17, 07:24


FEC and CRC errors are usually a Layer 1 or 2 error.

Possible faulty cabling or bad cable/switch connection. If you've already replaced the cabling, look at the wires on your switch/router which that network cable is plugged into. Perhaps you have one pin partially bent?

It might also be a faulty\buggy switch/router port driver bug which only occurs when {something or another} gets over a certain level.

Cheers,

permanent link

answered 21 Mar '17, 00:31

wbenton's gravatar image

wbenton
29227
accept rate: 0%

Hey, thanks for the reply, the issue is gone but i actually had to change network provider. But the issue is still a mistery to everyone including the technicians from my old service provider.

To sum it up: the modem/router was 1 month old functioned perfectly outside of certain timeframes, same for the cables and wires, my old provider had everything replaced, and had me put on a different line even. The issue surely wasnt related to my own network traffic since that was usually higher outside of the problematic tiimeframes.

Another weird thing i noticed on wireshark is that according to it my pc initiated "open vpn" connection to an unidentified brittish ip, i never had any kind of vpn installed on my current system, should i be worried by that or open vpn is something other applications might use?

(22 Mar '17, 07:51) Casthaneda

Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.

(22 Mar '17, 08:16) Jaap ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×166
×139
×109
×22
×21

question asked: 21 Feb '17, 07:23

question was seen: 1,247 times

last updated: 22 Mar '17, 08:16

p​o​w​e​r​e​d by O​S​Q​A