Request for Software - IP Protocol Filtering Measurement
Hi, During some cell site work last night, I seem to have experienced Comcast dropping packets from point A to point B simply based on the fact that their IP protocol was GRE (IP protocol 47). I also found some posts on the Internet that claim Comcast wishes to charge more money to transport GRE packets. I'm not sure if this is true, or if I made a mistake somehow in my traffic handling. Therefore... Would someone be willing to create software instruments to measure this claim in general? I'd like to see a transmitter and a receiver piece of software that can run on Linux to generate and record a sweep of IP packets carrying all possible protocol numbers (0-255). The protocol payloads themselves don't need to be well-formatted, just the protocol number in the IP header needs to be set. Your software will be considered successful if it measures 100% of all protocols as available over an unfiltered (eg: LAN) link. The results of such a measurement would be useful in gauging the ISP quality of any given carrier. It seems we're moving closer to Selective Protocol Service Providers (SPSP) and away from true Internet Service Providers (ISP) if this GRE finding turns out to be right. --Bart
I was surprised there wasn't something already out there that did this, but in my 10 minutes of google searching I couldn't find anything. What I did find was the building blocks for making a tool for Bart's IP protocol stress test. (BIPPST) Someone already built the tool ( http://nemesis.sourceforge.net/ ) to build various kinds of packets from a script, so you would just need to build the receiving in. This is the tool for generation I found, I'm sure there are lots over versions of this for security work floating around. For what it is worth, I also noticed a series of outages last night with my Comcast business line. Started just after midnight and ended around 02:30 this morning. I wonder if this was a more general network maintenance event and not something specific. Thanks Kenny On Sat, May 3, 2014 at 10:33 AM, Bart Kus <me@bartk.us> wrote:
Hi,
During some cell site work last night, I seem to have experienced Comcast dropping packets from point A to point B simply based on the fact that their IP protocol was GRE (IP protocol 47). I also found some posts on the Internet that claim Comcast wishes to charge more money to transport GRE packets. I'm not sure if this is true, or if I made a mistake somehow in my traffic handling. Therefore...
Would someone be willing to create software instruments to measure this claim in general? I'd like to see a transmitter and a receiver piece of software that can run on Linux to generate and record a sweep of IP packets carrying all possible protocol numbers (0-255). The protocol payloads themselves don't need to be well-formatted, just the protocol number in the IP header needs to be set. Your software will be considered successful if it measures 100% of all protocols as available over an unfiltered (eg: LAN) link.
The results of such a measurement would be useful in gauging the ISP quality of any given carrier. It seems we're moving closer to Selective Protocol Service Providers (SPSP) and away from true Internet Service Providers (ISP) if this GRE finding turns out to be right.
--Bart
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
Well..there are tools.... But there not free! At work, we look at all that stuff continuously. Takes up a bit of space too for history so you can do queries. Not sure if there are any free ones. It's quite a sniff. Steve N0FPF On Saturday, May 3, 2014, Kenny Richards <richark@gmail.com> wrote:
I was surprised there wasn't something already out there that did this, but in my 10 minutes of google searching I couldn't find anything. What I did find was the building blocks for making a tool for Bart's IP protocol stress test. (BIPPST) Someone already built the tool ( http://nemesis.sourceforge.net/ ) to build various kinds of packets from a script, so you would just need to build the receiving in. This is the tool for generation I found, I'm sure there are lots over versions of this for security work floating around.
For what it is worth, I also noticed a series of outages last night with my Comcast business line. Started just after midnight and ended around 02:30 this morning. I wonder if this was a more general network maintenance event and not something specific.
Thanks Kenny
On Sat, May 3, 2014 at 10:33 AM, Bart Kus <me@bartk.us<javascript:_e(%7B%7D,'cvml','me@bartk.us');>
wrote:
Hi,
During some cell site work last night, I seem to have experienced Comcast dropping packets from point A to point B simply based on the fact that their IP protocol was GRE (IP protocol 47). I also found some posts on the Internet that claim Comcast wishes to charge more money to transport GRE packets. I'm not sure if this is true, or if I made a mistake somehow in my traffic handling. Therefore...
Would someone be willing to create software instruments to measure this claim in general? I'd like to see a transmitter and a receiver piece of software that can run on Linux to generate and record a sweep of IP packets carrying all possible protocol numbers (0-255). The protocol payloads themselves don't need to be well-formatted, just the protocol number in the IP header needs to be set. Your software will be considered successful if it measures 100% of all protocols as available over an unfiltered (eg: LAN) link.
The results of such a measurement would be useful in gauging the ISP quality of any given carrier. It seems we're moving closer to Selective Protocol Service Providers (SPSP) and away from true Internet Service Providers (ISP) if this GRE finding turns out to be right.
--Bart
_______________________________________________ PSDR mailing list PSDR@hamwan.org <javascript:_e(%7B%7D,'cvml','PSDR@hamwan.org');> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
On 2014-05-03 14:53, Kenny Richards wrote:
....
For what it is worth, I also noticed a series of outages last night with my Comcast business line. Started just after midnight and ended around 02:30 this morning. I wonder if this was a more general network maintenance event and not something specific.
I have two ISPs (Frontier FiOS on 50.46.x.x and Comcast RG-6 on 76.22.x.x) at home, and around those times last night, while I had some Internet access on both lines, neither line could contact my mail/web/server (a VPS on 209.59.x.x) in the Boston area. Subsequent analysis of the logs at the mail/web server showed that it lost total Internet access at several times last night (which is unusual).
Don't think these do it exactly as you indicated, but they might get you to the ultimate goal of testing a flaky connection.... ./paping ./hping or ./hping3 Rob -----Original Message----- From: PSDR [mailto:psdr-bounces@hamwan.org] On Behalf Of Bart Kus Sent: Saturday, May 03, 2014 10:34 AM To: Puget Sound Data Ring Subject: [HamWAN PSDR] Request for Software - IP Protocol Filtering Measurement Hi, During some cell site work last night, I seem to have experienced Comcast dropping packets from point A to point B simply based on the fact that their IP protocol was GRE (IP protocol 47). I also found some posts on the Internet that claim Comcast wishes to charge more money to transport GRE packets. I'm not sure if this is true, or if I made a mistake somehow in my traffic handling. Therefore... Would someone be willing to create software instruments to measure this claim in general? I'd like to see a transmitter and a receiver piece of software that can run on Linux to generate and record a sweep of IP packets carrying all possible protocol numbers (0-255). The protocol payloads themselves don't need to be well-formatted, just the protocol number in the IP header needs to be set. Your software will be considered successful if it measures 100% of all protocols as available over an unfiltered (eg: LAN) link. The results of such a measurement would be useful in gauging the ISP quality of any given carrier. It seems we're moving closer to Selective Protocol Service Providers (SPSP) and away from true Internet Service Providers (ISP) if this GRE finding turns out to be right. --Bart _______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
Ah, forgot to update! Turns out, nmap has something like this built in. nmap -sO -sO: IP protocol scan So there's the transmitter. On the receiver side, a tcpdump might work with protocol # extraction via bash script or something. Not a slick integrated package, but something at least. --Bart On 05/05/2014 06:06 PM, Rob Salsgiver wrote:
Don't think these do it exactly as you indicated, but they might get you to the ultimate goal of testing a flaky connection....
./paping ./hping or ./hping3
Rob
-----Original Message----- From: PSDR [mailto:psdr-bounces@hamwan.org] On Behalf Of Bart Kus Sent: Saturday, May 03, 2014 10:34 AM To: Puget Sound Data Ring Subject: [HamWAN PSDR] Request for Software - IP Protocol Filtering Measurement
Hi,
During some cell site work last night, I seem to have experienced Comcast dropping packets from point A to point B simply based on the fact that their IP protocol was GRE (IP protocol 47). I also found some posts on the Internet that claim Comcast wishes to charge more money to transport GRE packets. I'm not sure if this is true, or if I made a mistake somehow in my traffic handling. Therefore...
Would someone be willing to create software instruments to measure this claim in general? I'd like to see a transmitter and a receiver piece of software that can run on Linux to generate and record a sweep of IP packets carrying all possible protocol numbers (0-255). The protocol payloads themselves don't need to be well-formatted, just the protocol number in the IP header needs to be set. Your software will be considered successful if it measures 100% of all protocols as available over an unfiltered (eg: LAN) link.
The results of such a measurement would be useful in gauging the ISP quality of any given carrier. It seems we're moving closer to Selective Protocol Service Providers (SPSP) and away from true Internet Service Providers (ISP) if this GRE finding turns out to be right.
--Bart
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
participants (5)
-
Bart Kus -
Dean Gibson AE7Q -
Kenny Richards -
Rob Salsgiver -
Steve