Intel4004
join:2008-02-26
Alexandria, LA
2 edits | Does Suddenlink filter and kill p2p traffic?
The following is an edited excerpt from: »www.p2pforum.it/forum/showthread···t=290321
Does Suddenlink filter internet traffic either openly or hidden? Suddenlink’s CEO is on record saying they do indeed apply "traffic shaping" policies but do they trace their users' bandwidth usage and intervene directly in order to limit their transfer speeds?
Traffic shaping is one thing but totally killing certain types of traffic is quite another! Traffic shaping is often operated on specific protocols (typically, peer-to-peer ones), but many Suddenlink users since February 2008 are starting to believe that bandwidth is reset when any P2P program is running. A separate issue which we will not address here is does Suddenlink or any IPS have the right to open packets and read what type of data they contain and then pass judgment if they should be allowed to pass though the filter?
To prove the existence of file-sharing filters can be difficult, especially if one seeks for evidence on a single computer, but the process gets easier if a test is performed by two remote users exchanging given data packets through a P2P protocol. By comparing what one end of the connection has sent to what the other end has received, one can see if the content has been blocked, delayed or forged by the provider.
One important means of holding ISPs accountable for this interference is the ability of some subscribers to detect and document its reliably. We have to learn what ISPs are doing before we can try to do something about it. Internet users can often detect interference by comparing data sent at one end with data received at the other end of a connection.
Due to the efforts of project Gemini it is now possible to obtain evidence by using two "Live" operating systems designed to connect with one another over the Internet, to start a BitTorrent transfer, and to record the Transmission - after which it will generate a report containing the analysis of the traffic.
Every user can get Gemini ISOs and perform the test with a remote friend, if his machine meets the requirements described below.
For further details and info’s about the principles Gemini is based upon, see the following pages:
»www.eff.org/wp/detecting-packet-injection
»en.wikipedia.org/wiki/Traffic_shaping
»www.azureuswiki.com/index.php/Bad_ISPs
#Requirements and setting#
1. In order to be able to perform the test, there must be two different remote users (the test is performable only in couple): one with the version A, the other with the version B. You can download the ISOs for Gemini here:
Gemini_A.ISO »file.p2pforum.it/?d=65AB76751
Gemini_B.ISO »file.p2pforum.it/?d=D97081851
2. Once the ISOs have been downloaded, they need to be burned on a CDROM. You need to have an x86-architecture PC (no 64-bit hardware, no ultraSPARC, no Macintosh)
3. You need to have a modem/router connected to the network card (no USB, no Wireless), which you must disable NAT and Firewall upon, if previously enabled. The modem/router need to be configured so that the IP got from the provider is routed directly on the network card.
Please note that not all the modems/routers can be configured this way. Typically, there's a feature called Half Bridge that can be enabled from the device's web interface and that automatically sets the machine.
The Half Bridge is available under other names, depending on the producers: ZIPB - zero IP bridge, DHCP spoofing, DHCP-to-PPP spoofing, IP extension etc.
By way of example, there is a list of some of the models on which you can (theoretically) enable that function:
Atlantis Land I-Storm A02-Ra2+ (Half Bridge)
Atlantis Land I-Fly wireless router A02-WRA (half bridge)
Atlantis Land VoIP ROUTER ADSL A02-RAV211 (Half Bridge)
Atlantis Land Webshare A02-RA111 (Half Bridge)
Ar520 Modem Router - Libero (ZIPB)
Alice W-Gate Ethernet (not all the versions: Half Bridge)
Thomsom SPEEDTOUCH ST605 (DHCP-to-PPP spoofing)
Alcatel Speedtouch 5xx series (Half Bridge)
Alcatel SpeedTouch Pro (DHCP spoof)
Alcatel ST570 (DHCP spoof)
Aethra ADSL Starmodem / Starbridge / Stargate ethernet - Wind/Infostrada/Tiscali (Half Bridge)
Starbridge EB1010 / EB1030 / EB1040 (Half Bridge)
Starbridge EU (Half bridge)
Sitecom ADSL Homestation DC-214v2/216v2 (Half Bridge)
Sitecom WL-118
Billion 7100S (Half Bridge)
Billion BiPAC 5200S (Half Bridge)
Billion BEC 5200S ADSL2+
Hamlet HRDSL512
Globespan Viking/BT Voyager 205 router (ZIPB) ##-> »192.168.1.1/MainPage?id=31
LevelOne Netcon FBR-1161A
Planet ADE-3400Av2
Edimax Network AR-7064+
Kraun Network KR-93
Aceex AR11T
Aztech ADSL DSL305EU (Half bridge)
Aztech ADSL DSL305E (not all the versions) (Half bridge)
Digicom Michelangelo WAVE 8E4248 e 8E4253
Digicom ADSL2+ COMBO (Half Bridge)
Micronet SP3361A
TeleWell TW-EA501
Protac Web Excel AL2108P
Dynalink RTA1320 (Half bridge)
Dynalink RTA100 (Half bridge / ZIPB)
Dynalink 1320
NetGear DM111P Modem ethernet ADSL2+ (Half Bridge)
NetGear DG632 (Half Bridge)
Netcomm NB1300Plus4
Netcomm NB6
Netcomm NB5/NB5plus4/NB5plus4W (firmware) (Half bridge)
GreatSpeed GS-B240G ADSL (ZIPB)
Origo ASR-8400 (Half bridge)
Origo 8100 / 8400 ADSL modem router (Half Bridge)
Linksys AM200 (Half Bridge from firmware 1.19.02)
Linksys AM300 in PPPoA (firmware?) (Half Bridge)
Linksys AG241 (Half bridge)
D-Link DSL-502T GenII (firmware) (Half Bridge) ##-> »img526.imageshack.us/my.php?i...···1ff6.jpg
D-Link DSL-300/320
D-Link DSL-302G (Half bridge)
D-Link DSL-300T (ZIPB)
D-Link 300G+ (DHCP spoof)
D-Link 520T (Half Bridge)
Conitech Dakota Router ADSL 2/2+ (Half bridge)
Roper Dakota Router ADSL 2/2+ (Half bridge)
Belkin F5D5730au adsl router (Half bridge)
Trust MD-4050 ADSL 2+ Modem-Router (Half Bridge)
Trust 445A Speedlink xDSL Web Station (Half bridge)
Microlink ADSL Modem Router
Safecom SAMR-4112 (Half bridge)
Solwise SAR130 (ZIPB mode)
ZyXEL P-660R-D1 router (Half bridge) ##-> »www.zyxel.co.uk/web/support_f...···12093058
US Robotics USR9105 (IP Extension)
US Robotics USR9106 (IP Extension)
US Robotics USR9107 (IP Extension)
US Robotics USR9108 (IP Extension)
US Robotics MAXg ADSL Gateway (IP Extension)
Zoom X4 ADSL Router (Half Bridge)
Zoom X3 ADSL Router (Half Bridge)
Zoom X6 ADSL Router (Half Bridge)
NOTE: if you can't connect to the Internet after modifying your router, check if DHCP server is still enabled.
#How to perform the test#
Before starting, communicate your IP address to the person that will join you in the test and make sure to know his/hers. (In order to know your own IP address, you can refer - for example - to this website)
Configure your PC so that it boots from CDROM, insert the Gemini CD and turn the machine on.
When UBUNTU screen shows, press [F2], choose "Italian" language, then press [ENTER] on the first line, as displayed in this figure:
(Note: inside Ubuntu, you'll find this Quick Guide that resumes the following steps)
Once you've got to the desktop, double click on "Gemini-tool" icon:
A terminal window will show where messages relative to the running program are scrolled.
Select the language (pressing «i» for Italian, "e" for English).
You'll be requested to type the IP address of the user you're performing the test with (make sure to type the IP address of your companion, not yours, without mistyping of sort: the program can't check if the IP inserted is correct):
When the other user, in his turn, has typed your IP address, the program goes on automatically.
WARNING: it's very important that the user, at this stage, doesn't open other programs or use the system: the test goes on automatically for about 5/7 minutes.
During this time, the transfer of a file is started over torrent protocol, and both the end (Gemini_A and the end Gemini_B) trace the traffic on the net:
Once the transmission is over, Gemini_A's activity has come to an end. The client should look like this:
The user with Gemini_A can restart his/her PC (System menu -> Allegato 22664)
Gemini_B, on the other hand, shall perform the comparison between the two records, after which he'll produce a report file:
The report is already available on the Desktop (even in a compressed format): now you have only to choose how to post it on our forum:
If you select the first option, your internet browser will redirect you on this page, where you will be able to upload the log; otherwise, you can browse to search for the file hosting site of your choice;
With the second option, you can save the report on a memory drive or a USB pen.
Whichever your choice, remember that the report will be deleted from desktop when you restart your PC.
#Test results#
The results of traffic tracing are included in the report; now we have to read them: let's see how.
Below, we present two real examples of report, one of which with a "clean" line:
-------------
Packet counts
-------------
inbound outbound
sent: 16633 8897
received: 16633 8897
forged: 0 0
dropped: 0 0
___________________________Gemini______________________
Sat, 01 Mar 2008 14:47:23 +0000
B local: 84.223.89.***
B local: *.89.223.84.in-addr.arpa domain name pointer host-84-223-89-*.cust-adsl.tiscali.it.
A remote: 81.74.238.***
A remote: *.238.74.81.in-addr.arpa domain name pointer host*-238-static.74-81-b.business.telecomitalia.it.
Delta: 240
skipNAT: false
the other example shows a high rate of dropped and forged/spoofed packets:
-------------
Packet counts
-------------
inbound outbound
sent: 7463 4476
received: 6732 4848
forged: 17 455
dropped: 748 83
__________________________Gemini______________________
Sat, 02 Mar 2008 19:12:11 +0000
B local: 84.223.89.***
B local: *.89.223.84.in-addr.arpa domain name pointer host-84-223-89-*.cust-adsl.tiscali.it.
A remote: 81.74.238.***
A remote: *.238.74.81.in-addr.arpa domain name pointer host*-238-static.74-81-b.business.telecomitalia.it.
Delta: 240
skipNAT: false
In the latter example, "inbound" and "outbound" are from Gemini_B's point of view.
In this case, there's almost 10% of packets directed from A to B that have been dropped, and 10% of packets directed to A that B has never sent.
In consideration of the fact that Gemini_A is the torrent seeder, and that Gemini_B is downloading from A, one can rightly suspect the ISP is involved in jamming the seeder (A)'s communications by both sending him/her forged packets and blocking some of the legitimate ones. Of course, when the uploader/seed A is slowed down, the downloader (B) will be slowed down too.
The fact that a certain number of packets is blocked or dropped during normal Internet communications is pretty ordinary. It's not ordinary when the number of missing/blocked packets is high, and it's even less ordinary and suspect-inducing when there are apparently spoofed/forged packets - this case is about packets purposely created by ISPs and passed off as "normal" messages from an end of the connection to the other.
It's important to interpret the test report with a critical eye, making sure that the results are verifiable and reproducible, as opposed to problems caused by temporary inconveniences.
In order to establish whether the traffic limitations are due to the ISP, you can keep on performing the test with other-ISP users. This enables you to know if a user is systematically and iniquitously filtered.
Those who have noticed their connections have problems at certain hours of the day may find useful to perform at least two tests: inside and outside the time band when the slowing down of the traffic is expected to happen.
#Common errors and problems#
Below, is a list of some common errors and some explanations for them. In case doubts still persist, you're invited to report the error in as much detail as possible:
Common error that may show on the terminal window:
"ERROR: no internet connection found: impossible to continue."
"ERROR: no connection to ethernet card found"
There's no connection available to the Internet on your PC, or connection isn't active on Ethernet.
"ERROR: NAT enabled on the connection"
Check requirements out: the IP address you get from your modem/router isn't the same as the public IP address you get from the provider.
Read above if and how you can disable NAT on your modem/router.
"ERROR: When starting UBUNTU, you need to select Italian (F2)"
. You forgot to press F2 and to choose Italian language when launching LiveCD.
That's mandatory even in case you want to use Gemini tool in English.
"ERROR: Impossible to send Gemini_B the log."
"ERROR: Impossible to get the log from Gemini_A."
When one of these two inconveniences occur, that's most likely because your DSL line has got disconnected (or modem/router has reset it).
Try to repeat the test; if the inconvenience persists, you may not have disabled the firewall on your router, or your connection is undoubtedly unstable.
The terminal window has stopped "running" for more than 10 minutes:
Normally, while performing the test, you should see various text lines flow through the terminal window. Sometimes the terminal window seems to be "idle"; if this state lasts too long (over ten minutes), an error has surely occurred.
Send us the last viewed lines: making so will help us to work the problem out.
Another case is when, the terminal being "idle", a message appears that says:
"Info: waiting for Gemini_A/B (IP address) ...."
"Info: (close this window in order to quit)"
Simply, that's either because your friend at the other end of the connection hasn't yet launched Gemini, or the IP addresses have been mistyped. Otherwise, there must be a firewall that's still active.
#Use licences#
Ubuntu: Copyright © 2007 Canonical Ltd, Licensing
pcapdiff: Copyright © 2007 Electronic Frontier Foundation, GNU General Public License version 2/3
EFF guide: »www.eff.org/wp/detecting-packet-injection
Wireshark®: GNU General Public License version 2
Gemini: GNU General Public License version 2 |
