REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Presented by: - - PowerPoint PPT Presentation

revealing middleboxes interference with tracebox
SMART_READER_LITE
LIVE PREVIEW

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Presented by: - - PowerPoint PPT Presentation

May 26, 2023 147 likes •1.11k views

31st NMRG Meeting REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Presented by: Fabien Duchne* Gregory Detal*, Benjamin Hesmans*, Olivier Bonaventure*, Yves Vanaubel and Benoit Donnet. *Universit Catholique de Louvain Universit

slide-1
SLIDE 1

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Gregory Detal*, Benjamin Hesmans*, Olivier Bonaventure*, Yves Vanaubel° and Benoit Donnet°. *Université Catholique de Louvain °Université de Liège http://www.tracebox.org Presented by: Fabien Duchêne* 31st NMRG Meeting

lundi 14 octobre 13

slide-2
SLIDE 2

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Outline

  • Middleboxes interference
  • Detect packet modifications with ICMP
  • Measurements results
  • Tracebox

lundi 14 octobre 13

slide-3
SLIDE 3

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

The end-to-end principle …

lundi 14 octobre 13

slide-4
SLIDE 4

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

The end-to-end principle …

Application Transport Network Data link Physical Application Transport Network Data link Physical

lundi 14 octobre 13

slide-5
SLIDE 5

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

The end-to-end principle …

Application Transport Network Data link Physical Application Transport Network Data link Physical Data link Physical Network Data link Physical

lundi 14 octobre 13

slide-6
SLIDE 6

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

The end-to-end principle …

Application Transport Network Data link Physical Application Transport Network Data link Physical Data link Physical Network Data link Physical

lundi 14 octobre 13

slide-7
SLIDE 7

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

… does not hold 

Application Transport Network Data link Physical Application Transport Network Data link Physical Data link Physical

lundi 14 octobre 13

slide-8
SLIDE 8

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

… does not hold 

Application Transport Network Data link Physical Application Transport Network Data link Physical Data link Physical Application Transport Network Data link Physical

lundi 14 octobre 13

slide-9
SLIDE 9

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

… does not hold 

Application Transport Network Data link Physical Application Transport Network Data link Physical Data link Physical Application Transport Network Data link Physical

lundi 14 octobre 13

slide-10
SLIDE 10

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

How transparent is the Internet ?

  • 25th September 2010 to

30th April 2011

  • 142 access networks
  • 24 countries
  • Craft TCP segments using

custom scripts

  • Sent specific TCP

segments from client to a server in Japan

Honda, Michio, et al. "Is it still possible to extend TCP?" Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference. ACM, 2011.

lundi 14 octobre 13

slide-11
SLIDE 11

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

TCP Segments on the today’s Internet

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum TTL Protocol Flags Frag. Offset Source IP address Identification Destination IP address Payload Options IP TCP

lundi 14 octobre 13

slide-12
SLIDE 12

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

TCP Segments on the today’s Internet

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum TTL Protocol Flags Frag. Offset Source IP address Identification Destination IP address Payload Options IP TCP Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum TTL Protocol Flags Frag. Offset Source IP address Identification Destination IP address Payload Options

lundi 14 octobre 13

slide-13
SLIDE 13

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Controlling a server allows to detect middleboxes on one path

Controlled server

lundi 14 octobre 13

slide-14
SLIDE 14

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Controlling a server allows to detect middleboxes on one path

Controlled server

lundi 14 octobre 13

slide-15
SLIDE 15

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Controlling a server allows to detect middleboxes on one path

Controlled server

lundi 14 octobre 13

slide-16
SLIDE 16

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Controlling a server allows to detect middleboxes on one path

Controlled server

lundi 14 octobre 13

slide-17
SLIDE 17

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Potentially miss a lot of middleboxes

? ? Uncontrolled server

lundi 14 octobre 13

slide-18
SLIDE 18

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Motivation

lundi 14 octobre 13

slide-19
SLIDE 19

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Motivation

  • Detecting middleboxes can help:
  • Understanding performances
  • Validate new protocols

lundi 14 octobre 13

slide-20
SLIDE 20

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Motivation

  • Detecting middleboxes can help:
  • Understanding performances
  • Validate new protocols
  • Debug the network !

lundi 14 octobre 13

slide-21
SLIDE 21

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Motivation

  • Detecting middleboxes can help:
  • Understanding performances
  • Validate new protocols
  • Debug the network !

lundi 14 octobre 13

slide-22
SLIDE 22

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Motivation

  • Detecting middleboxes can help:
  • Understanding performances
  • Validate new protocols
  • Debug the network !
  • How can we detect middleboxes interference

without server collaboration ?

lundi 14 octobre 13

slide-23
SLIDE 23

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Motivation

  • Detecting middleboxes can help:
  • Understanding performances
  • Validate new protocols
  • Debug the network !
  • How can we detect middleboxes interference

without server collaboration ?

lundi 14 octobre 13

slide-24
SLIDE 24

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Motivation

  • Detecting middleboxes can help:
  • Understanding performances
  • Validate new protocols
  • Debug the network !
  • How can we detect middleboxes interference

without server collaboration ?

  • How can we localize the middleboxes ?

lundi 14 octobre 13

slide-25
SLIDE 25

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Outline

  • Middleboxes interference
  • Detect packet modifications with

ICMP

  • Measurements results
  • Tracebox

lundi 14 octobre 13

slide-26
SLIDE 26

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Randomize TCP seq lundi 14 octobre 13

slide-27
SLIDE 27

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

IP/TCP

Randomize TCP seq lundi 14 octobre 13

slide-28
SLIDE 28

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum TTL Protocol Flags Frag. Offset Source IP address Identification Destination IP address

IP/TCP

Randomize TCP seq lundi 14 octobre 13

slide-29
SLIDE 29

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum TTL Protocol Flags Frag. Offset Source IP address Identification Destination IP address

TTL=1

IP/TCP

Randomize TCP seq lundi 14 octobre 13

slide-30
SLIDE 30

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum TTL Protocol Flags Frag. Offset Source IP address Identification Destination IP address

TTL=1

IP/TCP

Randomize TCP seq lundi 14 octobre 13

slide-31
SLIDE 31

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum TTL Protocol Flags Frag. Offset Source IP address Identification Destination IP address

TTL=1

IP/TCP

Randomize TCP seq lundi 14 octobre 13

slide-32
SLIDE 32

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum TTL Protocol Flags Frag. Offset Source IP address Identification Destination IP address

TTL=1

IP/TCP

TTL=2

Randomize TCP seq lundi 14 octobre 13

slide-33
SLIDE 33

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum TTL Protocol Flags Frag. Offset Source IP address Identification Destination IP address

TTL=1

IP/TCP

TTL=2

Randomize TCP seq lundi 14 octobre 13

slide-34
SLIDE 34

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum TTL Protocol Flags Frag. Offset Source IP address Identification Destination IP address

TTL=1

IP/TCP

TTL=2

Randomize TCP seq lundi 14 octobre 13

slide-35
SLIDE 35

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum TTL Protocol Flags Frag. Offset Source IP address Identification Destination IP address

TTL=1

IP/TCP

TTL=2

Randomize TCP seq lundi 14 octobre 13

slide-36
SLIDE 36

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum TTL Protocol Flags Frag. Offset Source IP address Identification Destination IP address

TTL=1

IP/TCP

TTL=2

Randomize TCP seq lundi 14 octobre 13

slide-37
SLIDE 37

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

IP/TCP

Randomize TCP seq lundi 14 octobre 13

slide-38
SLIDE 38

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

IP/ICMP

lundi 14 octobre 13

slide-39
SLIDE 39

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

IP type = 11 code = 0 checksum 0 (unused)

IP/ICMP

lundi 14 octobre 13

slide-40
SLIDE 40

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Sequence number Ver IHL ToS Total length Checksum 1 Protocol Flags Frag. Offset Source IP address Identification Destination IP address IP type = 11 code = 0 checksum 0 (unused)

IP/ICMP

lundi 14 octobre 13

slide-41
SLIDE 41

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Sequence number Ver IHL ToS Total length Checksum 1 Protocol Flags Frag. Offset Source IP address Identification Destination IP address

Snapshot of probe at router:

lundi 14 octobre 13

slide-42
SLIDE 42

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum 2 Protocol Flags Frag. Offset Source IP address Identification Destination IP address Source port Destination port Sequence number Ver IHL ToS Total length Checksum 1 Protocol Flags Frag. Offset Source IP address Identification Destination IP address

Snapshot of probe at router: Sent probe:

lundi 14 octobre 13

slide-43
SLIDE 43

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum 2 Protocol Flags Frag. Offset Source IP address Identification Destination IP address Source port Destination port Sequence number Ver IHL ToS Total length Checksum 1 Protocol Flags Frag. Offset Source IP address Identification Destination IP address

Snapshot of probe at router: Sent probe:

lundi 14 octobre 13

slide-44
SLIDE 44

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum 2 Protocol Flags Frag. Offset Source IP address Identification Destination IP address Source port Destination port Sequence number Ver IHL ToS Total length Checksum 1 Protocol Flags Frag. Offset Source IP address Identification Destination IP address

Compare Snapshot of probe at router: Sent probe:

lundi 14 octobre 13

slide-45
SLIDE 45

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum 2 Protocol Flags Frag. Offset Source IP address Identification Destination IP address Source port Destination port Sequence number Ver IHL ToS Total length Checksum 1 Protocol Flags Frag. Offset Source IP address Identification Destination IP address

Compare Snapshot of probe at router: Sent probe:

There is a middlebox

lundi 14 octobre 13

slide-46
SLIDE 46

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum 2 Protocol Flags Frag. Offset Source IP address Identification Destination IP address Source port Destination port Sequence number Ver IHL ToS Total length Checksum 1 Protocol Flags Frag. Offset Source IP address Identification Destination IP address

Compare Snapshot of probe at router: Sent probe:

There is a middlebox that modifies the TCP

lundi 14 octobre 13

slide-47
SLIDE 47

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum 2 Protocol Flags Frag. Offset Source IP address Identification Destination IP address Source port Destination port Sequence number Ver IHL ToS Total length Checksum 1 Protocol Flags Frag. Offset Source IP address Identification Destination IP address

Compare Snapshot of probe at router: Sent probe:

There is a middlebox that modifies the TCP sequence number before

lundi 14 octobre 13

slide-48
SLIDE 48

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Middlebox detection using ICMP

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum 2 Protocol Flags Frag. Offset Source IP address Identification Destination IP address Source port Destination port Sequence number Ver IHL ToS Total length Checksum 1 Protocol Flags Frag. Offset Source IP address Identification Destination IP address

Compare Snapshot of probe at router: Sent probe:

There is a middlebox that modifies the TCP sequence number before the second hop

lundi 14 octobre 13

slide-49
SLIDE 49

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

ICMP-based modification detection

  • RFC792 requires ICMP to include only the first 8 bytes of

the transport header.

  • In 1995 RFC1812 and in 2007 RFC4884 require that

routers should quote the complete original packet.

  • By default on Linux, Cisco IOX, HP routers, Alcatel routers,

PaloAlto Firewall, etc.

lundi 14 octobre 13

slide-50
SLIDE 50

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

ICMP-based modification detection

  • RFC792 requires ICMP to include only the first 8 bytes of

the transport header.

  • In 1995 RFC1812 and in 2007 RFC4884 require that

routers should quote the complete original packet.

  • By default on Linux, Cisco IOX, HP routers, Alcatel routers,

PaloAlto Firewall, etc.

Source port Destination port Checksum Urgent pointer THL Reserved Flags Acknowledgment number Sequence number Window Ver IHL ToS Total length Checksum TTL Protocol Flags Frag. Offset Source IP address Identification Destination IP address Payload Options

lundi 14 octobre 13

slide-51
SLIDE 51

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

ICMP-based modification detection

  • RFC792 requires ICMP to include only the first 8 bytes of

the transport header.

  • In 1995 RFC1812 and in 2007 RFC4884 require that

routers should quote the complete original packet.

  • By default on Linux, Cisco IOX, HP routers, Alcatel routers,

PaloAlto Firewall, etc.

lundi 14 octobre 13

slide-52
SLIDE 52

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

ICMP-based modification detection

  • RFC792 requires ICMP to include only the first 8 bytes of

the transport header.

  • In 1995 RFC1812 and in 2007 RFC4884 require that

routers should quote the complete original packet.

lundi 14 octobre 13

slide-53
SLIDE 53

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

ICMP-based modification detection

  • RFC792 requires ICMP to include only the first 8 bytes of

the transport header.

  • In 1995 RFC1812 and in 2007 RFC4884 require that

routers should quote the complete original packet.

lundi 14 octobre 13

slide-54
SLIDE 54

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

ICMP-based modification detection

  • RFC792 requires ICMP to include only the first 8 bytes of

the transport header.

  • In 1995 RFC1812 and in 2007 RFC4884 require that

routers should quote the complete original packet.

  • By default on Linux, Cisco IOX, HP routers, Alcatel routers,

PaloAlto Firewall, etc.

lundi 14 octobre 13

slide-55
SLIDE 55

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Outline

  • Middleboxes interference
  • Detect packet modifications with ICMP
  • Measurements results
  • Tracebox

lundi 14 octobre 13

slide-56
SLIDE 56

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Measurements

  • Used PlanetLab to perform experiments
  • PlanetLab nodes are supposed to be directly

connected to the Internet.

  • Sources: 70 vantage points
  • Destinations: Top 5000 Alexa

lundi 14 octobre 13

slide-57
SLIDE 57

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

80 % of Internet paths contains at least one RFC1812-capable router

lundi 14 octobre 13

slide-58
SLIDE 58

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

80 % of Internet paths contains at least one RFC1812-capable router

lundi 14 octobre 13

slide-59
SLIDE 59

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

80 % of Internet paths contains at least one RFC1812-capable router

80 %

lundi 14 octobre 13

slide-60
SLIDE 60

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Firewall at source modified the MSS

lundi 14 octobre 13

slide-61
SLIDE 61

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Firewall at source modified the MSS

lundi 14 octobre 13

slide-62
SLIDE 62

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Firewall at source modified the MSS

7 networks always modified the MSS

lundi 14 octobre 13

slide-63
SLIDE 63

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Core network also look at the MSS option and modifies it

lundi 14 octobre 13

slide-64
SLIDE 64

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Core network also look at the MSS option and modifies it

lundi 14 octobre 13

slide-65
SLIDE 65

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Core network also look at the MSS option and modifies it

Some core networks even add the option if not present

lundi 14 octobre 13

slide-66
SLIDE 66

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Outline

  • Middleboxes interference
  • Detect packet modifications with ICMP
  • Measurements results
  • Tracebox

lundi 14 octobre 13

slide-67
SLIDE 67

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Tracebox

  • Uses the previous mechanism to detect middleboxes.
  • Implemented in C++ with Lua embedded.
  • Libcrafter allows to generate probes as Scapy.
  • Open source and available at http://www.tracebox.org
  • Supports Linux and Mac OSX

lundi 14 octobre 13

slide-68
SLIDE 68

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Tracebox

Usage: tracebox [ OPTIONS ] host Options are:

  • h Display this help and exit
  • n Do not resolve IP addresses
  • 6 Use IPv6 for static probe generated
  • u Use UDP for static probe generated
  • d port Use the specified port for static probe
  • generated. Default is 80.
  • i device Specify a network interface to operate with
  • m hops_max Set the max number of hops (max TTL to be

reached). Default is 30

  • p probe Specify the probe to send.
  • s script Run a script.

lundi 14 octobre 13

slide-69
SLIDE 69

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Tracebox

Usage: tracebox [ OPTIONS ] host Options are:

  • h Display this help and exit
  • n Do not resolve IP addresses
  • 6 Use IPv6 for static probe generated
  • u Use UDP for static probe generated
  • d port Use the specified port for static probe
  • generated. Default is 80.
  • i device Specify a network interface to operate with
  • m hops_max Set the max number of hops (max TTL to be

reached). Default is 30

  • p probe Specify the probe to send.
  • s script Run a script.

lundi 14 octobre 13

slide-70
SLIDE 70

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Tracebox

Usage: tracebox [ OPTIONS ] host Options are:

  • h Display this help and exit
  • n Do not resolve IP addresses
  • 6 Use IPv6 for static probe generated
  • u Use UDP for static probe generated
  • d port Use the specified port for static probe
  • generated. Default is 80.
  • i device Specify a network interface to operate with
  • m hops_max Set the max number of hops (max TTL to be

reached). Default is 30

  • p probe Specify the probe to send.
  • s script Run a script.

lundi 14 octobre 13

slide-71
SLIDE 71

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Tracebox

Usage: tracebox [ OPTIONS ] host Options are:

  • h Display this help and exit
  • n Do not resolve IP addresses
  • 6 Use IPv6 for static probe generated
  • u Use UDP for static probe generated
  • d port Use the specified port for static probe
  • generated. Default is 80.
  • i device Specify a network interface to operate with
  • m hops_max Set the max number of hops (max TTL to be

reached). Default is 30

  • p probe Specify the probe to send.
  • s script Run a script.

lundi 14 octobre 13

slide-72
SLIDE 72

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Tracebox

Usage: tracebox [ OPTIONS ] host Options are:

  • h Display this help and exit
  • n Do not resolve IP addresses
  • 6 Use IPv6 for static probe generated
  • u Use UDP for static probe generated
  • d port Use the specified port for static probe
  • generated. Default is 80.
  • i device Specify a network interface to operate with
  • m hops_max Set the max number of hops (max TTL to be

reached). Default is 30

  • p probe Specify the probe to send.
  • s script Run a script.

lundi 14 octobre 13

slide-73
SLIDE 73

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Tracebox

Usage: tracebox [ OPTIONS ] host Options are:

  • h Display this help and exit
  • n Do not resolve IP addresses
  • 6 Use IPv6 for static probe generated
  • u Use UDP for static probe generated
  • d port Use the specified port for static probe
  • generated. Default is 80.
  • i device Specify a network interface to operate with
  • m hops_max Set the max number of hops (max TTL to be

reached). Default is 30

  • p probe Specify the probe to send.
  • s script Run a script.

lundi 14 octobre 13

slide-74
SLIDE 74

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Tracebox

Usage: tracebox [ OPTIONS ] host Options are:

  • h Display this help and exit
  • n Do not resolve IP addresses
  • 6 Use IPv6 for static probe generated
  • u Use UDP for static probe generated
  • d port Use the specified port for static probe
  • generated. Default is 80.
  • i device Specify a network interface to operate with
  • m hops_max Set the max number of hops (max TTL to be

reached). Default is 30

  • p probe Specify the probe to send.
  • s script Run a script.

lundi 14 octobre 13

slide-75
SLIDE 75

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Probe definition

  • SYN probe that contains the window scale option
  • ip{} / tcp{flags=0x2,dst=80} / WSCALE
  • IP / TCP / wscale(9) / NOP
  • IPv6/UDP probe with payload
  • IPv6 / udp{dst=5678} / raw(‘this is a payload’)
  • Multiple options:
  • ip{} / RR(8) / tcp{dst=80} / mss(1400) / WSCALE / TS

lundi 14 octobre 13

slide-76
SLIDE 76

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Supported layers:

  • IP, IPv6
  • IP options:
  • Route Record (RR), Strict Source and Record Route(SSRR),

Loose Source and Record Route (LSRR), Traceroute

  • ICMP
  • UDP
  • TCP
  • TCP options:
  • SACK Permited, SACK blocks, MSS, Timestamp, MPTCP
  • ptions
  • Payload (Raw layer)

lundi 14 octobre 13

slide-77
SLIDE 77

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Demo in a controlled environment

Change:

  • TCP seq
  • MSS option

Non-rfc1812 rfc1812 123.123.123.1 3.3.3.3 66.66.0.6 42.42.42.1

lundi 14 octobre 13

slide-78
SLIDE 78

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Lessons learned

  • There exists middleboxes that affect performances

and network operators are not always aware of them.

  • Tracebox can detect some middleboxes.

lundi 14 octobre 13

slide-79
SLIDE 79

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

What’s next ?

  • Improve scripts to detect ALG
  • Deploy Tracebox

27

lundi 14 octobre 13

slide-80
SLIDE 80

Thank you. Questions ?

fabien.duchene@uclouvain.be http://www.tracebox.org

lundi 14 octobre 13

slide-81
SLIDE 81

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max

lundi 14 octobre 13

slide-82
SLIDE 82

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum

lundi 14 octobre 13

slide-83
SLIDE 83

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum

lundi 14 octobre 13

slide-84
SLIDE 84

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum

lundi 14 octobre 13

slide-85
SLIDE 85

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum

lundi 14 octobre 13

slide-86
SLIDE 86

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum 5: 195.69.144.123 IP::TTL IP::CheckSum

lundi 14 octobre 13

slide-87
SLIDE 87

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum 5: 195.69.144.123 IP::TTL IP::CheckSum 6: 145.254.5.158 IP::TTL IP::CheckSum

lundi 14 octobre 13

slide-88
SLIDE 88

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum 5: 195.69.144.123 IP::TTL IP::CheckSum 6: 145.254.5.158 IP::TTL IP::CheckSum 7: 88.79.13.62 IP::TTL IP::CheckSum

lundi 14 octobre 13

slide-89
SLIDE 89

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum 5: 195.69.144.123 IP::TTL IP::CheckSum 6: 145.254.5.158 IP::TTL IP::CheckSum 7: 88.79.13.62 IP::TTL IP::CheckSum 8: 81.200.194.234 IP::TTL IP::CheckSum

lundi 14 octobre 13

slide-90
SLIDE 90

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum 5: 195.69.144.123 IP::TTL IP::CheckSum 6: 145.254.5.158 IP::TTL IP::CheckSum 7: 88.79.13.62 IP::TTL IP::CheckSum 8: 81.200.194.234 IP::TTL IP::CheckSum 9: 81.200.197.9 IP::TTL IP::CheckSum

lundi 14 octobre 13

slide-91
SLIDE 91

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum 5: 195.69.144.123 IP::TTL IP::CheckSum 6: 145.254.5.158 IP::TTL IP::CheckSum 7: 88.79.13.62 IP::TTL IP::CheckSum 8: 81.200.194.234 IP::TTL IP::CheckSum 9: 81.200.197.9 IP::TTL IP::CheckSum 10: 81.200.198.6 TCP::CheckSum IP::TTL IP::CheckSum

lundi 14 octobre 13

slide-92
SLIDE 92

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum 5: 195.69.144.123 IP::TTL IP::CheckSum 6: 145.254.5.158 IP::TTL IP::CheckSum 7: 88.79.13.62 IP::TTL IP::CheckSum 8: 81.200.194.234 IP::TTL IP::CheckSum 9: 81.200.197.9 IP::TTL IP::CheckSum 10: 81.200.198.6 TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize

lundi 14 octobre 13

slide-93
SLIDE 93

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum 5: 195.69.144.123 IP::TTL IP::CheckSum 6: 145.254.5.158 IP::TTL IP::CheckSum 7: 88.79.13.62 IP::TTL IP::CheckSum 8: 81.200.194.234 IP::TTL IP::CheckSum 9: 81.200.197.9 IP::TTL IP::CheckSum 10: 81.200.198.6 TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize –TCPOptionMPTCPCapable -TCPOptionWindowScale

lundi 14 octobre 13

slide-94
SLIDE 94

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p IP/TCP/MSS/MPCAPABLE/WSCALE bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum 5: 195.69.144.123 IP::TTL IP::CheckSum 6: 145.254.5.158 IP::TTL IP::CheckSum 7: 88.79.13.62 IP::TTL IP::CheckSum 8: 81.200.194.234 IP::TTL IP::CheckSum 9: 81.200.197.9 IP::TTL IP::CheckSum 10: 81.200.198.6 TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize –TCPOptionMPTCPCapable -TCPOptionWindowScale

lundi 14 octobre 13

slide-95
SLIDE 95

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX

Output example

# tracebox -n -p IP/TCP/MSS/MPCAPABLE/WSCALE bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum 5: 195.69.144.123 IP::TTL IP::CheckSum 6: 145.254.5.158 IP::TTL IP::CheckSum 7: 88.79.13.62 IP::TTL IP::CheckSum 8: 81.200.194.234 IP::TTL IP::CheckSum 9: 81.200.197.9 IP::TTL IP::CheckSum 10: 81.200.198.6 TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize –TCPOptionMPTCPCapable -TCPOptionWindowScale

lundi 14 octobre 13