The REAL Fix For Comcast BitTorrent Throttling

First, a little explanation may be needed as to what is happening in between our computers, Comcast and the Internet.
Comcast is using a packet filtering platform called Sandvine. This platform is a at its core, a Quality of Service system that has legitimate uses, such as giving high priority to Xbox Live communications and VOIP packets. 

Unfortunately, Comcast has decided to use Sandvine (some say illegally) to impersonate us and send a reset packet (known as an RST flag), which is exactly like the Chinese goverment filters the internet!  (PDF)

TorrentFreak hinted on August 22nd, is that someone was working on a fix for Comcast users.

“…we know that at least two BitTorrent client developers are including this fix in their next update.” –TorrentFreak 

It’s two weeks later, where is the fix!?  And just exactly how do you find out if you’re being throttled by Comcast?  And how can we figure out how to avoid this traffic shaping?The Fix(es):

There are three ways to fix this:

  1.   Paying for and setting up SSH or some other nefarious means (lol).
    • SSH access is not free, and if it is, it’s slow, and if you steal WiFi you might as well just switch ISPs.
  2. Use iptables or ipfw, this has been posted many times around the web, but here it is just for posterity:
    iptables -A INPUT -p tcp –dport $YOURTORRENTPORT –tcp-flags RST RST -j DROP
    ipfw add deny tcp from any to any YOURTORRENTPORT in tcpflags rst

    • Unfortunately, this only works if you have a *nix-based computer, or have a Linux Firewall around somewhere. I suggest Smoothwall if you’re looking to go that route. 
  3. Use the latest version of Azureus’ nightly CVS snapshot which includes the fixed mentioned by TorrentFreak.

Obviously we are going to be using the third option.  The latest version of Azureus can be downloaded as a nightly CVS snapshot.

    NOTE: Several readers have pointed out that this does not fix the issue for them. Your Mileage May Vary!

Jog dial back a little bit, picture me surfing the Azureus wiki and finding the following article entitled “Avoid Traffic Shaping.”  The juicy bits are as follows:

Level 5 (encryption) is specifically intended for people who have problems with a specific traffic shaping method used by Sandvine traffic shaping hardware, see Bad ISPs if this applies to you.  […]  Note: This is level is available from Azureus 3.0.2.3_B05 onwards.  […]  The premise of this method is to minimize the amount of unencrypted information leaked.

Bingo! This is what TorrentFreak was talking about!

Here are the steps to fix it:

  1. Download and install the regular version of Azureus which has been rebranded as Vuse
  2. Click here to visit their CVS download page.
  3. Grab the .jar file from that page
  4. Rename it to Azureus2.jar and copy it into the Azureus folder, overwriting the old one.
  5. If you need very detailed instructions, here you go.
  6. Once you’ve got the new CVS version installed, enable these settings:
    1. Tools -> Options -> Connection -> Transport Encryption
      Enable require encryption
      Select RC4
      Disable both fallback checkboxes
    2. Tools -> Options -> Tracker -> Client
      Enable Do not announce the listening port to the tracker
      Set the peer limit to a low figure, start with 1 or 2
      Set the Minimum time between tracker announces to 900 for example
    3. Adjust DHT settings (2 mutually exclusive alternatives):
      Disable the DHT:
      Go to Tools -> Options -> Plugins -> Distributed DB
      Uncheck Enable the distributed database
    4. Try to get more peers via DHT:
      Go to Tools -> Options -> Plugins -> Distributed Tracker
      Uncheck Only track normal torrents
  7. Now try to seed a torrent you haven’t seeded within the last few hours or so before applying these settings.
  8. You should see a huge increase in seeding speed.

I’m still waiting to see conclusive results at this time. This works!  I have personally seen better total upload rates in 5 minutes than in 5 hours. I’m no longer capped at 0.1 kbps upload during a seed… I’m seeing more like what I should be – 70+ kbps.

By using these settings we only allow ourselves to connect to other clients that have enabled communication to encrypted clients. Also, when Comcast gets word that people are using this way to avoid leaking more information than needed, they can simply reconfigure Sandvine to be even more restrictive towards Internet-bound traffic and break it all over again.

How to Determine If You Are Blocked By Comcast:

The first indication that you are being throttled back is that when you finish downloading a torrent, your upload speed will absolutely STINK. I see around 0.1 kbps up. That’s a really good indicator, as my speedtest shows I can download at near 25mbit/sec and upload at around 1.5mbit/sec.

What if you REALLY want to know for SURE? I know I did. Thanks to funchords on the DSLReports forum, we have an easy way. I’ve modified it a little bit, but original credit goes to him.

In Windows, the following command will save a file onto your desktop. Click Start, then Run, and copy and paste this bit into the box and press OK.

netstat -s | find “Reset Connections” >> “%userprofile%\Desktop\reset_connections.txt”

For Linux, use this command:

netstat -s | grep -i “resets received” > ~/reset_connections.txt

Open up the reset_connections.txt file that showed up on your desktop (or Linux home directory) and record the number on a piece of paper.

This is your baseline number, it starts from here and can only go upwards. Now, start seeding ONE torrent for an hour. Many people have reported they they receive upwards of 1 RST flag per second when monitoring using a program called Wireshark (or Etheral). After one hour, record your new number by running the above command again and opening up the reset.txt file again. If the number is more than around 5000 than your first number, you are being throttled about as bad as I am.

Things to keep in mind:

Once you have torrent upload speeds working the way that it should to begin with, Comcast does terminate service for downloading more than ~200gb in a single month. I personally had ~150gb aggregate upload and download totals for several months in a row with no complaint from Comcast.

I believe that when more people are using this method, it can only get better.