OpenScience - User contributions [en]

NN2013

2013-04-29T12:27:37Z

Ad001:

==Examples of Neutrality violations ==
===Connection-Reset: Baidu.cn===

<pre>
14:45:11.197146 IP wlan033084.uni-rostock.de.11479 > 220.181.111.147.http:Flags [P.], ack 2789374741, win 65535, length 241
E.....@.@.....!T..o.,..P.J<..B{.P...sZ..
GET /s?wd=falun%20gong HTTP/1.1
Host: www.baidu.com
User-Agent: ELinks/0.11.7 (textmode; FreeBSD
8.0-BETA2 i386; 197x67-2)
Referer: http://www.baidu.com/
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: Keep-Alive

14:45:11.502060 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [.], ack 241, win 7504, length 0
E..(..@.,..z..o...!T.P,..B{..J<.P..P#...
14:45:11.502466 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1, ack 241, win 2390, length 0
E..(..@.|.yh..o...!T.P,..B{..J<.P. V6...
14:45:11.503090 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1461, ack 241, win 2391, length 0
E..(..@.}.xk..o...!T.P,..B...J<.P. W1H..
14:45:11.503432 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 4381, ack 241, win 2392, length 0
E..(..@.~.u...o...!T.P,..B.1.J<.P. X%...
</pre>
The test was performed in February 2011.

===Content-Manipulation: SMTP-EHLO===
<pre>
220 mail.gmx.net GMX Mailservices ESMTP {mp003}
EHLO tralalal
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 STARTTLS
</pre>

Using the Internet uplink provided by the Studentenwerk Rostock (test performed in September 2011), the answer changes:
<pre>
220 *******************************************
EHLO tralala
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 XXXXXXXA
</pre>

===Content-Manipulation: HTML-File and Images===
<pre>
<html>
<body><img src="eins.png"></body>
</html>
</pre>
This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1&1'', the file appears with the following content (when downloaded in early 2011):

<pre>
<html>
<script src="http://1.2.3.4/bmi-int-js/bmi.js"
language="javascript"></script>
<body>
<img src="http://1.1.1.4/bmi/139.30.1.202/ad001/down/eins.
png">
</body> </html>
<script language="javascript">

</pre>

===Connection-Manipulation: IP-Address-Spoofing===
====Human-Readable====
The request may be as follows:
<pre>
GET / HTTP/1.1
Host: heise.de
Accept: */*
</pre>
It is issued to the IP addresses assigned to the domain heise.de:
<pre>
[ad001@glas /usr/home/ad001]$ host heise.de
heise.de has address 193.99.144.80
heise.de has IPv6 address 2a02:2e0:3fe:100::8
heise.de mail is handled by 10 relay.heise.de.
[ad001@glas /usr/home/ad001]$ perl -e 'print "GET /
HTTP/1.1\r\nHost: heise.de\r\nAccept: */*\r\n\r\n"' |
nc 193.99.144.80 80
HTTP/1.1 302 Found
Date: Fri, 04 Mar 2011 13:23:17 GMT
Server: Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.
wlan.uni-rostock.de/login.pl?action=which_interface
&destination=http://heise.de/%3f">here</A>.<P>
</BODY></HTML>

0

Connection closed by foreign host.
</pre>

====Dumps====
<pre>
14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http: Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444 ecr 2443535463], length 47
E..c.U@.@.:... ..c.P. .P......(... ........
...t..dgGET / HTTP/1.1
Host: heise.de
Accept: */*

[...]

14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424: Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS val 2443535486 ecr 1091444], length 503
E..+L.@.@....c.P.. ..P. ..)%...............
..d~...t Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/login.pl?action=which_interface&destination=http://heise.de/%3f">here</A>.<P>
</BODY></HTML>

0
</pre>
This test has also been performed in February 2011.

NN2013

2013-04-29T12:23:19Z

Ad001:

NN2013

2013-04-29T12:20:45Z

Ad001:

==Examples of Neutrality violations ==
===Connection-Reset: Baidu.cn===

<pre>
14:45:11.197146 IP wlan033084.uni-rostock.de.11479 > 220.181.111.147.http:Flags [P.], ack 2789374741, win 65535, length 241
E.....@.@.....!T..o.,..P.J<..B{.P...sZ..
GET /s?wd=falun%20gong HTTP/1.1
Host: www.baidu.com
User-Agent: ELinks/0.11.7 (textmode; FreeBSD
8.0-BETA2 i386; 197x67-2)
Referer: http://www.baidu.com/
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: Keep-Alive

14:45:11.502060 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [.], ack 241, win 7504, length 0
E..(..@.,..z..o...!T.P,..B{..J<.P..P#...
14:45:11.502466 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1, ack 241, win 2390, length 0
E..(..@.|.yh..o...!T.P,..B{..J<.P. V6...
14:45:11.503090 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1461, ack 241, win 2391, length 0
E..(..@.}.xk..o...!T.P,..B...J<.P. W1H..
14:45:11.503432 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 4381, ack 241, win 2392, length 0
E..(..@.~.u...o...!T.P,..B.1.J<.P. X%...
</pre>
The test was performed in February 2011.

===Content-Manipulation: SMTP-EHLO===
<pre>
220 mail.gmx.net GMX Mailservices ESMTP {mp003}
EHLO tralalal
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 STARTTLS
</pre>

Using the Internet uplink provided by the Studentenwerk Rostock (test performed in September 2011), the answer changes:
<pre>
220 *******************************************
EHLO tralala
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 XXXXXXXA
</pre>

===Content-Manipulation: HTML-File and Images===
<pre>
<html>
<body><img src="eins.png"></body>
</html>
</pre>
This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1\&1'', the file appears with the following content:

<pre>
<html>
<script src="http://1.2.3.4/bmi-int-js/bmi.js"
language="javascript"></script>
<body>
<img src="http://1.1.1.4/bmi/139.30.1.202/ad001/down/eins.
png">
</body> </html>
<script language="javascript">

</pre>

\subsection{Connection-Manipulation: IP-Address-Spoofing}
\label{lsting:ipspoofing}
\subsubsection{Human-Readable}
The request may be as follows:
\begin{scriptsize}
\begin{verbatim}
GET / HTTP/1.1
Host: heise.de
Accept: */*
\end{verbatim}
It is issued to the IP addresses assigned to the domain \verb,heise.de,:
\begin{verbatim}
[ad001@glas /usr/home/ad001]$ host heise.de
heise.de has address 193.99.144.80
heise.de has IPv6 address 2a02:2e0:3fe:100::8
heise.de mail is handled by 10 relay.heise.de.
[ad001@glas /usr/home/ad001]$ perl -e 'print "GET /
HTTP/1.1\r\nHost: heise.de\r\nAccept: */*\r\n\r\n"' |
nc 193.99.144.80 80
HTTP/1.1 302 Found
Date: Fri, 04 Mar 2011 13:23:17 GMT
Server: Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.
wlan.uni-rostock.de/login.pl?action=which_interface
&destination=http://heise.de/%3f">here</A>.<P>
</BODY></HTML>

0

Connection closed by foreign host.
\end{verbatim}
\end{scriptsize}
\subsubsection{Dumps}
\begin{scriptsize}
\begin{verbatim}
14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http:
Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444
ecr 2443535463], length 47
E..c.U@.@.:... ..c.P. .P......(... ........
...t..dgGET / HTTP/1.1
Host: heise.de
Accept: */*

[...]

14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424:
Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS
val 2443535486 ecr 1091444], length 503
E..+L.@.@....c.P.. ..P. ..)%...............
..d~...t Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/
login.pl?action=which_interface&destination=http://heise.de/
%3f">here</A>.<P>
</BODY></HTML>

0
\end{verbatim}
\end{scriptsize}

NN2013

2013-04-29T12:19:19Z

Ad001:

==Examples of Neutrality violations ==
===Connection-Reset: Baidu.cn===

<pre>
14:45:11.197146 IP wlan033084.uni-rostock.de.11479 > 220.181.111.147.http:Flags [P.], ack 2789374741, win 65535, length 241
E.....@.@.....!T..o.,..P.J<..B{.P...sZ..
GET /s?wd=falun%20gong HTTP/1.1
Host: www.baidu.com
User-Agent: ELinks/0.11.7 (textmode; FreeBSD
8.0-BETA2 i386; 197x67-2)
Referer: http://www.baidu.com/
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: Keep-Alive

14:45:11.502060 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [.], ack 241, win 7504, length 0
E..(..@.,..z..o...!T.P,..B{..J<.P..P#...
14:45:11.502466 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1, ack 241, win 2390, length 0
E..(..@.|.yh..o...!T.P,..B{..J<.P. V6...
14:45:11.503090 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1461, ack 241, win 2391, length 0
E..(..@.}.xk..o...!T.P,..B...J<.P. W1H..
14:45:11.503432 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 4381, ack 241, win 2392, length 0
E..(..@.~.u...o...!T.P,..B.1.J<.P. X%...
</pre>
The test was performed in February 2011.

===Content-Manipulation: SMTP-EHLO===
<pre>
220 mail.gmx.net GMX Mailservices ESMTP {mp003}
EHLO tralalal
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 STARTTLS
</pre>

Using the Internet uplink provided by the Studentenwerk Rostock (test performed in September 2011), the answer changes:
<pre>
220 *******************************************
EHLO tralala
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 XXXXXXXA
</pre>

\subsection{Content-Manipulation: HTML-File and Images}
\label{lsting:UMTS}
\begin{scriptsize}
\begin{verbatim}
<html>
<body><img src="eins.png"></body>
</html>
\end{verbatim}

This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1\&1'', the file appears with the following content:

\begin{verbatim}
<html>
<script src="http://1.2.3.4/bmi-int-js/bmi.js"
language="javascript"></script>
<body>
<img src="http://1.1.1.4/bmi/139.30.1.202/ad001/down/eins.
png">
</body> </html>
<script language="javascript">

\end{verbatim}
\end{scriptsize}

\subsection{Connection-Manipulation: IP-Address-Spoofing}
\label{lsting:ipspoofing}
\subsubsection{Human-Readable}
The request may be as follows:
\begin{scriptsize}
\begin{verbatim}
GET / HTTP/1.1
Host: heise.de
Accept: */*
\end{verbatim}
It is issued to the IP addresses assigned to the domain \verb,heise.de,:
\begin{verbatim}
[ad001@glas /usr/home/ad001]$ host heise.de
heise.de has address 193.99.144.80
heise.de has IPv6 address 2a02:2e0:3fe:100::8
heise.de mail is handled by 10 relay.heise.de.
[ad001@glas /usr/home/ad001]$ perl -e 'print "GET /
HTTP/1.1\r\nHost: heise.de\r\nAccept: */*\r\n\r\n"' |
nc 193.99.144.80 80
HTTP/1.1 302 Found
Date: Fri, 04 Mar 2011 13:23:17 GMT
Server: Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.
wlan.uni-rostock.de/login.pl?action=which_interface
&destination=http://heise.de/%3f">here</A>.<P>
</BODY></HTML>

0

Connection closed by foreign host.
\end{verbatim}
\end{scriptsize}
\subsubsection{Dumps}
\begin{scriptsize}
\begin{verbatim}
14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http:
Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444
ecr 2443535463], length 47
E..c.U@.@.:... ..c.P. .P......(... ........
...t..dgGET / HTTP/1.1
Host: heise.de
Accept: */*

[...]

14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424:
Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS
val 2443535486 ecr 1091444], length 503
E..+L.@.@....c.P.. ..P. ..)%...............
..d~...t Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/
login.pl?action=which_interface&destination=http://heise.de/
%3f">here</A>.<P>
</BODY></HTML>

0
\end{verbatim}
\end{scriptsize}

NN2013

2013-04-29T12:18:42Z

Ad001:

==Examples of Neutrality violations ==
===Connection-Reset: Baidu.cn===

<pre>
14:45:11.197146 IP wlan033084.uni-rostock.de.11479 > 220.181.111.147.http:Flags [P.], ack 2789374741, win 65535, length 241
E.....@.@.....!T..o.,..P.J<..B{.P...sZ..
GET /s?wd=falun%20gong HTTP/1.1
Host: www.baidu.com
User-Agent: ELinks/0.11.7 (textmode; FreeBSD
8.0-BETA2 i386; 197x67-2)
Referer: http://www.baidu.com/
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: Keep-Alive

14:45:11.502060 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [.], ack 241, win 7504, length 0
E..(..@.,..z..o...!T.P,..B{..J<.P..P#...
14:45:11.502466 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1, ack 241, win 2390, length 0
E..(..@.|.yh..o...!T.P,..B{..J<.P. V6...
14:45:11.503090 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1461, ack 241, win 2391, length 0
E..(..@.}.xk..o...!T.P,..B...J<.P. W1H..
14:45:11.503432 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 4381, ack 241, win 2392, length 0
E..(..@.~.u...o...!T.P,..B.1.J<.P. X%...
</pre>
The test was performed in February 2011.

\subsection{Content-Manipulation: SMTP-EHLO}
\label{lsting:smtp}
\begin{scriptsize}
\begin{verbatim}
220 mail.gmx.net GMX Mailservices ESMTP {mp003}
EHLO tralalal
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 STARTTLS
\end{verbatim}
Using the Internet uplink provided by the Studentenwerk Rostock (test performed in September 2011), the answer changes:
\begin{verbatim}
220 *******************************************
EHLO tralala
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 XXXXXXXA
\end{verbatim}
\end{scriptsize}

\subsection{Content-Manipulation: HTML-File and Images}
\label{lsting:UMTS}
\begin{scriptsize}
\begin{verbatim}
<html>
<body><img src="eins.png"></body>
</html>
\end{verbatim}

This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1\&1'', the file appears with the following content:

\begin{verbatim}
<html>
<script src="http://1.2.3.4/bmi-int-js/bmi.js"
language="javascript"></script>
<body>
<img src="http://1.1.1.4/bmi/139.30.1.202/ad001/down/eins.
png">
</body> </html>
<script language="javascript">

\end{verbatim}
\end{scriptsize}

\subsection{Connection-Manipulation: IP-Address-Spoofing}
\label{lsting:ipspoofing}
\subsubsection{Human-Readable}
The request may be as follows:
\begin{scriptsize}
\begin{verbatim}
GET / HTTP/1.1
Host: heise.de
Accept: */*
\end{verbatim}
It is issued to the IP addresses assigned to the domain \verb,heise.de,:
\begin{verbatim}
[ad001@glas /usr/home/ad001]$ host heise.de
heise.de has address 193.99.144.80
heise.de has IPv6 address 2a02:2e0:3fe:100::8
heise.de mail is handled by 10 relay.heise.de.
[ad001@glas /usr/home/ad001]$ perl -e 'print "GET /
HTTP/1.1\r\nHost: heise.de\r\nAccept: */*\r\n\r\n"' |
nc 193.99.144.80 80
HTTP/1.1 302 Found
Date: Fri, 04 Mar 2011 13:23:17 GMT
Server: Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.
wlan.uni-rostock.de/login.pl?action=which_interface
&destination=http://heise.de/%3f">here</A>.<P>
</BODY></HTML>

0

Connection closed by foreign host.
\end{verbatim}
\end{scriptsize}
\subsubsection{Dumps}
\begin{scriptsize}
\begin{verbatim}
14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http:
Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444
ecr 2443535463], length 47
E..c.U@.@.:... ..c.P. .P......(... ........
...t..dgGET / HTTP/1.1
Host: heise.de
Accept: */*

[...]

14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424:
Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS
val 2443535486 ecr 1091444], length 503
E..+L.@.@....c.P.. ..P. ..)%...............
..d~...t Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/
login.pl?action=which_interface&destination=http://heise.de/
%3f">here</A>.<P>
</BODY></HTML>

0
\end{verbatim}
\end{scriptsize}

NN2013

2013-04-29T12:18:21Z

Ad001:

==Examples of Neutrality violations ==
===Connection-Reset: Baidu.cn===

<verbatim>
<pre>
14:45:11.197146 IP wlan033084.uni-rostock.de.11479 > 220.181.111.147.http:Flags [P.], ack 2789374741, win 65535, length 241
E.....@.@.....!T..o.,..P.J<..B{.P...sZ..
GET /s?wd=falun%20gong HTTP/1.1
Host: www.baidu.com
User-Agent: ELinks/0.11.7 (textmode; FreeBSD
8.0-BETA2 i386; 197x67-2)
Referer: http://www.baidu.com/
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: Keep-Alive
</pre>

14:45:11.502060 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [.], ack 241, win 7504, length 0
E..(..@.,..z..o...!T.P,..B{..J<.P..P#...
14:45:11.502466 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1, ack 241, win 2390, length 0
E..(..@.|.yh..o...!T.P,..B{..J<.P. V6...
14:45:11.503090 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1461, ack 241, win 2391, length 0
E..(..@.}.xk..o...!T.P,..B...J<.P. W1H..
14:45:11.503432 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 4381, ack 241, win 2392, length 0
E..(..@.~.u...o...!T.P,..B.1.J<.P. X%...
</verbatim>
The test was performed in February 2011.

\subsection{Content-Manipulation: SMTP-EHLO}
\label{lsting:smtp}
\begin{scriptsize}
\begin{verbatim}
220 mail.gmx.net GMX Mailservices ESMTP {mp003}
EHLO tralalal
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 STARTTLS
\end{verbatim}
Using the Internet uplink provided by the Studentenwerk Rostock (test performed in September 2011), the answer changes:
\begin{verbatim}
220 *******************************************
EHLO tralala
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 XXXXXXXA
\end{verbatim}
\end{scriptsize}

\subsection{Content-Manipulation: HTML-File and Images}
\label{lsting:UMTS}
\begin{scriptsize}
\begin{verbatim}
<html>
<body><img src="eins.png"></body>
</html>
\end{verbatim}

This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1\&1'', the file appears with the following content:

\begin{verbatim}
<html>
<script src="http://1.2.3.4/bmi-int-js/bmi.js"
language="javascript"></script>
<body>
<img src="http://1.1.1.4/bmi/139.30.1.202/ad001/down/eins.
png">
</body> </html>
<script language="javascript">

\end{verbatim}
\end{scriptsize}

\subsection{Connection-Manipulation: IP-Address-Spoofing}
\label{lsting:ipspoofing}
\subsubsection{Human-Readable}
The request may be as follows:
\begin{scriptsize}
\begin{verbatim}
GET / HTTP/1.1
Host: heise.de
Accept: */*
\end{verbatim}
It is issued to the IP addresses assigned to the domain \verb,heise.de,:
\begin{verbatim}
[ad001@glas /usr/home/ad001]$ host heise.de
heise.de has address 193.99.144.80
heise.de has IPv6 address 2a02:2e0:3fe:100::8
heise.de mail is handled by 10 relay.heise.de.
[ad001@glas /usr/home/ad001]$ perl -e 'print "GET /
HTTP/1.1\r\nHost: heise.de\r\nAccept: */*\r\n\r\n"' |
nc 193.99.144.80 80
HTTP/1.1 302 Found
Date: Fri, 04 Mar 2011 13:23:17 GMT
Server: Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.
wlan.uni-rostock.de/login.pl?action=which_interface
&destination=http://heise.de/%3f">here</A>.<P>
</BODY></HTML>

0

Connection closed by foreign host.
\end{verbatim}
\end{scriptsize}
\subsubsection{Dumps}
\begin{scriptsize}
\begin{verbatim}
14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http:
Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444
ecr 2443535463], length 47
E..c.U@.@.:... ..c.P. .P......(... ........
...t..dgGET / HTTP/1.1
Host: heise.de
Accept: */*

[...]

14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424:
Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS
val 2443535486 ecr 1091444], length 503
E..+L.@.@....c.P.. ..P. ..)%...............
..d~...t Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/
login.pl?action=which_interface&destination=http://heise.de/
%3f">here</A>.<P>
</BODY></HTML>

0
\end{verbatim}
\end{scriptsize}

NN2013

2013-04-29T12:18:04Z

Ad001:

==Examples of Neutrality violations ==
===Connection-Reset: Baidu.cn===

<verbatim>
<b>
14:45:11.197146 IP wlan033084.uni-rostock.de.11479 > 220.181.111.147.http:Flags [P.], ack 2789374741, win 65535, length 241
E.....@.@.....!T..o.,..P.J<..B{.P...sZ..
GET /s?wd=falun%20gong HTTP/1.1
Host: www.baidu.com
User-Agent: ELinks/0.11.7 (textmode; FreeBSD
8.0-BETA2 i386; 197x67-2)
Referer: http://www.baidu.com/
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: Keep-Alive
</b>

14:45:11.502060 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [.], ack 241, win 7504, length 0
E..(..@.,..z..o...!T.P,..B{..J<.P..P#...
14:45:11.502466 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1, ack 241, win 2390, length 0
E..(..@.|.yh..o...!T.P,..B{..J<.P. V6...
14:45:11.503090 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1461, ack 241, win 2391, length 0
E..(..@.}.xk..o...!T.P,..B...J<.P. W1H..
14:45:11.503432 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 4381, ack 241, win 2392, length 0
E..(..@.~.u...o...!T.P,..B.1.J<.P. X%...
</verbatim>
The test was performed in February 2011.

\subsection{Content-Manipulation: SMTP-EHLO}
\label{lsting:smtp}
\begin{scriptsize}
\begin{verbatim}
220 mail.gmx.net GMX Mailservices ESMTP {mp003}
EHLO tralalal
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 STARTTLS
\end{verbatim}
Using the Internet uplink provided by the Studentenwerk Rostock (test performed in September 2011), the answer changes:
\begin{verbatim}
220 *******************************************
EHLO tralala
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 XXXXXXXA
\end{verbatim}
\end{scriptsize}

\subsection{Content-Manipulation: HTML-File and Images}
\label{lsting:UMTS}
\begin{scriptsize}
\begin{verbatim}
<html>
<body><img src="eins.png"></body>
</html>
\end{verbatim}

This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1\&1'', the file appears with the following content:

\begin{verbatim}
<html>
<script src="http://1.2.3.4/bmi-int-js/bmi.js"
language="javascript"></script>
<body>
<img src="http://1.1.1.4/bmi/139.30.1.202/ad001/down/eins.
png">
</body> </html>
<script language="javascript">

\end{verbatim}
\end{scriptsize}

\subsection{Connection-Manipulation: IP-Address-Spoofing}
\label{lsting:ipspoofing}
\subsubsection{Human-Readable}
The request may be as follows:
\begin{scriptsize}
\begin{verbatim}
GET / HTTP/1.1
Host: heise.de
Accept: */*
\end{verbatim}
It is issued to the IP addresses assigned to the domain \verb,heise.de,:
\begin{verbatim}
[ad001@glas /usr/home/ad001]$ host heise.de
heise.de has address 193.99.144.80
heise.de has IPv6 address 2a02:2e0:3fe:100::8
heise.de mail is handled by 10 relay.heise.de.
[ad001@glas /usr/home/ad001]$ perl -e 'print "GET /
HTTP/1.1\r\nHost: heise.de\r\nAccept: */*\r\n\r\n"' |
nc 193.99.144.80 80
HTTP/1.1 302 Found
Date: Fri, 04 Mar 2011 13:23:17 GMT
Server: Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.
wlan.uni-rostock.de/login.pl?action=which_interface
&destination=http://heise.de/%3f">here</A>.<P>
</BODY></HTML>

0

Connection closed by foreign host.
\end{verbatim}
\end{scriptsize}
\subsubsection{Dumps}
\begin{scriptsize}
\begin{verbatim}
14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http:
Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444
ecr 2443535463], length 47
E..c.U@.@.:... ..c.P. .P......(... ........
...t..dgGET / HTTP/1.1
Host: heise.de
Accept: */*

[...]

14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424:
Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS
val 2443535486 ecr 1091444], length 503
E..+L.@.@....c.P.. ..P. ..)%...............
..d~...t Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/
login.pl?action=which_interface&destination=http://heise.de/
%3f">here</A>.<P>
</BODY></HTML>

0
\end{verbatim}
\end{scriptsize}

NN2013

2013-04-29T12:17:40Z

Ad001:

==Examples of Neutrality violations ==
===Connection-Reset: Baidu.cn===

<nowiki>
<b>
14:45:11.197146 IP wlan033084.uni-rostock.de.11479 > 220.181.111.147.http:Flags [P.], ack 2789374741, win 65535, length 241
E.....@.@.....!T..o.,..P.J<..B{.P...sZ..
GET /s?wd=falun%20gong HTTP/1.1
Host: www.baidu.com
User-Agent: ELinks/0.11.7 (textmode; FreeBSD
8.0-BETA2 i386; 197x67-2)
Referer: http://www.baidu.com/
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: Keep-Alive
</b>

14:45:11.502060 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [.], ack 241, win 7504, length 0
E..(..@.,..z..o...!T.P,..B{..J<.P..P#...
14:45:11.502466 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1, ack 241, win 2390, length 0
E..(..@.|.yh..o...!T.P,..B{..J<.P. V6...
14:45:11.503090 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1461, ack 241, win 2391, length 0
E..(..@.}.xk..o...!T.P,..B...J<.P. W1H..
14:45:11.503432 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 4381, ack 241, win 2392, length 0
E..(..@.~.u...o...!T.P,..B.1.J<.P. X%...
</nowiki>
The test was performed in February 2011.

\subsection{Content-Manipulation: SMTP-EHLO}
\label{lsting:smtp}
\begin{scriptsize}
\begin{verbatim}
220 mail.gmx.net GMX Mailservices ESMTP {mp003}
EHLO tralalal
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 STARTTLS
\end{verbatim}
Using the Internet uplink provided by the Studentenwerk Rostock (test performed in September 2011), the answer changes:
\begin{verbatim}
220 *******************************************
EHLO tralala
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 XXXXXXXA
\end{verbatim}
\end{scriptsize}

\subsection{Content-Manipulation: HTML-File and Images}
\label{lsting:UMTS}
\begin{scriptsize}
\begin{verbatim}
<html>
<body><img src="eins.png"></body>
</html>
\end{verbatim}

This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1\&1'', the file appears with the following content:

\begin{verbatim}
<html>
<script src="http://1.2.3.4/bmi-int-js/bmi.js"
language="javascript"></script>
<body>
<img src="http://1.1.1.4/bmi/139.30.1.202/ad001/down/eins.
png">
</body> </html>
<script language="javascript">

\end{verbatim}
\end{scriptsize}

\subsection{Connection-Manipulation: IP-Address-Spoofing}
\label{lsting:ipspoofing}
\subsubsection{Human-Readable}
The request may be as follows:
\begin{scriptsize}
\begin{verbatim}
GET / HTTP/1.1
Host: heise.de
Accept: */*
\end{verbatim}
It is issued to the IP addresses assigned to the domain \verb,heise.de,:
\begin{verbatim}
[ad001@glas /usr/home/ad001]$ host heise.de
heise.de has address 193.99.144.80
heise.de has IPv6 address 2a02:2e0:3fe:100::8
heise.de mail is handled by 10 relay.heise.de.
[ad001@glas /usr/home/ad001]$ perl -e 'print "GET /
HTTP/1.1\r\nHost: heise.de\r\nAccept: */*\r\n\r\n"' |
nc 193.99.144.80 80
HTTP/1.1 302 Found
Date: Fri, 04 Mar 2011 13:23:17 GMT
Server: Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.
wlan.uni-rostock.de/login.pl?action=which_interface
&destination=http://heise.de/%3f">here</A>.<P>
</BODY></HTML>

0

Connection closed by foreign host.
\end{verbatim}
\end{scriptsize}
\subsubsection{Dumps}
\begin{scriptsize}
\begin{verbatim}
14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http:
Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444
ecr 2443535463], length 47
E..c.U@.@.:... ..c.P. .P......(... ........
...t..dgGET / HTTP/1.1
Host: heise.de
Accept: */*

[...]

14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424:
Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS
val 2443535486 ecr 1091444], length 503
E..+L.@.@....c.P.. ..P. ..)%...............
..d~...t Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/
login.pl?action=which_interface&destination=http://heise.de/
%3f">here</A>.<P>
</BODY></HTML>

0
\end{verbatim}
\end{scriptsize}

NN2013

2013-04-29T12:17:26Z

Ad001:

==Examples of Neutrality violations ==
===Connection-Reset: Baidu.cn===

<nowiki>
14:45:11.197146 IP wlan033084.uni-rostock.de.11479 > 220.181.111.147.http:Flags [P.], ack 2789374741, win 65535, length 241
E.....@.@.....!T..o.,..P.J<..B{.P...sZ..
GET /s?wd=falun%20gong HTTP/1.1
Host: www.baidu.com
User-Agent: ELinks/0.11.7 (textmode; FreeBSD
8.0-BETA2 i386; 197x67-2)
Referer: http://www.baidu.com/
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: Keep-Alive

14:45:11.502060 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [.], ack 241, win 7504, length 0
E..(..@.,..z..o...!T.P,..B{..J<.P..P#...
14:45:11.502466 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1, ack 241, win 2390, length 0
E..(..@.|.yh..o...!T.P,..B{..J<.P. V6...
14:45:11.503090 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1461, ack 241, win 2391, length 0
E..(..@.}.xk..o...!T.P,..B...J<.P. W1H..
14:45:11.503432 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 4381, ack 241, win 2392, length 0
E..(..@.~.u...o...!T.P,..B.1.J<.P. X%...
</nowiki>
The test was performed in February 2011.

\subsection{Content-Manipulation: SMTP-EHLO}
\label{lsting:smtp}
\begin{scriptsize}
\begin{verbatim}
220 mail.gmx.net GMX Mailservices ESMTP {mp003}
EHLO tralalal
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 STARTTLS
\end{verbatim}
Using the Internet uplink provided by the Studentenwerk Rostock (test performed in September 2011), the answer changes:
\begin{verbatim}
220 *******************************************
EHLO tralala
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 XXXXXXXA
\end{verbatim}
\end{scriptsize}

\subsection{Content-Manipulation: HTML-File and Images}
\label{lsting:UMTS}
\begin{scriptsize}
\begin{verbatim}
<html>
<body><img src="eins.png"></body>
</html>
\end{verbatim}

This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1\&1'', the file appears with the following content:

\begin{verbatim}
<html>
<script src="http://1.2.3.4/bmi-int-js/bmi.js"
language="javascript"></script>
<body>
<img src="http://1.1.1.4/bmi/139.30.1.202/ad001/down/eins.
png">
</body> </html>
<script language="javascript">

\end{verbatim}
\end{scriptsize}

\subsection{Connection-Manipulation: IP-Address-Spoofing}
\label{lsting:ipspoofing}
\subsubsection{Human-Readable}
The request may be as follows:
\begin{scriptsize}
\begin{verbatim}
GET / HTTP/1.1
Host: heise.de
Accept: */*
\end{verbatim}
It is issued to the IP addresses assigned to the domain \verb,heise.de,:
\begin{verbatim}
[ad001@glas /usr/home/ad001]$ host heise.de
heise.de has address 193.99.144.80
heise.de has IPv6 address 2a02:2e0:3fe:100::8
heise.de mail is handled by 10 relay.heise.de.
[ad001@glas /usr/home/ad001]$ perl -e 'print "GET /
HTTP/1.1\r\nHost: heise.de\r\nAccept: */*\r\n\r\n"' |
nc 193.99.144.80 80
HTTP/1.1 302 Found
Date: Fri, 04 Mar 2011 13:23:17 GMT
Server: Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.
wlan.uni-rostock.de/login.pl?action=which_interface
&destination=http://heise.de/%3f">here</A>.<P>
</BODY></HTML>

0

Connection closed by foreign host.
\end{verbatim}
\end{scriptsize}
\subsubsection{Dumps}
\begin{scriptsize}
\begin{verbatim}
14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http:
Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444
ecr 2443535463], length 47
E..c.U@.@.:... ..c.P. .P......(... ........
...t..dgGET / HTTP/1.1
Host: heise.de
Accept: */*

[...]

14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424:
Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS
val 2443535486 ecr 1091444], length 503
E..+L.@.@....c.P.. ..P. ..)%...............
..d~...t Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/
login.pl?action=which_interface&destination=http://heise.de/
%3f">here</A>.<P>
</BODY></HTML>

0
\end{verbatim}
\end{scriptsize}

NN2013

2013-04-29T12:15:50Z

Ad001:

==Examples of Neutrality violations ==
===Connection-Reset: Baidu.cn===

14:45:11.197146 IP wlan033084.uni-rostock.de.11479 > 220.181.111.147.http:Flags [P.], ack 2789374741, win 65535, length 241
E.....@.@.....!T..o.,..P.J<..B{.P...sZ..
GET /s?wd=falun%20gong HTTP/1.1
Host: www.baidu.com
User-Agent: ELinks/0.11.7 (textmode; FreeBSD
8.0-BETA2 i386; 197x67-2)
Referer: http://www.baidu.com/
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: Keep-Alive

14:45:11.502060 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [.], ack 241, win 7504, length 0
E..(..@.,..z..o...!T.P,..B{..J<.P..P#...
14:45:11.502466 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1, ack 241, win 2390, length 0
E..(..@.|.yh..o...!T.P,..B{..J<.P. V6...
14:45:11.503090 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1461, ack 241, win 2391, length 0
E..(..@.}.xk..o...!T.P,..B...J<.P. W1H..
14:45:11.503432 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 4381, ack 241, win 2392, length 0
E..(..@.~.u...o...!T.P,..B.1.J<.P. X%...

The test was performed in February 2011.

\subsection{Content-Manipulation: SMTP-EHLO}
\label{lsting:smtp}
\begin{scriptsize}
\begin{verbatim}
220 mail.gmx.net GMX Mailservices ESMTP {mp003}
EHLO tralalal
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 STARTTLS
\end{verbatim}
Using the Internet uplink provided by the Studentenwerk Rostock (test performed in September 2011), the answer changes:
\begin{verbatim}
220 *******************************************
EHLO tralala
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 XXXXXXXA
\end{verbatim}
\end{scriptsize}

\subsection{Content-Manipulation: HTML-File and Images}
\label{lsting:UMTS}
\begin{scriptsize}
\begin{verbatim}
<html>
<body><img src="eins.png"></body>
</html>
\end{verbatim}

This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1\&1'', the file appears with the following content:

\begin{verbatim}
<html>
<script src="http://1.2.3.4/bmi-int-js/bmi.js"
language="javascript"></script>
<body>
<img src="http://1.1.1.4/bmi/139.30.1.202/ad001/down/eins.
png">
</body> </html>
<script language="javascript">

\end{verbatim}
\end{scriptsize}

\subsection{Connection-Manipulation: IP-Address-Spoofing}
\label{lsting:ipspoofing}
\subsubsection{Human-Readable}
The request may be as follows:
\begin{scriptsize}
\begin{verbatim}
GET / HTTP/1.1
Host: heise.de
Accept: */*
\end{verbatim}
It is issued to the IP addresses assigned to the domain \verb,heise.de,:
\begin{verbatim}
[ad001@glas /usr/home/ad001]$ host heise.de
heise.de has address 193.99.144.80
heise.de has IPv6 address 2a02:2e0:3fe:100::8
heise.de mail is handled by 10 relay.heise.de.
[ad001@glas /usr/home/ad001]$ perl -e 'print "GET /
HTTP/1.1\r\nHost: heise.de\r\nAccept: */*\r\n\r\n"' |
nc 193.99.144.80 80
HTTP/1.1 302 Found
Date: Fri, 04 Mar 2011 13:23:17 GMT
Server: Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.
wlan.uni-rostock.de/login.pl?action=which_interface
&destination=http://heise.de/%3f">here</A>.<P>
</BODY></HTML>

0

Connection closed by foreign host.
\end{verbatim}
\end{scriptsize}
\subsubsection{Dumps}
\begin{scriptsize}
\begin{verbatim}
14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http:
Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444
ecr 2443535463], length 47
E..c.U@.@.:... ..c.P. .P......(... ........
...t..dgGET / HTTP/1.1
Host: heise.de
Accept: */*

[...]

14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424:
Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS
val 2443535486 ecr 1091444], length 503
E..+L.@.@....c.P.. ..P. ..)%...............
..d~...t Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/
login.pl?action=which_interface&destination=http://heise.de/
%3f">here</A>.<P>
</BODY></HTML>

0
\end{verbatim}
\end{scriptsize}

NN2013

2013-04-29T12:15:02Z

Ad001:

==Examples of Neutrality violations ==
===Connection-Reset: Baidu.cn===
\begin{scriptsize}
\label{lsting:baidu}
\begin{verbatim}
14:45:11.197146 IP wlan033084.uni-
rostock.de.11479 > 220.181.111.147.http:
Flags [P.], ack 2789374741, win 65535, length 241
E.....@.@.....!T..o.,..P.J<..B{.P...sZ..
GET /s?wd=falun%20gong HTTP/1.1
Host: www.baidu.com
User-Agent: ELinks/0.11.7 (textmode; FreeBSD
8.0-BETA2 i386; 197x67-2)
Referer: http://www.baidu.com/
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: Keep-Alive

14:45:11.502060 IP 220.181.111.147.http >
wlan033084.uni-rostock.de.11479:
Flags [.], ack 241, win 7504, length 0
E..(..@.,..z..o...!T.P,..B{..J<.P..P#...
14:45:11.502466 IP 220.181.111.147.http >
wlan033084.uni-rostock.de.11479:
Flags [R.], seq 1, ack 241, win 2390, length 0
E..(..@.|.yh..o...!T.P,..B{..J<.P. V6...
14:45:11.503090 IP 220.181.111.147.http >
wlan033084.uni-rostock.de.11479:
Flags [R.], seq 1461, ack 241, win 2391, length 0
E..(..@.}.xk..o...!T.P,..B...J<.P. W1H..
14:45:11.503432 IP 220.181.111.147.http >
wlan033084.uni-rostock.de.11479:
Flags [R.], seq 4381, ack 241, win 2392, length 0
E..(..@.~.u...o...!T.P,..B.1.J<.P. X%...
\end{verbatim}
\end{scriptsize}
The test was performed in February 2011.

\subsection{Content-Manipulation: SMTP-EHLO}
\label{lsting:smtp}
\begin{scriptsize}
\begin{verbatim}
220 mail.gmx.net GMX Mailservices ESMTP {mp003}
EHLO tralalal
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 STARTTLS
\end{verbatim}
Using the Internet uplink provided by the Studentenwerk Rostock (test performed in September 2011), the answer changes:
\begin{verbatim}
220 *******************************************
EHLO tralala
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 XXXXXXXA
\end{verbatim}
\end{scriptsize}

\subsection{Content-Manipulation: HTML-File and Images}
\label{lsting:UMTS}
\begin{scriptsize}
\begin{verbatim}
<html>
<body><img src="eins.png"></body>
</html>
\end{verbatim}

This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1\&1'', the file appears with the following content:

\begin{verbatim}
<html>
<script src="http://1.2.3.4/bmi-int-js/bmi.js"
language="javascript"></script>
<body>
<img src="http://1.1.1.4/bmi/139.30.1.202/ad001/down/eins.
png">
</body> </html>
<script language="javascript">

\end{verbatim}
\end{scriptsize}

\subsection{Connection-Manipulation: IP-Address-Spoofing}
\label{lsting:ipspoofing}
\subsubsection{Human-Readable}
The request may be as follows:
\begin{scriptsize}
\begin{verbatim}
GET / HTTP/1.1
Host: heise.de
Accept: */*
\end{verbatim}
It is issued to the IP addresses assigned to the domain \verb,heise.de,:
\begin{verbatim}
[ad001@glas /usr/home/ad001]$ host heise.de
heise.de has address 193.99.144.80
heise.de has IPv6 address 2a02:2e0:3fe:100::8
heise.de mail is handled by 10 relay.heise.de.
[ad001@glas /usr/home/ad001]$ perl -e 'print "GET /
HTTP/1.1\r\nHost: heise.de\r\nAccept: */*\r\n\r\n"' |
nc 193.99.144.80 80
HTTP/1.1 302 Found
Date: Fri, 04 Mar 2011 13:23:17 GMT
Server: Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.
wlan.uni-rostock.de/login.pl?action=which_interface
&destination=http://heise.de/%3f">here</A>.<P>
</BODY></HTML>

0

Connection closed by foreign host.
\end{verbatim}
\end{scriptsize}
\subsubsection{Dumps}
\begin{scriptsize}
\begin{verbatim}
14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http:
Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444
ecr 2443535463], length 47
E..c.U@.@.:... ..c.P. .P......(... ........
...t..dgGET / HTTP/1.1
Host: heise.de
Accept: */*

[...]

14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424:
Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS
val 2443535486 ecr 1091444], length 503
E..+L.@.@....c.P.. ..P. ..)%...............
..d~...t Apache
Location: http://blue4.wlan.uni-rostock.de/login.pl?action=
which_interface&destination=http://heise.de/%3f
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

118
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/
login.pl?action=which_interface&destination=http://heise.de/
%3f">here</A>.<P>
</BODY></HTML>

0
\end{verbatim}
\end{scriptsize}

NN2013

2013-04-29T12:13:35Z

Ad001: Created page with ' ==Examples of Neutrality Violations =='

==Examples of Neutrality Violations ==

Template:Datasets

2013-04-29T12:13:05Z

Ad001:

'''Location'''
* [[GPX data|GPX dataset]] Movement data grabbed from gpsies.com (used for talk on ICSC 2012)
* [[RSS feeds|RSS feeds]] grabbed over two month in 2010 from Gpsies.com, Bikemap.net and OpenStreetMap.org
* [[GPS tracks]] of a handfull anonymous people.

'''Privacy'''
* [[DiHabs|DiHabs survey results]]
* [[DiLES|DiLES evaluation results]]
* [[Washroom Behaviour|Washroom behaviour - KNX data from office building and software for particle filter.]]

'''Wireless networks'''
* [[OLSR|OLSR Messages]] mainly containing Topology Control messages and some Hello messages. Collected from Opennet roof top network.
* [[OLQ|OLSR Link Quality]] as distributed by OLSR TC messages
* [[OLQM|Messurement reports]] containing SNR and several counters collected from about 50 nodes in an ad hoc WLAN, resolution 5 minutes. More than 1 year's data.
* [[OLQ one week|Link Quality for an entire OLSR mesh network]] collected over one week. Resolution 1 minute.
* [[OLQ one hour|Link Quality for an entire OLSR mesh network]] collected over one hour (sample). Resolution 1 minute.
* [[Geographical distribution of nodes]] in a wireless ad hoc network (Opennet) - a snapshot.
* Extensive [[Network quality measurements]] from a wireless ad hoc network (Opennet).

'''Network Neutrality'''
* [[NN2013|Neutrality violation examples]] from various scenarios