Wireshark-users: Re: [Wireshark-users] Wireshark for layer 2 ATM traffic?

From: Kok-Yong Tan <ktan@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 10 Jul 2010 17:51:10 -0400
Thanks. But that just addresses the symptom. I'm asking if there's a way to find the cause.

On Jul 10, 2010, at 17:44, Frank Bulk - iName.com wrote:

Move to cable broadband?

Frank

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Kok- Yong Tan
Sent: Saturday, July 10, 2010 4:42 PM
To: Community support list for Wireshark
Subject: [Wireshark-users] Wireshark for layer 2 ATM traffic?

I've got a situation where an ADSL2 modem keeps dropping connection
every 12 to 15 days such that no layer 3 ICMP pings can pass (i.e.,
pings to the firewall behind the ADSL2 modem don't result in any
responses).  When this happens, the ISP insists that they can "see"
the ADSL2 modem and "layer 2 ATM pings work fine;" just that no
traffic seems to be flowing otherwise.  I've gone onsite when this
happens and disconnected (but not powercycled) the firewall and
replaced it with a test laptop connected to the ethernet wire leading
to the ADSL2 modem and tried pinging outbound (this fails).  I've
tried setting the laptop to both the same IP address of the (now
disconnected) firewall and to another unused IP address in the range
assigned to us before pinging outbound.  Neither work.  The only way
to fix this issue is to powercycle the ADSL2 modem without
powercycling anything else.  We've already replaced the ADSL2 modem
once.  The ISP swears that they've switched us to a different virtual
circuit and they insist the cabling up to the ADSL2 modem from the
Central Office (CO) is fine.  Now, if the ethernet cable connecting
the firewall to the ADSL2 modem were bad, swapping out the ethernet
cable would've solved the problem.  It hasn't.  Besides, it wouldn't
cause the ADSL2 modem to hang like that until it gets powercycled.

Now, I could install the following device and get it to automatically
powercycle the ADSL2 modem when it can't ping out any more:

<http://www.dataprobe.com/iboot-remote-reboot.html>

However, that only addresses the symptom.  It doesn't reveal the
cause.  (Naturally, the ISP and its CLEC is throwing its hands up and
professing ignorance while paranoid l'il ol' me is thinking it's the
ILEC screwing with us--I've actually caught ILEC technicians multiple
times "in flagrante delicto" with sabotaged CLEC DSL wiring in their
hands onsite requiring a "cease and desist" letter from attorneys to
"fix" so this isn't an aluminium-foil hat supposition.
Unfortunately, since I have no access to the CO nor its security
cameras, I can't prove such a thing in this case.  But if I can at
least provide test proof of bad equipment at the CO, that'll work for
me.)

Question:  Can wireshark be used to get any data that would reveal
the cause of the dropped ADSL2 connection considering no layer 3
traffic is flowing and only layer 2 ATM traffic is (supposedly) flowing?

--
Reality Artisans, Inc.             #   Network Wrangling and Delousing
P.O. Box 565, Gracie Station       #   Apple Certified Consultant
New York, NY 10028-0019            #   Apple Consultants Network member
<http://www.realityartisans.com>   #   Apple Developer Connection member
(212) 369-4876 (Voice) # My PGP public key can be found at <https://keyserver.pgp.com>