This is going to read like a misposted Windows subject but it is really very Linux related. In my home network, I have two Linux boxes, a Windows 2000 box (connected via wireless), a Windows XP SP2 laptop (wireless) and a Windows NT 4 SP6 box running in Terminal Services mode. Everything is connected through a Linksys router. Last night, just while surfing around, my cable modem (Toshiba PCX2600) went into test mode, automatically and I lost internet connectivity. This continued to happen throughout the night. I called my provider, Cox, to ask if there were any outages and was informed that all was well and that it must be on my end. My training is as a network engineer, so I rarely believe the drones on the other end of the phone. This morning, I called again and was told if the test light on the modem randomly flashes, it means the modem is going bad. So, I went out and purchased a D-Link DCM-202 cable modem. I got it up and running just fine but I continued to randomly lose connectivity. OK, so I called Cox back to complain but they could find no problems on their end. I was furious and I hate to be lied to, when they assured me that it had to be my modem. At this point, I resorted to looking at documentation on D-Link's website and found that I could bring up a web interface and do advanced configuration of the modem. However, this configuration only worked in Internet Explorer and that I'd have to do a direct patch cable connect from the modem to the Windows PC and take the Windows box off my network! I did this and saw a modem error log that basically said that the modem was periodically losing its downstream internet connection. I was feeling lazy at this point so I unplugged the Windows box from it's direct modem connection and replugged my router. Since I usually browse on Linux, this was no big deal. Now here's the kicker, for the next three hours, I had no loss of connectivity! Finally, I got around to putting the Windows box back on the network and my modem went nuts and dropped. So, I unplugged the Windows box, did a full Virus Scan (Bitdefender Pro 8.0, fully updated) and ran Spybot (fully updated.) Neither tool found anything. I ran Ethereal to look for any weird traffic and found nothing! I looked at the lights on the Windows box NIC and saw no bad unusual blinking. Here's the thing that has me vexed, if all boxes are hooked to a router and the router is working fine, how can one PC cause the modem to reset? Shouldn't it be trashing the router, since the router is managing the traffic for all clients? Even a bad NIC shouldn't cause this kind of situation or am I missing something?
klackenfus
02-19-2005, 10:19 PM
Installed a 3COM 3C905, on the assumption that the NIC might be bad. No luck, it still brings down the cable modem. This box is really close to becoming my third Linux box!
soulestream
02-19-2005, 10:28 PM
hmm.
have you checked the cable running from the "bad" box to the router. Try a different cable maybe. the cable could be shorted.
run activescan from panda software on the windows box, it finds stuff (java related) the other virus scans sometimes dont.
i am having a similar problem, and have tracked it down my router. Under hard loads the router locks up. im going to resetup the os on the router, but i think my vram on the router is bad.
soule
klackenfus
02-19-2005, 10:38 PM
have you checked the cable running from the "bad" box to the router. Try a different cable maybe. the cable could be shorted.
Yes, I tried a different cable but no luck.
i am having a similar problem, and have tracked it down my router. Under hard loads the router locks up. im going to resetup the os on the router, but i think my vram on the router is bad.
I thought of my router as well but I have numerous other Linux and Windows boxes running off the router I am typing this reply on now. As long as I leave this silly Windows box off, all is well. This has to be some sort of virus/trojan/malware issue but it eludes me. I might just be looking for an excuse to make another Linux box but I do need at least one Windows XP machine to test work related issues.
soulestream
02-19-2005, 11:15 PM
im removing all kinds of stuff off a customers computer right now. i run a combination of ALL of the following
AVG free edition
Panda acitve scan
spybot and adaware
if there is something there they will usually find it.
soule
klackenfus
02-19-2005, 11:31 PM
I had a thought that it might be the firewall (Zonealarm.) This week, I patched it up to the latest and I thought that could be the issue, so I disabled it. It's not, it's still crashing. The pattern seems to be when I request a website from that box that it's never hit before or, if I just leave it alone for awhile, it resets the modem. To me, that sounds like spyware that records new sites or "phones home" periodically. I took Monday off from work, so I might be repartitioning tomorrow and putting Centos on this pig. I'll leave a small Windows partition for testing purposes. Oh and it's a Pentium IV, 2.6 Ghz with 1.5 GB RAM and a 160 GB 10,000 RPM hard drive. Gosh, I hope it can handle Linux!
eskiled
02-19-2005, 11:37 PM
Originally posted by klackenfus
Yes, I tried a different cable but no luck.
I thought of my router as well but I have numerous other Linux and Windows boxes running off the router I am typing this reply on now. As long as I leave this silly Windows box off, all is well. This has to be some sort of virus/trojan/malware issue but it eludes me. I might just be looking for an excuse to make another Linux box but I do need at least one Windows XP machine to test work related issues.
So what leads you to believe it doesnt have to do with overloading the router? How about you run a livecd on that windows box and see if you still have issues. If there arent any issues than look into some heavy duty mal/ad/spyware tools. If you do then it is obviously hardware related and you should check your NIC and cable and router again. (perhaps your router just sucks if its got too many clients...)
eskiled
klackenfus
02-19-2005, 11:49 PM
So about you run a livecd on that windows box and see if you still have issues.
Good thought! I will try this. My main reason for not suspecting the router is the fact that when I disconnect the Windows box from the network, all is well. However, I'll boot from a Knoppix CD and see what happens. I'll keep you posted!
klackenfus
02-20-2005, 12:03 AM
Good thought! I will try this.
This is me, running from my "bad" Windows XP box, while booted into Knoppix 3.6. All is well, I have browsed several websites that, in Windows, are hosing my cable modem. This really does establish that I'm dealing with an OS issue, unless I've really missed something.
eskiled
02-20-2005, 12:25 AM
Originally posted by klackenfus
This is me, running from my "bad" Windows XP box, while booted into Knoppix 3.6. All is well, I have browsed several websites that, in Windows, are hosing my cable modem. This really does establish that I'm dealing with an OS issue, unless I've really missed something.
Did you try rebooting;) ? Heh yeah I would just google for adware removal software and throw everything you find at that box. If that doesn't fix it I don't know what to say. Perhaps (probably very unlikely) it has something to do with drivers? Although if worse comes to worse than you could probably reinstall and fix everything.
goodluck
eskiled
klackenfus
02-20-2005, 12:36 AM
Well, it's after 10:30 PM, the wife is sleeping in a chair and has complained about seeing "just the back of my head" all day long, so, I guess that makes it time to back up my data, repartition and make a new dual boot box with a significantly reduced Windows partition. Here I go and thanks!
Gertrude
02-20-2005, 01:15 AM
Are you sure it wasn't just a coincidence that when you removed the Windows PC the modem quit going offline? I guess just wanna know if you tested it multiple times with it plugged in, and not to make sure thats actually whats casuing it to go offline. There is really nothing on the computer that could cause the modem to drop like that in most cases.
I have seen instances where certain versions of firmware on older modems can lock up with certain P2P apps running, and when playing online games that open multiple connections to a server. Seeing how you tried 2 modems the likelihood of it being a issue with the modem is going to be slim. Also with the errors you are seeing with it dropping the downstream frequency thats indicative of a cable signal problem between the modem, and the headend equipment.
If you look at the internal page of the modem again what do the signal levels(up/downstream, and SNR) look like? The DOCSIS specifications state the the downstream should be at -15 -> +15 dBmV. If its close to either of those and starts fluxuating there is a good chance you modem will drop offline. Seeing how you didn't see anything with the packet sniffer, and checked for adware/viruses I think there is more of a chance if it being a cable signal problem rather than some strange transmission from the Windows box.
soulestream
02-20-2005, 01:30 AM
if the network card in the box is bad it could be chattering and that could overload the router also.
soule
klackenfus
02-20-2005, 01:32 AM
Are you sure it wasn't just a coincidence that when you removed the Windows PC the modem quit going offline?
I have been testing and re-testing this for over ten hours. It really is the Windows box. I approached this as a skeptic but after trying every scenario I can think of, came to this. As of my last post, I have been running fine and I am creating a 20 GB Windows partition, so I can have the rest for Linix.
klackenfus
02-20-2005, 01:35 AM
if the network card in the box is bad it could be chattering and that could overload the router also.
I already swapped the NIC. I wish it was that easy but thanks anyway.
XiaoKJ
02-20-2005, 10:04 AM
Can any expert out there see if this is a kernel rootkit thingy? I heard about it on OSNEWS that day and how it is not easy to be detected by anti-malware software as it goes right into the kernel.
I believe you should just go off and use linux with it. No point sticking with Windows when it is so damn problematic
klackenfus
02-20-2005, 01:57 PM
I think I know what caused the problem. I repartitioned the box for a 140 Gb Linux (Suse 9.2) partition and a 20 Gb Windows XP partition. I did the usual, installing Windows first and then Linux and all was well. At 3 AM (yes, I fell asleep at the computer) I got bold and decided to patch up the Windows partition with SP2. BANG! My modem went down! I know it's weird, because I have run SP2 for months but it did seem to cause the problem. I do need a small Windows partition for testing purposes but for everyday living, I have been Windows free for about three years. Anyway, to all you Windows users out there that are exploring Linux, be careful! Something strange is up with Windows SP2 (duh.)
Gertrude
02-20-2005, 04:42 PM
Thats very strange. Could you install ethereal on that pc and have it run as soon as it boots up, and post the output here? I would be interested in seeing whats getting sent out of that computer when the modem goes off.
JayMan8081
02-20-2005, 07:39 PM
I have the same modem as you and I have been running SP2 on the wife's computer for a while now and haven't seen any problems. I wonder if SP2 just increases the traffic load or something? Another question, do you use the Windows Firewall in SP2? I know I turned mine off and found a site that gave instructions on how to permanently turn it off. Maybe that could be a source of the problem.
psych-major
02-20-2005, 10:13 PM
Originally posted by JayMan8081
Another question, do you use the Windows Firewall in SP2? I know I turned mine off and found a site that gave instructions on how to permanently turn it off. Maybe that could be a source of the problem.
SP2 starts the firewall by default, so that's a good thought. I have a Dell D800 laptop with XP SP2 running through a D-Link DI-624 (wireless) router and a Netopia DSL modem. I do not get this behavior so I wonder if SP2 dislikes something in your specific hardware setup?
You could always back-rev it to Windows 2000, if that would support your testing needs...
klackenfus
02-22-2005, 10:07 AM
I wonder if SP2 just increases the traffic load or something? Another question, do you use the Windows Firewall in SP2?
I am still having the problem as of Tuesday morning. I'm at work now, so I'll have at least eight hours before I can play with this some more. Also, to reiterate, I know this isn't a modem problem, because I tried a different modem. I an not using the built in Windows firewall, I was using Zone Alarm. I now know it is NOT a SP2 issue, because the minute I reinstalled XP the problem happened again and I wasn't patched up to SP2 yet.
Could you install ethereal on that pc and have it run as soon as it boots up, and post the output here?
I'll do this tonight. The adventure continues...
wiskeyweed
02-22-2005, 02:32 PM
Originally posted by Gertrude
If you look at the internal page of the modem again what do the signal levels(up/downstream, and SNR) look like? The DOCSIS specifications state the the downstream should be at -15 -> +15 dBmV. If its close to either of those and starts fluxuating there is a good chance you modem will drop offline. Seeing how you didn't see anything with the packet sniffer, and checked for adware/viruses I think there is more of a chance if it being a cable signal problem rather than some strange transmission from the Windows box. [/B]
I agree with Gertrude regarding the potential loss of signal - that was a thought I had. I also saw another post that suggested trying a different cable (which I think you did).
The puzzelling part is why would Windows and Linux manage to cause different signal levels through the NIC?
soulestream
02-22-2005, 03:05 PM
The puzzelling part is why would Windows and Linux manage to cause different signal levels through the NIC?
bad driver?
try the manufacturer driver instead of M$.
soule
klackenfus
02-22-2005, 03:21 PM
try the manufacturer driver instead of M$.
The thing is, I used two different NICS and both were using the actual manufacturer's driver, not the Windows autodetected driver. Also, I eliminated other potential points of failure. I hooked the box straight to the modem and it still failed. I bypassed my hub and went straight into the mini switch on the back of the router and it still failed. To me, the electrical issue seems possible. I think understanding how Linux, or for that matter, other versions of Windows deal with the managing of the signal to the modem might lend a clue to this problem.
Let me also add an interesting tidbit to this discussion. About three weeks ago, Cox improved their service in my area. They have been laying a lot of fiber in my area. I have had a dramatic increase in the speed of my connection. My downstream connection, that used to top out at 1.5 Mbps not hovers between 2.5 and 3.5 Mbps. I'm wondering if whatever they did is, somehow, affecting me. However, would it be affecting just this one computer? Of course, Cox denies all responsibility. When I told them it was running fine in Linux, I got the standard, "we don't support that!" When I told them the issue wasn't Linux but rather Windows XP, I was doomed because once I said "Linux," the "tech" went into a logic loop and told me that Windows and Linux didn't play well together in network environments! I really wish I could strangle people through the phone!
Jata
02-22-2005, 03:52 PM
Out of interest does the connection die when the machine enables the NIC or just when you try and access the internet?
klackenfus
02-22-2005, 04:39 PM
does the connection die when the machine enables the NIC or just when you try and access the internet?
It will die when hitting an uncached website (Mozilla or IE,) it will die during downloads and then automatically resume, it will die randomly when I'm not even doing anything at all. What makes this such a pain, is the fact that I also have VOIP and my calls will drop!
klackenfus
02-22-2005, 08:22 PM
As requested, here is an Ethereal capture while browsing with the bad box, until failure. The internal IP for the bad box is 192.168.1.5. I hope this helps! Thanks in advance!
No. Time Source Destination Protocol Info
6988 281.414821 192.168.1.5 207.126.111.217 TCP 1266 > http [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460
No. Time Source Destination Protocol Info
6992 296.651732 192.168.1.6 192.168.1.255 CUPS ipp://192.168.1.6/printers/HP5P (idle)
Frame 6992 (137 bytes on wire, 137 bytes captured)
Ethernet II, Src: 00:50:da:17:a5:a4, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol, Src Addr: 192.168.1.6 (192.168.1.6), Dst Addr: 192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: 631 (631), Dst Port: 631 (631)
Common Unix Printing System (CUPS) Browsing Protocol
klackenfus
02-22-2005, 08:32 PM
This may even be more interesting. Here is the log I just extracted from the modem itself:
6 02/20/05 22:41:28 R02.0 critical No Ranging Response received - T3 time-out
7 02/20/05 22:41:58 R04.0 critical Received Response to Broadcast Maintenance Request, but no Unicast Maintenance opportunities received - T4 timeout
8 02/20/05 22:42:15 R02.0 critical No Ranging Response received - T3 time-out
9 02/20/05 22:42:16 R03.0 critical Ranging Request Retries exhausted
10 02/20/05 22:42:30 R02.0 critical No Ranging Response received - T3 time-out
11 02/20/05 22:42:31 R03.0 critical Ranging Request Retries exhausted
12 02/20/05 22:42:43 R02.0 critical No Ranging Response received - T3 time-out
13 02/20/05 22:42:45 R03.0 critical Ranging Request Retries exhausted
14 02/20/05 22:42:55 R02.0 critical No Ranging Response received - T3 time-out
15 02/20/05 22:42:56 R03.0 critical Ranging Request Retries exhausted
16 02/20/05 22:42:56 U02.0 critical UCD invalid or channel unusable
17 02/20/05 22:42:57 T01.0 critical SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing
18 02/20/05 22:42:58 T04.0 critical SYNC Timing Synchronization failure - Failed to receive MAC SYNC frame within time-out period
19 02/20/05 22:42:58 T01.0 critical SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing
20 02/22/05 16:15:39 R02.0 critical No Ranging Response received - T3 time-out
21 02/22/05 16:16:21 B605.10 warning Map Reject - Downstream Traffic Flow Not Mapped to BPI+ SAID
Gertrude
02-22-2005, 09:33 PM
From the ethereal output you posted it looks like the connection had already went down before you started the capture.
The T3 time-outs are RF related.
What are the upstream, downstream, and SNR levels on the modem?
klackenfus
02-22-2005, 09:53 PM
From the ethereal output you posted it looks like the connection had already went down before you started the capture.
Wow! That is interesting. Actually when I started the capture, the connection was fine. I hit Cisco's website and then, Justlinux and bounced around until it died. Could it be the connection on that box is so messed up that Ethereal can't even detect it? Also, you only saw part of the file, because it was too big to post. Perhaps, I just didn't paste the right portion. Here (http://www.mindspring.com/~tanker6/ethereal2.txt) is a link to the entire file. I'll have to reconnect directly to the modem to answer your other questions. Thanks again!
klackenfus
02-22-2005, 10:39 PM
What are the upstream, downstream, and SNR levels on the modem?
Here are the results. I can't emphasize enough that this appears to only mess with Windows XP.
Downstream Signal
Favorite Downstream Frequency: Hz
Frequency: 111000000 Hz
QAM Mode: 64 QAM
Channel Power: 8.3 dBmV
SNR: 34.857 dB
DOCSIS1.1 Quality of Service Parameters
Direction Upstream Downstream
SFID 0x2d55 0x2c64
SID 0x505 N/A
Traffic Priority 3 0
Max Sustained Traffic Rate (bps) 540000 4300000
Max Transmit Burst (bytes) 1768 3044
Min Reserved Traffic Rate (bps) 0 0
Service Flow Scheduling Type Best Effort N/A
undeadska
02-23-2005, 12:26 AM
Could it be the connection on that box is so messed up that Ethereal can't even detect it?
I wouldn't think that would be the case. Ethereal is made for watching network traffic. What you are experiencing with the line dropping is a layer 1 problem. Way lower than what Ethereal is looking at. Do you happen to have access to a fluke? You could test the line between yourself and the modem if you do.
klackenfus
02-23-2005, 09:32 AM
Way lower than what Ethereal is looking at. Do you happen to have access to a fluke? You could test the line between yourself and the modem if you do.
I would agree with that if the problem wasn't so isolated. My Linux boxes are running fine, my Windows NT box is running fine, my Windows 2000 box is running fine. This is a fundamental issue with how XP is now communicating over my network. That's what makes this really an interesting Linux issue. It appears that once again, it does something better than Windows...big surprise there!
klackenfus
02-23-2005, 08:28 PM
Guess I stumped the world on this one!
klackenfus
02-26-2005, 04:19 PM
Well, for some unknown reason, all is well now. Actually, I don't believe it's really unknown at all. I believe the issue was Cox and that Linux could handle something Windows couldn't. Anyway, after seven calls to Cox (yes, really) everything started working correctly again. I just wish they could have been honest with me. Thanks for everyone who tried to help!
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.