Hello, I'm trying to understand if Wireshark could be useful for my issue (I'm computer literate, but a newbie at diagnosing network issues). For the past year and a half, my ISP-provided modem (500Mbps/50Mbps - Cable connection in Switzerland, DOCSIS 3.0) has been crashing several times a day. It soft resets by itself at random times and cuts the connection for three minutes, the boot-up time. Sometimes once a day, sometimes (like today) 7. Modem has been replaced twice, ISP support said that the culprit might be my router (Netgear R7000) and that I should use the router functions of the modem instead of running it as modem-only. This is a no-go because the ISP modem/router is lacking several functions. So, while being reluctant, I finally gave them the benefit of the doubt and replaced my router with a new one (Synology rt2600ac). As I suspected, the problem still occurs. So I imagine there could be a device on my network that somehow triggers the issue on the modem (which by the way happens also in the middle of the night, when no-one in the family is active) Therefore, I wonder if Wireshark is ok to diagnose this kind of problem. My idea is to cross-check the times when the outage occurs with a wireshark log and maybe find some common denominator to isolate the faulty device, if any (I still believe it's a signal problem of the cable connection, but good luck in convincing my ISP). But I honestly have no idea what to look for since I understand the the Wireshark monitoring is cumbersome. Any pointers would be greatly appreciated. Thanks in advance for any help. asked 02 Jun '17, 13:17 Netch edited 02 Jun '17, 14:10 |
One Answer:
If you suspect that something on "your" side of the modem is causing the crash you can probably diagnose that with Wireshark. If it's something on the ISP side of the modem it is not very likely. The reason for that is that "your" side has Ethernet (or WiFi, or both), which can be captured with an appropriate capture setup. The ISP side is cable, which you cannot capture unless you have access to special diagnostic devices that can, which I doubt. So what you can do is to setup a SPAN or TAP for the link of the Ethernet side of the modem, and do a long term capture using a ring buffer. That way you can record all the traffic of the modem on your side and check what happens just before it crashes. Maybe you can spot something that causes the crash. I just checked the manual for your router and it doesn't seems to support packet captures on the device itself (neither local capture, nor SPAN), so if you want to do this you'll probably have to work with extra hardware - unless all connectivity is Wireless, in which case you might be able to work with a laptop you already have. You might want to check the Wiki for various ways of tapping into the Ethernet cable: answered 07 Jun '17, 02:52 Jasper ♦♦ |