site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

US Cable Support > Cox HSI > [OK] Cox doesn't mess with Bittorrent traffic, does it?

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Cox HSI Forum FAQ ·Cox HSI forum Links ·WEB Mail ·Cable and Sat TV forum
AuthorAll Replies


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:5
1 edit

reply to Tsume

Here's Proof: Cox Interferes with P2P Uploads

Excellent, Tsume! This is the same behavior seen on Comcast with Sandvine's interference with many of the P2P protocols.

The following capture was on the eDonkey network between a Cox user and a user in Tel-Aviv, Israel. In this exchange, the non-Cox user connects, handshakes, and then requests parts, at which time the connection is immediately disrupted by an abort signal (TCP flag RST). The same pattern is repeated for all download requests.

  
 
No.     Time        Source                Destination           Protocol Info
      1 0.000000    88.154.XXX.XXX           COX.COX.COX.COX         TCP      3803 > 57909 [SYN] Seq=0 Len=0 MSS=1432
 
Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: D-Link_5f:XX:XX (00:19:5b:5f:XX:XX), Dst: Elitegro_3c:XX:XX (00:19:21:3c:XX:XX)
Internet Protocol, Src: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net), Dst: YYY.YYY.YYY.YYY (cox.net)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0xf2ed (62189)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 114
    Protocol: TCP (0x06)
    Header checksum: 0xf18b [correct]
    Source: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net)
    Destination: YYY.YYY.YYY.YYY (cox.net)
Transmission Control Protocol, Src Port: 3803 (3803), Dst Port: 57909 (57909), Seq: 0, Len: 0
 
No.     Time        Source                Destination           Protocol Info
      2 3.530691    88.154.XXX.XXX           COX.COX.COX.COX         TCP      3803 > 57909 [SYN] Seq=0 Len=0 MSS=1432
 
Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: D-Link_5f:XX:XX (00:19:5b:5f:XX:XX), Dst: Elitegro_3c:XX:XX (00:19:21:3c:XX:XX)
Internet Protocol, Src: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net), Dst: YYY.YYY.YYY.YYY (cox.net)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 48
    Identification: 0xf359 (62297)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 114
    Protocol: TCP (0x06)
    Header checksum: 0xf11f [correct]
    Source: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net)
    Destination: YYY.YYY.YYY.YYY (cox.net)
Transmission Control Protocol, Src Port: 3803 (3803), Dst Port: 57909 (57909), Seq: 0, Len: 0
 
No.     Time        Source                Destination           Protocol Info
      3 3.845140    88.154.XXX.XXX           COX.COX.COX.COX         TCP      3803 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
 
Frame 3 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_5f:XX:XX (00:19:5b:5f:XX:XX), Dst: Elitegro_3c:XX:XX (00:19:21:3c:XX:XX)
Internet Protocol, Src: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net), Dst: YYY.YYY.YYY.YYY (cox.net)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xf365 (62309)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 114
    Protocol: TCP (0x06)
    Header checksum: 0xf11b [correct]
    Source: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net)
    Destination: YYY.YYY.YYY.YYY (cox.net)
Transmission Control Protocol, Src Port: 3803 (3803), Dst Port: 57909 (57909), Seq: 1, Ack: 0, Len: 0
 
No.     Time        Source                Destination           Protocol Info
      4 3.865210    88.154.XXX.XXX           COX.COX.COX.COX         eDonkey  eDonkey TCP: Hello
 
Frame 4 (191 bytes on wire, 191 bytes captured)
Ethernet II, Src: D-Link_5f:XX:XX (00:19:5b:5f:XX:XX), Dst: Elitegro_3c:XX:XX (00:19:21:3c:XX:XX)
Internet Protocol, Src: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net), Dst: YYY.YYY.YYY.YYY (cox.net)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 177
    Identification: 0xf367 (62311)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 114
    Protocol: TCP (0x06)
    Header checksum: 0xf090 [correct]
    Source: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net)
    Destination: YYY.YYY.YYY.YYY (cox.net)
Transmission Control Protocol, Src Port: 3803 (3803), Dst Port: 57909 (57909), Seq: 1, Ack: 0, Len: 137
eDonkey Protocol
 
No.     Time        Source                Destination           Protocol Info
      5 6.892877    88.154.XXX.XXX           COX.COX.COX.COX         TCP      [TCP Dup ACK 4#1] 3803 > 57909 [ACK] Seq=138 Ack=0 Win=65535 Len=0
 
Frame 5 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_5f:XX:XX (00:19:5b:5f:XX:XX), Dst: Elitegro_3c:XX:XX (00:19:21:3c:XX:XX)
Internet Protocol, Src: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net), Dst: YYY.YYY.YYY.YYY (cox.net)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xf3ce (62414)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 114
    Protocol: TCP (0x06)
    Header checksum: 0xf0b2 [correct]
    Source: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net)
    Destination: YYY.YYY.YYY.YYY (cox.net)
Transmission Control Protocol, Src Port: 3803 (3803), Dst Port: 57909 (57909), Seq: 138, Ack: 0, Len: 0
 
No.     Time        Source                Destination           Protocol Info
      6 7.857685    88.154.XXX.XXX           COX.COX.COX.COX         eDonkey  eDonkey TCP: File Request
 
Frame 6 (83 bytes on wire, 83 bytes captured)
Ethernet II, Src: D-Link_5f:XX:XX (00:19:5b:5f:XX:XX), Dst: Elitegro_3c:XX:XX (00:19:21:3c:XX:XX)
Internet Protocol, Src: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net), Dst: YYY.YYY.YYY.YYY (cox.net)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 69
    Identification: 0xf3ec (62444)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 114
    Protocol: TCP (0x06)
    Header checksum: 0xf077 [correct]
    Source: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net)
    Destination: YYY.YYY.YYY.YYY (cox.net)
Transmission Control Protocol, Src Port: 3803 (3803), Dst Port: 57909 (57909), Seq: 138, Ack: 109, Len: 29
eDonkey Protocol
 
No.     Time        Source                Destination           Protocol Info
      7 10.851679   88.154.XXX.XXX           COX.COX.COX.COX         TCP      [TCP Dup ACK 6#1] 3803 > 57909 [ACK] Seq=167 Ack=109 Win=65426 Len=0
 
Frame 7 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_5f:XX:XX (00:19:5b:5f:XX:XX), Dst: Elitegro_3c:XX:XX (00:19:21:3c:XX:XX)
Internet Protocol, Src: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net), Dst: YYY.YYY.YYY.YYY (cox.net)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xf439 (62521)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 114
    Protocol: TCP (0x06)
    Header checksum: 0xf047 [correct]
    Source: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net)
    Destination: YYY.YYY.YYY.YYY (cox.net)
Transmission Control Protocol, Src Port: 3803 (3803), Dst Port: 57909 (57909), Seq: 167, Ack: 109, Len: 0
 
No.     Time        Source                Destination           Protocol Info
      8 11.997924   88.154.XXX.XXX           COX.COX.COX.COX         eDonkey  eDonkey TCP: File Status Request
 
Frame 8 (76 bytes on wire, 76 bytes captured)
Ethernet II, Src: D-Link_5f:XX:XX (00:19:5b:5f:XX:XX), Dst: Elitegro_3c:XX:XX (00:19:21:3c:XX:XX)
Internet Protocol, Src: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net), Dst: YYY.YYY.YYY.YYY (cox.net)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 62
    Identification: 0xf44f (62543)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 114
    Protocol: TCP (0x06)
    Header checksum: 0xf01b [correct]
    Source: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net)
    Destination: YYY.YYY.YYY.YYY (cox.net)
Transmission Control Protocol, Src Port: 3803 (3803), Dst Port: 57909 (57909), Seq: 167, Ack: 173, Len: 22
eDonkey Protocol
 
No.     Time        Source                Destination           Protocol Info
      9 16.089054   88.154.XXX.XXX           COX.COX.COX.COX         eDonkey  eDonkey TCP: Slot Request
 
Frame 9 (76 bytes on wire, 76 bytes captured)
Ethernet II, Src: D-Link_5f:XX:XX (00:19:5b:5f:XX:XX), Dst: Elitegro_3c:XX:XX (00:19:21:3c:XX:XX)
Internet Protocol, Src: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net), Dst: YYY.YYY.YYY.YYY (cox.net)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 62
    Identification: 0xf4c3 (62659)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 114
    Protocol: TCP (0x06)
    Header checksum: 0xefa7 [correct]
    Source: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net)
    Destination: YYY.YYY.YYY.YYY (cox.net)
Transmission Control Protocol, Src Port: 3803 (3803), Dst Port: 57909 (57909), Seq: 189, Ack: 198, Len: 22
eDonkey Protocol
 
No.     Time        Source                Destination           Protocol Info
     10 20.428610   88.154.XXX.XXX           COX.COX.COX.COX         eDonkey  eDonkey TCP: Request Parts
 
Frame 10 (100 bytes on wire, 100 bytes captured)
Ethernet II, Src: D-Link_5f:XX:XX (00:19:5b:5f:XX:XX), Dst: Elitegro_3c:XX:XX (00:19:21:3c:XX:XX)
Internet Protocol, Src: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net), Dst: YYY.YYY.YYY.YYY (cox.net)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 86
    Identification: 0xf52b (62763)
    Flags: 0x04 (Don't Fragment)
    Fragment offset: 0
    Time to live: 114
    Protocol: TCP (0x06)
    Header checksum: 0xef27 [correct]
    Source: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net)
    Destination: YYY.YYY.YYY.YYY (cox.net)
Transmission Control Protocol, Src Port: 3803 (3803), Dst Port: 57909 (57909), Seq: 211, Ack: 204, Len: 46
eDonkey Protocol
 
No.     Time        Source                Destination           Protocol Info
     11 20.429537   88.154.XXX.XXX           COX.COX.COX.COX         TCP      3803 > 57909 [RST] Seq=257 Len=0
 
Frame 11 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_5f:XX:XX (00:19:5b:5f:XX:XX), Dst: Elitegro_3c:XX:XX (00:19:21:3c:XX:XX)
Internet Protocol, Src: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net), Dst: YYY.YYY.YYY.YYY (cox.net)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xf52f (62767)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 113
    Protocol: TCP (0x06)
    Header checksum: 0x3052 [correct]
    Source: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net)
    Destination: YYY.YYY.YYY.YYY (cox.net)
Transmission Control Protocol, Src Port: 3803 (3803), Dst Port: 57909 (57909), Seq: 257, Len: 0
 
No.     Time        Source                Destination           Protocol Info
     12 20.429719   88.154.XXX.XXX           COX.COX.COX.COX         TCP      3803 > 57909 [RST] Seq=12760 Len=0
 
Frame 12 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_5f:XX:XX (00:19:5b:5f:XX:XX), Dst: Elitegro_3c:XX:XX (00:19:21:3c:XX:XX)
Internet Protocol, Src: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net), Dst: YYY.YYY.YYY.YYY (cox.net)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 40
    Identification: 0xf530 (62768)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 113
    Protocol: TCP (0x06)
    Header checksum: 0x3051 [correct]
    Source: 88.154.XXX.XXX (bzq-88-154-XXX-XXX.red.bezeqint.net)
    Destination: YYY.YYY.YYY.YYY (cox.net)
Transmission Control Protocol, Src Port: 3803 (3803), Dst Port: 57909 (57909), Seq: 12760, Len: 0

Here are the other attempts from peers attempting to download from a peer using Cox:

No.     Time        Source                Destination           Protocol Info
     13 46.586053   24.189.31.XXX         COX.COX.COX.COX       TCP      2812 > 57909 [SYN] Seq=0 Len=0 MSS=1260
     14 46.687668   24.189.31.XXX         COX.COX.COX.COX       TCP      2812 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
     15 46.748282   24.189.31.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
     16 47.024208   24.189.31.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
     17 47.134846   24.189.31.XXX         COX.COX.COX.COX       eDonkey  eMule Extensions TCP: Sources Request
     18 47.298049   24.189.31.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
     19 47.562492   24.189.31.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
     20 47.563020   24.189.31.XXX         COX.COX.COX.COX       TCP      2812 > 57909 [RST] Seq=292 Len=0
     21 47.563022   24.189.31.XXX         COX.COX.COX.COX       TCP      2812 > 57909 [RST] Seq=12795 Len=0
 
     22 65.136343   24.185.8.XXX          COX.COX.COX.COX       TCP      62534 > 57909 [SYN] Seq=0 Len=0 MSS=1460
     23 65.247461   24.185.8.XXX          COX.COX.COX.COX       TCP      62534 > 57909 [ACK] Seq=1 Ack=0 Win=17520 Len=0
     24 65.310605   24.185.8.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
     25 65.572995   24.185.8.XXX          COX.COX.COX.COX       TCP      62534 > 57909 [ACK] Seq=110 Ack=109 Win=17411 Len=0
     26 65.634605   24.185.8.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
     27 65.771306   24.185.8.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: File Status Request
     28 65.950557   24.185.8.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
     29 66.112815   24.185.8.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
     30 66.113299   24.185.8.XXX          COX.COX.COX.COX       TCP      62534 > 57909 [RST] Seq=229 Len=0
     31 66.113468   24.185.8.XXX          COX.COX.COX.COX       TCP      62534 > 57909 [RST] Seq=12732 Len=0
 
     32 67.254090   82.166.149.XXX        COX.COX.COX.COX       TCP      1993 > 57909 [SYN] Seq=0 Len=0 MSS=1452
     33 67.514098   82.166.149.XXX        COX.COX.COX.COX       TCP      1993 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
     34 67.603107   82.166.149.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
     35 68.037685   82.166.149.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
     36 68.339129   82.166.149.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: File Status Request
     37 68.687124   82.166.149.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
     38 70.924634   82.166.149.XXX        COX.COX.COX.COX       eDonkey  [TCP Retransmission] eDonkey TCP: Slot Request
     39 71.672143   82.166.149.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
     40 71.672770   82.166.149.XXX        COX.COX.COX.COX       TCP      1993 > 57909 [RST] Seq=264 Len=0
     41 71.672773   82.166.149.XXX        COX.COX.COX.COX       TCP      1993 > 57909 [RST] Seq=12767 Len=0
     43 71.917529   82.166.149.XXX        COX.COX.COX.COX       TCP      1993 > 57909 [ACK] Seq=264 Ack=199 Win=65336 Len=0
     44 71.917711   82.166.149.XXX        COX.COX.COX.COX       TCP      1993 > 57909 [RST] Seq=264 Len=0
     45 71.917859   82.166.149.XXX        COX.COX.COX.COX       TCP      1993 > 57909 [RST] Seq=12767 Len=0
 
     42 71.860454   91.146.240.XXX        COX.COX.COX.COX       TCP      1621 > 57909 [SYN] Seq=0 Len=0 MSS=1460
     46 72.060726   91.146.240.XXX        COX.COX.COX.COX       TCP      1621 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
     47 72.067227   91.146.240.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
     49 73.352168   91.146.240.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
     50 73.567989   91.146.240.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: File Status Request
     51 73.816861   91.146.240.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
     52 74.047680   91.146.240.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
     53 74.048650   91.146.240.XXX        COX.COX.COX.COX       TCP      1621 > 57909 [RST] Seq=226 Len=0
     54 74.048821   91.146.240.XXX        COX.COX.COX.COX       TCP      1621 > 57909 [RST] Seq=12729 Len=0
 
     48 73.090273   87.69.104.XXX         COX.COX.COX.COX       TCP      3354 > 57909 [SYN] Seq=0 Len=0 MSS=1360
     55 75.245499   87.69.104.XXX         COX.COX.COX.COX       TCP      3354 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
     56 75.249467   87.69.104.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
     57 81.775774   87.69.104.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
     58 83.698172   87.69.104.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: File Status Request
     59 85.681663   87.69.104.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
     60 87.415781   87.69.104.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
     61 87.416247   87.69.104.XXX         COX.COX.COX.COX       TCP      3354 > 57909 [RST] Seq=213 Len=0
     62 87.416944   87.69.104.XXX         COX.COX.COX.COX       TCP      3354 > 57909 [RST] Seq=12716 Len=0
     63 94.871840   87.69.104.XXX         COX.COX.COX.COX       eDonkey  [TCP Retransmission] eDonkey TCP: Request Parts
 
     64 103.397576  58.173.104.XXX        COX.COX.COX.COX       TCP      4010 > 57909 [SYN] Seq=0 Len=0 MSS=1460
     65 103.603587  58.173.104.XXX        COX.COX.COX.COX       TCP      4010 > 57909 [ACK] Seq=1 Ack=0 Win=17520 Len=0
     66 103.822975  58.173.104.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
     67 104.243129  58.173.104.XXX        COX.COX.COX.COX       eDonkey  eMule Extensions TCP: Sources Request
     68 104.590641  58.173.104.XXX        COX.COX.COX.COX       TCP      4010 > 57909 [ACK] Seq=209 Ack=173 Win=17347 Len=0
     69 104.961175  58.173.104.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
     70 105.287189  58.173.104.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
     71 105.288143  58.173.104.XXX        COX.COX.COX.COX       TCP      4010 > 57909 [RST] Seq=277 Len=0
     72 105.288329  58.173.104.XXX        COX.COX.COX.COX       TCP      4010 > 57909 [RST] Seq=12780 Len=0
 
     86 196.968087  99.194.169.XXX        COX.COX.COX.COX       TCP      4124 > 57909 [SYN] Seq=0 Len=0 MSS=1460
     87 197.068221  99.194.169.XXX        COX.COX.COX.COX       TCP      4124 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
     88 197.289546  99.194.169.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
     89 197.608485  99.194.169.XXX        COX.COX.COX.COX       TCP      4124 > 57909 [ACK] Seq=93 Ack=109 Win=65426 Len=0
     90 197.738713  99.194.169.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
     91 197.828346  99.194.169.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: File Status Request
     92 198.120301  99.194.169.XXX        COX.COX.COX.COX       TCP      4124 > 57909 [ACK] Seq=144 Ack=198 Win=65337 Len=0
     93 198.162843  99.194.169.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
     94 198.353632  99.194.169.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
     95 198.354607  99.194.169.XXX        COX.COX.COX.COX       TCP      4124 > 57909 [RST] Seq=212 Len=0
     96 198.354778  99.194.169.XXX        COX.COX.COX.COX       TCP      4124 > 57909 [RST] Seq=12715 Len=0
     97 198.461288  99.194.169.XXX        COX.COX.COX.COX       TCP      4124 > 57909 [ACK] Seq=212 Ack=204 Win=65331 Len=0
     98 198.461471  99.194.169.XXX        COX.COX.COX.COX       TCP      4124 > 57909 [RST] Seq=212 Len=0
     99 198.461621  99.194.169.XXX        COX.COX.COX.COX       TCP      4124 > 57909 [RST] Seq=12715 Len=0
 
     79 184.539926  87.70.91.XXX          COX.COX.COX.COX       TCP      2247 > 57909 [SYN] Seq=0 Len=0 MSS=1360
     80 185.267027  87.70.91.XXX          COX.COX.COX.COX       TCP      2247 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
     81 188.257524  87.70.91.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
     83 192.171362  87.70.91.XXX          COX.COX.COX.COX       eDonkey  eMule Extensions TCP: Unknown
     84 192.802313  87.70.91.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: File Status Request
     85 193.323101  87.70.91.XXX          COX.COX.COX.COX       TCP      2247 > 57909 [ACK] Seq=199 Ack=168 Win=65367 Len=0
    100 198.840396  87.70.91.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
    101 200.734723  87.70.91.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
    102 200.735666  87.70.91.XXX          COX.COX.COX.COX       TCP      2247 > 57909 [RST] Seq=267 Len=0
    103 200.735830  87.70.91.XXX          COX.COX.COX.COX       TCP      2247 > 57909 [RST] Seq=12770 Len=0
 
    107 308.003628  201.73.192.XXX        COX.COX.COX.COX       TCP      1938 > 57909 [SYN] Seq=0 Len=0 MSS=1460
    108 308.277002  201.73.192.XXX        COX.COX.COX.COX       TCP      1938 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
    109 308.467273  201.73.192.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
    110 308.818803  201.73.192.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
    111 309.080137  201.73.192.XXX        COX.COX.COX.COX       eDonkey  eMule Extensions TCP: Sources Request
    112 309.560379  201.73.192.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
    113 309.894915  201.73.192.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
    114 309.895386  201.73.192.XXX        COX.COX.COX.COX       TCP      1938 > 57909 [RST] Seq=227 Len=0
    115 309.895565  201.73.192.XXX        COX.COX.COX.COX       TCP      1938 > 57909 [RST] Seq=12730 Len=0
 
    116 322.167835  201.78.174.XXX        COX.COX.COX.COX       TCP      4446 > 57909 [SYN] Seq=0 Len=0 MSS=1440
    117 322.454974  201.78.174.XXX        COX.COX.COX.COX       TCP      4446 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
    118 322.471262  201.78.174.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
    119 322.781271  201.78.174.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
    120 323.085480  201.78.174.XXX        COX.COX.COX.COX       eDonkey  eMule Extensions TCP: Sources Request
    121 323.574505  201.78.174.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
    122 323.864419  201.78.174.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
    123 323.865082  201.78.174.XXX        COX.COX.COX.COX       TCP      4446 > 57909 [RST] Seq=227 Len=0
    124 323.865084  201.78.174.XXX        COX.COX.COX.COX       TCP      4446 > 57909 [RST] Seq=12730 Len=0
 
    125 339.226952  71.105.61.XXX         COX.COX.COX.COX       TCP      1913 > 57909 [SYN] Seq=0 Len=0 MSS=1460
    126 340.758729  71.105.61.XXX         COX.COX.COX.COX       TCP      1913 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
    127 340.780293  71.105.61.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
    128 342.468313  71.105.61.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
    129 344.260537  71.105.61.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: File Status Request
    130 345.916531  71.105.61.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
    131 347.318155  71.105.61.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
    132 347.319075  71.105.61.XXX         COX.COX.COX.COX       TCP      1913 > 57909 [RST] Seq=211 Len=0
    133 347.319242  71.105.61.XXX         COX.COX.COX.COX       TCP      1913 > 57909 [RST] Seq=12714 Len=0
 
    134 358.192466  91.185.118.XXX        COX.COX.COX.COX       TCP      4439 > 57909 [SYN] Seq=0 Len=0 MSS=1460
    135 358.646150  91.185.118.XXX        COX.COX.COX.COX       TCP      4439 > 57909 [ACK] Seq=1 Ack=0 Win=17520 Len=0
    136 359.183435  91.185.118.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
    137 360.603545  91.185.118.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
    138 361.383217  91.185.118.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: File Status Request
    139 362.423795  91.185.118.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
    140 363.363382  91.185.118.XXX        COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
    141 363.364227  91.185.118.XXX        COX.COX.COX.COX       TCP      4439 > 57909 [RST] Seq=211 Len=0
    142 363.364393  91.185.118.XXX        COX.COX.COX.COX       TCP      4439 > 57909 [RST] Seq=12714 Len=0
 
    143 378.325755  60.240.62.XXX         COX.COX.COX.COX       TCP      35525 > 57909 [SYN] Seq=0 Len=0 MSS=1402
    144 378.559083  60.240.62.XXX         COX.COX.COX.COX       TCP      35525 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
    145 378.566074  60.240.62.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
    146 379.874602  60.240.62.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
    147 380.172513  60.240.62.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: File Status Request
    148 380.475457  60.240.62.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
    149 380.765389  60.240.62.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
    150 380.765850  60.240.62.XXX         COX.COX.COX.COX       TCP      35525 > 57909 [RST] Seq=226 Len=0
    151 380.765853  60.240.62.XXX         COX.COX.COX.COX       TCP      35525 > 57909 [RST] Seq=12729 Len=0
 
    152 402.541072  82.3.19.XXX           COX.COX.COX.COX       TCP      2746 > 57909 [SYN] Seq=0 Len=0 MSS=1460
    153 402.730368  82.3.19.XXX           COX.COX.COX.COX       TCP      2746 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
    154 402.826481  82.3.19.XXX           COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
    155 403.104864  82.3.19.XXX           COX.COX.COX.COX       eDonkey  eMule Extensions TCP: Unknown
    156 403.478956  82.3.19.XXX           COX.COX.COX.COX       eDonkey  eDonkey TCP: File Status Request
    157 403.776899  82.3.19.XXX           COX.COX.COX.COX       TCP      2746 > 57909 [ACK] Seq=172 Ack=173 Win=65362 Len=0
    158 403.964687  82.3.19.XXX           COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
    159 404.155558  82.3.19.XXX           COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
    160 404.156052  82.3.19.XXX           COX.COX.COX.COX       TCP      2746 > 57909 [RST] Seq=240 Len=0
    161 404.156054  82.3.19.XXX           COX.COX.COX.COX       TCP      2746 > 57909 [RST] Seq=12743 Len=0
 
    162 407.431919  87.69.87.XXX          COX.COX.COX.COX       TCP      4859 > 57909 [SYN] Seq=0 Len=0 MSS=1360
    163 410.426408  87.69.87.XXX          COX.COX.COX.COX       TCP      4859 > 57909 [SYN] Seq=0 Len=0 MSS=1360
    164 414.037670  87.69.87.XXX          COX.COX.COX.COX       TCP      4859 > 57909 [ACK] Seq=1 Ack=0 Win=17680 Len=0
    165 414.073742  87.69.87.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
    166 418.327109  87.69.87.XXX          COX.COX.COX.COX       TCP      4859 > 57909 [ACK] Seq=110 Ack=109 Win=17571 Len=0
    167 418.347794  87.69.87.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
    168 419.350633  87.69.87.XXX          COX.COX.COX.COX       TCP      [TCP Dup ACK 167#1] 4859 > 57909 [ACK] Seq=139 Ack=109 Win=17571 Len=0
    169 419.610029  87.69.87.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: File Status Request
    170 421.543913  87.69.87.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
    171 424.469308  87.69.87.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
    172 424.469770  87.69.87.XXX          COX.COX.COX.COX       TCP      4859 > 57909 [RST] Seq=229 Len=0
    173 424.469943  87.69.87.XXX          COX.COX.COX.COX       TCP      4859 > 57909 [RST] Seq=12732 Len=0
 
    174 434.740736  80.39.85.XXX          COX.COX.COX.COX       TCP      4263 > 57909 [SYN] Seq=0 Len=0 MSS=1420
    175 435.180400  80.39.85.XXX          COX.COX.COX.COX       TCP      4263 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
    176 435.186391  80.39.85.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
    178 436.648669  80.39.85.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
    179 437.044771  80.39.85.XXX          COX.COX.COX.COX       eDonkey  eMule Extensions TCP: Sources Request
    181 437.412429  80.39.85.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
    182 437.731812  80.39.85.XXX          COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
    183 437.732273  80.39.85.XXX          COX.COX.COX.COX       TCP      4263 > 57909 [RST] Seq=308 Len=0
    184 437.732275  80.39.85.XXX          COX.COX.COX.COX       TCP      4263 > 57909 [RST] Seq=12811 Len=0
 
    177 436.639633  151.60.56.XXX         COX.COX.COX.COX       TCP      2594 > 57909 [SYN] Seq=0 Len=0 MSS=1360
    180 437.285100  151.60.56.XXX         COX.COX.COX.COX       TCP      2594 > 57909 [ACK] Seq=1 Ack=0 Win=65535 Len=0
    185 440.454327  151.60.56.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Hello
    186 441.232989  151.60.56.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: File Request
    187 441.705203  151.60.56.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: File Status Request
    188 442.080811  151.60.56.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Slot Request
    189 442.654643  151.60.56.XXX         COX.COX.COX.COX       eDonkey  eDonkey TCP: Request Parts
    190 442.655162  151.60.56.XXX         COX.COX.COX.COX       TCP      2594 > 57909 [RST] Seq=228 Len=0
    191 442.655336  151.60.56.XXX         COX.COX.COX.COX       TCP      2594 > 57909 [RST] Seq=12731 Len=0
All of the above requests were interrupted by an injected, forged TCP packet with the Abort/Reset [RST] flag set. If the other client actually intended to break off communication, it would have sent a FIN packet as shown in the following...

     73 107.446940  87.69.104.XXX         COX.COX.COX.COX       eDonkey  [TCP Retransmission] eDonkey TCP: Request Parts
     74 135.298910  87.69.104.XXX         COX.COX.COX.COX       eDonkey  [TCP Retransmission] eDonkey TCP: Request Parts
     82 189.059715  87.69.104.XXX         COX.COX.COX.COX       eDonkey  [TCP Retransmission] eDonkey TCP: Slot Release
    105 231.189435  87.69.104.XXX         COX.COX.COX.COX       TCP      3354 > 57909 [FIN, ACK] Seq=219 Ack=199 Win=65336 Len=0
    106 296.899909  87.69.104.XXX         COX.COX.COX.COX       eDonkey  [TCP Retransmission] eDonkey TCP: Slot Release

This is conclusive proof that Cox is interfering with eDonkey uploads by abusing the RST (abort/reset) flag.

--Robb Topolski

--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.
to forum · permalink · 2007-11-15 14:50:59 ·

kingofdsl

join:2002-12-11
Afton, OK

This is conclusive proof that Cox is interfering with eDonkey uploads by abusing the RST (abort/reset) flag.

--Robb Topolski
=======================================================
How is it abuse when Cox owns the network?

to forum · permalink · 2007-11-15 16:20:46 ·

wierdo

join:2001-02-16
Tulsa, OK
Reviews:
·Cox HSI
·T-Mobile US
1 edit

reply to funchords
I'm not saying this is what's happening in this particular case, but there do exist broken NAT devices that lose track of NAT mappings when being beaten on by a BT client and thus send an RST when they receive an "unexpected" (only unexpected because the NAT table filled up, of course) packet.

RSTs are not in and of themselves abnormal with broken NAT devices or broken end user machines. NAT tables filling and a crash of the BT client at the far end can both cause the OS itself (either on the NAT device or the endpoint) to send said RST.

Edited to add: To be clear, RSTs are perfectly normal when one end thinks there is a TCP connection in progress and the other end doesn't. That's how TCP deals with such a state mismatch.

to forum · permalink · 2007-11-15 17:24:52 ·

robertfl
Premium
join:2005-10-10
Mary Esther, FL

Welcome to 1984. I think other ISP's will follow suit as well.

-Rob

to forum · permalink · 2007-11-15 17:42:12 ·


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:5

reply to wierdo

said by wierdo:

I'm not saying this is what's happening in this particular case, but there do exist broken NAT devices that lose track of NAT mappings when being beaten on by a BT client and thus send an RST when they receive an "unexpected" (only unexpected because the NAT table filled up, of course) packet.
Great question. According to the BEHAVE IETF Working Group, NAT devices should send an ICMP unreachable error and/or drop the packet in that case.

In this case, however, the RST is following an exact pattern that repeats. With the SYN long past, and a data packet received less than 100 ms. ago, there's no valid reason a remote peer should generate a reset.

This is clearly interference, it matches the Comcast eDonkey interference.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.
to forum · permalink · 2007-11-15 18:47:15 ·


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:5

reply to kingofdsl

said by kingofdsl:

How is it abuse when Cox owns the network?
Answered here:
»My use of the word 'Abuse'
to forum · permalink · 2007-11-15 18:49:51 ·

wierdo

join:2001-02-16
Tulsa, OK
Reviews:
·Cox HSI
·T-Mobile US

reply to funchords

said by funchords:

]Great question. According to the BEHAVE IETF Working Group, NAT devices should send an ICMP unreachable error and/or drop the packet in that case.

In this case, however, the RST is following an exact pattern that repeats. With the SYN long past, and a data packet received less than 100 ms. ago, there's no valid reason a remote peer should generate a reset.

This is clearly interference, it matches the Comcast eDonkey interference.
Maybe I'm just misremembering, but IIRC sending an RST is the correct behavior when an endpoint receives a TCP packet that appears to be referring to a nonexistent connection.

Specifically, when a TCP packet is received that does not have the SYN or FIN bit set.

We mustn't forget that devices that happen to do NAT are also endpoints in their own right and thus must conform to standard behavior when they receive a packet appearing to belong to a connection that does not exist.

Silent dropping is a common behavior, but is not, strictly speaking, correct. Sending an ICMP port unreachable is the correct response when receiving a packet with the SYN bit set which has a destination port which is not valid for the receiving host.

What will happen (and this is incorrect behavior) if a router running Linux runs out of NAT table space is exactly what you describe. The peer sends packets just fine, but when we send one back, the NAT router sends back an RST because it sees our packet as invalid.

Again, I'm not at all arguing that Cox is not testing some dumb as paint device that does what you claim, I'm just pointing out that the same things can be explained by things that have nothing to do with Cox. In fact, I wouldn't be surprised if a good number of BT users had that exact problem due to poor NAT devices at the remote end.

What I don't get is why on earth any ISP would use such blatantly idiotic technology when they could just as easily use similar deep packet inspection to mark BT and other bulk traffic as such and use standard QoS to delay (or deprioritize) packets so marked. Doing it that way would achieve the same ends, but in a way that would be completely impossible to prove was actually happening, so long as the mark was removed before the packet exited Cox's network.
to forum · permalink · 2007-11-15 21:39:59 ·

robertfl
Premium
join:2005-10-10
Mary Esther, FL

comcast is being sued. is cox next?

If all we will be able to do on or any service is surf the web and check e-mail, then i'm going back to dial up. no need to cough up $50+ dollars for "censored" internet.

Again, they need to stop adverizing "download movies and music at blazing speeds"

-Rob

to forum · permalink · 2007-11-15 21:51:16 ·


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:5

reply to wierdo

said by wierdo:

Maybe I'm just misremembering, but IIRC sending an RST is the correct behavior when an endpoint [including a NAT device] receives a TCP packet that appears to be referring to a nonexistent connection.
Well, you'll have to take that up with the BEHAVE Working Group of the IETF.

Meanwhile, the RSTs in this case are definitely not caused by NAT devices, so the matter is academic only.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.
to forum · permalink · 2007-11-15 22:30:33 ·
Forums > US Cable Support > Cox HSI

Wednesday, 08-Feb 11:36:59 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online! © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics