Network Measurement Tool Detects Reset Packets

kickassweb writes "If you think your ISP is sniffing packets, or worse yet, sending reset packets to stop torrents, there's now a beta Network Measurement Tool to detect them, courtesy of Lauren Weinstein of the Net Neutrality Squad. It's released under the LGPL, and runs under Win2K, XP, and Vista. Quoting: 'While the reset packet detection system included in this release is of interest, NNSquad views this package as more important in the long run as a development base for a broad range of network measurement functionalities and associated communications and analysis efforts.'"

Slashdotters would laud this, but...

[elrous0]

Without a Linux version, it's obviously the work of Satan.

Re:

[morgan_greywolf]

Uh...it's LGPL. They give you the source. You wanna Linux version? Port it.

Re:Slashdotters would laud this, but...

[nmg196]

I hate it when people say "just port it" just because something is open source - Like every single computer user is capable of writing low level network code for any platform. I suspect that more than 99.9% of people of people who read slashdot would not stand a hope in hell of "porting it".

Re:Slashdotters would laud this, but...

[morgan_greywolf]

I hate it when people say "just port it" just because something is open source - Like every single computer user is capable of writing low level network code for any platform. I suspect that more than 99.9% of people of people who read slashdot would not stand a hope in hell of "porting it".

And, yet, at least 50-75% of those (probably much, much more) 99.9% are capable of learning how to do the work. The Linux TCP/IP stack, NIC drivers, etc., are fully open source. There are published specifications, docs, the whole nine yards. Read your RFCs. They're all online.

Programming C is just not that difficult, especially for anyone who already knows how to code in at least one other language.

Don't know how to code? There are tons of tutorials, books, and more on the Web, at your library, at your local bookstore and from e-commerce vendors everywhere.

If you have a brain, and an IQ of at least, say 115 or so, you have no excuse.

Re:Slashdotters would laud this, but...

[Bill_the_Engineer]

I would like to give the benefit of the doubt to the original poster and interpret his comments this way:

If there was a ready made package for me to use, I would gladly help the monitoring effort. However, I find the mantra "just port it" not only a reactionary response, but also totally unrealistic.

Don't know how to code? There are tons of tutorials, books, and more on the Web, at your library, at your local bookstore and from e-commerce vendors everywhere.

If you have a brain, and an IQ of at least, say 115 or so, you have no excuse.

I find this totally hilarious and would have modded you funny if I had the points to give. You are a comic genius using the absurd to humorously make a point...

I mean it's like saying "If you are capable of reading all the books available on construction and building codes, then there is no excuse for you not being able to build your own house."

Of course I could be wrong and misinterpreted both of your responses, in that case nevermind...

Re:

[ATMD]

I'm sorry, but who modded this insightful? Because it isn't.

It's just plain common sense. The grandparent is just such an idiot that next to him, the frothings of a half-blind raccoon in the later stages of rabies would appear insightful, let alone someone who can string a sentence together.

(And do I get Insightful, Troll, or Funny? Or just ignored? I'll be interested to see...)

Re:Slashdotters would laud this, but...

[Inner_Child]

If you have a brain, and an IQ of at least, say 115 or so, you have no excuse.

Maybe your time is worthless, but I actually have things that I have to do. Learning to code requires time that I (and I'm sure many others) just don't have.

Re:

[morgan_greywolf]

Maybe your time is worthless, but I actually have things that I have to do. Learning to code requires time that I (and I'm sure many others) just don't have.

Changing my own oil requires time that I (and I'm sure many others) just don't have. When I want my oil changed, I hire a mechanic.

Re:

[Rycross]

Yeah pretty much. My time is worth something to me, and I will pay to have someone save me time, if I deem the amount of time saved worthy of the price. Whats wrong with that?

Re:

[morgan_greywolf]

Nothing. When I say 'port it', this includes paying someone else to port it if it's really that important to you.

Re:

[Rycross]

Ah I see. I thought you were implying that there was something wrong with not wanting to bother with, say, changing my oil. :)

Re:

[Frank T. Lofaro Jr.]

A quote from the UNIX haters book:

http://www.art.net/~hopkins/Don/unix-haters/whinux/your-time.html [art.net]

Linux is Only Free If Your Time is Worthless

Re:

[statemachine]

A quote from my OS agnostic book:

"Windows is only $199 if your time is worthless."

So what's your point?

Re:

[kamathln]

When people say (GNU/)Linux is Free, they mean Free as in Freedom, not Free as in price didn't Linus torwalds tell you that? Probably Richard forgot to tell Linux about it.

Weeping

[camperdave]

And, yet, at least 50-75% of those (probably much, much more) 99.9% are capable of learning how to do the work.

I weep for the future if 25-50% of people are incapable of learning.

Re:

[Perf]

It's an issue of symantics...

If Slashdotters took time to learn C,
then they wouldn't have time to monitor Slashdot.

Therefore, they wouldn't be Slashdotters.

Re:Slashdotters would laud this, but...

[blhack]

If you have a brain, and an IQ of at least, say 115 or so, you have no excuse.

Thank you for completely trivializing a skill that some of us spend our entire lives perfecting.

Seriously, it is this sort of mentality that is killing tech. You DO have to be extremely smart/dedicated to do really low level CS work. You DO have to have a pretty heavy mathematics background to do any really serious code work and it is NOT something that you can "Learn in 7 days" no matter what the books you bought at borders are telling you.

Re:

[morgan_greywolf]

You DO have to have a pretty heavy mathematics background to do any really serious code work and it is NOT something that you can "Learn in 7 days" no matter what the books you bought at borders are telling you.

Really? You need advanced math degrees to understand TCP/IP, NIC drivers and such? Whoah! I gotta parse out this packet header! Better break out the calculus book! (Not.)

Re:

[Mr Z]

For a packet filter/pattern matcher like this, probably not. To understand the differences between all the load balancing, window resizing and congestion avoidance algorithms, as well as why and how they work, probably so.

Re:

[morgan_greywolf]

For a packet filter/pattern matcher like this, probably not.

Exactly.

To understand the differences between all the load balancing, window resizing and congestion avoidance algorithms, as well as why and how they work, probably so

But we weren't talking about that, and understanding those algorithms isn't necessary to port this tool.

If no one else is gonna do it, either do it yourself or a hire a programmer to do it for you.

I swear to the gods, non-programmers are some of the whiniest users of open source.

Re:

[wealthychef]

It takes a long time to learn how to port code. You are totally understating the amount of work it takes to get from user to programmer.

Re:

[techno-vampire]

And, yet, at least 50-75% of those (probably much, much more) 99.9% are capable of learning how to do the work.

When? Most of us have jobs, schoolwork or other things that take up most of our time. Do you expect us to spend several months worth of our Copious Free Time learning all the programming skills needed for this one job, especially when most Slashdotters will never need those skills again? I don't know what world you live in, but it's certainly not mine!

Re:

[nmg196]

I think you're missing the point. 99.9% of people on here would not WANT to port it even if they really WANT or NEED the resulting ported solution. Why the hell would I spend weeks learning a different branch of programming just to get some network card driver? I have a life and other things I need to do. It's easier just to switch platforms, dual boot, find an alternative etc. Pretty much ANY alternative solution is probably better for me than trying to learn how to write that code and port it myself. The

Re:

[Mister Whirly]

If you want convenient software packages that are ready to go with absolutely no work on your end, I would suggest using Windows or OS X. If you know absolutely zero about programming, why chose a programmer's operating system? I mean really, this IS Slashdot where Open Source is the Greatest Thing Ever(TM) and can save the entire world from any ills...

Re:

[hazah]

You don't need 99.9% of people to create a port. You just need at least 1 capable person willing to do it.

Re:

[sjames]

Then they can HIRE someone to port it. Perhaps a few people in the same boat can chip in together to pay for it to be ported.

The tool is probably written for Windows because Linux already has decent network analysis tools as part of most distros.

Re:

[axeme]

If you look in websys.h, you'll see a short block of definitions for making some portion of this compile under Linux. So maybe they were thinking of some portability.

Then there is also this on line 65: /* Hard to believe the Linux bozos tried to rename stricmp() */

tcpdump is much easier.

stricmp vs. strcasecmp: Who got there first?

[Mr Z]

That comment about stricmp is interesting. I assume it's bridging the difference between strcasecmp and stricmp. strcasecmp has been around for quite a long time [sunmanagers.org] and predates Linux. It's part of SuS.

(The reference above is the oldest I could find with a quick Google search.)

Re:porting, a hardware solution is cheaper

[Douglas Goodall]

While I am pissed off at Netgear for violating the GPL, I think it is time for me to mention that for mere money you can purchase a Netgear 8-port ProSafe VPM Firewall with 10/100 Mbps switch FVS318. This router detects spurious RST packets and will email you reports about them with details. For less trouble than porting Windows code to another platform (a Mac in my case) you can spend less than two hundred dollars for a hardware solution that provides email records to be used as proof later. My only prob

Re:Slashdotters would laud this, but...

[lintux]

As usually, Linux already has tools like this for ages, one just has to know how to use them:

tcpdump 'tcp[13] & 4 != 0'

Re:

[g-san]

here is a linux, windows and mac version:

netstat -sp tcp

since these packets are spoofed anyways, I don't think seeing the packet will do much good, but a count helps.

Re:

[compro01]

Which is why this tool is useful. It detects the forged packets, not all reset packets.

Re:

[caluml]

Don't run that! I ran it, and it deleted my po.. documents and media, and installed a backdoor!

Re:

[maxume]

What about the Microsoft shills and Apple fanboys?

Also, I think one guy uses BSD.

No need to invoke Satan

[Morgaine]

> Without a Linux version, it's obviously the work of Satan.

Not really. It's just the work of somebody who doesn't hold portability as an important requirement.

Sometimes this happens because they don't have the means to test on other platforms. Sometimes it's because they're so narrowly focussed that they're not even aware that there's more to computing than their own platform. Some people are simply too lazy, or lacking in computing skills, to write portable applications. And quite frequently it's t

Re:

[Mister Whirly]

Or it is simply a matter of numbers. Windows = 85%+ marketshare so therefore writing a package for Windows = millions and millions of potential more users than writing a package for Linux. It's a simple explanation, especially if you apply Heinlein's Razor.

Re:

[supernova_hq]

Not when you consider the percentage of linux users who would have a use for such software compared to windows users.

Consider:
-- 5% of windows users use it.
-- 75% of linux users use it.

Assuming that the linux version could easily be converted to BSD, Unix, MacOS, etc. that means that:
Total computer users using windows + application would be 4.25%
Total computer users using *nix, etc + application would be 11.25%

That is 2.6 times as many people.

My math is good, however my original numbers

Re:

[jbartas]

I wrote this, and yes, I was channeling Satan when I put it on Windows. I've ported a previous version to an embedded Linux platform, so I'm confident the NN Squad version could be ported to Linux, embedded or otherwise, in a few days. If there's enough interest I'll try it on Fedora 7 this weekend.
-JB-

Re:

[Ungrounded Lightning]

Without a Linux version, it's obviously the work of Satan.

http://en.wikipedia.org/wiki/SATAN">SATAN ran just fine on Linux. But it didn't sniff for forged RST packets.

Ignoring reset packets?

[Ojuicer]

First the Chinese firewall, and now ISPs closer to home.
Of course the ISPs shouldn't be allowed to spoof any packets, but what would be the consequence of ignoring all reset packets on a home network?

Re:

[Hal_Porter]

Your TCP/IP stack would run out of connections since old ones would stay open?

RST blocking?

[Applekid]

IANANG (I Am Not A Network Guru) but, what harm could happen if, say, all reset packets were just ignored and dropped by the network stack? All the hubbub about figuring out if your ISP is sabotaging you seems less useful than just blocking the shanangans and moving on with your life.

Re:RST blocking?

[cduffy]

Without RST packets, how are you supposed to know if the remote host is legitimately closing the connection?

Re:

[Anonymous Coward]

You waste some bandwidth sending more packets to them, and some time waiting for the connection to timeout.

Neither of which really matter - after all packets get dropped often enough anyway, the internet doesn't come to a screeching halt when an RST packet happens to be dropped somewhere...

Re:

[Hal_Porter]

the internet doesn't come to a screeching halt when an RST packet happens to be dropped somewhere...

No, because there's a timeout in the TIME_WAIT state. As far as I can tell RST packets are a way to break the connection and allow the TCP/IP stack to know that the socket is no longer in use.

I think if you ignored RST packets you'd end up with more sockets stuck in TIME_WAIT rather than being closed. Of course you could just increase the size of the socket table to compensate for entries getting stuck in TIME_WAIT or decrease the timeout or both.

But actually I found another problem. The forged RST packets

Re:

[Ed Avis]

Without RST packets, how are you supposed to know if the remote host is legitimately closing the connection?

Um, IPsec?

Point is, if your ISP spoofs RST packets, you cannot know when the remote host is legitimately closing the connection. If you get such a packet it could be genuine or it could be a fake. So it doesn't tell you much. You need some means for the remote host to sign every packet it sends out so they can't be spoofed, or else stop trusting them.

Re:

[cduffy]

Just so. It's almost a shame opportunistic IPsec came out years too early for most folks to see the need; I imagine it'd get much more attention if it were something big, new and shiny today.

Re:

[Anonymous Coward]

Opportunistic IPSec runs into the problem that you need a pre-shared secret ("PSK") or a public key infrastructure ("PKI"), otherwise malicious persons will simply do man-in-the-middle attacks on the key exchange, so they can do deep inspection of the encrypted traffic anyway (they just have to add decryption to the inspection process).

The net result of IPSec (or TLS) without strong authentication of both parties is that each packet consumes considerably more energy on the transmit and receive end systems,

Re:

[justthinkit]

IAANANG but what if, and I'm just spitballing here, an alternate network stack is written. It allows user-designated programs to tap into the "sample everything" trough, and does standard network stack stuff for every other program. When you install AltNS it asks for some 2000 byte random string and you have to provide that on a case-by-case basis whenever you want to allow a new progie to snoop everything. Ok, I worded that like crap but I think my drift has been cast, to the four sheets.

Re:

[tatsu69]

They send you a FIN packet. RST is only for exceptional situations.

Re:

[Eponymous Bastard]

Wait for the FIN packet? ...But apparently Linux uses RSTs anyway...

Oh, I know, wait for the second RST. When you get one, ignore and respond with an ACK or keepalive. IIRC, if the other side did close the connection, any extra packet is answered with another RST (Not sure about an empty ACK though).

If you receive a packet with a higher sequence number, the original RST was fake. If you get a second RST you acknowledge and close.

I'm not sure if you could do this at the firewall level or if you'd need to mod

Re:

[elzurawka]

Maybe with the FIN flag?

Re:RST blocking?

[Zocalo]

Assuming that you have a device capable of doing so, which I doubt many SoHo router/firewalls are, then there are not too many issues with dropping RST packets, and none of the them are show stoppers. It'll take a little longer before your web browser or whatever can determine that the remote site is genuinely down or otherwise refusing connections but that's about it from the "end-user" point of view. If you have a Linux proxy box however, then IPTables is perfectly capable of doing this for you, and can even do so in a sensible way - ie. just for BitTorrent traffic, just to pick a protocol at random.

Re:RST blocking?

[yabos]

If you can do that with iptables then you could do it with a home router and a 3rd party firmware on it. DD-WRT has iptables and I believe Tomato does as well.

Re:

[yabos]

True, but if you really care about trying to get around it then you can spend the $50-60 to buy one if it doesn't.

Re:

[hawg2k]

If they're sending RST packets, won't they be sending it to both parties? Just because you ignore them, doesn't mean the other end will. At best you'll have a half open socket, which is basically the same (or maybe worse) than a completely closed socket, no?

Re:

[Flamora]

If you're not happy with the content of the current stream, inject a RST in there instead of just making noise about it.

Re:

[Alioth]

I'm surprised a UDP based filesharing protocol hasn't emerged because of this, allied with an automatic system that signs each UDP packet. That way, if the ISP got "smart" and injected fake UDP packets containing the command to end the transfer, it could easily be determined as fake since its signature would be incorrect.

Re:

[steve_ellis]

The biggest problem with just dropping RSTs is that you can't stop the RSTs going to the other end of the connection--your torrent client may still think the session is open, but your peer will think that it is closed. RST is typically only used for abnormal termination, FIN (and the corresponding FIN/ACK) are used for 'normal' session closing. There is some additional risk to dropping RSTs in that over time all sessions that were supposed to be terminated 'abnormally' will linger, possibly forever, but i

tcpdump?

[FudRucker]

i wonder if this job could be done with tcpdump in Linux?

http://www.tcpdump.org/ [tcpdump.org]

Re:

[morgan_greywolf]

Well, probably. I know you can do this with Wireshark, and wireshark and tcpdump both use libpcap.

Re:

[sukotto]

tcpdump 'tcp[13] & 4!=0'

Re:

[DMUTPeregrine]

Slightly more complex. This tool then filters the output to try to find which RST packets are forged. That captures them all.

The evolvong nature of "open"

[utnapistim]

This just highlights the evolving nature of open ... protocols? (it's more than the software).
I believe new software will appear that works around the next attempt to block torrents, and new software to go arround the one after that ...
If there is a big-enough interest in code/protocol changes, and the code / protocol is open, you can't "put a stop" to it.

Well ... not for long.

Not sure what the point is

[Moraelin]

I'm not entirely sure what your point is, and if it's supposed to be a good or a bad thing.

What would happen on a closed proprietary protocol? (E.g., let's imagine that MS had pursued their initial idea of makingt a MS net instead of the Internet, or that AOL/Compuserve/whatever had never gone TCP/IP and managed to win on their own, or that we all were on the French minitel. Or, heck, that each ISP had their own protocol and proprietary browser, and just converted to and from it. At least one did try to convert the graphics like that, and at least one is currently re-encoding movies, so it's not a huge stretch of imagination.)

Well, then you'd be pretty much in the hands of whoever owns the protocol, i.e., most likely the ISP. If you were on, say, a proprietary AOL network, which works only with proprietary AOL software, and uses AOL's own proprietary protocols, then you're completely at their mercy. If they want to reset your connections, or whatever else, what are you going to do about it?

Of course, you could reverse-engineer their protocols and patch their programs, which is a hell of a lot more expense and effort than with the open protocols. Except then they could:

1. Just change the protocol from one version to another, to break your changes. (AOL actually did this for a while to keep breaking MS's attempts of making their Windows Messenger interoperable with AIM.)

2. Sue you under DMCA for hacking into their network and bypassing their checks. (Seriously, much smaller attempts at reverse-engineering a protocol resulted in DMCA lawsuits.)

So basically at best you'd have to bet a _lot_ on, well, how sympathetic a judge would be to your view that you have a right to bypass the usage or access restrictions on privately owned servers, to download more than you've bought, and to hack their software to that end. I wouldn't take it as a given.

So basically open software at least gives you a fighting chance at all. Yes, they can keep modifying their implementation, but so can you. In the closed version, they own the software and the protocol, they can change it, but _you_ can't.

Open standards even put a limit on how far they can take technique #1 above, because at the end of the day, they still have to remain compatible with a metric buttload of software and hardware that they don't control. In the all proprietary version, if they want to change the protocol and software _completely_, and leave the old channel open just for downloading the new software, they can.

Re:

[utnapistim]

I'm not entirely sure what your point is, and if it's supposed to be a good or a bad thing.

It's a good thing: due to the open nature of the torrent protocol, I think we will see changes in the torrent clients, that will make the current sabotage attempts obsolete.

Grammar?

[Thornburg]

Um, sorry, but "Network Measurement Tool Detect Reset Packets" is not a proper grammatical structure. It could be "Network Measurement Tool Detects Reset Packets" or "Network Measurement Tool to Detect Reset Packets" or several other things, but right now it has a problem.

Aside from that, it's great the people develop tools like this, but very surprising to see this be Windows-only.

Re:Grammar?

[Vectronic]

From The Site:

Please let us know if you're interested in coordinating on ports to other platforms, such as Linux, BSD, and Mac, or embedded hardware (e.g. WRT54G router).

Special thanks to John Bartas for all of his diligent and continuing work on this software for NNSquad.

So, I would assume that its just the one guy working on it (at the moment) which would explain why its Windows Only, its probably his chosen platform.

Re:

[TooMuchToDo]

Or, perhaps, he just wanted to make it available to a wider audience. Linux on the desktop usage is still a fraction of all desktops.

Re:

[Mister Whirly]

Bingo. Give that man a cigar. The simplest explanation is most often the correct one.

Re:But this one goes to 11

[Douglas Goodall]

As a music lover and a Marshall appreciator, I would guess this signature regards a special amplifier with a knob that goes to 11 instead of just 10, eh?

Re:

[Hal_Porter]

Where's the "-1 Inconvenient Truth" moderation option?

Satan Prevails - A distributed Get Your Hands Off

[itsybitsy]

How about setting up a firewall with our own deep packet inspection and reporting system? That way we can collectively scan, identify, analyze, report to a central site, aggregate the results, perform large scale analysis, and report the full results on all kinds of attacks on these firewalls around the world.

A distributed Get Your Hands Off My Network. This information can be used to provide Objective Evidence for Court Cases Against Aggressive ISP and Those Who Pretend To Be The Governments And Homeland Security Departments of The ~192 Imagined Countries Around The World. It's about time that these pretenders, who do real harm to other people in the world to, know that they are not the only ones with some power. We tech geeks say hands off our Internets and we are watching and reporting on YOU BIG BROTHER!

Power the the Geeks.

Network Measurement Tool Detect Reset Packets

[HPUXCowboy]

I would point out that a tool has existed for years that possessed this capability AND has been available on BOTH Linux (*NIX) and M$ platforms. It's called Wireshark (formerly Ethereal). I will offer the caveat that you had to know a bit about TCP/IP protocol to use this tools but, there it is.

Re: Network Measurement Tool Detect Reset Packets

[CogDissident]

Well yeah, but having a tool where you can have joe-average download it, press a button, and get all upset at Comcast has much more value.

The race is on

[bytesex]

Because, of course, ISPs could also forge legitimate looking TCP RST packets.

Re:

[Vectronic]

Yeah, and when that fails just cut the internet off... "just doing some routine maintenance"

Im becomming suspicious of my ISP for that reason, aside from obvious traffic shaping (which I usually dont mind too much), they also just drop the internet entirely but leave the network intact, so any computers still think there is internet but it goes no further than the ISP, upon which I start fucking with their servers until I get internet back. (you know, 'boredom')

Re:

[jonaskoelker]

Because, of course, ISPs could also forge legitimate looking TCP RST packets.

If you read the methodology [nnsquad.org] page, you'll learn that:

It's much harder to fake the timing of a spoofed reset.

This round trip time (RTT) is tracked internally by TCP protocol layers, however it can also be measured by external monitoring devices or software at the endpoints.

When sending bulk data during a TCP connection, the RTT between two TCP endpoints usually settles into a narrow, predictable range. Spoofed resets which are injected into the stream will usually have an RTT well below the measured average.

Reset packet spoofers could attempt to evade this detection technique and improve their "stealthiness" by first measuring the RTT of a connection that they are planning to disrupt, then delaying the transmission of their spoofed reset until timing falls within the "expected" RTT. The problem with this approach is the significant risk that the spoofed reset will arrive too late from the standpoint of the receiving endpoint.

In short, spoofed resets have only a relatively narrow time window in which they can be both effective at disrupting connections and simultaneously be resistant to detection as potentially anomalous events.

So yeah, in theory the ISP could, but anomalies are detected in a way that's hard to get around and still work.

Cool

[Taibhsear]

Now I can help prove they are spoofing packets not only my torrents but my browsers and games and normal effin' downloads from websites. (Took me two days to legally download a 400MB file from a legitimate website because the transfer would stop halfway through and I'd have to start from scratch all over again. Did this 8 times over the two days for the same damn file.) At least I'm hoping it will help. I have not RTFA. This is slashdot afterall...

Re:Cool

[Culture20]

I always use
wget -c <URL>
to download large files. Even when your ISP is on the up and up, you'll get a RST occasionally if the remote computer sends it. Using wget to continue an almost completed download of an iso or XPSP3 is really handy.

Throttling should not use RESET

[redelm]

Not that [ISP] managment have ever been known for great intelligence, but throttling connections via RESET is just plain dumb. The client will just retry and extra data transferred.

The correct (and difficult to detect) way of throttling is by delaying ACK packets a few ms. Then normal TCP congestion control does all the nice throttling for you.

The ethics of throttling are a different matter: one side says they've been promised unlimited, and the other wants to be fair to all customers.

Re:

[kickassweb]

"The ethics of throttling are a different matter: one side says they've been promised unlimited, and the other wants to totally forgo any network improvments and buildout that would allow tolerable connection speeds, and block any possible competition of their movie download business." There, fixed that for you.

other solution to reset packets against p2p

[hejish]

do something like 5.8Ghz phones and spread spectrum - use LOTS of "random" ports, initiate them from behind the firewall to make sure they'll get back through and boom comcast has more fun to work against!

Not directly relevent,

[Anonymous Coward]

A good friend of mine works for Shaw Cable in their bandwidth monitoring department and has told me that they do not do any kind of traffic shaping.

He says it's just three guys (only one on at a time afaik) and when they see someone using to much bandwidth, they phone them up and tell them to settle down with the downloads.

Re:

[Jabrwock]

A good friend of mine works for Shaw Cable... He says it's just three guys (only one on at a time afaik) and when they see someone using to much bandwidth, they phone them up and tell them to settle down with the downloads.

I got one of those calls, and the guy I spoke with couldn't tell me what "grey zone" I'd wandered into, or why my unlimited account... wasn't. I asked him what I should cap my d/l rate to, so I wouldn't get these calls, and he said there wasn't a limit "per se". So I asked him why he was calling me with a vague request to stop using so much of a service he couldn't define for me. No answer.

I've since switched to Sasktel. While it's a lower max bandwidth, I don't have to share, and I don't get a phone ca

Re:

[Jabrwock]

I'm not sure when this might have been, but shaw has defined limits on their website.... It's possible the guy you spoke to was new and didn't know what the defined limits are. My friend says they don't call unless you cross over those defined limits. I guess my friend can only speak for Shaw Cable in the city he works for though.

This was a few years ago, before they set up their limits. He was just harassing me for "hogging the node", but Shaw marketing hadn't defined what the "limit" was yet. So he really had nothing to guide me with.

When I called Sasktel, I spoke to a tech, and asked him if there were any limits to how much I could download in a month. He was confused by the question, because Sasktel is DSL, so you don't share it at all. If you max out your "tube" 24/7, they don't care, because you paid for all of it. So I swit

Re:

[Jabrwock]

I just love it when people say BS like this. You honestly have no clue, do you? It's ALL shared at some point, and yes DSL providers DO have limits and care when you go over them. All your conversation with the Sasktel rep proved was that they are an idiot.

I know what he meant. He meant I don't share it with people in my neighborhood, like cable companies do it. It's shared at the central office, where all the lines come together.

The point was that Sasktel won't call me up and bitch at me for "hogging" the node. I can't "hog" it, because I'm not sharing it. I get 1.5Mbps, period. I can't download any faster, because I'm not borrowing bandwidth from my neighbors to do it.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Culture20]

How are you going to tell a fake RST from a real one (and no, I haven't RTFA)?

Just a guess, but if the server on the other side still is sending data after the RST hits you, it's a sign that it didn't send the RST.

Already a decent Linux tool

[Limburgher]

yum install pcapdiff on Fedora. http://www.eff.org/testyourisp/pcapdiff/ [eff.org]

Huh...

[No Grand Plan]

Is it a coincidence that this is downloading incredibly slowly for me?!

'dotted.

[Nullav]

Or it may as well be. On the bright side, I did just learn a great lesson about the importance of download mirrors.

can't get there from my comcast connection....

[prennix]

funny, I can't get to the site from my comcast connection. Getting there just fine from work, so likely not the /. effect...

problematic detection methodology?

[paleshadows]

This link [nnsquad.org] describes the manner by which problematic reset packets are detected. Apparently, an RST packet would be flagged as generated by the ISP based on the time at which it arrives, namely, if it arrives too early, or too late:

spoofed resets have only a relatively narrow time window in which they can be both effective at disrupting connections and simultaneously be resistant to detection as potentially anomalous events.

The question is what prevents the ISP from sending the packet within the said "narrow time window" and thereby avoid detection?

Interesting effect on my downloads.

[Anachragnome]

I have been using Azureus for torrents.

After about 5GB of initial downloads, my download rate went from approx. 100kB/s to about 15-20kB/s while maintaining about 100kB/s upload at all times during seeding. These speeds have been my usual speed for weeks now. NOTHING I did restored my initial 100kB/s download speed.

Perusing Slashdot, I read this article and decided to try it out and see if I could glean some useful information from it. Nothing in particular caught my attention. I let a download cruise along

Welcome back to 1990!

[freaker_TuC]

The site design sure looks retro with big fonts ;)