Network Measurement Tool Detects Reset Packets 118
kickassweb writes "If you think your ISP is sniffing packets, or worse yet, sending reset packets to stop torrents, there's now a beta Network Measurement Tool to detect them, courtesy of Lauren Weinstein of the Net Neutrality Squad. It's released under the LGPL, and runs under Win2K, XP, and Vista. Quoting: 'While the reset packet detection system included in this release is of interest, NNSquad views this package as more important in the long run as a development base for a broad range of network measurement functionalities and associated communications and analysis efforts.'"
Network Measurement Tool Detect Reset Packets (Score:5, Informative)
Re:RST blocking? (Score:1, Informative)
Neither of which really matter - after all packets get dropped often enough anyway, the internet doesn't come to a screeching halt when an RST packet happens to be dropped somewhere...
Re:Cool (Score:4, Informative)
wget -c <URL>
to download large files. Even when your ISP is on the up and up, you'll get a RST occasionally if the remote computer sends it. Using wget to continue an almost completed download of an iso or XPSP3 is really handy.
Re:RST blocking? (Score:2, Informative)
Point is, if your ISP spoofs RST packets, you cannot know when the remote host is legitimately closing the connection. If you get such a packet it could be genuine or it could be a fake. So it doesn't tell you much. You need some means for the remote host to sign every packet it sends out so they can't be spoofed, or else stop trusting them.
Re:tcpdump? (Score:3, Informative)
Re:RST blocking? (Score:3, Informative)
Re:RST blocking? (Score:2, Informative)
I think if you ignored RST packets you'd end up with more sockets stuck in TIME_WAIT rather than being closed. Of course you could just increase the size of the socket table to compensate for entries getting stuck in TIME_WAIT or decrease the timeout or both.
But actually I found another problem. The forged RST packets are sent to both parties in the Bittorrent connection. So all the people downloading would need to hack their TCP/IP stacks to ignore RST packets and cope in that situation. And the ISP could block the connection after it sends RSTs, so even if you ignored them you'd be out of luck.