General Overview

Switzerland is a currently-unmaintained network neutrality testing tool, made by the EFF, which passively monitors hashes of TCP/IP packets sent between two clients to check for changed, inserted, or missing packets. It also dynamically masks out commonly changed headers which are benign in nature, such as those often resulting from NAT routers.

Implementation overview

There are both serverside and clientside components, most of which is written in Python, with compatibility back to Python 2.4. A circular buffer for pcaps was written in C for speed improvements, and to eliminate the possibility of the kernel's buffer overflowing.




Switzerland was hosted on the EFF's SVN, although pde gave me (isis) temporary access so that I could convert it to a git repository with the history and commits still intact. It's now here.


Open Source or Free Software Open Data Open Methodologies
yes, both not applicable yes

Is the data required for use public?

Yes, although someone wanting to run it in its current state would need to set up a server and also have external traffic-generation methods.

Is the data collected made public under a free license?

No, do to the sensitive nature of information contained in packet captures.

Is the data format that is used for publication easy to interact with?

Not applicable.

Platform support

Windows, Mac/OSX, Linux, BSD

Intended impact

Switzerland's intent was to identify ISP interference at the packet level, ideally so that the EFF could publicly call them out on those actions.

Test methodology

Software with testing capabilities of this scope has not been designed before, and so many of the problems and solutions that Switzerland had were unique, and its methodologies were more an active experiment to see what worked, rather than an implementation of a reviewed methodology.

Reporting system

Does this tool offer an anonymous communications channel for submission?

No, hashes of packets are sent to the Switzerland server through an authenticated, encrypted connection, but are not anonymous. In the config, the Switzerland client can set the "force_ip" option to force a specific IP, but that seems more useful for clients with multiple external addresses, rather than for address obfuscation. Asynchronous keys are exchanged after a Diffie-Hellman, so it is conceivable that packet-hash batches could be signed and sent to the Switzerland server through Tor. Because clock drift is critical to determining the start-of-flow packet in Switzerland, it would probably be beneficial for the client to set up a long-term circuit for communicating with the server.

If so, does it offer perspective pivoting?


If so, does it offer dynamic confirmation of resources?


What impact or outcome is intended by using the tool or collecting data with this tool?

Clients should be able to detect low-level network anomalies in a protocol-agnostic manner, which would be highly beneficial in cases where new censorship methods, which are not yet understood or determined, are being deployed.

Check list

Open Source or Free Software Open Data Open Methodologies Used by users User education Collects sensitive information
both not applicable yes no yes yes


From discussion with pde (who was the main developer and designer)

See the Notes section of the Switzerland Test page.

From reading the source code

TODO: fill me in.

Last modified 7 years ago Last modified on Jun 26, 2012, 8:56:20 AM