OT: Network continually stalling

On a sunny day (Fri, 26 Oct 2012 20:00:49 -0800) it happened Robert Baer wrote in :

First thing I always do when shit happens is: ping 8.8.8.8 if that works, network OK, check computer. If not: traceroute IP_ADDRESS see where it stops. ping it too.

OS system you use? If designed by Microsoft it is probably normal.

When you say "network" do you mean ethernet, ADSL or wet string?

If you are still on a dial-up modem then buffer overruns are the most likely cause of trouble on a Winmodem.

ipconfig/all and then ping members of your own network in isolation and only then try external connections and hopcheck them to see where it goes wrong or stalls. DNS faults or routing problems at your ISP can cause stalls but user error is by far the most likely explanation.

Power tools in the hands of amateurs often result in collateral damage.

I've noticed over the last month or two, on RoadRunner at least, that I often have to repeat a request before it will complete.

Examples:

- Here, on eternal-september.org, after a period of inactivity (say, reading a long post, or writing one), the server times out and I have to reconnect to download another message. Very often, the connection simply hangs. Stop and restart the request, and it connects immediately.

- The first time I view a webpage in some length of time (hours to days perhaps?), the webpage won't load. Refreshing (or re-clicking the link) makes it go.

- Or, when loading a webpage, the design uses a separate "media" server for images, which don't load, or only load partially. Refreshing downloads all images immediately.

A traceroute won't help much because you have to catch it in the act -- if you see something not working and tracert in response, it'll magically work again. Or the first packet to the problem node will be dropped, but all subsequent ones go fine.

I have a sneaking suspicion this kind of behavior has to do with those monitoring and sharing-and-copyright-limiting actions you see in the news, but I don't have a clue how one might prove that.

Tim

-- Deep Friar: a very philosophical monk. Website:

Capturing network packets requires a device driver. If there are any bugs in that driver, it can crash the OS. So, there are no guarantees, but that's true for any device driver, including the ones written by Microsoft, Intel, nVidia et al.

For Windows, I would recommend wireshark:

It works, and it is probably the least likely to crash the OS (by virtue of being mature, actively developed, and widely used).

You started out I thiink relatig this problem to News Groups. Does your local ISP use a service from GigaNews as mine (IInet) here in Aus does? For the last week or more it has been very eratic much like you describe with no apparent problems for Internet or Email. Whatever the problem it seems to have been fixed now.

I ping Google when system is stalled; results look good but rarrely does the ping "kick" it out of what i call snooze mode. "traceroute" is not a recognized blahblah.. must be the spelling. In any case, what do i use for IP_ADDRESS as it may be variable (soi cannot make a batch program). I now use Win2K, but used to NEVER have these problems.

• Ethernet direcly to Comcast modem.

• Damn! dial-up was many years ago and i have always told people to NEVER use "Winmodem"..a TeleType would be far better..

• See above, also the infamous and so-called "user error" cannot exist in the modes i described.

What you describe is rather close to what i see. Thanks for the correct mispelling for traceroute.. I see that TraceRT Google has significant pauses before completing a number of the lines shown. As i vaguely remember in the (dim) past, before this problem, there were almost no pauses - about a line per second with no flim-flam.

Do those pauses indicate a "shadow" relating to the problems i see?

Thanks for disclosing that you're using Windoze 2000. It really does help to know what OS version you're using.

There's not enough info (i.e. numbers) to make a good guess as to the culprit. However, my bad guess(tm) would be that you have a DNS problem. Your primary DNS server probably is mistyped into your router configuration, or mistyped into the W2K network configuration. With the primary DNS lookup failing, the secondary DNS server takes over. However, it does take about 15 seconds for the OS to give up on the primary and switch to the secondary, resulting in the delays you're seeing. (Yes, I've screwed up and done this to myself a few times).

Try: Power cycle your router to clear its DNS cache. Start -> run -> cmd ipconfig /flushdns ipconfig /all (look for the IP address of the DNS servers) If they point to the IP address of your router, login to your router, and check that you either have the DNS servers set automatically by PPPoE or DHCP from the ISP, or that you have the correct static DNS server IP addresses scribbled into the boxes.

As for Wireshark: Windows 2000 no longer works with Wireshark. The last known version to work was Wireshark 1.2.x (which includes WinPcap 4.1.2). You still can get it from

Thanks; will try that on a BACKUP copy. Decided to get ver 1.6 instead of latest 1.8 (32-bit,natch with hopes Win2K will allow it).

I love when people run copies of windows that no longer have support. That way they can become bots for hackers and screw up the internet for the rest of us.

I've tried a few DNS evaluation schemes, but I like Steve Gibson's the best. Note that some modems (cable/DSL) have a placeholder for the DNS, but you don't want to use it if you have a router. Rather plug the DNS addresses in the router.

If opendns turns out to be the best, I would use something else. I don't like how opendns takes it upon itself to fire up a search engine if the request can't be serviced. I rather have it fail because I probably mistyped something. I can correct it faster than their search.

Try tracert for windoze

Grant.

On a sunny day (Sun, 28 Oct 2012 20:02:41 -0800) it happened Robert Baer wrote in :

panteltje: ~ # traceroute google.com traceroute to google.com (74.125.136.101), 30 hops max, 60 byte packets 1 router (192.168.178.1) 0.249 ms 0.215 ms 0.233 ms 2 10.212.192.1 (10.212.192.1) 7.129 ms 7.179 ms 7.172 ms 3 sk-rc0001-ds102-vl202.core.as9143.net (213.51.138.129) 9.766 ms 14.201 ms

If it gets stuck at say pint 5, then do a whois asd-tr0409-cr102-ae2-0.core.as9143.net, or ip_to_country -i 213.51.158.36

panteltje: ~ # ip_to_country -i 213.51.158.36 ip=213.51.158.36 (3576929828) "NL" "NETHERLANDS"

I wrote ip_to_country, its on my site (C code) is uses a database maintained by others.

OK, cannot help there.. You would not be sending a zillion spam emails and your computers used by some botnet? I use 'snort' utility for network monitoring. Not sure if it has a MS windows version.

Have you unplugged the cable modem to reset it?

He's using 'Teranews'

This is interesting, I too run W2k for something's and this here is one of them. I have been getting random network blank outs too.

But I got thinking of something however, I have an old, real old switch on the network that this computer goes through. With the use of the V6/V5 socket system, I wonder if there is an issue going on for allocation of the 4 digit 8 bit network address to be translated for those that are not using the newer network addresses?

It's just a thought and most likely has nothing to do with the problem, but it's an interesting hypothesis and most likely has nothing to do with it.

Jamie

I support a few remote mountaintop weather stations and camera servers currently running W2K. These are slowly being moved to XP or Linux (currently undecided). No virus scanner and no problems with W2K for many years. Biggest headache is getting the application vendors to continue W2K support. 2nd biggest headache is that changing from small footprint W2K to either XP or Linux requires a hardware upgrade.

I prefer Googles DNS benchmark program: Both programs should show any time delay for a new (non-cached) DNS lookup, thus either proving or disproving my wild guess(tm).

Far too many consumer routers have unsufficient RAM to cache a large number of DNS lookups. When the router DNS cache gets corrupted, everyone on the network has problems. I try NOT to have the workstations point to the router for DNS lookups, but rather have them point directly to their favorite DNS server.

Some of my customer use OpenDNS Family Shield DNS filtering service to keep the kids out of known bad sites. Other than ocassional weirdness, no problems.

Sigh. It's contagious.

Dumb story: One day at work, I declared a problem that I was having with a transmitter was "parasitic oscillations". Within a week, every tech on the production line and some of the engineers were declaring that their problems were due to parasitic oscillations, even though they didn't have a clue what it was or how to fix it. A great demonstration of the power of magic buzzwords and suggestions.

Long ago, with a customer best forgotten, I had to deal with some ancient 10baseT managed switches. The problem was that RAM was expensive at the time, and the switch manufacturer didn't include enough. For an ethernet switch to work, it needs to store a table of MAC address to ethernet port numbers, so it knows where to shovel the packets. If the table is too small, the switch should discard old addresses to make room for new addresses. The process is quite fast, and rarely causes a problem. Not with this switch. Instead of clearing one entry, it would flush the entire table and start over. Repopulating the table didn't take very long, but when faced with another deluge of MAC addresses, it would almost continuously be flushing the table. The result was with a few machines, it worked just fine. However, once it crossed some threshold that caused the table to be flushed, traffic through the switch was erratic, tended to stall for anywhere between a few seconds to several minutes, or created huge packet losses. It would work on my bench and at the manufacturers test lab, but not at the customers. I found a MAC address generator (originally used in a DoS denial of service attack) to generate enough random MAC addresses to make it fall over, and convince the manufacturer that it was their problem.

However, if "newer" means the transition from IPv4 to IPv6, there should not be any problem at the switch level, which only works at ISO Layer 2 with MAC addresses and not Layer 3 with IP addresses. At the MAC address layer, IPv4 and IPv6 both look the same. If your LAN is running a VLAN, you might have other problems if the switch can't handle VLAN packets.

Some (Arris) cable routers have a built in backup battery for the VoIP part of the puzzle. Power cycling doesn't work. You have to take a paper clip and punch the reset button in back.

If you suspect that the CMTS part of the puzzle is having a bad day, that side can be "reset" by simply unplugging the coax cable, waiting about 15 minutes, and plugging it back in. I'm not sure exactly how long it really takes, but when I need a break, it's a convenient excuse.

On Saturday morning, we have a local power outage that pulled the plug on 17,000 customers. It's now Monday morning and my phones are ringing furiously. UPS's with dead batteries, routers that reset themselves to defaults, data corruption, blown LCD monitor, hung computers, comatose switches and modems, etc. Life is good. Remind me to send a thank you card to PG&E.