Interesting, I never knew of that, I always thought the point of NAT was to obfuscate all that information so that the ISP just sees a single IP. So every device connects and sends different rates/size of information and so they can identify the number of devices from that?
-
Amazon Deals - ToS - Warp
Excitel Account Suspended for Commercial Usage (Baseless Claim)
The TTL(Time-To-Live) technique is a very crude way to detect the number of devices connected. However it is not full proof and is bound to give false positives.
Every device through which the packet passes decrements the TTL value by 1.
For example on Windows, the default TTL value is 128. Assuming you have hooked up your laptop to the router, the router would decrement the TTL value by 1. Thus the ISP would be seeing a TTL value of 127 in the packets originating from your IP.
Now, suppose you connected another Windows PC to your router. In this case, it will also have the same initial TTL of 128 and the ISP will not be able to differentiate this as a separate device.
However, things take a different turn if you connect a different type of device. Say you connect a Ubuntu Laptop or an Android phone (i.e. Linux based). Linux has an initial TTL value of 64. After passing through the router it becomes 63. Now the ISP knows you are at-least using two different devices since it see two different TTL's from your IP (63 & 127).
This is how TTL based detection works and as you see it's not full proof.
Now, bypassing TTL based detection is simple. Both Windows and Linux allow you to customize the initial value of TTL. You can make the TTLs same for all the devices, so the ISP is none the wiser.
The other way is to get a router which supports TTL rewriting. Actually any openwrt/dd-wrt based router will do and you can use iptables for that. In this case, the router will intentionally rewrite the TTL values to make it the same for all packets it sends out.
Every device through which the packet passes decrements the TTL value by 1.
For example on Windows, the default TTL value is 128. Assuming you have hooked up your laptop to the router, the router would decrement the TTL value by 1. Thus the ISP would be seeing a TTL value of 127 in the packets originating from your IP.
Now, suppose you connected another Windows PC to your router. In this case, it will also have the same initial TTL of 128 and the ISP will not be able to differentiate this as a separate device.
However, things take a different turn if you connect a different type of device. Say you connect a Ubuntu Laptop or an Android phone (i.e. Linux based). Linux has an initial TTL value of 64. After passing through the router it becomes 63. Now the ISP knows you are at-least using two different devices since it see two different TTL's from your IP (63 & 127).
This is how TTL based detection works and as you see it's not full proof.
Now, bypassing TTL based detection is simple. Both Windows and Linux allow you to customize the initial value of TTL. You can make the TTLs same for all the devices, so the ISP is none the wiser.
The other way is to get a router which supports TTL rewriting. Actually any openwrt/dd-wrt based router will do and you can use iptables for that. In this case, the router will intentionally rewrite the TTL values to make it the same for all packets it sends out.
ISPs which employs Fair Usage Policy doesn't really care about how many devices you connect as you'll automatically be throttled once you cross the limit.
For others, which offer unlimited data (like Excitel) at-least on paper its different. Although the plans are advertised unlimited but they really aren't. They keep track of the usage and if they detect high usage (like 1 TB in 4-5 days) on a repeated basis they will block your connection. It doesn't matter whether you use a single device or ten.
Coming back to the original question, the TTL technique is not without its flaws as already explained.
If the ISP really want to monitor they number of devices they resort to Deep Packet Inspection (DPI) in addition to TTL.
In DPI the contents of the packets are examined to generate a fingerprint. Different devices/OSes will have different fingerprints.
To bypass DPI, you're better off using a VPN at the router level. Every packet that ever leaves the router will be encrypted. All the ISP sees is you're making a connection to the VPN and not the contents of the packets which nullifies DPI based fingerprinting.
For others, which offer unlimited data (like Excitel) at-least on paper its different. Although the plans are advertised unlimited but they really aren't. They keep track of the usage and if they detect high usage (like 1 TB in 4-5 days) on a repeated basis they will block your connection. It doesn't matter whether you use a single device or ten.
Coming back to the original question, the TTL technique is not without its flaws as already explained.
If the ISP really want to monitor they number of devices they resort to Deep Packet Inspection (DPI) in addition to TTL.
In DPI the contents of the packets are examined to generate a fingerprint. Different devices/OSes will have different fingerprints.
To bypass DPI, you're better off using a VPN at the router level. Every packet that ever leaves the router will be encrypted. All the ISP sees is you're making a connection to the VPN and not the contents of the packets which nullifies DPI based fingerprinting.
warpspeed
To Infinity and Beyond!
TTL is only one of the attributes used though not very effective. Determined ISP’s could use TCP/IP fingerprinting tools to gather more info. Another method used is by looking at TCP window size in packet header and of course DPI boxes are relatively cheap these days.
D
Deleted member 63558
Hi, I am not sure. Because Area Excitel Guy says it was a mistake and Nodal said it was done because they suspected commercial usage (based on the heavy download usage happened in short period of time).
In-short, there is no clear answer from their side but they restored the connection.
In-short, there is no clear answer from their side but they restored the connection.
There is an algorithm in place that tries to detect commercial use. It's not based on download amounts. It takes into consideration other aspects like number of connections, type of connections, and of course amount of traffic and some other masala. It's still work in progress and obviously can trigger false positives. Sorry if this was your case.
Excitel connection is purely for single household and of course many are abusing this policy and there is an attempt to catch and stop them because this kind of usage loads the network unnecessarily, creates peaks of traffic and this itself spoils the service for rest normal users. Network is planned and designed to sustain traffic levels that are based on home usage (no matter how many devices) and when misused this not good for all.
Excitel connection is purely for single household and of course many are abusing this policy and there is an attempt to catch and stop them because this kind of usage loads the network unnecessarily, creates peaks of traffic and this itself spoils the service for rest normal users. Network is planned and designed to sustain traffic levels that are based on home usage (no matter how many devices) and when misused this not good for all.
Please help same problem occurred to me My Excitel Account has been suspended.
I have downloaded high amount of data.
Ajgamer please help me.
What have you done to get it restored.
I have downloaded high amount of data.
Ajgamer please help me.
What have you done to get it restored.
D
Deleted member 63558
Talk to your LCO or the Area Manager of Excitel. They can help you restore the connection.
Mine was a mistake from backend. They sent me apology for the same.
Mine was a mistake from backend. They sent me apology for the same.
Ajgamer please help me to get my connection restored, whom to contact.
Today the same thing happened with me. Customer care says over usage / commercial usage and they will not give any refund for remaining part of my payment (which is wrong). I download a lot of movies and stuff. I contacted the guy who did my installation and both he and customer care told me to email excitel helpdesk.
I have emailed them so lets see what happens .
I am thinking of talking directly to LCO to replace connection because otherwise my experience has been quite good with this connection. No speed issues, no major downtimes.
I have emailed them so lets see what happens .
I am thinking of talking directly to LCO to replace connection because otherwise my experience has been quite good with this connection. No speed issues, no major downtimes.
