[c-nsp] Detecting Traffic shaping

Ed Ravin eravin at panix.com
Fri Dec 22 19:18:47 EST 2006


On Sat, Dec 23, 2006 at 01:13:20AM +0200, Manaf El Oqlah wrote:
> I'm having a problem of testing my real bandwidth. I'm leasing from my
> service provider an internet bandwidth of 155Mbps using GigabitEthernet
> interface but it seems that I'm getting less than this amount of
> traffic. how could I detect if service provider is applying a traffic
> shaping on my interface less than the 155Mbps? Some of my customers are
> complaining from slow internet browsing or  download although the 155
> Mbps is not congested. 

At LISA '06 a few weeks ago, Dan Kaminsky of doxpara.com gave a very
interesting talk on how to detect upstream bottlenecks, including
traffic shaping or "Net Neutrality violations" (i.e. preferring of one
content provider's traffic over another).

He proposed a traceroute-like tool that would send 100kbps of
traffic to a remote endpoint, but in 95% of that traffic, set a low
TTL such that the packets would expire after they get out of your
service provider's network but before they reach the remote side.

Then you look at the 5% of the packets that should have made it over -
if they all did, then you know your provider isn't traffic-shaping
those packets.  Basically, he uses the dropped packets as a source
of information.

He said he was able to test this idea by using hping.

Of course, the comments made by the other posters in this thread apply -
first make sure your own shop is in order.


More information about the cisco-nsp mailing list