How does your ISP know what traffic your using?

[Pho3nix]

Hi all,

Been wondering how ISP's know what kind of traffic your using, be it newsgroups, torrents or Youtube vids.
An explanation in laymans terms would be appreciated

 

[JazzeD]

Data running over TCP\IP connections are classified as per logical ports assigned as specified in the the global standard to all the protocols available.

Some common ones as below

80 - HTTP
21 - FTP
119 - NNTP
443 - SSL
23 - Telnet

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

 

[Chevron]

They deep packet inspection routers that see into the actual packets you're transferring.

 

[DrJohnZoidberg]

Firstly you must understand that different types of web services are generally accessed over different port numbers, you could say there are lots of different "pipes" which different traffic is routed via. For instance unencrypted web traffic is on port 80, news servers are on port 119, secure web traffic is on port 443.

Simple shaping can be done by limiting the throughput on the ports you wish to shape thereby shaping that specific traffic.

However, things aren't that simple in real life and you can send any kind of traffic over any port you want if you know how to. This is where deep packet inspection comes in. What this does is analyses your traffic and looks for certain characteristics that are unique to different types of traffic, this traffic is then put into separate "baskets" and it is then shaped as it would be using the simple shaping method I mentioned earlier.

That's about as simple as I can explain it.

 

[Saajid]

They also look at header information in the application-layer packets. To put it in layman's terms is impossible without going into a few paragraphs and explaining the TCP/IP network model.

 

[Chevron]

Basically info on the internet gets sent in envelopes(packets). ISP's use a combination of opening the envelope, looking at the address on the envelope and the type of envelope.

 

[Pho3nix]

So using VPNs or SSL for downloading will work for a while until they catch you?

 

[HavocXphere]

Data running over TCP\IP connections are classified as per logical ports assigned as specified in the the global standard to all the protocols available.

Some common ones as below

80 - HTTP
21 - FTP
119 - NNTP
443 - SSL
23 - Telnet

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Nope - that the old (/ancient) method.

They deep packet inspection routers that see into the actual packets you're transferring.

This. Essentially computers look at the headers of the datapackets and take a solid guess at what it is. Torrent traffic "looks" different from youtube traffic. Kinda like you can recognize a newspaper from 50 meters away even though you can't read a single word on it.

 

[HavocXphere]

So using VPNs or SSL for downloading will work for a while until they catch you?

Yes, but they will give you grief for pushing too much encrypted traffic. Also it is generally considered poor style to push large amounts of data through a VPN (or TOR) because it has many side-effects for others. Primarily because the ISP suddenly has lots of data that they don't know how to handle & that means you lose the "benefits" of the shaping.

i.e. my 20KB email going through my corporate VPN is now slow because you're pushing 20GB through a VPN. Normally the ISP would give my 20KB mail priority. If both go through a VPN then the ISP doesn't know what to do. SO my mail is now slow...possibly very slow depending on the exact algo the ISP uses. So essentially it screws over other users (and the ISP).

For torrents it has a protection benefit...but if you push newsserver traffic through a VPN I'll hunt you down and kick your ass.

NB non of the above will reduce the amount of data usage shown. It'll just hide the nature of it - causing it to be classed as "encrypted" instead of "torrent". If an ISP sees 20gigs of "encrypted"...what are they going to think though?...yeah

 

[Pho3nix]

For torrents it has a protection benefit...but if you push newsserver traffic through a VPN I'll hunt you down and kick your ass.

:erm: yet why do newhost companies like Giganews etc. offer SSL???

Just trying to understand but I understand where you are coming from

 

[koeksGHT]

People people,

Zbigz.com

 

[Pho3nix]

People people,

Zbigz.com

Prefer Put.io

 

[Picard]

Prefer Put.io

 

[xumwun]

It's not Juliarses EFF.

 

[Picard]

Don't worry, I know ...

 

[Pho3nix]

Hahaha

 

[Bismuth]

It's not Juliarses EFF.

Unfortunately, everytime I read about the Electronic Frontier Foundation, Julius pops up in a corner of my vision... wonder if him naming his party EFF was THAT coincidental?

B

 

[Tim the Techxpert]

Hi There,
I think if you have read the replies then you should have a good idea that there are a number of ways that the ISP look at your data and I am sure in years to come they will get more sophisticated about it.
The link to the TCP description is a good one for those that need some additional info. Thank you for putting it up Saajid.

Obviously if you want to try and hide something using a different port or encryption can make it more difficult to detect and if you are trying to hide lots of downloads as VPN then you are going to get people cross and I am sure the ISP would take action against you if you did. So play nicely out there.

Regards

Tim