cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

Technical post - A day of traffic tracing - Sure Signal version 3

cuthbeidatacard
4: Newbie

Hi,

 

I have got so fed up with the Sure Signal version 3 not working, I decided to capture traffic from it for around 10 hours in an attempt to spot problems and find out what it does. Results below

 

a) When not in a call, the Sure Signal sends and receives about 5MB (Bytes) of dat aper day, 150MB per month

b) When in a call, the Sure Signal sends and receives about 100kbps (kilo bit per second).
c) When the Sure Signal is first switched on, the communication sequence looks like this

 

1) Issues a DHCP request to get an IP
2) ARP request to find it's local router MAC address for local router
3) * DNS requests for cluster18.vap.vodafone.co.uk (88.82.13.176, 182, 183 this is round robin DNS) and initial-ipsecrouter.vap.vodafone.co.uk (212.183.131.139)
4) ISAKMP / IKE VPN tunnel to 88.82.13.182  (cluster18.vap.vodafone.co.uk) using port UDP 500 to UDP 500
5) ISAKMP / IKE switches to UDP 4500 to UDP 4500 - IKE NAT traversal - NOTE: The response packet from 88.82.13.182 has an MTU too large so gets fragmented, this could explain why some routers have a problem - The UDP length 1544, with IP headers this is 64+ bytes over 1500 - The VF server could be reconfigured to avoid this
6) * NTP requests to 88.82.13.180 and 172
7) ESP session created to 88.82.13.182, following IKE session. Using UDP Nat traversal 4500 - 4500. This session continues throughout.The average packet size in the ESP connection is very small, as you would expect for voice packets. Only sometimes does the size increase from SureSignal to server, reaching a maximum of 1406 bytes on the wire. This 'should' mean people with a lower MTU (like PPPoE users) could be OK.

😎 Tracert request to 88.82.13.182 multiple times with both small and large payload (60 and 1414). It tests with a TTL of 1 and a TTL of 2, but never higher. I'm guessing it is trying to look for jitter on the first part of the connection (user to ISP). Of course, this assumes your ISP connection is only one hop away. Every hour, it will repeat this sequence with 40 requests.

 

* For reasons I can't explain, the DNS requests I see don't get answered. The SS makes a request to opendns (my configured DNS server) on 208.67.222.222, but I never see a response. Other systems (PCs etc) on the same LAN making the exact same request do see a response. If I switch my DNS server to be internal to my LAN, it does get a response. Not sure why this is. It will still connect without a response, but I guess only with the last known IP. If this IP is down, this could cause downtime.

 

** As above, the NTP requests do not get a response on my network

 

For both the DNS and NTP, I have switched broadband routers, DNS servers and several other things. Nothing makes a difference.

 

Actions for VF support (if you would like to improve service to users)

i) It would be great if someone technical could look at the MTU size issue in step 5, as a simple reconfigure could probably help a number of people using PPPoE connect properly. This doesn't impact me, but will others.

ii) The IP ranges do not match those described in this forum for opening up connections, the instructions need updating

iii) The ports and protocols do not match those described in this forum for opening up connections, the instructions need updating

 

If anyone want a copy of the trace, you are welcome, just reply to this thread and I will PM you a download location.

 

Thanks

 

 
10 REPLIES 10

HuwM
2: Seeker
2: Seeker

Hi There,

 

Very interesting. You are the first person I have seen post who seems able to track what the SS is actually doing. Who is your ISP ?

ADSL24. They are delivering service based on the TalkTalk wholesale network

Ah ( I was kinds hoping it was BT - seflishly, because I have been having long running discussions with BT about my two SS3's)

 

Do you mind me asking how you monitored the traffic to/from your SS - was it software or hardware. I have a very specific problem and I'm finding it very frustrating to try and sort it out between Vodafone and BT without knowing what the SS3's are actually doing !

Hi,

 

To monitor the traffic you need to plug the SureSignal into a hub (not a switch), like this one (http://www.ebay.co.uk/itm/NetGear-4-Port-10-100-Mbps-Dual-Speed-Hub-DS104-/200996085100?pt=UK_Comput... and then link the hub to your home hub. The network hub broadcasts all traffic to all devices, so it can be watched by another device patched into the hub. This means, you need to connect your PC to the hub and run Wireshark, which will capture all the traffic (https://www.wireshark.org). Once you have the capture file, it can be analyzed. The only problem is that my Sure Signal didn't negotiate with the network hub correctly (http://forum.vodafone.co.uk/t5/Vodafone-Sure-Signal/Sure-signal-version-3-is-unable-to-detect-half-d... so I have my SureSignal patched into a switch (http://www.ebay.co.uk/itm/NETGEAR-PROSAFE-FS108P-8-PORT-10-100-SWITCH-WITH-4-PORT-POE-POWER-SUPPLY-/... which links to the hub, which links to my broadband router.

 

Network switch - Network Hub - Broadband router - Internet

 

If you are not used to reading network traces, it can be a little tricky. I'm happy to have a look though if you like. In fact, it would help me to compare one setup with another.

 

Thanks

 

 

Hi, Thanks ever so for humouring me.

 

So, are you saying that, if you connect your SS3 via a switch and a network hub to your Broadband Router then it works okay ??

 

REgards

 

H

Hi,

 

Hope the post didn't confuse. I'm not saying it fixes the problem, I'm saying it allows me to see what it is doing, that is all. It works fine as well as it always did with the connection though, the extra devices make no difference to the quality of the connection in real terms (like extra latency or anything). Thanks

Ah, I understand. Okay I will try what you suggest. I did look at wireshark's website and see they do a 'free' trial. I'll have ago at that. Are you still happy for me to post the results to you ?

 

 

Wireshark is 100% free, open source, don't pay for anything.

 

Yes, no problem posting the results. The file could be quite large, so we may need to use Dropbox or similar to transfer it.

HuwM
2: Seeker
2: Seeker
Ok thanks. I have started another thread. SS3 works with HomeHub 5 (or does it) for some background. Will your wire shark tell me the difference between the way the SS3s react on BT business and residential ?