Detecting packet injection: a guide to observing packet spoofing by ISPs


Certain Internet service providers have begun to interfere with their users' communications by injecting forged or spoofed packets - data that appears to come from the other end but was actually generated by an Internet service provider (ISP) in the middle. This spoofing is one means (although not the only means) of blocking, jamming, or degrading users' ability to use particular applications, services, or protocols. One important means of holding ISPs accountable for this interference is the ability of some subscribers to detect and document it reliably. We have to learn what ISPs are doing before we can try to do something about it. Internet users can often detect interference by comparing data sent at one end with data received at the other end of a connection.

Techniques like these were used by EFF and the Associated Press to produce clear evidence that Comcast was deliberately interfering with file sharing applications; they have also been used to document censorship by the Great Firewall of China. In each of these cases, an intermediary was caught injecting TCP reset packets that caused a communication to hang up - even though the communicating parties actually wanted to continue talking to one another. In this document, we describe how to use a network analyzer like Wireshark to run an experiment with a friend and detect behavior like this. Please note that these instructions are intended for use by technically experienced individuals who are generally familiar with Internet concepts and are comfortable installing software, examining and modifying their computers' administrative settings, and running programs on a command line.

I was browsing Google and came across this. Looks quite interesting so I thought I would share.