Note to readers: In this blog there will be some “rough language,” but nothing obscene.

Ok, thanks to fellow Lockergnome blogger and wyldryde chat user Snakeyes11 for twittering about this.

Apparently now the extremely comcastic (comcraptastic more like it) ISP Comcast is now able to traffic shape even your basic Web browsing traffic. This is from a Slashdot article that Snakeyes11 twittered.

Slashdot: Comcast Blocks Web Browsing

Posted by CmdrTaco on Monday April 07, @11:16AM

From the because-they-can dept.

Censorship Technology

An anonymous reader writes “A team of researchers have found that Comcast has quietly rolled out a new traffic-shaping method, which is interfering with web browsers in addition to p2p traffic. The smoking gun that documents this behavior are network traces collected from Comcast subscribers Internet connections. This evidence shows Comcast is forging packets and blocking connection attempts from web browsers. One has to hope this isn’t the congestion management system they are touting as no longer targeting BitTorrent, which they are deploying in reaction to the recent FCC investigations.”

In the article, there are three other links, and I shall post them here as well.

University of Colorado at Boulder: Broadband Network Management

SPECIAL NOTICE: Comcast has approached us to better understand our test, the equipment we used and the results of our analysis. We understand that their current network management techniques should not be producing the results we found and that they are not blocking access to any Web sites or email applications. We are committed to working together and will update our analysis once we have additional information. Thank you.


  1. New traffic shaping can disrupt a Comcast Internet connection
  2. Data collection methodology
  3. Analysis of network traces
  4. Implications
  5. People

New traffic shaping can disrupt a Comcast Internet connection

Recently, it has been observed that Comcast is disrupting TCP connections using forged TCP reset (RST) packets [1]. These reset packets were originally targeted at TCP connections associated with the BitTorrent file-sharing protocol. However, Comcast has stated that they are transitioning to a more “protocol neutral” traffic shaping approach [2]. We have recently observed this shift in policy, and have collected network traffic traces to demonstrate the behavior of their traffic shaping. In particular, we are able (during peak usage times) to synthetically generate a relatively large number of TCP reset packets aimed at any new TCP connection regardless of the application-level protocol. Surprisingly, this traffic shaping even disrupts normal web browsing and e-mail applications. Specifically, we observe two different types of packet forgery and packets being discarded.

Data collection methodology

We synthetically generated TCP SYN packets at a rate of 100 SYN packets per second using the hping utility [3]. The packets were destined for the reserved IP address, on which no host is present. We simultaneously collect network traces using tcpdump [4]. This data collection process was repeated at various times throughout multiple days. In addition, we could monitor a destination host to determine if outgoing packets reached their destination, and to determine if responses are generated by the destination host or by a third-party. Finally, this data collection was conducted from multiple Comcast accounts, all within close geographical proximity.

Analysis of network traces

In this section, we present our network traces that show the network behavior while the TCP SYN packets are being sent. All traces were collected during peak usage hours (7-9pm local time). The first trace demonstrates an HTTP (web) connection being established, and subsequently being reset. The IP Time to Live (TTL) field for these forged TCP RST packets is consistently set to 255 (indicating that the forged RST packets are originating on one of the local Comcast links).

4717 41.307584 -> TCP 53759 > www [SYN] Seq=0 Len=0 MSS=1460 TSV=504421360 TSER=0 WS=7

4718 41.308767 -> TCP www > 53759 [SYN, ACK] Seq=0 Ack=1 Win=2048 Len=0 MSS=1460

4719 41.308792 -> TCP 53759 > www [ACK] Seq=1 Ack=1 Win=5840 Len=0

4720 41.308852 -> HTTP GET / HTTP/1.1

4721 41.310260 -> TCP 7038 > www [SYN] Seq=0 Len=0

4722 41.310880 -> TCP www > 53759 [RST] Seq=1 Len=0

The next trace shows a secure shell (SSH) connection being established and immediately reset. For this trace, we also captured the network traffic on the 128.138.x.x host. Surprisingly, absolutely no packets were received or sent from 128.138.x.x! This indicates that outgoing traffic from is being dropped, and that the incoming responses from 128.138.x.x are being forged by Comcast.

3 0.036409 -> 128.138.x.x TCP 50051 > ssh [SYN] Seq=0 Len=0 MSS=1460 TSV=4498697 TSER=0 WS=5

4 0.038646 128.138.x.x -> TCP ssh > 50051 [SYN, ACK] Seq=0 Ack=1 Win=2048 Len=0 MSS=1460

5 0.038672 -> 128.138.x.x TCP 50051 > ssh [ACK] Seq=1 Ack=1 Win=5840 Len=0

6 0.040426 128.138.x.x -> TCP ssh > 50051 [RST] Seq=1 Len=0

The final trace is perhaps even more remarkable. A TCP SYN packet is sent to a non-routeable, reserved IP address ( and a SYN, ACK packet is received in response. The only problem is that no host exists at! This again shows that the outgoing SYN packet is being dropped, and the “expected” response is being forged by Comcast. The IP TTL field for these forged TCP SYN, ACK packets is consistently set to 30.

4912 43.259271 -> TCP 7222 > www [SYN] Seq=0 Len=0

4913 43.260406 -> TCP www > 7222 [SYN, ACK] Seq=4159779480 Ack=1 Win=2048 Len=0 MSS=1460

From our experiments, we noticed that only outgoing TCP connections trigger TCP reset packets. Also, TCP connections established before the traffic shaping is activated are not effected, and it is possible to establish TCP connections to a host experiencing the traffic shaping. Finally, only TCP connections are effected.


Although the traces given above were generated synthetically, it is possible to produce the TCP reset packet flood using peer-to-peer applications such as BitTorrent. Users may find it extremely difficult to establish new TCP connections while using any application that has a relatively high rate of TCP connection establishment on a Comcast link. For instance, the Firefox browser will give this error message when an HTTP connection is reset.

So yeah, now it appears that if you visit a site too much, comcast will use the dreaded TCP reset (RST) packets for basic browsing. Sorry, but to all you people looking up porn, expect WAY slower than normal load times. That might be a tongue in cheek joke, but the fact that they are resetting the packets of webpages… WHAT THE HELL IS COMCAST THINKING?!? I mean, are they attempting to just infuriate more users now? Are they trying to alieniate the normal users who are trapped in their clutches because alternate net service isn’t available?

Which brings me to this…

Slashdot: Comcast Makes Nice with BitTorrent

Posted by Zonk on Thursday March 27, @11:24AM

From the friendly-dogs-and-cats dept.

The Internet Media

An anonymous reader writes “In a dramatic turn-around of relations, cable provider Comcast and BitTorrent are now working together. The deal comes as BitTorrent tries to put its reputation for illegal filesharing behind it. The companies are in talks to collaborate on ways to run BitTorrent’s technology more smoothly on Comcast’s broadband network. Comcast is actually entertaining the idea of using BitTorrent to transport video files more effectively over its own network in the future, said Tony Warner, Comcast’s chief technology officer. ‘”We are thrilled with this,” Ashwin Navin, cofounder and president of BitTorrent, said of the agreement. BitTorrent traffic will be treated the same as that from YouTube Inc., Google Inc. or other Internet companies, he said. It was important that Comcast agreed to expand Internet capacity, because broadband in the United States is falling behind other areas of the world, Navin said. Referring to the clashes with Comcast, he said: “We are not happy about the companies’ being in the limelight.”‘”

OK, honestly, what the hell? I mean Comcast is all “BitTorrent bad” back before. Now they are in bed together? I mean what’s next.. Paris Hilton not being a bimbo?

And finally…

Slashdot: FCC To investigate Comcast Bittorrent Meddling

Posted by kdawson on Tue Jan 08, 2008 06:41 PM

From the just-the-bits-please dept.

The Internet Politics

An anonymous reader writes “FCC Chairman Kevin Martin said Tuesday that the commission will investigate complaints that Comcast actively interferes with Internet traffic as its subscribers try to share files online. A coalition of consumer groups and legal scholars asked the agency in November to stop Comcast from discriminating against certain types of data and to fine Comcast $195,000 for every affected subscriber. While known for months in tech circles, the issue wasn’t given broad attention until an Associated Press report last year, in which reporters tested and verified the data blocking.”

So what now? If the “power users” were up at arms then, just image the normal user up at arms because it’s taking forever to check email, or look at the family photos online. Comcast needs to do one thing. STOP ATTEMPTING TO TRAFFIC SHAPE! All it has done is make them the laughing stock of the net. I mean for every thing they attempt to fix, there is another way for it to backfire. I mean at first it was, “Oh, we don’t throttle our users traffic.” They were exposed. Now they are exposed as throttling browsing of Web pages. Now they are in bed with Bit Torrent.. I mean, before we know it, Comcast will be broke from the lawsuits that people will file as parts of a “class action lawsuit”.

Here is a piece of advice to Comcast execs. Stop trying to cover your backsides. Give people an open net. If the “big isp” starts going for net neutrality, then everyone will follow suit, and the netizens will be happy and quit using your name and slogan (comastic) as negatives.