6 Things You Can Do To Test Your ISP for BitTorrent Throttling

December 04, 2008 by sharky

The cat-and-mouse game between ISPs and bandwidth-hogging P2P applications is almost as age-old at the Internet itself. If you’ve noticed deathly-slow torrent downloads as of late, it’s probable that your ISP is manipulating (throttling, rate limiting, blocking or sandvining) your P2P / BitTorrent traffic. ISPs from all corners of the globe are desperately trying to decongest their networks, cut costs & maximize profits — all at the expense of torrenters. Here’s 6 things you can do to verify that your Internet provider is a Bad ISP.

BitTorrent Throttled? Try a Private Tracker

The first thing you should do if you notice poor torrent speeds is to try out a torrent from a private tracker. I know this may sound silly, but here’s a true story: A friend of mine in our building came to me last month and said, "Well, I guess Rogers Cable has finally cracked down on BitTorrent - I’m only getting 2 KB/s DL speed for the past three days on a new PC game ISO torrent with tons of peers". Curious, I asked him what tracker / torrent sites he’s using. He replied, "Mininova.org, ThePirateBay and IsoHunt - those three" D’oh! He’d heard of private trackers, but never bothered to research it, assuming they were ‘out of his league’. So I said, "Check your email, I’ve sent you an invite to www.TTi.nu". An hour later he was at my door, thanking me profusely, as he was now able to max out his connection. More than likely this story is not an isolated occurrence - many erroneously blame their ISP for their BitTorrent woes when they use public trackers exclusively. Now, if you’re still getting piss-poor speeds from private trackers, then the culprit is most likely your ISP, or a really, really poorly-configured client/PC.

Additionally, public torrents from http://slackware.com/torrents/ are a good way to benchmark BT speeds, and should download fairly quickly. After running the slackware-12.1-iso torrent for 20 minutes, DL speeds averaged ~280 - 390 KB/s on our home 1.2 Meg (~1,150 KB/s) connection:

The truth is - no matter how many public torrents you are simultaneously leeching, and regardless of their health (S/L ratio), you’ll probably never, ever be able to hit even half of your broadband’s top DL limit. And that’s being generous.

Glasnost Test

Ah yes, the Max Planck Glasnost BitTorrent test. Hands down, it’s the easiest test you’ll ever do to discover if your ISP is manipulating BitTorrent traffic - all that’s needed is a web browser and Java. Six months ago when TorrentFreak first ran the story, finding an available slot was a difficult chore as Planck’s hosting servers were hopelessly busy. Lately though, we’ve rarely come across a time when we’ve had to wait.

In short, the Glasnost test performs simulated upload and download diagnostics for BitTorrent and TCP transfers for a tester’s ISP connection. While the results below indicate a potential problem with uploading (seeding) for BitTorrent, 108 KB/s upload rate is, in actuality, a very satisfactory number.

Many users have scrutinized the Glasnost test as being unreliable. For one reason, it conducts testing on common BitTorrent port numbers: 6881 (which, heaven forbid you should ever be using as a port # in a BT client, anyway) and 10009 (which, while an unassigned port, may still be a throttled port). It’d be great to see a Glasnost test where users can either input their own port number for the exam, or if they’d emphasize on a third option which incorporates (random) ports from the dynamic and/or private ranges between 49152 through 65535 (which have long been known as good port numbers, especially for BitTorrent/P2P clients).

We contacted Marcel Dischinger from Max Planck with our suggestions, who promptly responded, "I am currently working on enhancing the test and I will take your suggestions into consideration. Especially randomizing the non-BT port seems to be a good idea." Great news, indeed!

(NNMA) NNSquad Network Measurement Agent

The NNSquad Network Measurement Agent (NNMA) monitors network activity on computer systems, looking for and flagging a variety of potential problems. When it comes to BitTorrent sandvining, NNMA also includes a special function that attempts to detect reset (RST) packets that may have been injected into a TCP connection by any entity not located at the connection endpoints.

NNMA comes as an installer for Windows computers only (2000, XP, Vista). You’ll also need WinPcap, which comes bundled in with the installer. After installation, click on the blue/yellow icon in your taskbar - this will launch the web-based portion of the test. From the new browser window (http://127.0.0.1:88/) you can now select a variety of options. Select Network > All Connections.

Before you run the test, we recommend that you fire up your BitTorrent client (with seeding/leeching torrents). If you desire NNMA to show the connections for BitTorrent only, then enter the port number that you use in your BitTorrent client, and hit FILTER.

If you suspect your BitTorrent is being throttled or sandvined, and you begin to receive a lot of messages that pertain to ‘Detected forged TCP Packet… Suspicious RESET packet’ (see below), this might be an indication that your ISP is messing with your BitTorrent. It can also be a sign that you’re using bad public torrents which have been planted by the MPAA / RIAA, as well. *Note: It can also occur as a false-alarm (i.e. unrelated to BT) for those who are not being throttled.

Azureus/Vuze ‘NEWS’ Plugin

NEWS, or Network Early Warning System, is a plugin which allows your Vuze client to monitor the Internet (and your ISP). It does this by passively monitoring your BitTorrent performance and checking for changes that might indicate problems with the network.

While NEWS is not designed for specific BitTorrent problems (at the individual level); it’s more inclined towards a group of users that are experiencing similar anomalies. A perfect example of this would be a large ISP that throttles BT traffic - data is collected, compared and sent back to the user upon detection (read more about it here).

NEWS works with both 2.5.x and 4.0.x versions of Vuze. Download NEWS from here. To install, switch to the classic view in Vuze, and choose Plugins > Installation Wizard… By File - and browse to the *.jar file (currently it’s "news_1.0.1.jar" for Vuze 4.0.0.4). You should now see a NEWS menu item under Plugins - here you can configure it.

NEWS (Vuze) will now report any (and all) suspected network problems in a taskbar popup. We probably needn’t say this, but we received many more ‘anomalies’ when using public trackers as opposed to private ones. Don’t be alarmed by the volume of reports - even on our ISP that doesn’t seem to be throttling BitTorrent, we still generated quite the eclectic array of anomalies (mostly pertaining to latency, total up & down rate, and packet loss rate). These popups can be disabled in the NEWS plugin configuration, and then only confirmed anomalies will be reported.

The Gemini Project

We won’t dig too deep on this one, as it requires two users from the same ISP. To prove the existence of file-sharing traffic shaping and throttling can be difficult, especially if one seeks for evidence on a single computer, but the process gets easier if a test is performed by two remote users exchanging given data packets through BitTorrent. That’s where the Gemini Project comes in.

In short, both users install a Ubuntu LiveCD and connect to each other remotely, whereby one is the seeder and the other is the leecher. Incoming and outgoing traffic is compared & analyzed - a high number of dropped and/or forged packets indicates an ISP’s involvement in BitTorrent tampering (packet injection).

Wireshark

Wireshark is the world’s foremost network protocol analyzer, with a rich set of features including deep inspection of hundreds of protocols. Wireshark requires WinPcap (under Windows environments) which is included in the installer.

We’ll leave the interpretation of Wireshark up to the professionals at www.EFF.org, who have put together an amazing guide entitled Detecting Packet Inspection. To grossly oversimplify it, if you’re receiving an abnormally high number of RST flags in the capture results, then it’s a good indication that your ISP is meddling in your torrent transfers.