This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello, I'm trying to understand if Wireshark could be useful for my issue (I'm computer literate, but a newbie at diagnosing network issues). For the past year and a half, my ISP-provided modem (500Mbps/50Mbps - Cable connection in Switzerland, DOCSIS 3.0) has been crashing several times a day. It soft resets by itself at random times and cuts the connection for three minutes, the boot-up time. Sometimes once a day, sometimes (like today) 7. Modem has been replaced twice, ISP support said that the culprit might be my router (Netgear R7000) and that I should use the router functions of the modem instead of running it as modem-only. This is a no-go because the ISP modem/router is lacking several functions. So, while being reluctant, I finally gave them the benefit of the doubt and replaced my router with a new one (Synology rt2600ac). As I suspected, the problem still occurs. So I imagine there could be a device on my network that somehow triggers the issue on the modem (which by the way happens also in the middle of the night, when no-one in the family is active)

Therefore, I wonder if Wireshark is ok to diagnose this kind of problem. My idea is to cross-check the times when the outage occurs with a wireshark log and maybe find some common denominator to isolate the faulty device, if any (I still believe it's a signal problem of the cable connection, but good luck in convincing my ISP). But I honestly have no idea what to look for since I understand the the Wireshark monitoring is cumbersome.

Any pointers would be greatly appreciated.

Thanks in advance for any help.

asked 02 Jun '17, 13:17

Netch's gravatar image

Netch
6113
accept rate: 0%

edited 02 Jun '17, 14:10


If you suspect that something on "your" side of the modem is causing the crash you can probably diagnose that with Wireshark. If it's something on the ISP side of the modem it is not very likely. The reason for that is that "your" side has Ethernet (or WiFi, or both), which can be captured with an appropriate capture setup. The ISP side is cable, which you cannot capture unless you have access to special diagnostic devices that can, which I doubt.

So what you can do is to setup a SPAN or TAP for the link of the Ethernet side of the modem, and do a long term capture using a ring buffer. That way you can record all the traffic of the modem on your side and check what happens just before it crashes. Maybe you can spot something that causes the crash.

I just checked the manual for your router and it doesn't seems to support packet captures on the device itself (neither local capture, nor SPAN), so if you want to do this you'll probably have to work with extra hardware - unless all connectivity is Wireless, in which case you might be able to work with a laptop you already have. You might want to check the Wiki for various ways of tapping into the Ethernet cable:

https://wiki.wireshark.org/CaptureSetup/Ethernet

permanent link

answered 07 Jun '17, 02:52

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×53
×3

question asked: 02 Jun '17, 13:17

question was seen: 887 times

last updated: 07 Jun '17, 02:52

p​o​w​e​r​e​d by O​S​Q​A