пятница, 24 декабря 2010 г.

Understanding your Netalyzr results - 25 May 2010 - New Scientist

The ICSI Netalyzr website probes your internet connection and tells you whether certain types of traffic are being interfered with, and what steps your ISP is – or is not – taking to ensure that your connection is fast and free of spam.

Here is a guide to the tests Netalyzr does, and an explanation of what the results mean.

Address-based tests

DNS-based host information

Is your computer's internet address on a watch list? It's unlikely, but not unheard of.

Unless you are using the internet in a public setting (say, an internet cafe), appearing on the Spamhaus list is cause for concern – your address has been blacklisted because spam was seen coming from it. Your machine might be infected, or a spammer could have been using the address in the past. Use security software to scan your machine and contact your internet service provider if the scan does not find anything.

Reachability tests

TCP connectivity

Many internet connections are sent using a language called Transmission Control Protocol, or TCP. But some internet service providers block various kinds of TCP conversations. Is your provider blocking one? See below for more on the conversation that is being blocked, and why your provider might be doing so:

  • FTP is a method used to move large files between computers. Many internet service providers block it as a side-effect of network address translation, a common technique for managing internet addresses.
  • SSH is a method used in the UNIX world for logging on to a remote machine. There is no reason to block SSH and it would be unusual for an internet service provider to do so.
  • SMTP is the language used to send emails. It is also widely abused by spammers. It is common for providers to block arbitrary SMTP connections in order to prevent spam.
  • DNS is the system that computers use to find the website attached to a certain URL, such as www.newscientist.com. Many internet service providers run their own DNS systems and block access to other DNS providers. This allows your provider to profit by serving you adverts when you mistype a domain name, rather than telling you that you got the URL wrong. This is not dangerous, but it can confuse users. It can also prevent some browser search functions from working.
  • HTTP is used to send web pages back and forth over the internet. This should never be blocked.
  • POP3 is a language used to download email messages. It should not be blocked.
  • RPC is an older language used for accessing remote computers. Hackers have used it to place malicious software on users' machines. It should be blocked.
  • IMAP is used to manage email messages on a remote server. It should not be blocked.
  • SNMP is used to exchange signals between computers and remote devices, such as traffic routers. It is not meant for use by home users and it is reasonable that a provider might block it.
  • HTTPS is a secure method for sending web pages over the internet. It should never be blocked.
  • SMB is used to share files between computers. It has been exploited by hackers and should be blocked.
  • SMTP/SSL is used to send encrypted email messages. It should never be blocked.
  • OpenVPN is a "virtual private network" solution, used to prevent eavesdroppers from monitoring your web surfing. VPNs are frequently used by companies to allow their employees to connect to the company's network safely. OpenVPN can also help users in countries like China to circumvent their government's internet censorship controls. Blocking OpenVPN may be a serious inconvenience to such users.
  • PPTP is similar to OpenVPN, though less secure. For users that rely on it to connect to remote sites, seeing PPTP blocked may be a serious inconvenience.
  • SIP is used to send voice conversations over theinternet. Blocking it would prevent some internet telephony systems from working. It is not, however, used by Skype, the most widely-used of those systems.
  • BitTorrent is a controversial file-sharing system. Music and film companies dislike the system because it allows users to obtain their products without paying. Many internet service providers try to block BitTorrent traffic because of the strain it places on the network. You may still be able to use BitTorrent even if this test reveals that your provider is blocking it, as writers of BitTorrent software have developed methods for circumventing the providers' restrictions.
  • Tor is a system that prevents messages being traced back to senders. It can be used to send anonymous messages over the internet and is valued by privacy advocates. Tor is not generally blocked.

UDP connectivity

UDP, or User Datagram Protocol, is another basic language used to send messages over the internet. It provides a less reliable, though more efficient communication method. But some internet service providers block some kinds of UDP conversations. Was one blocked for you? See below for more on the conversation that is being blocked, and why your provider might be doing so:

  • UDP datagrams on arbitrary ports. It is hard to pinpoint to say why this communication was blocked, as some security software will do so.
  • Incorrect fragmentation of large UDP datagrams. This may occur as a consequence of faulty networking machinery. However, such problems rarely have significant effect on users.
  • UDP-based DNS requests. DNS is the system that computers use to find the website attached to a certain URL, such as www.newscientist.com. Many internet service providers run their own DNS systems and block access to UDP-based DNS, which can be used to access other DNS systems. This allows your provider to profit by serving you adverts when you mistype a domain name, rather than telling you that you got the URL wrong. This is not dangerous, but it can confuse users. It can also prevent some browser search functions from working.

Network access properties

Network latency

Round-trip time. This measures the time taken for a packet of information to complete the round trip between your machine and the servers run by the International Computer Science Institute, the developers of the Netalyzr. Anything up to a few hundred milliseconds is typical. Latencies larger than 0.5 seconds are a problem and will result in slow browsing. It is, however, hard for users to fix this problem. It could be that the network is overloaded, or that packets are being sent by a circuitous and inefficient route. Users whose traffic is transmitted via satellite (as is done in some developing countries, for example) suffer inherently large latency.

Packet loss. Your browsing will slow down if packets of data go missing between your computer and your internet service provider. A likely reason is weak signal strength in wireless networks. If you can exclude this possibility and you see the problem repeatedly, contact your service provider.

TCP connection setup latency

Browsing speed depends in part on how quickly your computer can establish a connection with other machines. TCP setup latency measures that delay. Anything more than a few tenths of a second is less than ideal. This may be due to the distance between the Netalyzr servers and your machine, but it could also be due to other factors, such as heavy traffic on your internet service provider's network, or a poor wireless connection, in which case you may find that browsing is slow.

Network background health

How well is the network around your machine functioning? Netalyzr tests to see whether packets of information are going missing. If they are, and you are using a wireless network, you should probably move closer to the base station. Wireless networks can also be disrupted by electromagnetic radiation emitted by microwaves and other devices. If this test reports a problem and you are not on a wireless network then you should contact your ISP.

Network bandwidth measurements

More bandwidth often means faster surfing. This test measures the weakest link, or lowest bandwidth, in the chain of connections between your machine and the Netalyzr servers. Download bandwidth of less than 1 megabit per second will result in slow browsing. Upload speeds are typically less. The most basic option for users who find these reported values too low is to upgrade to a higher-bandwidth service.

Network buffer measurements

Buffers are small memory stores that internet devices use when shuffling data around. If the buffering on your network is too high, then applications such as online gaming, Skype and streaming video will not work well as soon as additional traffic is present (for example, long file downloads). Buffering times of more than 0.5 seconds are less than ideal. Unfortunately, this is a difficult problem to solve. A more expensive modem or faster internet connection can help, but neither is a guaranteed solution.

HTTP tests

Filetype-based filtering

Some internet service providers block certain types of content, but do not always tell their customers about this. This test will reveal whether your provider is blocking music stored in the mp3 format, executable files (which when downloaded directly and not as part of a software upgrade are frequently infected with viruses) or BitTorrent files, a popular method for sharing music and video. The test also checks to see if your provider can spot a harmless virus file. If you are using anti-virus software and this file is not blocked, double-check that the software is indeed running.

HTTP caching behaviour

Internet service providers and media outlets use stores of web pages, known as caches, to speed up browsing. If this tests reports a problem then your provider's cache may not be working properly. This could mean that you will receive outdated versions of web pages.

JavaScript-based tests

Some internet service providers insert adverts around the web pages that users view. If this is happening to you Netalyzr will report the presence of a "frame". This usually occurs in places that provide free wireless connections, like airports. It would be controversial for a regular provider to insert adverts in this way. If you see this warning and you are not on a free public wi-fi system, then please let us know more. There is a feedback box at the bottom of the Netalyzr results.

DNS Tests

Direct EDNS support

EDNS is a more recent version of DNS, the system that computers use to find the website behind a URL, such as www.newscientist.com. If EDNS is not working you may find that websites take longer than expected to connect to. As such problems are usually located in the network, there is little you can do about it.

DNS resolver latency

This measures the time it takes for your internet service provider to look up the address of a web site. It should not be more than 0.25 seconds. Longer times will slow down your browsing. If this is a problem for you, consider switching to an alternative DNS service provider, such as Google's DNS service.

DNS glue policy

Internet service providers sometimes try to speed up URL lookups via "shortcuts" in the resolution process. Hackers can, however, hijack this technique and redirect you to a website that will infect your computer. This tests checks whether your provider has measures in place to prevent this from happening.

DNS resolver port randomization

DNS is the system that computers use to find the website attached to a certain URL, such as www.newscientist.com. Around two years ago, hackers discovered how to hijack DNS lookups by predicting parts of DNS requests. This allowed them to redirect internet traffic to malicious websites. Port randomization is a way of protecting against such hijacks. All internet service providers should be employing the technique. If yours is not, you may be vulnerable to this kind of attack.

DNS results wildcarding

What happens when you look up a website that does not exist? Some internet service providers will return a message saying that the site is not found. If this test reports a problem then your provider may instead redirect you to an advertising page that generates revenue for your provider. This is not dangerous, but it can confuse users. It can also prevent some browser search functions from working.

print

send

If you would like to reuse any content from New Scientist, either in print or online, please contact the syndication department first for permission. New Scientist does not own rights to photos, but there are a variety of licensing options available for use of articles and graphics we own the copyright to.

Have your say

Only subscribers may leave comments on this article. Please log in.

Only personal subscribers may leave comments on this article

Subscribe now to comment.

All comments should respect the New Scientist House Rules. If you think a particular comment breaks these rules then please use the "Report" link in that comment to report it to us.

If you are having a technical problem posting a comment, please contact technical support.

Posted via email from newdigital's posterous

Комментариев нет:

Отправить комментарий