b5media.com

Advertise with us

Enjoying this blog? Check out the rest of the Business Channel

Work Boxers

Uncovering Deliberate Traffic Tampering

by Mark on December 8th, 2007

A review by Law.com on the EFF’s new traffic interference detection software;

“The new software compares lists of data packets sent and received by two different computers and looks for discrepancies between what one sent and the other actually received. Previously, the process had to be done manually.”

fragmentation_sm.jpg

Reality check? How about the fact that there are a few who are making it more difficult for many. Correct. As in those greedy enough or inconsiderate enough have created the motivation for the ISP’s to need to do something about the level of traffic moving over their pipes through excessive downloading or exchanging extremely large files. Therefore many of us wind up needing this simply to protect our interests because the tools the ISP’s use don’t, unfortunately, discriminate between real people and the pigs who lack a conscience. To quote Law.com: “Some online activities, like peer-to-peer file-sharing, swallow massive amounts of bandwidth and can slow Internet connections for other subscribers.”

Still, forgery isn’t right, morally or ethically, just because it’s called “technology.”

Detecting packet injection: a guide to observing packet spoofing by ISPs

Before you attempt to use this there are requirements to be paid attention to;

“Making use of these techniques requires some general understanding of Internet technology and some technical expertise. If you don’t understand the process, you may not produce meaningful evidence about what your ISP is doing. Although we have attempted to explain most of the network concepts and principles involved, it may prove helpful to have read at least one technical book or web site about the TCP/IP protocol suite before beginning.

The test described here must be performed in conjunction with a friend who is using a different Internet connection (and therefore is probably in a different location). Both you and your friend must have a good understanding of the process described here; this test relies on comparing observations made at two different locations in order to find differences between them, so it would not be meaningful if performed by one party alone. Therefore, these instructions are primarily useful for testing peer-to-peer applications or applications for which you can run your own server. It is therefore difficult to confirm if an ISP is blocking a third-party service like Google unless the operator of that service is interested in participating directly in the tests.”

The EFF supplies comprehensive instructions at the above link. I’ll repeat it - what to do and how.

Part of the requirements is this software from Wireshark. EFF supplies their tool, pcapdiff, here.

“Pcapdiff is a tool developed by the EFF to compare two packet captures and identify potentially forged, dropped, or mangled packets. Two technically-inclined friends can set up packet captures (e.g. tcpdump or Wireshark) on their own computers and produce network traffic between their two computers over the Internet. Later, they can run pcapdiff on the two packet capture files to identify suspicious packets for further investigation.”

Tags: EFF-detection-software, ISP-traffic-tampering, packet-spoofing, Pcapdiff, Wireshark

POSTED IN: Web Happenings

0 opinions for Uncovering Deliberate Traffic Tampering

  • No one has left a comment yet. You know what this means, right? You could be first!

Have an opinion? Leave a comment: