|reply to funchords |
Re: Comcast is using Sandvine to manage P2P Connections
Has anyone had any problems with sandvine using other protocols beside bittorrent. I was experiencing disconnects accompanied by rst packets when trying to transfer a file from my house to my parent's house when using either ftp or scp. About 4MB would transfer, then the connection would be killed, no bad errors on either end, just that it was disconnected.
1: Comcast connection where sandvine is implemented. I have seen it when using bittorrent, never checked for the rst packets but performance drastically changed one day and it has all the symptoms.
2: ATT connection from a small wireless company. This connection does not have an externally routable address, everyone is on a big lan.
What I was doing:
I wanted to transfer a file from my house (comcast) to my parent's house (ATT). I have set up on my parents computer a script that runs every 5 minutes which checks for the existence of a reverse ssh tunnel to my computer and creates it if it doesn't exist. Unfortunately I didn't write down all the errors so they are from memory. I tried to scp the file through the tunnel but after about 4MB I got an error, remote host had disconnected or something like that. It also killed the tunnel. After it was re-established I tried again to no avail killing the tunnel again. The next time I ssh'ed into my parents computer and tried issuing the scp command from their computer, still disconnected but didn't kill the reverse tunnel. The same thing happened when I tried to transfer the file via ftp, it would transfer for a little while then disconnect.
The whole thing was eerily similar to what my bittorrent traffic looked like before I started using an ssl enabled tracker. So, I fired up wireshark on my computer and through ssh, started wireshark on my parents computer displayed on my screen. Before I continue, let me say that I haven't really used a packet sniffer before for anything other than showing my friend how easy it was to spy on his instant messaging a couple years ago when I was on dialup and all the other computers on the lan at my house were routed through mine. I did however, thanks to the smart people I have read information about sandvine from, know that I would be looking for rst packets. I then started transferring a file and waited for the disconnect. Wireshark made it really easy for me, the rst packets were in red and stuck out like a sore thumb. All the packets before them looked normal, the source and destination matched up between the computers and everything made sense. The rst packtets however didn't. On my computer there is no record of any rst packets going out, they all show they are incoming from my parents computer. On their computer it is the same story, no record of the packets going out but incoming from my computer.
Strange, my computer has no record of sending those packets and neither does my parents. That is what is same thing that is happening with bittorrent traffic, right?
Now, I have been running bittorrent pretty solid for the last couple weeks without any problems seeding and have uploaded about 75GB of data. Forced encryption, ssl enabled tracker, and disabled dht take care of that.
I called up comcast and started complaining but the person I was talking to refused to help me because I had a 3rd party router, he told me I had to connect directly or he couldn't do anything. Describing the problem I compared it to the forced disconnects that they were doing to bittorrent seeders and he told me that this wasn't happening (is this still their official position?).
Anyways, when I connected directly to the modem it assigned me an new IP address and I don't have the problem anymore.
Does someone who knows more about sandvine know if what I am describing makes sense?
Will this problem come back if I upload a large amount of data via bittorrent?
Has anyone else seen this before?
ps. Yes, I know all you have to go on is my word but if it happens again I will be sure to save the dump from wireshark, and document all disconnect errors. Is there anything specifically that I should test/log if i run into this issue again?