Re: Using Wireshark for a DSL "link no surf" problem

["Frank Bulk" <frnkblk () iname com>]

Normally if a modem is in bridging mode it doesn't hand out IP addresses.
Something is not right here.

 

If you were my customer we'd have a tech onsite to assist a long time ago.

 

Frank

 

From: wireshark-users-bounces () wireshark org
[mailto:wireshark-users-bounces () wireshark org] On Behalf Of Kok-Yong Tan
Sent: Wednesday, June 18, 2014 4:41 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Using Wireshark for a DSL "link no surf"
problem

 

Hmm.you've got a point.   I'll give it a shot when I get back. 

 

I've found that if I configure my firewall to ask for an IP, I get an IP in
the private subnet of 192.168.1.0/24 and I've discovered that this is the
out-of-band management subnet.  It then allows me to tap into the DSL modem
at 192.168.1.1.   I also tried to do this by disconnecting my firewall from
the DSL modem and then attaching my laptop directly to the DSL modem.  This
is confirmed by a Tier 2 tech support rep at the ISP.  I get no IP in the
public subnet. 

-- 

Reality Artisans, Inc.                          #   Network Wrangling and
Delousing
P.O. Box 565, Gracie Station              #   Apple Certified Consultant
New York, NY 10028-0019                 #   Apple Consultants Network member
<http://www.realityartisans.com <http://www.realityartisans.com/> >       #
Apple Developer Connection member

Cell: (646) 327-2918                           #   Ofc: (212) 369-4876

 

On Jun 18, 2014, at 14:31 , Pedro Tumusok <pedro.tumusok () gmail com
<mailto:pedro.tumusok () gmail com> > wrote:





You said your modem is in bridge mode, so any traffic arriving on the WAN
port should be forwarded out the LAN port, so just do it on that. If you see
any L2 data ie arp etc then the PVC are correct.

 

Have you tried configuring your firewall to ask for an IP instead of a
static setup.

 

Pedro

 

On Wed, Jun 18, 2014 at 11:21 PM, Kok-Yong Tan <ktan () realityartisans com
<mailto:ktan () realityartisans com> > wrote:

Okay. Then my DSLAM interface is definitely up because I've got a solid (non
blinking) green light on the LED for the DSL connection.  

 

Problem is: How to do a packet capture since I can only access traffic off
the ethernet (RJ45) port and not the DSL (RJ11/RJ14) port?

 

-- 

Reality Artisans, Inc.              #   Network Wrangling and Delousing
P.O. Box 565, Gracie Station        #   Apple Certified Consultant
New York, NY 10028-0019            #   Apple Consultants Network member
<http://www.realityartisans.com <http://www.realityartisans.com/> > #
Apple Developer Connection member

Cell: (646) 327-2918 <tel:%28646%29%20327-2918>  #   Ofc: (212) 369-4876
<tel:%28212%29%20369-4876> 

 

On Jun 18, 2014, at 14:12 , Pedro Tumusok <pedro.tumusok () gmail com
<mailto:pedro.tumusok () gmail com> > wrote:





If the DSL Led is on, on your modem, the DSLAM interface is up.

If the PVC is changed, then you should not see any L2 data, do a packet
capture and see if you can see data coming from your modem.

 

Pedro

 

On Wed, Jun 18, 2014 at 8:58 PM, Kok-Yong Tan <ktan () realityartisans com
<mailto:ktan () realityartisans com> > wrote:

Yes, I understand why they gave me a /24 but with a /24, all it takes is for
somebody else on the same subnet to accidentally (not intentionally or
maliciously for obvious reasons) take my static IP and thus blow me out of
the water without affecting them too much.  I had this happen once.  With a
subnet between /24 and /30, they'd notice when their accidentally typo-ed IP
address didn't work because it didn't match their gateway info.  

 

-- 

Reality Artisans, Inc.              #   Network Wrangling and Delousing
P.O. Box 565, Gracie Station        #   Apple Certified Consultant
New York, NY 10028-0019            #   Apple Consultants Network member
<http://www.realityartisans.com <http://www.realityartisans.com/> > #
Apple Developer Connection member

Cell: (646) 327-2918 <tel:%28646%29%20327-2918>  #   Ofc: (212) 369-4876
<tel:%28212%29%20369-4876> 

 

On Jun 18, 2014, at 10:59 , "Jamie O. Montgomery"
<Jamie.Montgomery () comporium com <mailto:Jamie.Montgomery () comporium com> >
wrote:





PPPoE is used for authentication. If you have a static IP, they know who has
it and you don't need authentication. PPPoE would be the termination point
for the address, but since it will reside on your firewall, the modem needs
to bridge the dsl network to the Ethernet network on the public side if the
firewall

 

They give you a /24 because they'd be burning up more IPv4 addresses giving
you a smaller subnet. Other static IP customers use addresses in that subnet
along with you. 

Jamie Montgomery | Comporium

Network Facilities Engineering | Engineering Associate II

www.comporium.com <http://www.comporium.com/> 

 <mailto:jamie.montgomery () comporium com> jamie.montgomery () comporium com





The information contained in this e-mail message and any attachments thereto
are confidential, privileged, or otherwise protected from disclosure, and
are intended for the use of the individual or entity named above.
Dissemination, distribution or copying of this message and any attachments
by anyone other than the intended recipient, or an employee or agent
responsible for delivering the message to the intended recipient, is
prohibited. If you have received this communication in error, please
immediately notify the sender by telephone or e-mail and destroy the
original message, attachments, and all copies.


On Jun 18, 2014, at 1:34 PM, "Kok-Yong Tan" <ktan () realityartisans com
<mailto:ktan () realityartisans com> > wrote:

No, the DSL modem is bridging, not routing.  I've been assigned two static
IPs (although they've given me a /24 net mask!!!) and my firewall is
assigned one of them.  The firewall is connected directly to the DSL modem
by Cat6 patch cable.  The other IP is unused (I use it for testing VPN
configurations). 

 

I'm not sure but since the Broadxent Briteport is a PPPoE modem, I assume
PPPoE.  But the tech says that's not correct (WTF?).  And he can't explain
what they use.  Sigh.

-- 

Reality Artisans, Inc.              #   Network Wrangling and Delousing
P.O. Box 565, Gracie Station        #   Apple Certified Consultant
New York, NY 10028-0019            #   Apple Consultants Network member
<http://www.realityartisans.com <http://www.realityartisans.com/> > #
Apple Developer Connection member

Cell: (646) 327-2918 <tel:%28646%29%20327-2918>  #   Ofc: (212) 369-4876
<tel:%28212%29%20369-4876> 

 

On Jun 17, 2014, at 22:13 , Pedro Tumusok <pedro.tumusok () gmail com
<mailto:pedro.tumusok () gmail com> > wrote:





Well if the tech can see stuff, its not what I thought might be the problem,
which was PVC settings. 

 

But does your modem get an IP address, ie is it setup as a router or does
your computer get the ip address?

Are you using PPPoA/PPPoE etc?

 

On Wed, Jun 18, 2014 at 5:52 AM, Frank Bulk <frnkblk () iname com
<mailto:frnkblk () iname com> > wrote:

Some Comtrend modems can do a port mirror of the WAN (DSL) side.

Frank


-----Original Message-----
From: wireshark-users-bounces () wireshark org
<mailto:wireshark-users-bounces () wireshark org> 
[mailto:wireshark-users-bounces () wireshark org
<mailto:wireshark-users-bounces () wireshark org> ] On Behalf Of Kok-Yong Tan
Sent: Tuesday, June 17, 2014 4:53 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Using Wireshark for a DSL "link no surf"
problem


> On Jun 17, 2014, at 14:28, Jaap Keuter <jaap.keuter () xs4all nl
<mailto:jaap.keuter () xs4all nl> > wrote:
> > On 06/17/2014 08:42 PM, Kok-Yong Tan wrote:
> > Is it possible to use Wireshark to troubleshoot a DSL "link no surf"
problem?  The ISP insists it's a CPE issue but the problem only started
after their Tier 1 tech monkeyed with the DSLAM and/or the CPE (remotely) in
some manner.  I find it suspicious that the problem was intermittent packet
loss until they tinkered, whereupon the problem became a "link no surf"
issue (i.e., there's Layer 2 connectivity but zero Layer 3 traffic passing).
> Depends on what you can trace in the CPE, as in, how close to the DSL
interface.
> Otherwise you'll need capture hardware on the DSL....
>
> Good luck,
> Jaap

I can get up to the DSL modem itself.  In hindsight, I'm thinking this isn't
going to be of much use and the only way to debug this is with capture
hardware on the DSL side as you suggested.  Drat.
--
Sent from my iPad2 with greater chance of typographical, grammatical and
other disasters.  Your indulgence is even more humbly requested.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org
<mailto:wireshark-users () wireshark org> >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
<mailto:wireshark-users-request () wireshark org> ?subject=unsubscribe





 

-- 
Best regards / Mvh
Jan Pedro Tumusok

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org
<mailto:wireshark-users () wireshark org> >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org
<mailto:wireshark-users () wireshark org> >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org
<mailto:wireshark-users () wireshark org> >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

 


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org
<mailto:wireshark-users () wireshark org> >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
<mailto:wireshark-users-request () wireshark org> ?subject=unsubscribe





 

-- 
Best regards / Mvh
Jan Pedro Tumusok

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org
<mailto:wireshark-users () wireshark org> >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

 


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org
<mailto:wireshark-users () wireshark org> >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
<mailto:wireshark-users-request () wireshark org> ?subject=unsubscribe





 

-- 
Best regards / Mvh
Jan Pedro Tumusok

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org
<mailto:wireshark-users () wireshark org> >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe