Neat work, AP

Associated Press have done a really neat piece of detective work to investigate rumours of dirty tricks by Comcast, a US ISP.

NEW YORK (AP) – To test claims by users that Comcast Corp. was blocking some forms of file-sharing traffic, The Associated Press went to the Bible.

An AP reporter attempted to download, using file-sharing program BitTorrent, a copy of the King James Bible from two computers in the Philadelphia and San Francisco areas, both of which were connected to the Internet through Comcast cable modems.

We picked the Bible for the test because it’s not protected by copyright and the file is a convenient size.

In two out of three tries, the transfer was blocked. In the third, the transfer started only after a 10-minute delay. When we tried to upload files that were in demand by a wider number of BitTorrent users, those connections were also blocked.

Not all Comcast-connected computers appear to be affected, however. In a test with a third Comcast-connected computer in the Boston area, we were unable to test with the Bible, apparently due to an unrelated error. When we attempted to upload a more widely disseminated file, there was no evidence of blocking.

The Bible test was conducted with three other Internet connections. One was provided by Time Warner Inc.’s Time Warner Cable, and the other came from Cablevision Systems Corp. The third was the business-class connection to the AP’s headquarters, provided by AT&T Inc. and Cogent Communications Group Inc.

No signs of interference with file-sharing were detected in those tests.

Further analysis of the transfer attempt from the Comcast-connected computer in the San Francisco area revealed that the failure was due to ”reset” packets that the two computers received, carrying the return address of the other computer.

Those packets tell the receiving computer to stop communicating with the sender. However, the traffic analyzer software running on each computer showed that neither computer actually sent the packets. That means they originated somewhere in between, with faked return addresses…

It seems that Comcast uses Sandvine traffic-shaping hardware to limit the effectiveness of BitTorrent seeding. The goal is to manage BitTorrent traffic without tipping off mainstream users that it’s being done. This source cites Robb Topolski’s explanation of how it’s achieved:

“The Sandvine application reads packets that are traversing the network boundary. If the application senses that outbound P2P traffic is higher than a threshold determined by Comcast, Sandvine begins to interrupt P2P protocol sequences that would initiate a new transfer from within the Comcast network to a peer outside of the Comcast network. The interruption is accomplished by sending a perfectly forged TCP packet (correct peer, port, and sequence numbering) with the RST (reset) flag set. This packet is obeyed by the network stack or operating system which drops the connection.”

I love the idea of using the Bible as the test file. Reminds me of Larry Lessig’s report of coming into his office in Stanford one morning to find the network police waiting for him, grimly announcing that it had been discovered that he had P2P software installed on his computer. Larry explained that he used P2P as a way of distributing his own publications — intellectual property that he owned. The idea that there might be legitimate uses for P2P had clearly never occurred to the management.

And that’s in Stanford!

Later: Ed Felten has also commented on Comcast’s traffic shaping practices.