Wednesday, February 15, 2012

ICSI Netalyzr comparison of SiADSL and Tiscali

I'm in the process of migrating from SiADSL to Tiscali for my home ADSL connection. I have been very happy with SiADSL but I need more bandwidth in upload for video conferences, i.e. Google+ Hangouts with extras. The increase from 7Mb/512kb to 20Mb/1Mb should make a significant difference.

I heard from Michele that Tiscali blocks some ports so I wanted to have a record of the differences between the two provider in case I had problems. Netalyzr to the rescue! It can run as a Java Applet or as a command line client for the more security conscious. It takes several minutes to run and tests everything I ever knew about and then some...

So, what changes between Tiscali and SiADSL?

Tiscali blocks some TCP and UDP ports which I consider a feature, not a problem, if you have Windows machines on the network:

  • Direct TCP access to remote RPC servers (port 135) is blocked. This is probably for security reasons, as this protocol is generally not designed for use outside the local network.
  • Direct UDP access to remote NetBIOS NS servers (port 137) is blocked.
  • Direct UDP access to remote IKE key exchange servers (port 500) is blocked.

I was surprised to notice this potential problem though after I moved to Tiscali:

I passed from PPPoE which uses a max MTU of 1492 to PPPoA which supports 1500 and I had forgotten to update the max MTU on my border router. I tried to leave the max MTU at 1492 but quickly had problems so I increased it to 1500 and it has been working like a charm since. I would have blamed my connectivity problems at Tiscali unless Netalyzr found the problem for me.

I'm also pleased to see that this warning I had on the SiADSL connection is gone with Tiscali:

Exactly the behavior I have seen over the last year(s). Uploads with Picasa killed internet access and video conferencing with many participants is "impossible" even with no other traffic.

1 comment:

  1. Some ports (UDP 500) you tell are blocked sound strange to me since I have set up a L2TP VPN server @home and I can connect perfectly.
    Nevertheless you can find the complete specification (and blocked ports) at the following link: