Wednesday, July 27, 2011

Test Your ISP


In May 2007, Comcast began engaging in protocol-specific interference with the activities of its subscribers. When confronted by users and by EFF, Comcast responded with denials and answers that told less than the whole story. In October 2007, however, after independent testing by the Associated Press and EFF, it became clear that Comcast was, in fact, interfering with BitTorrent, Gnutella, and potentially other common file sharing protocols employed by millions of Internet users. In specific, Comcast was injecting forged RST packets into TCP communications, in an effort to disrupt certain protocols commonly used for file-sharing. The interference efforts were triggered by the protocol that the subscriber used, not by the number of connections made or amount of bandwidth used by the subscriber.

After a wave of public outcry, lawsuits, and an FCC proceeding, Comcast eventually anounced that it was planning to phase out discrimination against P2P protocols. We look forward to seeing them do that.

Meanwhile, the Comcast affair inspired us to launch our Test Your ISP project. Our aim is to ensure that the Internet community has the tools and organization to quickly recognize when ISPs engage in interference or protocol discrimination in the future.
At a minimum, consumers deserve a complete description of what they are getting when they buy "unlimited Internet access" from an ISP. Only if they know what is going on and who is to blame for deliberate interference can consumes make informed choices about which ISP to prefer (to the extent they have choices among residential broadband providers) or what counter-measures they might employ. Policy-makers, as well, need to understand what is actually being done by ISPs in order to pierce the evasive and ambiguous rhetoric employed by some ISPs to describe their interference activities.
Accordingly, EFF is developing information and software tools intended to help subscribers test their own broadband connections. We are also collecting information about software and tests being developed by other groups around the world. While these tests initially will require a relatively high degree of technical knowledge, we hope that we will be able to develop tools that will bring these testing efforts within reach of more subscribers.
This web page will collect EFF's white papers, software tools, blog entries, and other materials relating to this ongoing project. We are also maintaining a list of known ISP testing projects:

Known ISP Testing Software


ToolActive / Passive# Participants per TestPlatformProtocolsNotes
GeminiActive(?)BilateralBootable CD?Uses pcapdiff
GlasnostActive1.5 sidedJava appletBitTorrent
ICSI NetalyzrActive1.5 sidedJava applet + some javascriptFirewall characteristics, HTTP proxies, DNS environment
ICSI IDSPassive0 sided (on the network)IDSForged RSTsNot code users can run
Google/New AmericaMeasurementLabActive2 sidedPlanetLab (server), Any (client)AnyA server platform for others' active testing software
NDTActive1.5 sidedJava applet / native appTCP performanceA sophisticated speed test
Network Neutrality CheckActive1.5 sidedJava appletNo real tests yetReal tests forthcoming here ;discussion here
NNMAPassiveUnilateral(currently) Windows appAny
pcapdiff / tpcatEitherBilateralPython appAnyA tool to make manual tests easier. EFF is no longer working on pcapdiff, but development continues with the tpcat project.
SwitzerlandPassiveMultilateralPortable Python appAnySneak preview release just spots forged/modified packets
Web TripwiresPassive1.5 sidedJavascript embedHTTPMust be deployed by webmasters



EFF's Test Your ISP Software
EFF has released Version Zero of Switzerland, our sophisticated ISP testing software. Switzerland uses a semi-P2P, server-and-many-clients architecture to detect modified or spoofed traffic between multiple clients. You can learn more about Switzerland here.
The Test Your ISP project previously released a much simpler piece of software called pcapdiff. Pcapdiff is a simple command line tool that lets you compare "pcap" packet captures from either end of an Internet communication; it reports when packets are dropped and spoofed between the endpoints ("pcap" packet captures can be recorded with standard packet sniffing tools like tcpdump and wireshark). Running tests with pcapdiff is a technically involved process; we have a whitepaper outlining the steps involved.

https://www.eff.org/testyourisp