[TriLUG] troubleshooting spotty internet connectivity with TWCBC

Steve Litt slitt at troubleshooters.com
Tue Jul 22 23:32:28 EDT 2014 

On Tue, 22 Jul 2014 22:18:32 -0400 (EDT)
Dewey Hylton <plug at hyltown.com> wrote:

> hi all, just wanting a sanity check here.
> 
> i have a customer paying for TWC Business Class service. they run a
> small shop (~20 computers) behind a *nix firewall, and have been
> running this basic configuration for over a decade. no interesting
> changes in the last couple of months. 
> 
> friday, they called and said they had issues getting to several
> external websites that they use daily. i remoted a desktop, looked up
> the dns record, captured packets on the external interface of the
> firewall relating to that address, and tried hitting the site with a
> browser. i saw outbound syn packets, but nothing in return. i
> duplicated the test for another of their problematic sites and had
> the same result. plenty of other sites worked fine. they had issues
> with several sites, but the only two i tested were www.ups.com and
> mail.yahoo.com.
> 
> we've flushed internal dns cache, double-checked dns records against
> google's cache (8.8.8.8), but stands out to me.
> 
> i called TWCBC support. the first tech tried "accessing those 2 sites
> via the cable modem" and failed. so, believing the problem was on
> their end, he escalated the ticket. but the second level tech refuses
> to work with me until i've connected a computer directly to the cable
> modem. 
> 
> does this make sense to anyone? the firewall _is_ a computer, and is
> much more capable of network testing and such than any of their
> windows desktops or servers. and it is directly connected to the
> cable modem already. 
> 
> am i missing some bit of logic somewhere?

Yes.

First, tech support people aren't half as smart as you, so they don't
understand that if you connect a computer straight to the Internet, you
need to reformat it immediately after, and never have that computer
touch your lan until totally reformatted (and how do you detect a boot
sector or bios virus?.

Secondly, strange things happen. I had an intermittent dropout on
Brighthouse. It went on for a couple months. On and on and on. Even
though we managed (via my alerting them with my home-grown log file) to
see their cable modem drop the signal when I lost connectivity, they
still wanted me to take my Linux firewall off and put on a different
computer, which I refused quite mockingly.

About a month later the problem got solved. At once, 1) Their tech
removed a stray cable, and 2) I replaced the firewall. Unfortunately, I
wasn't in a position to back out my replacement to see if the
intermittent came back, but heaven help me, I suspect that my firewall
was sending some junk to the cable modem, causing problems. I felt
sorry for the way I'd laughingly refused to plug in another computer,
and mocked the guy, because I think he might have been right. I made
myself a policy decision that next time, I'll format up a little Ubuntu
machine to test the Internet directly, and then obviously reformat it
immediately after.

Of course, I personally think if they want me to have unsafe sex with
the Internet, THEY should provide the known good replacement computer.

Anyway, if you have a box you can format to plug directly in, and
format again afterward, it *is* a valid diagnostic test, because
strange things happen.

SteveT

Steve Litt                *  http://www.troubleshooters.com/
Troubleshooting Training  *  Human Performance

More information about the TriLUG mailing list