Slashdot Mirror
Network Measurement Tool Detects Reset Packets
kickassweb writes "If you think your ISP is sniffing packets, or worse yet, sending reset packets to stop torrents, there's now a beta Network Measurement Tool to detect them, courtesy of Lauren Weinstein of the Net Neutrality Squad. It's released under the LGPL, and runs under Win2K, XP, and Vista. Quoting: 'While the reset packet detection system included in this release is of interest, NNSquad views this package as more important in the long run as a development base for a broad range of network measurement functionalities and associated communications and analysis efforts.'"
Without a Linux version, it's obviously the work of Satan.
SJW: Someone who has run out of real oppression, and has to fake it.
First the Chinese firewall, and now ISPs closer to home.
Of course the ISPs shouldn't be allowed to spoof any packets, but what would be the consequence of ignoring all reset packets on a home network?
IANANG (I Am Not A Network Guru) but, what harm could happen if, say, all reset packets were just ignored and dropped by the network stack? All the hubbub about figuring out if your ISP is sabotaging you seems less useful than just blocking the shanangans and moving on with your life.
More Twoson than Cupertino
i wonder if this job could be done with tcpdump in Linux?
http://www.tcpdump.org/
Politics is Treachery, Religion is Brainwashing
This just highlights the evolving nature of open ... protocols? (it's more than the software). ...
... not for long.
I believe new software will appear that works around the next attempt to block torrents, and new software to go arround the one after that
If there is a big-enough interest in code/protocol changes, and the code / protocol is open, you can't "put a stop" to it.
Well
Tie two birds together: although they have four wings, they cannot fly. (The blind man)
Um, sorry, but "Network Measurement Tool Detect Reset Packets" is not a proper grammatical structure. It could be "Network Measurement Tool Detects Reset Packets" or "Network Measurement Tool to Detect Reset Packets" or several other things, but right now it has a problem.
Aside from that, it's great the people develop tools like this, but very surprising to see this be Windows-only.
How about setting up a firewall with our own deep packet inspection and reporting system? That way we can collectively scan, identify, analyze, report to a central site, aggregate the results, perform large scale analysis, and report the full results on all kinds of attacks on these firewalls around the world.
A distributed Get Your Hands Off My Network. This information can be used to provide Objective Evidence for Court Cases Against Aggressive ISP and Those Who Pretend To Be The Governments And Homeland Security Departments of The ~192 Imagined Countries Around The World. It's about time that these pretenders, who do real harm to other people in the world to, know that they are not the only ones with some power. We tech geeks say hands off our Internets and we are watching and reporting on YOU BIG BROTHER!
Power the the Geeks.
I would point out that a tool has existed for years that possessed this capability AND has been available on BOTH Linux (*NIX) and M$ platforms. It's called Wireshark (formerly Ethereal). I will offer the caveat that you had to know a bit about TCP/IP protocol to use this tools but, there it is.
Unix has always been User Friendly
Because, of course, ISPs could also forge legitimate looking TCP RST packets.
Religion is what happens when nature strikes and groupthink goes wrong.
Now I can help prove they are spoofing packets not only my torrents but my browsers and games and normal effin' downloads from websites. (Took me two days to legally download a 400MB file from a legitimate website because the transfer would stop halfway through and I'd have to start from scratch all over again. Did this 8 times over the two days for the same damn file.) At least I'm hoping it will help. I have not RTFA. This is slashdot afterall...
Network Measurement Tool to Detect Reset Packets
or
Network Measurement Tool Detects Reset Packets
I'm not entirely sure what your point is, and if it's supposed to be a good or a bad thing.
What would happen on a closed proprietary protocol? (E.g., let's imagine that MS had pursued their initial idea of makingt a MS net instead of the Internet, or that AOL/Compuserve/whatever had never gone TCP/IP and managed to win on their own, or that we all were on the French minitel. Or, heck, that each ISP had their own protocol and proprietary browser, and just converted to and from it. At least one did try to convert the graphics like that, and at least one is currently re-encoding movies, so it's not a huge stretch of imagination.)
Well, then you'd be pretty much in the hands of whoever owns the protocol, i.e., most likely the ISP. If you were on, say, a proprietary AOL network, which works only with proprietary AOL software, and uses AOL's own proprietary protocols, then you're completely at their mercy. If they want to reset your connections, or whatever else, what are you going to do about it?
Of course, you could reverse-engineer their protocols and patch their programs, which is a hell of a lot more expense and effort than with the open protocols. Except then they could:
1. Just change the protocol from one version to another, to break your changes. (AOL actually did this for a while to keep breaking MS's attempts of making their Windows Messenger interoperable with AIM.)
2. Sue you under DMCA for hacking into their network and bypassing their checks. (Seriously, much smaller attempts at reverse-engineering a protocol resulted in DMCA lawsuits.)
So basically at best you'd have to bet a _lot_ on, well, how sympathetic a judge would be to your view that you have a right to bypass the usage or access restrictions on privately owned servers, to download more than you've bought, and to hack their software to that end. I wouldn't take it as a given.
So basically open software at least gives you a fighting chance at all. Yes, they can keep modifying their implementation, but so can you. In the closed version, they own the software and the protocol, they can change it, but _you_ can't.
Open standards even put a limit on how far they can take technique #1 above, because at the end of the day, they still have to remain compatible with a metric buttload of software and hardware that they don't control. In the all proprietary version, if they want to change the protocol and software _completely_, and leave the old channel open just for downloading the new software, they can.
A polar bear is a cartesian bear after a coordinate transform.
> Without a Linux version, it's obviously the work of Satan.
... mostly they're just lazy or uninformed.
Not really. It's just the work of somebody who doesn't hold portability as an important requirement.
Sometimes this happens because they don't have the means to test on other platforms. Sometimes it's because they're so narrowly focussed that they're not even aware that there's more to computing than their own platform. Some people are simply too lazy, or lacking in computing skills, to write portable applications. And quite frequently it's the work of someone who is totally obsessed with his own platform's unique UI and so produces an UI app that can't run anywhere else, without actually wanting to be evil.
Only very rarely does a minor wannabe Satan appear, one who willfully writes open-source code that can't be run on other platforms by design. I'm not even sure I can name a clear example of it
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
http://www.nnsquad.org.nyud.net/nnma-install-2008-05-29.zip
Over here at B*Tard ISP we simply drop 4 out of every 5 inbound SYN packets. We find it solves most of our bandwidth issues.
The correct (and difficult to detect) way of throttling is by delaying ACK packets a few ms. Then normal TCP congestion control does all the nice throttling for you.
The ethics of throttling are a different matter: one side says they've been promised unlimited, and the other wants to be fair to all customers.
do something like 5.8Ghz phones and spread spectrum - use LOTS of "random" ports, initiate them from behind the firewall to make sure they'll get back through and boom comcast has more fun to work against!
A good friend of mine works for Shaw Cable in their bandwidth monitoring department and has told me that they do not do any kind of traffic shaping.
He says it's just three guys (only one on at a time afaik) and when they see someone using to much bandwidth, they phone them up and tell them to settle down with the downloads.
Comment removed based on user account deletion
yum install pcapdiff on Fedora. http://www.eff.org/testyourisp/pcapdiff/
You are not the customer.
And, yet, at least 50-75% of those (probably much, much more) 99.9% are capable of learning how to do the work.
I weep for the future if 25-50% of people are incapable of learning.
When our name is on the back of your car, we're behind you all the way!
C:\data>netstat -s | find "Reset"
Reset Connections = 906
Is it a coincidence that this is downloading incredibly slowly for me?!
Or it may as well be. On the bright side, I did just learn a great lesson about the importance of download mirrors.
I just read Slashdot for the articles.
funny, I can't get to the site from my comcast connection. Getting there just fine from work, so likely not the /. effect...
Cant believe ISP are adding that site to their blacklist!
That comment about stricmp is interesting. I assume it's bridging the difference between strcasecmp and stricmp. strcasecmp has been around for quite a long time and predates Linux. It's part of SuS.
(The reference above is the oldest I could find with a quick Google search.)
Program Intellivision!
I have been using Azureus for torrents.
After about 5GB of initial downloads, my download rate went from approx. 100kB/s to about 15-20kB/s while maintaining about 100kB/s upload at all times during seeding. These speeds have been my usual speed for weeks now. NOTHING I did restored my initial 100kB/s download speed.
Perusing Slashdot, I read this article and decided to try it out and see if I could glean some useful information from it. Nothing in particular caught my attention. I let a download cruise along for awhile with no changes and nothing to indicate "wonkiness" on the part of my ISP(Comcast).
Then, without me changing any settings, I suddenly got that 100kB/s download speed back and it is still cruising right along.
Is it possible Comcast somehow recognized my using the application and curtailed curtailing my download rate? Now that I have a tool to catch them in the act, they stop? Just coincidence?
What do you think?
While I am pissed off at Netgear for violating the GPL, I think it is time for me to mention that for mere money you can purchase a Netgear 8-port ProSafe VPM Firewall with 10/100 Mbps switch FVS318. This router detects spurious RST packets and will email you reports about them with details. For less trouble than porting Windows code to another platform (a Mac in my case) you can spend less than two hundred dollars for a hardware solution that provides email records to be used as proof later. My only problem with this solution was that there were so many RST packets that my email was getting clogged with reports. By the way, I NEVER use torrents, and I was seeing RST packets while I was on eBay. I have Comcast HSI and while I seem to be happy with the throughput, the thought of them forging TCP packets and inserting them into my communications stream bothers me quite a lot. I pay top dollar for my cable connection and I expect a clean pipe.
As a music lover and a Marshall appreciator, I would guess this signature regards a special amplifier with a knob that goes to 11 instead of just 10, eh?
The site design sure looks retro with big fonts ;)
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..