Sunday, June 18, 2006

Can I see or detect if my internet traffic is differentiated?

Answer to that question is, I don't think so. There is so much technical complexity involved, that except few geeks  who work right on computer networks, not many people can detect if their Internet traffic is ever discriminated.  That is one of the reasons, I guess,  why we need Net Neutrality as a law, so that the Telcos will never try to discriminate your traffic, though you are not quite aware of.

There is a post at Save The Internet, that alleges Cox Communications of blocking Craigslist for almost three months. The security company Authentium, who handles security for Cox Communications reportedly explained with technical details why users can not reach Craigslist website. It looks like there is problem with the computers that hosts the craigslist website. Here is the reply from rnapier, strongly suggesting that the behaviour is normal and as per the specification. .

Has anyone here actually read the response from Authentium? Far from “opaque,” it pretty clearly (if technically) explains the problem and why this has nothing to do with blacklists:

“The network packets coming from the web site were unusual in that they contained a zero-length TCP window that usually indicates a server is too busy to handle more data. The Authentium firewall driver responded by sending data only one byte at a time. This slowed down the web request and made the web page load very slowly or not at all.”

From RFC 793  (which defines TCP/IP): ” Flow Control: TCP provides a means for the receiver to govern the amount of data sent by the sender. This is achieved by returning a “window” with
every ACK indicating a range of acceptable sequence numbers beyond the last segment successfully received. The window indicates an allowed number of octets that the sender may transmit before
receiving further permission.”

Returning a 0 means “please talk to me very slowly.” Literally it means “don’t talk to me at all” but because that’s nonsense, sites generally interpret it as “I’m overloaded; slow down.”

I’ve verified this response myself by connecting to craigslist:

15:52:00.751836 IP > S 1639327951:1639327951(0) ack 3799817961 win 0

Note the final “win 0″ that confirms exactly the problem that Authentium claims.

Summary: craigslist told Cox to please speak to it very slowly. Cox did, but for longer than craigslist explicitly requested. Fixing this for craigslist could break other sites, so some caution in shipping a fix is justified.

The fact that SaveTheInternet posted this as an “opaque” response without further comment raises a question of how much STI actually knows about how the Intenet works.

This brings out an interesting question. Will some geeks atleast, if not common users be able to detect  if any internet traffic is discriminated by any service provider at all? Is it always possible to detect so? It looks like from this post at Save the Internet, every body is confused and I don't have a comfort feeling that we can surely detect if ever some traffic is discriminated and it is done for normal or allowed reasons or not. I think, with such a naivette, that if net neutrality is enabled as law, may be no telco will try to do it. 

Update: Richard Bennet's blog posting "Know-nothing claims about site blocking" has lot more information and discussion about this issue. And also Richard Bennet and PBCLiberal commented on this blog that it is possible to detect if internet traffic is differentiated using existing tools, if you understand the internet protocols. For those of us who do not understand, we have to wait for somebody to write a simple tool to hint if there is any unusual stuff detected. See comments for more.

Tags: , , , : Fact or Allegation ? Just another twisted title for sensationalism

This is yet another example of’s sensationalism twisted titles. The title says, as if this was a fact, woman made to urinate in pub...