Suffering Packet loss

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
zeny12
I Plan to Stick Around
Posts: 23

Re: Suffering Packet loss

@Datalink How do I run Wireshark exactly?

 

Just run the program, make sure its recording the data and go play? 

Datalink
Resident Expert
Resident Expert
Posts: 7,238

Re: Suffering Packet loss

When you start Wireshark, it will ask you for an interface to record from.  That will be the ethernet interface.  If there are no interfaces shown, close the program and restart it in Admin mode.  You will see the ethernet interface available to record from.  Remember that you will also need the ping test running, as that is the data that will be used to generate the plot.  

 

To stop the recording, hit the red square button.  Then use the File .... Save function to save the data.  To start or restart recording, go, Capture .... Start.  You might get a warning asking if you want to proceed without saving the data that is already held in its temp file.  Proceed as you would prefer, dump the data or save it first.  From then, its the same routine, stop the data recording when you prefer and save the file or not.  Just depends if you want to keep it for later analysis. Once the recording is stopped, you can bring up the Statistics I/O Graph.  I have one item to confirm before I post the Display Filter settings which will allow you to plot the data. 



Datalink
Resident Expert
Resident Expert
Posts: 7,238

Re: Suffering Packet loss

@zeny12, here are the display filter settings for Wireshark for an ICMP ping test to Rogers 64.71.255.204 DNS. When you bring up the Statistics I/O Graph, there will be a couple of filters already present in the lower filter area. Disable those filters. Then using the bottom left "+" button, select that function to add a filer line. The filter titles and first line are as follows:

 

Name                                                   Display Filter

 

MAX ICMP to Rogers .204 DNS     icmp.type==0 && ip.addr==64.71.255.204 && icmp.resp_to

 

 

Color      Style            Y Axis                     Y Field                         Smoothing

Red         Line            MAX (Field)            icmp.resptime           none

 

The complete Display Filter above is:

 

icmp.type==0 && ip.addr==64.71.255.204 && icmp.resp_to

 

 

When that line is entered and Wireshark is happy with it, close the I/O Graph and bring it up again. Then select that filled in line and use the clone button, third button in from the bottom left. Clone that line twice. The changes to those cloned lines are the Name, Color, and Y Axis for the Min line, and Name, Color, Style, Y Axis and smoothing for the AVG line:

 

Name                                                   Display Filter

MIN ICMP to Rogers .204 DNS       icmp.type==0 && ip.addr==64.71.255.204 && icmp.resp_to

 

Color      Style            Y Axis                     Y Field                         Smoothing

Green     Line             MIN (Field)            icmp.resptime           none

 

 

Name                                                   Display Filter
AVG ICMP to Rogers .204 DNS      icmp.type==0 && ip.addr==64.71.255.204 && icmp.resp_to

 

Color      Style            Y Axis                     Y Field                         Smoothing

Black      Dot              AVG (Field)           icmp.resptime           1000 interval SMA

 

 

Add one more line and set it to read the following:


Name                                                                                  Display Filter

 

Missing ICMP Response fm Rogers .204 DNS         icmp && ip.dst==64.71.255.204 && icmp.resp_not_found

 

 

Color      Style            Y Axis                     Y Field                                Smoothing

Black       Dot             Packets                   icmp.resp_not_found     none

 

The complete Display Filter setting above is:

 

icmp && ip.dst==64.71.255.204 && icmp.resp_not_found


You should be able to simply copy the Display filter and Y Field sections and paste those into the entry windows. If you have any trouble, Wireshark has its own built in menu for those sections. When you type in an initial entry, such as icmp, and type in the "." immediataly after, a drop down menu will appear that contains all of the entries that start with the entered item, so you can simply scroll down to the required item and select it. You will know that you have the filter items set correctly as the filter entry window background colour will turn green, indicating that the entry it correct. When all is said and done, close the I/O Graph plot using the close button on the lower right and open it again. I've found Wireshark to be a little quirky when it comes to saving the entered filter parameters, so, closing it, opening it and checking the filter items after opening the I/O Graph should ensure that the filters are save and that they are correct.

 

The line names and colors used are suggested choices, set those as you prefer.  I've found that the line and dot selections for the plotted data turn out as acceptable choices for the plotted results.  On the bottom of the chart area are a drop down menu for the plot time and selection for the time of day.  For whatever ping interval time you use, you will need to be one level up in terms of the plot intervals.  So, if you are using two or more pings per second, then you can use one second as the lowest plot interval.  If you use 1 second as the ping interval, then you need to use 10 seconds as the lowest plot interval in order to see the Min and Max time seperated in two distinct areas on the plot.  When you play around with the plot time, you will see the effect that the various selections have on the plotted results.  There's no right or wrong answer here, just a matter of preference in what you want to see.  The bottom Time of Day has to be checked in order to plot the result with a real time scale, otherwise, the sample numbers are plotted. 

 

When the collected data has been saved, open the I/O Graph and enable the desired plot items by checking the enable/disable check box on the left hand side. You will probably find that enabling the MAX and MIN filters first will suffice as the chart scaling will be set to accomodate the higher MAX time values, so the AVG and Missing Response indications will be buried at the bottom of the plot. To scale down into the chart, use the Y key. Scaling out, use Shift Y. To scale in horizontally, use the X key, scaling out, Shift X. If you right click on the chart area, the chart control menu will be displayed.

Ok, that should do it for now, just a matter of waiting to collect the data, saving it and then displaying the results.

 

If you want to save the plot as a pdf or jpg, etc, hit the bottom "Save as".  That will bring up an entry window that defaults to a pdf file.  If you want to post it, you will have to change the file type to jpg.  Same for any subsequent plots that you want to save as a jpg.  



Datalink
Resident Expert
Resident Expert
Posts: 7,238

Re: Suffering Packet loss

@daveinsurgent, looking back on an ICMP test run from Saturday Nov 18th, 2017, the run time was 27 hours with a total of 481,992 pings.  Hrping indicated 23 lost responses, Wireshark indicated 30 lost responses.  So, doing the math with 30 lost responses, thats 0.0062%.  That's the type of result that I would expect anyone to see.  Running UDP, I would expect to see losses in the 0.05% range if not better.  

 

Having said that, looking at the plot itself, yep, it gets ugly, but it looks worse than it is due to the horizontal compression, squeezing 27 hours of data so that it can be seen on one plot.  The average time is around 11 ms from pc to Rogers DNS and back again.  The usual max values are around 20 ms, but the instantaneous times can range up to 200 ms.  That's partly a reflection of whats going on in the LAN and what is going on within the Rogers network.  Its pretty clear when there is very little traffic in the LAN and in the Rogers network as the max times range from 13 to 24 ms for several hours until traffic starts to pick up again around 9 am.  

 

So, one recommendation I would make is to run a ping test to the Rogers DNS (64.71.255.204) for at least 24 hours, to collect the data and then plot that data to see what happens throughout the day.  The packet loss is another matter altogether that requires resolution and may require the services of @RogersBob to check everything from the modem to the CMTS.



daveinsurgent
I Plan to Stick Around
Posts: 43

Re: Suffering Packet loss

I had an open ticket with Live Chat to have a network engineer look in to things, and they have now said they can't find any problems. I received the phone call today to contact support "if the issue is still occurring" which of course it is.

 

Live Chat is refusing to send a tech back out again because they can't "see something on the line".

 

I noticed that to the little box thing on my house, there's a Bell line, and then there's two what look like coax lines going in to it and then going in to my house. In my utility room, I have a whole bunch of different coax leads, with only one in use. Some of course go upstairs, but I wonder if one of them is a second run out from outside. I don't know why that would exist..

 

As a laymen in terms of cable networking, it seems reasonable to me to have someone come out and perform a cable integrity test from the 'little box' in to my utility room, as well as from the 'little box' out to the road-side box. (and if there is a second cable coming through, see if one is better than the other). Also, that road-side box front panel is open a few inches and exposed to the elements and who knows what else. The technician that visited the first time said it's "not the worst he's seen" and left. He also did not know what ping was..

 

The technician that first visited noted that my modem was the only one in the neighborhood that was not responding to his remote diagnostics. The modem has been replaced, but now Live Chat is saying:

 

3:04 PM Evelyn
It is telling me your modem is not on
 
But I am chatting to them and typing this through said modem.
 
They're also telling me that the network engineer ticket was opened for 'intermittent signal', not packetloss.
 
This is incredibly frustrating. I have done so much troubleshooting on this issue, far beyond what any normal end-user  could be expected to do, and each time I do, I have to re-start with someone copy-pasting a "how to forward ports" tutorial to me just because I said the word "game". And then what I hear is that I can't even trust that my reports/complaints are being recorded correctly meaning I can't have any faith in the "all clear" investigation.
 
I don't want to be "that guy" but I do need to take this to the CCTS or some other body/agency? This has consumed an enormous amount of time and a non-trivial amount of money from me.
 
Edit:

The Live Chat tech 'send a command to my modem' and had me power cycle it. They now say they can see it, I noticed since I captuerd the screen last time, since they've had me power cycle, now it looks like this:
 
Screen Shot 2018-01-28 at 3.23.44 PM.png
 
Receiver 1 now says 4K -- etc instead of N/A -- what's up with that?
 
Ah, less than 30 minutes later it is back to NO/NA:
 
Screen Shot 2018-01-28 at 3.53.17 PM.png
zeny12
I Plan to Stick Around
Posts: 23

Re: Suffering Packet loss

I've heard it's DOCSIS 3.1 downstream enabled.  @daveinsurgent

daveinsurgent
I Plan to Stick Around
Posts: 43

Re: Suffering Packet loss

Right, but then why does it revert to N/A, NO, etc after ~30 mins?

Datalink
Resident Expert
Resident Expert
Posts: 7,238

Re: Suffering Packet loss

That 4k indication would mean that the modem is using OFDM 4096 sub-carriers for downstream data.  If that section indicates N/A, NO, I would presume that means that the OFDM channel data or data lock has been lost and the modem has reverted to DOCSIS 3.0 mode.  So, you go from using 4096 sub-carriers to 32 channels.  In either case, the modem should be capable of running 900+ Mb/s on the downstream side. 



daveinsurgent
I Plan to Stick Around
Posts: 43

Re: Suffering Packet loss

I see. Is it normal for it to lock/unlock like that? Speed has never been a problem for me per se (it's not super consistent, but I wouldn't expect cable to be) -- but in terms of packetloss, could that be causing anything?

 

I'm not trying to obsess over minutiae, just trying to examine everything I see since everyone keeps saying things look fine, but something has to be wrong.

daveinsurgent
I Plan to Stick Around
Posts: 43

Re: Suffering Packet loss

Well, Live Chat refused to send a tech out, but Facebook Chat was happy to. I'll buy a beer to the manager of the Facebook team if I meet them, as their reps seem to be empowered more both in how candidly they answer your questions as well as what they can schedule/request.

 

We'll see how visit #2 goes!