Summary of Noteworthy Events + – Minor Aberrations – Certain TCP protocols are blocked in outbound traffic Certain UDP protocols are blocked in outbound traffic Network packet buffering may be excessive We detected an HTTP proxy due to added or changed HTTP traffic Not all DNS types were correctly processed Your web browser has a problem accessing IPv6 sites The path between our system and your network does not appear to handle fragmented IPv6 traffic properly Address-based Tests + – NAT detection (?): No NAT Detected + Local Network Interfaces (?): OK + DNS-based host information (?): OK + Reachability Tests + – TCP connectivity (?): Note – Direct TCP connections to remote FTP servers (port 21) succeed, but do not receive the expected content. This is most likely due to the way a NAT or firewall handles FTP traffic, as FTP causes unique problems when developing NATs and firewalls. This is most likely benign. The applet received an empty response instead of our normal banner. This suggests that a firewall, proxy, or filter initially allowed the connection and then terminated it, either because it did not understand our server's reply or decided to block the service. Direct TCP access to remote SSH servers (port 22) is allowed. Direct TCP access to remote SMTP servers (port 25) succeeds, but does not return the expected content. This suggests that your network enforces a mandatory SMTP proxy which may or may not allow you to send email directly from your system. This is probably a countermeasure against malware abusing infected machines for generating spam. You ISP also likely provides a specific mail server that is permitted. Also, webmail services remain unaffected. The applet received an empty response instead of our normal banner. This suggests that a firewall, proxy, or filter initially allowed the connection and then terminated it, either because it did not understand our server's reply or decided to block the service. Direct TCP access to remote DNS servers (port 53) is allowed. Direct TCP access to remote HTTP servers (port 80) is allowed. Direct TCP access to remote POP3 servers (port 110) is allowed. Direct TCP access to remote RPC servers (port 135) is allowed. Direct TCP access to remote NetBIOS servers (port 139) is blocked. This is probably for security reasons, as this protocol is generally not designed for use outside the local network. Direct TCP access to remote IMAP servers (port 143) is allowed. Direct TCP access to remote SNMP servers (port 161) is allowed. Direct TCP access to remote HTTPS servers (port 443) is allowed. Direct TCP access to remote SMB servers (port 445) is blocked. This is probably for security reasons, as this protocol is generally not designed for use outside the local network. Direct TCP access to remote SMTP/SSL servers (port 465) is allowed. Direct TCP access to remote secure IMAP servers (port 585) is allowed. Direct TCP access to remote authenticated SMTP servers (port 587) is allowed. Direct TCP access to remote IMAP/SSL servers (port 993) is allowed. Direct TCP access to remote POP/SSL servers (port 995) is allowed. Direct TCP access to remote OpenVPN servers (port 1194) is allowed. Direct TCP connections to remote PPTP Control servers (port 1723) succeed, but do not receive the expected content. The applet received an empty response instead of our normal banner. This suggests that a firewall, proxy, or filter initially allowed the connection and then terminated it, either because it did not understand our server's reply or decided to block the service. Direct TCP access to remote SIP servers (port 5060) is allowed. Direct TCP access to remote BitTorrent servers (port 6881) is allowed. Direct TCP access to remote TOR servers (port 9001) is allowed. UDP connectivity (?): Note – Basic UDP access is available. The applet was able to send fragmented UDP traffic. The applet was able to receive fragmented UDP traffic. UDP access to remote DNS servers (port 53) appears to pass through a firewall or proxy. The applet was unable to transmit an arbitrary request on this UDP port, but was able to transmit a legitimate DNS request, suggesting that a proxy, NAT, or firewall intercepted and blocked the deliberately invalid request. Direct UDP access to remote NTP servers (port 123) is allowed. Direct UDP access to remote NetBIOS NS servers (port 137) is blocked. Direct UDP access to remote NetBIOS DGM servers (port 138) is blocked. Direct UDP access to remote IKE key exchange servers (port 500) is allowed. Direct UDP access to remote OpenVPN servers (port 1194) is allowed. Direct UDP access to remote Slammer servers (port 1434) is allowed. Direct UDP access to remote L2 tunneling servers (port 1701) is allowed. Direct UDP access to remote IPSec NAT servers (port 4500) is allowed. Direct UDP access to remote RTP servers (port 5004) is allowed. Direct UDP access to remote RTCP servers (port 5005) is allowed. Direct UDP access to remote SIP servers (port 5060) is allowed. Direct UDP access to remote VoIP servers (port 7078) is allowed. Direct UDP access to remote VoIP servers (port 7082) is allowed. Direct UDP access to remote SCTP servers (port 9899) is allowed. Direct UDP access to remote Steam gaming servers (port 27005) is allowed. Direct UDP access to remote Steam gaming servers (port 27015) is allowed. Traceroute (?): OK + Path MTU (?): OK + Network Access Link Properties + – Network latency measurements (?): Latency: 190ms Loss: 0.0% + TCP connection setup latency (?): 210ms + Network background health measurement (?): no transient outages + Network bandwidth (?): Upload 370 Kbit/sec, Download 4.5 Mbit/sec + Network buffer measurements (?): Uplink 390 ms, Downlink 470 ms – We estimate your uplink as having 390 msec of buffering. This level may serve well for maximizing speed while minimizing the impact of large transfers on other traffic. We estimate your downlink as having 470 msec of buffering. This level can in some situations prove somewhat high, and you may experience degraded performance when performing interactive tasks such as web-surfing while simultaneously conducting large downloads. Real-time applications, such as games or audio chat, may also work poorly when conducting large downloads at the same time. HTTP Tests + – Address-based HTTP proxy detection (?): OK + Content-based HTTP proxy detection (?): Warning – Changes to headers or contents sent between the applet and our HTTP server show the presence of an otherwise unadvertised HTTP proxy. The following headers had their capitalization modified by the proxy: Content-Type: text/html Connection: close Set-Cookie: netAlizEd=BaR; path=/; domain=netalyzr.icsi.berkeley.edu The following headers were added by the proxy to HTTP responses: Content-Encoding: gz­ip Transfer-Encoding: c­hunked Warning: 214 katfra-­fe18 "Transform­ation applied" The detected proxy reordered the headers sent from the server. The detected HTTP proxy changed images that were sent from our server. The detected HTTP proxy changed either the headers the applet sent or the HTTP response from the server. We have captured the changes for further analysis. HTTP proxy detection via malformed requests (?): OK + Filetype-based filtering (?): OK + HTTP caching behavior (?): OK + JavaScript-based tests (?): OK + DNS Tests + – Restricted domain DNS lookup (?): OK + Unrestricted domain DNS lookup (?): OK + Direct DNS support (?): OK + Direct EDNS support (?): OK + DNS resolver address (?): OK + DNS resolver properties (?): Lookup latency 630ms + Direct probing of DNS resolvers (?) – Your system is configured to use 2 DNS resolver(s). The resolver at 213.241.79.38 (ns5) could not process the following tested types: Medium (~1300B) TXT records Large (~3000B) TXT records It does not validate DNSSEC. It does not wildcard NXDOMAIN errors. The resolver reports a number of additional properties. Show them. The resolver at 213.241.79.37 (ns5) could not process the following tested types: Medium (~1300B) TXT records Large (~3000B) TXT records It does not validate DNSSEC. It does not wildcard NXDOMAIN errors. The resolver reports a number of additional properties. Show them. DNS glue policy (?): OK + DNS resolver port randomization (?): OK + DNS lookups of popular domains (?): OK + DNS external proxy (?): OK + DNS results wildcarding (?): OK + DNS-level redirection of specific sites (?): OK + Direct probing of DNS roots (?): + IPv6 Tests + – DNS support for IPv6 (?): OK + IPv4, IPv6, and your web browser (?): IPv6 connectivity problem – Your browser successfully fetched a test image from our IPv6 server. Unfortunately, this is substantially slower than IPv4: it took 0.2 seconds longer to fetch the image over IPv6 compared to IPv4. Your browser prefers IPv4 over IPv6. IPv6 connectivity (?): OK + IPv6 TCP connectivity (?): OK + IPv6 Path MTU (?): Warning – Your system can not send or receive fragmented traffic over IPv6. The path between your network and our system supports an MTU of at least 1280 bytes. The path between our system and your network has an MTU of 1450 bytes. The bottleneck is at IP address 2001:1900:5:1::229. The path between our system and your network does not appear to handle fragmented IPv6 traffic properly. IPv6 Traceroute (?): OK + Host Properties + – System clock accuracy (?): OK + Browser properties (?): OK + Uploaded data (?): OK