Re: [93attendees] Network experiment during the meeting
Rolf Winter <rolf.winter@hs-augsburg.de> Wed, 15 July 2015 08:52 UTC
Return-Path: <rolf.winter@hs-augsburg.de>
X-Original-To: 93attendees@ietfa.amsl.com
Delivered-To: 93attendees@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9EA11A8930 for <93attendees@ietfa.amsl.com>; Wed, 15 Jul 2015 01:52:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.489
X-Spam-Level:
X-Spam-Status: No, score=0.489 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, HTML_MESSAGE=0.001, J_CHICKENPOX_31=0.6, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xcrTnstoLcXs for <93attendees@ietfa.amsl.com>; Wed, 15 Jul 2015 01:52:24 -0700 (PDT)
Received: from fly.rz.hs-augsburg.de (fly.RZ.HS-Augsburg.DE [IPv6:2001:638:102:2::217:48]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 162941A892B for <93attendees@ietf.org>; Wed, 15 Jul 2015 01:52:24 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by fly.rz.hs-augsburg.de (Postfix) with ESMTP id 8B7681D6024; Wed, 15 Jul 2015 10:52:10 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at hs-augsburg.de
Received: from fly.rz.hs-augsburg.de ([127.0.0.1]) by localhost (fly.rz.hs-augsburg.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP id GM3eT5J0K_47; Wed, 15 Jul 2015 10:52:08 +0200 (CEST)
Received: from [192.168.1.110] (nightswatch.informatik.hs-augsburg.de [141.82.79.79]) by fly.rz.hs-augsburg.de (Postfix) with ESMTPSA id A8F6C1D6028; Wed, 15 Jul 2015 10:52:07 +0200 (CEST)
To: Toerless Eckert <eckert@cisco.com>, Jari Arkko <jari.arkko@piuha.net>
References: <55A41BEB.3090102@hs-augsburg.de> <55A52719.1000208@gmail.com> <CAO_Rpc+-fQBU+MuOR03VHDgw3HcbOWPcThUR3nR2Vnj9CcM63w@mail.gmail.com> <1E9C4941-6442-4C2C-834D-B1D8D60AAC58@piuha.net> <20150715040748.GC1862@cisco.com>
From: Rolf Winter <rolf.winter@hs-augsburg.de>
Message-ID: <55A61F42.7090409@hs-augsburg.de>
Date: Wed, 15 Jul 2015 10:52:18 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.0.1
MIME-Version: 1.0
In-Reply-To: <20150715040748.GC1862@cisco.com>
Content-Type: multipart/alternative; boundary="------------080003060209060404020607"
Archived-At: <http://mailarchive.ietf.org/arch/msg/93attendees/NWQOCmFf0mJXqsT07hd9IDQKQc8>
Cc: joel jaeggli <joelja@gmail.com>, chelliot@pobox.com, 93attendees@ietf.org
Subject: Re: [93attendees] Network experiment during the meeting
X-BeenThere: 93attendees@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list of IETF 93 attendees that have opted in on this list. " <93attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/93attendees>, <mailto:93attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/93attendees/>
List-Post: <mailto:93attendees@ietf.org>
List-Help: <mailto:93attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/93attendees>, <mailto:93attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 08:52:27 -0000
Hi, we were sloppy in our description, apologies. Multicast _is_ being collected. Basically everything the NIC receives which is not unicast. But ARP is actually not all that interesting. Most interesting are actually applications using broadcast/multicast messages. Here is a protocol distribution of a previous experiment omitting everything below 7% of the overall broadcast/multicast traffic volume. mDNS (16%), SSDP (15%), LLMNR (13%), NetBIOS (7%) and Dropbox LAN-sync (7%). This clearly depends on the population of your LAN (mostly depending on OS distribution and installed apps). In this particular case, broadcast/multicast traffic peaked at around 1 GB a day, averaging at about 200 MB a day. I hope this answers some of your no-legal questions. Best, Rolf Am 7/15/15 um 6:07 AM schrieb Toerless Eckert: > Rolfs web page explain almost nothing more than his email. I wouldn't > know any actual broacast packet of interest except for ARP. I am > pretty sure he means L2/L3 multicast. Having him say just "rfc919 / broadcast" > makes me a bit nervuous about how well the other bits are thought out. > > As soon as IETF gives access for Rolf to any reasonable protected packets, > i would assume IETF is at least partially indemnifying Rolfs org from > legal responsibilities and takes on legal responsibilities itself. > > It would be good to understand what the IETF is really responsible for. > I would fear that to be on the safe side, IETF should indemnify itself > against the attendees by having them sign "something". I am sure > that "something" needs to be better than "rfc919 / broadcast" unless he > really only wants to analyze ARP patterns. > > Didn't IETF have security folks running around for decades telling us > to not be insecure because they will be tap'ing our unprotected WiFi > traffic and post our passwords ? Whatever happened of those experiments > (sorry, can't remember) ? > > Logically its hilarious discussing legalese when Rolf would only tap > what amounts to publically accessible packets, eg: on no- or obvious-password > encrypted WiFI accessible in public areas like Hotel lobbies. Of course i > am sure with digital laws being what they are, there is going to be difference > in him publishing a paper about those packets vs. posting a paper > about him observing/counting IETF participants in the public hotel > lobby and oh, their observable legal drug consumption patterns. > > I am actually interested in what the heck the technical details are. > Depending on what protocols are of interest, the different ways of how > multicast traffic is constrained (IGMP snooping) or L2 unicast converted > (vendor specific) makes a lot of difference to what can be observed where. > > If he can show some really useful stats he would create, i am all for giving > him all the access needed as long as we can make sure the IETF indemnifies > itself well enough so that it does not have to spend money later on some stupid > lawsuit with some disgruntled ITEF participant. But then again, i am using > a VPN tunnel for all my traffic anyhow. > > Cheers > Toerless > > On Tue, Jul 14, 2015 at 07:29:28PM +0300, Jari Arkko wrote: >>> Rolf contacted me a while ago and I had him contact Jari for approval of >>> this "experiment". Jari has approved it. >> Right. I think it is a useful experiment and I find the privacy safeguards adequate. >> And indeed, the main purpose of passing this kind of experiments via the >> IETF chair is that I try to catch issues; in this case I reviewed the suggested >> safeguards and suggested some changes, and felt that the result was adequate. >> >> It is possible that there are legal or other standards that would specify in >> detail what we can and can not do. I am obviously not a lawyer either. >> I don?t mind passing this to someone who understands laws about >> human subject research or privacy, of course. >> >> Jari >> > > >> _______________________________________________ >> 93attendees mailing list >> 93attendees@ietf.org >> https://www.ietf.org/mailman/listinfo/93attendees >
- [93attendees] Network experiment during the meeti… Rolf Winter
- Re: [93attendees] Network experiment during the m… Dave Crocker
- Re: [93attendees] Network experiment during the m… Rolf Winter
- Re: [93attendees] Network experiment during the m… Dave Crocker
- Re: [93attendees] Network experiment during the m… Rolf Winter
- Re: [93attendees] Network experiment during the m… Jared Mauch
- Re: [93attendees] Network experiment during the m… Tim Chown
- Re: [93attendees] Network experiment during the m… McDonald, Alex
- Re: [93attendees] Network experiment during the m… joel jaeggli
- Re: [93attendees] Network experiment during the m… Chris Elliott
- Re: [93attendees] Network experiment during the m… Ray Pelletier
- Re: [93attendees] Network experiment during the m… Jari Arkko
- Re: [93attendees] Network experiment during the m… Chris Elliott
- Re: [93attendees] Network experiment during the m… joel jaeggli
- Re: [93attendees] Network experiment during the m… Ray Pelletier
- Re: [93attendees] Network experiment during the m… Leif Johansson
- Re: [93attendees] Network experiment during the m… Joseph Lorenzo Hall
- Re: [93attendees] Network experiment during the m… Leif Johansson
- Re: [93attendees] Network experiment during the m… Fred Baker (fred)
- Re: [93attendees] Network experiment during the m… Henning Schulzrinne
- Re: [93attendees] Network experiment during the m… Randy Bush
- Re: [93attendees] Network experiment during the m… Toerless Eckert
- Re: [93attendees] Network experiment during the m… Tim Chown
- Re: [93attendees] Network experiment during the m… Rolf Winter
- Re: [93attendees] Network experiment during the m… Eric Vyncke (evyncke)
- Re: [93attendees] Network experiment during the m… DRAGE, Keith (Keith)
- Re: [93attendees] Network experiment during the m… Jared Mauch
- Re: [93attendees] Network experiment during the m… Dave Crocker
- Re: [93attendees] Network experiment during the m… Toerless Eckert
- Re: [93attendees] Network experiment during the m… Jared Mauch
- Re: [93attendees] Network experiment during the m… Dave Crocker
- Re: [93attendees] Network experiment during the m… Dave Crocker
- Re: [93attendees] Network experiment during the m… Toerless Eckert
- Re: [93attendees] Network experiment during the m… Stephen Botzko
- Re: [93attendees] Network experiment during the m… Toerless Eckert
- Re: [93attendees] Network experiment during the m… Stephen Botzko
- Re: [93attendees] Network experiment during the m… Benson Schliesser
- Re: [93attendees] Network experiment during the m… DRAGE, Keith (Keith)
- Re: [93attendees] Network experiment during the m… Jared Mauch
- Re: [93attendees] Network experiment during the m… Randall Gellens
- Re: [93attendees] Network experiment during the m… McDonald, Alex
- Re: [93attendees] Network experiment during the m… Randall Gellens