How does your ISP know what traffic your using?

Pho3nix

Pho3nix

The Legend
Joined
Jul 31, 2009
Messages
32,829
Reaction score
3,033
Location
On the toilet
Hi all,

Been wondering how ISP's know what kind of traffic your using, be it newsgroups, torrents or Youtube vids.
An explanation in laymans terms would be appreciated :)
 
They deep packet inspection routers that see into the actual packets you're transferring.
 
Firstly you must understand that different types of web services are generally accessed over different port numbers, you could say there are lots of different "pipes" which different traffic is routed via. For instance unencrypted web traffic is on port 80, news servers are on port 119, secure web traffic is on port 443.

Simple shaping can be done by limiting the throughput on the ports you wish to shape thereby shaping that specific traffic.

However, things aren't that simple in real life and you can send any kind of traffic over any port you want if you know how to. This is where deep packet inspection comes in. What this does is analyses your traffic and looks for certain characteristics that are unique to different types of traffic, this traffic is then put into separate "baskets" and it is then shaped as it would be using the simple shaping method I mentioned earlier.

That's about as simple as I can explain it.
 
Basically info on the internet gets sent in envelopes(packets). ISP's use a combination of opening the envelope, looking at the address on the envelope and the type of envelope.
 
JazzeD said:
Data running over TCP\IP connections are classified as per logical ports assigned as specified in the the global standard to all the protocols available.

Some common ones as below

80 - HTTP
21 - FTP
119 - NNTP
443 - SSL
23 - Telnet

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Click to expand...
Nope - that the old (/ancient) method.

Chevron said:
They deep packet inspection routers that see into the actual packets you're transferring.
Click to expand...
This. Essentially computers look at the headers of the datapackets and take a solid guess at what it is. Torrent traffic "looks" different from youtube traffic. Kinda like you can recognize a newspaper from 50 meters away even though you can't read a single word on it.
 
Pho3nix said:
So using VPNs or SSL for downloading will work for a while until they catch you?
Click to expand...
Yes, but they will give you grief for pushing too much encrypted traffic. Also it is generally considered poor style to push large amounts of data through a VPN (or TOR) because it has many side-effects for others. Primarily because the ISP suddenly has lots of data that they don't know how to handle & that means you lose the "benefits" of the shaping.

i.e. my 20KB email going through my corporate VPN is now slow because you're pushing 20GB through a VPN. Normally the ISP would give my 20KB mail priority. If both go through a VPN then the ISP doesn't know what to do. SO my mail is now slow...possibly very slow depending on the exact algo the ISP uses. So essentially it screws over other users (and the ISP).

For torrents it has a protection benefit...but if you push newsserver traffic through a VPN I'll hunt you down and kick your ass.

NB non of the above will reduce the amount of data usage shown. It'll just hide the nature of it - causing it to be classed as "encrypted" instead of "torrent". If an ISP sees 20gigs of "encrypted"...what are they going to think though?...yeah
 
Last edited:
HavocXphere said:
For torrents it has a protection benefit...but if you push newsserver traffic through a VPN I'll hunt you down and kick your ass.
Click to expand...

:erm: yet why do newhost companies like Giganews etc. offer SSL??? :confused:

Just trying to understand but I understand where you are coming from :)
 
Pho3nix said:
Prefer Put.io :p
Click to expand...

put.jpg
 
Hi There,
I think if you have read the replies then you should have a good idea that there are a number of ways that the ISP look at your data and I am sure in years to come they will get more sophisticated about it.
The link to the TCP description is a good one for those that need some additional info. Thank you for putting it up Saajid.

Obviously if you want to try and hide something using a different port or encryption can make it more difficult to detect and if you are trying to hide lots of downloads as VPN then you are going to get people cross and I am sure the ISP would take action against you if you did. So play nicely out there.

Regards

Tim
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X