The ICSI NetalyzrStart » Analysis » ResultsResult Summary +/– (help)188-19

1. The ICSI Netalyzr
2. Start » Analysis » Results
3. Result Summary +/– (help)
4. 188-195-232-104-dynip.superkabel.de / 188.195.232.104
5. Recorded at 13:59 EST (18:59 UTC), Dec 02 2011. Permalink. Client/server transcript.
6. Summary of Noteworthy Events –
7. Minor Aberrations
8. Certain TCP protocols are blocked in outbound traffic
9. Fragmented UDP traffic is blocked
10. The network blocks some or all EDNS replies
11. Not all DNS types were correctly processed
12. Address-based Tests +
13. NAT detection (?): NAT Detected
14. Local Network Interfaces (?): OK
15. DNS-based host information (?): OK
16. NAT support for Universal Plug and Play (UPnP) (?): Not found
17. Reachability Tests –
18. TCP connectivity (?): Note
19. Direct TCP access to remote FTP servers (port 21) is allowed.
20. Direct TCP access to remote SSH servers (port 22) is allowed.
21. Direct TCP access to remote SMTP servers (port 25) is allowed.
22. Direct TCP access to remote DNS servers (port 53) is allowed.
23. Direct TCP access to remote HTTP servers (port 80) is allowed.
24. Direct TCP access to remote POP3 servers (port 110) is allowed.
25. Direct TCP access to remote RPC servers (port 135) is blocked.
26. This is probably for security reasons, as this protocol is generally not designed for use outside the local network.
27. Direct TCP access to remote NetBIOS servers (port 139) is blocked.
28. This is probably for security reasons, as this protocol is generally not designed for use outside the local network.
29. Direct TCP access to remote IMAP servers (port 143) is allowed.
30. Direct TCP access to remote SNMP servers (port 161) is allowed.
31. Direct TCP access to remote HTTPS servers (port 443) is allowed.
32. Direct TCP access to remote SMB servers (port 445) is allowed.
33. Direct TCP access to remote SMTP/SSL servers (port 465) is allowed.
34. Direct TCP access to remote secure IMAP servers (port 585) is allowed.
35. Direct TCP access to remote authenticated SMTP servers (port 587) is allowed.
36. Direct TCP access to remote IMAP/SSL servers (port 993) is allowed.
37. Direct TCP access to remote POP/SSL servers (port 995) is allowed.
38. Direct TCP access to remote OpenVPN servers (port 1194) is allowed.
39. Direct TCP access to remote PPTP Control servers (port 1723) is allowed.
40. Direct TCP access to remote SIP servers (port 5060) is allowed.
41. Direct TCP access to remote BitTorrent servers (port 6881) is allowed.
42. Direct TCP access to remote TOR servers (port 9001) is allowed.
43. UDP connectivity (?): Note
44. Basic UDP access is available.
45. The applet was able to send fragmented UDP traffic.
46. The applet was unable to receive fragmented UDP traffic. The most likely cause is an error in your network's firewall configuration or NAT.
47. The maximum packet successfully received was 1472 bytes of payload.
48. Direct UDP access to remote DNS servers (port 53) is allowed.
49. Direct UDP access to remote NTP servers (port 123) is allowed.
50. Direct UDP access to remote NetBIOS NS servers (port 137) is blocked.
51. Direct UDP access to remote NetBIOS DGM servers (port 138) is blocked.
52. Direct UDP access to remote IKE key exchange servers (port 500) is allowed.
53. Direct UDP access to remote OpenVPN servers (port 1194) is allowed.
54. Direct UDP access to remote Slammer servers (port 1434) is allowed.
55. Direct UDP access to remote L2 tunneling servers (port 1701) is allowed.
56. Direct UDP access to remote IPSec NAT servers (port 4500) is allowed.
57. Direct UDP access to remote RTP servers (port 5004) is allowed.
58. Direct UDP access to remote RTCP servers (port 5005) is allowed.
59. Direct UDP access to remote SIP servers (port 5060) is allowed.
60. Direct UDP access to remote VoIP servers (port 7078) is allowed.
61. Direct UDP access to remote VoIP servers (port 7082) is allowed.
62. Direct UDP access to remote SCTP servers (port 9899) is allowed.
63. Direct UDP access to remote Steam gaming servers (port 27005) is allowed.
64. Direct UDP access to remote Steam gaming servers (port 27015) is allowed.
65. Traceroute (?): OK
66. It takes 14 network hops for traffic to pass from our server to your system, as shown below. For each hop, the time it takes to traverse it is shown in parentheses.
67. 10.254.184.3 (0 ms)
68. ip-10-1-14-1.ec2.internal (0 ms)
69. ip-10-1-15-14.ec2.internal (2 ms)
70. 216.182.224.80 (27 ms)
71. 72.21.222.148 (0 ms)
72. 72.21.220.44 (0 ms)
73. ash-bb1-link.telia.net (1 ms)
74. hbg-bb1-link.telia.net (120 ms)
75. bei-b2-link.telia.net (101 ms)
76. kabeldeutsch-ic-127486-bei-b2.c.telia.net (101 ms)
77. 88-134-201-118-dynip.superkabel.de (104 ms)
78. 83-169-129-221.static.superkabel.de (109 ms)
79. 88-134-196-194-dynip.superkabel.de (110 ms)
80. 83-169-133-9.static.superkabel.de (116 ms)
81. Path MTU (?): OK
82. The path between your network and our system supports an MTU of at least 1500 bytes, and the path between our system and your network has an MTU of 1500 bytes.
83. Network Access Link Properties +
84. Network latency measurements (?): Latency: 140ms Loss: 0.0%
85. TCP connection setup latency (?): 130ms
86. Network background health measurement (?): no transient outages
87. Network bandwidth measurements (?): Upload 1.1 Mbit/sec, Download 16 Mbit/sec
88. Network buffer measurements (?): Uplink 200 ms, Downlink is good
89. HTTP Tests +
90. Address-based HTTP proxy detection (?): OK
91. Content-based HTTP proxy detection (?): OK
92. HTTP proxy detection via malformed requests (?): OK
93. Filetype-based filtering (?): OK
94. HTTP caching behavior (?): OK
95. JavaScript-based tests (?): OK
96. DNS Tests –
97. Restricted domain DNS lookup (?): OK
98. We can successfully look up a name which resolves to the same IP address as our webserver. This means we are able to conduct many of the tests on your DNS server.
99. Unrestricted domain DNS lookup (?): OK
100. We can successfully look up arbitrary names from within the Java applet. This means we are able to conduct all test on your DNS server.
101. Direct DNS support (?): OK
102. All tested DNS types were received OK.
103. Direct EDNS support (?): Note
104. EDNS-enabled requests for small responses are answered successfully.
105. EDNS-enabled requests for medium-sized responses are answered successfully.
106. EDNS-enabled requests for large responses remain unanswered. This suggests that a proxy or firewall is unable to handle large extended DNS requests or fragmented UDP traffic.
107. DNS resolver address (?): OK
108. The IP address of your ISP's DNS Resolver is 83.169.184.161, which resolves to 83-169-184-161-isp.superkabel.de.
109. DNS resolver properties (?): Lookup latency 200ms
110. Your ISP's DNS resolver requires 200 msec to conduct an external lookup. It takes 160 msec for your ISP's DNS resolver to lookup a name on our server.
111. Your resolver correctly uses TCP requests when necessary.
112. Your resolver is using QTYPE=A for default queries.
113. Your resolver is not automatically performing IPv6 queries.
114. Your DNS resolver does not use EDNS.
115. Your DNS resolver can successfully accept large responses.
116. Your resolver does not use 0x20 randomization, but will pass names in a case-sensitive manner.
117. Your ISP's DNS server cannot use IPv6.
118. No transport problems were discovered which could affect the deployment of DNSSEC.
119. Direct probing of DNS resolvers (?)
120. Your system is configured to use 1 DNS resolver(s).
121. The resolver at 192.168.0.1 was unable to process the following tested types:
122. Large (~3000B) TXT records
123. Large (~3000B) TXT records fetched with EDNS0
124. It does not validate DNSSEC. It does not wildcard NXDOMAIN errors. The resolver reports the following properties:
125. Version: Nominum Vantio 5.0.1.0
126. DNS glue policy (?): OK
127. Your ISP's DNS resolver does not accept generic additional (glue) records — good.
128. Your ISP's DNS resolver does not accept additional (glue) records which correspond to nameservers.
129. Your ISP's DNS resolver does not follow CNAMEs.
130. DNS resolver port randomization (?): OK
131. Your ISP's DNS resolver properly randomizes its local port number.
132. The following graph shows DNS requests on the x-axis and the detected source ports on the y-axis.
133.  
134. DNS lookups of popular domains (?): OK
135. 90 of 90 popular names were resolved successfully. Show all names.
136. 15 popular names have a mild anomaly. The ownership suggested by the reverse name lookup does not match our understanding of the original name. The most likely cause is the site's use of a Content Delivery Network. Show all names.
137. 3 popular names have a mild anomaly: we are unable to find a reverse name associated with the IP address provided by your ISP's DNS server. This is most likely due to a slow responding DNS server or misconfiguration on the part of the domain owner. Show all names.
138. DNS external proxy (?): OK
139. Your host ignores external DNS requests.
140. DNS results wildcarding (?): OK
141. Your ISP correctly leaves non-resolving names untouched.
142. DNS-level redirection of specific sites (?): OK
143. Your ISP does not appear to be using DNS to redirect traffic for specific websites.
144. IPv6 Tests +
145. DNS support for IPv6 (?): OK
146. IPv4, IPv6, and your web browser (?): No IPv6 Support
147. IPv6 connectivity (?): No IPv6 Support
148. Host Properties +
149. System clock accuracy (?): OK
150. Browser properties (?): OK
151. Uploaded data (?): OK
152. Feedback
153. Please take a moment to tell us about your network. All fields are optional. If you would like to contact us with questions about your results, please contact us with your session ID, or get in touch on the mailing list.
154. How is your machine connected to the network?
155. Wireless Wired
156. Where are you right now?
157. At home
158. At work
159. In a public setting (wifi hotspot, Internet cafe, etc.)
160. Other (please describe in comments below)
161. Feel free to leave additional comments below.
162.  
163. Your email address:
164. ID 43ca208a-24468-a321ad6b-55b2-4f6b-af55 FAQs + Blog + Links + ICSI