Signals in Automotive Communication Networks often represent safety relevant information. Therefore, automotive network protocols provide multiple powerful mechanisms for error detection and for error reporting. The objective is to ensure that on average less than one undetected error occurs during the lifetime of a vehicle. This places an upper bound on the residual error probability of the communication network. The determination of this residual error probability requires new methods in order to account for the interaction of the various error detection mechanisms. This paper presents an analysis method that has been developed for the investigation of the CAN protocol.This comprehensive investigation distinguishes two types of errors that contribute most significantly to the residual error probability of the CAN protocol. Errors of one type transform stuffbits into information bits or vice versa, and are related to the use of variable bit stuffing. Undetected message falsifications due to this class of error require very specific bit modifications. Errors of the other type are independent of bit stuffing. They are related to the finite coverage of the Cyclic Redundancy Check (CRC). The probability of both types of error has been determined by combining computer based testing techniques with classical methods. The new approach takes into account the multiple error detection means of the CAN protocol. The expected number of undetected falsified messages during the lifetime of a vehicle is derived from calculation of the protocol's residual error probability. It is determined to several orders of magnitude less than 1.