Stai visualizzando il nostro sito in modalità Ospite: puoi visualizzare la maggior parte delle sezioni e delle discussioni, ma ancora non puoi parteciparvi attivamente o godere di tutte le funzioni e dei tanti vantaggi offerti dalla registrazione. Iscrivendotigratuitamente alla nostra communITy, potrai inserire messaggi, comunicare con altri amici anche in privato, votare nei sondaggi, rilassarti giocando con i videogiochi di Arcade, partecipare alle lotterie (e vincere succulenti premi) e tanto, tanto altro... Il tutto con un'iscrizione gratuita!
Gemini Project: LiveCD ISO to detect packet injection and ISPs shaping P2P traffic
#Gemini Project#
«Do ISPs filter internet traffic?» - that's the one million dollar question currently being asked by plenty of users. Some providers are (either openly or hiddenly) applying "traffic shaping" policies, tracing their users' bandwidth usage and intervening directly in order to limit their transfer speeds.
Traffic shaping is often operated on specific protocols (typically, peer-to-peer ones), but many users lament over the fact that bandwidth is reset when any P2P program is running.
To prove the existence of file-sharing filters can be difficult, especially if one seeks for evidence on a single computer, but the process gets easier if a test is performed by two remote users exchanging given data packets through a P2P protocol. By comparing what one end of the connection has sent to what the other end has received, one can see if the content has been blocked, delayed or forged by providers.
In this project, our aim is to produce evidence with the technique below: we've developed two "Live" operating systems designed to connect with one another over the Internet, to start a BitTorrent transfer, and to record the transmission - after which it will generate a report containing the analysis of the traffic.
Every user can get Gemini ISOs and perform the test with a remote friend, if his machine meet the requirements we're going to indicate.
For further details and infos about the principles Gemini is based upon, see the following pages:
In order to be able to perform the test, there must be two different remote users (the test is performable only in couple): one with the version A, the other with the version B. You can download the ISOs for Gemini here: Gemini_A.ISO Gemini_B.ISO
Once the ISOs have been downloaded, they need to be burned on a CDROM. (come masterizzare le ISO)
You need to have a PC (no ultraSPARC, no Macintosh, no SUN)
You need to have a modem/router connected to the network card (no USB, no Wireless), which you must disable NAT and Firewall upon, if previously enabled. The modem/router need to be configured so that the IP got from the provider is routed directly on the network card.
Please note that not all the modems/routers can be configured this way. Typically, there's a feature called Half Bridge that can be enabled from the device's web interface and that sets automatically the machine.
The Half Bridge is available under other names, depending on the producers: ZIPB - zero IP bridge, DHCP spoofing, DHCP-to-PPP spoofing, IP extension etc.
By way of example, we list some of the models on which you can (theoretically) enable that function:
NOTE: if you can't connect to the Internet after modifying your router, check if DHCP server is still enabled.
#How to perform the test#
Before starting, communicate your IP address to the person that will join you in the test and make sure to know his/hers. (In order to know your own IP address, you can refer - for example - to this website)
Configure your PC so that it boots from CDROM, insert the Gemini CD and turn the machine on.
When UBUNTU screen shows, press [F2], choose "Italian" language, then press [ENTER] on the first line, as displayed in this figure:
(Note: inside Ubuntu, you'll find this Quick Guide that resumes the following steps)
Once you've got to the desktop, double click on "Gemini-tool" icon:
A terminal window will show where messages relative to the running program are scrolled.
Select the language (pressing «i» for Italian, "e" for english).
You'll be requested to type the IP address of the user you're performing the test with (make sure to type the IP address of your companion, not yours, without mistypings of sort: the program can't check if the IP inserted is correct):
When the other user, in his turn, has typed your IP address, the program goes on automatically. WARNING: it's very important that the user, at this stage, doesn't open other programs or use the system: the test goes on automatically for about 5/7 minutes.
During this time, the transfer of a file is started over torrent protocol, and both the end (Gemini_A and the end Gemini_B) trace the traffic on the net:
Once the transmission is over, Gemini_A's activity has come to an end. The client should look like this:
The user with Gemini_A can restart his/her PC (System menu -> )
Gemini_B, on the other hand, shall perform the comparison between the two records, after which he'll produce a report file:
The report is already available on the Desktop (even in a compressed format): now you have only to choose how to post it on our forum:
If you select the first option, your internet browser will redirect you on this page, where you will be able to upload the log; otherwise, you can browse to search for the file hosting site of your choice;
With the second option, you can save the report on a memory drive or a USB pen.
Whichever your choice, remember that the report will be deleted from desktop when you restart your PC.
#Test results#
The results of traffic tracing are included in the report; now we have to read them: let's see how.
Below, we present two real examples of report, one of which with a "clean" line:
-------------
Packet counts
-------------
inbound outbound
sent: 7463 4476
received: 6732 4848
forged: 17 455
dropped: 748 83
__________________________Gemini______________________
Sat, 02 Mar 2008 19:12:11 +0000
B local: 84.223.89.***
B local: *.89.223.84.in-addr.arpa domain name pointer host-84-223-89-*.cust-adsl.tiscali.it.
A remote: 81.74.238.***
A remote: *.238.74.81.in-addr.arpa domain name pointer host*-238-static.74-81-b.business.telecomitalia.it.
Delta: 240
skipNAT: false
In the latter example, "inbound" and "outbound" are from Gemini_B's point of view.
In this case, there's almost 10% of packets directed from A to B that have been dropped, and 10% of packets directed to A that B has never sent.
In consideration of the fact that Gemini_A is the torrent seeder, and that Gemini_B is downloading from A, one can rightly suspect the ISP is involved in jamming the seeder (A)'s communications by both sending him/her forged packets and blocking some of the legitimate ones. Of course, when the uploader/seed A is slowed down, the dowloader (B) will be slowed down too.
The fact that a certain number of packets is blocked or dropped during normal Internet communications is pretty ordinary. It's not ordinary when the number of missing/blocked packets is high, and it's even less ordinary and suspect-inducing when there are apparently spoofed/forged packets - this case is about packets purposely created by ISPs and passed off as "normal" messages from an end of the connection to the other.
It's important to interpret the test report with a critical eye, making sure that the results are verifiable and reproducible, as opposed to problems caused by temporary inconveniences.
In order to establish whether the traffic limitations are due to ISPs, you can keep on performing our test with other-ISP users. This enables you to know if a user is sistematically and iniquitously filtered.
Those who have noticed their connections have problems at certain hours of the day may find useful to perform at least two tests: inside and outside the time band when the slowing down of the traffic is expected to happen.
#Common errors and problems#
Below, we list some common errors and try to give explanations for them. In case doubts still persist, you're invited to report the error as in detail as possible:
Spoiler
Common error that may show on the terminal window: "ERROR: no internet connection found: impossible to continue."
"ERROR: no connection to ethernet card found" There's no connection available to the Internet on your PC, or connection isn't active on Ethernet.
"ERROR: NAT enabled on the connection" Check requirements out: the IP address you get from your modem/router isn't the same as the public IP address you get from the provider.
Read above if and how you can disable NAT on your modem/router.
"ERROR: When starting UBUNTU, you need to select Italian (F2)"
. You forgot to press F2 and to choose Italian language when launching LiveCD.
That's mandatory even in case you want to use Gemini tool in English.
"ERROR: Impossible to send Gemini_B the log."
"ERROR: Impossible to get the log from Gemini_A."
When one of these two inconveniences occur, that's most likely because your DSL line has got disconnected (or modem/router has reset it).
Try to repeat the test; if the inconvenience persists, you may not have disabled the firewall on your router, or your connection is undoubtedly unstable.
The terminal window has stopped "running" for more than 10 minutes:
Normally, while performing the test, you should see various text lines flow through the terminal window. Sometimes the terminal window seems to be "idle"; if this state lasts too long (over ten minutes), an error has surely occurred.
Send us the last viewed lines: making so will help us to work the problem out.
Another case is when, the terminal being "idle", a message appears that says: "Info: waiting for Gemini_A/B (IP address) ...."
"Info: (close this window in order to quit)" Simply, that's either because your friend at the other end of the connection hasn't yet launched Gemini, or the IP addresses have been mistyped. Otherwise, there must be a firewall that's still active.
__________________ Se dovessi camminare in una valle oscura, non temerei alcun male, perché Tu sei con me In ogni dove la Vita è piena di cose da amare.
Ultima modifica di [_SHIN_] : 16-10-2008 alle 22:45.
Gemini Project: LiveCD ISO to detect packet injection and ISPs shaping P2P traffic
)
Modo lineare
