Just came across this page accidentally: http://www.cs.uit.no/~daniels/PingTunnel/

It says it can convert TCP packets to ICMP. Seriously?

If yes, the traffic monitored by ISP will be in ICMP or TCP? If it is in ICMP, won't that be very very less than TCP?

Of course it's possible, ever done any tunneling, say VPN or IP over HTTPS?. IP is just packets, you can tunnel any given protocol over anything else, within reasonable limits.

if your normal TCP/IP packet, on ethernet for example is something like:

MAC+IP+TCP+PAYLOAD

you can put the whole IP packet into data part of an ICMP echo, resulting something like:

MAC+IP+ICMP+(own_header)+IP+TCP+PAYLOAD

You can have some own intermediate header there, that I marked as (own_header if you want to convey some OOB data related to your connection etc, but it's not mandatory really...
Or if you are really paranoid you could of course encrypt the whole packet before tunneling, when it becomes:

MAC+IP+ICMP+(own_header)+CRYPTOHEADER+IP+TCP+PAYLO AD

Some things you have to consider; Normally when tunneling you will gain extra headers which of course means that if your original packets are close to MTU in size, you should propably fragment the packets or make sure that TCP segmenting breaks the data into a bit shorter chunks. Else you will get suboptimal performance as most of your data will be unevenly fragmented on transit.
Also note that many routers are optimized for TCP stream forwarding, and when you encapsulate your TCP into ICMP the congestion handling algorithms do not work as meant.


It depends what and how ISP monitoring is done. If just outer headers are checked then the traffic is classified as ICMP. If there is some DPI then the underlying protocols can be monitored, unless of course you go to the encrypting route.


Now I am confused, what is very very what? and what is less than what?

I was referring to the traffic volume which would be measured by ISP. I thought instead of TCP, if the ISP is measuring ICMP, the volume measured will be less (as per the source where I found this link).

Well I suppose that could bo so if the ISP in question measures traffic volume based only on forwarded TCP/IP packets... What kind of ISP are you thinking about here, a mobile TELCO or some DSL/cable provider?

I'd rather think traffic volume measurements are done based on total frame throughtput regardless of the IP protocol family so if you are thinking of something like for example overriding a given traffic volume restriction I don't think it is going to work...
(getting around a restriction like "you get xx MB/month for yy euros, after that it costs zz euros/MB")

In reality the ISP will see more bytes to/from your location, because of the added header overhead

Where is the thank you button when you need it? @juiceme, you've nailed it!

Yes, that's the problem with off-topic forum really.
There should be a sub-category of off-topic-on-topic, having possibility to give thanks, where one can start discussions whatsoever.
The general off-topic section would be used only for a final resting place of flamewars.

What I asked was a generic question; I was not aware that ISPs (Wireless based or cable based) do the bandwidth/usage monitoring differently.

Got it from your first post. Thanks for the detailed explanation which clarified things

Yeah, I too miss a "Thanks!" button here