short-paper

Revealing middlebox interference with tracebox

Authors:

Benjamin Hesmans,

Olivier Bonaventure,

Benoit DonnetAuthors Info & Claims

IMC '13: Proceedings of the 2013 conference on Internet measurement conference

Pages 1 - 8

https://doi.org/10.1145/2504730.2504757

Published: 23 October 2013 Publication History

Abstract

Middleboxes such as firewalls, NAT, proxies, or Deep Packet Inspection play an increasingly important role in various types of IP networks, including enterprise and cellular networks. Recent studies have shed the light on their impact on real traffic and the complexity of managing them. Network operators and researchers have few tools to understand the impact of those boxes on any path. In this paper, we propose tracebox, an extension to the widely used traceroute tool, that is capable of detecting various types of middlebox interference over almost any path. tracebox sends IP packets containing TCP segments with different TTL values and analyses the packet encapsulated in the returned ICMP messages. Further, as recent routers quote, in the ICMP message, the entire IP packet that they received, tracebox is able to detect any modification performed by upstream middleboxes. In addition, tracebox can often pinpoint the network hop where the middlebox interference occurs. We evaluate tracebox with measurements performed on PlanetLab nodes. Our analysis reveals various types of middleboxes that were not expected on such an experimental testbed supposed to be connected to the Internet without any restriction.

Supplementary Material

PDF File (crimc032s.pdf)

Consolidated Review of Revealing Middlebox Interference with Tracebox

Download
127.30 KB

References

[1]

J. Sherry, S. Hasan, C. Scott, A. Krishnamurthy, S. Ratnasamy, and V. Sekar, "Making middleboxes someone else's problem: Network processing as a cloud service," in Proc. ACM SIGCOMM, August 2012.

Digital Library

[2]

B. Carpenter and S. Brim, "Middleboxes: Taxonomy and issues," Internet Engineering Task Force, RFC 3234, February 2002.

Digital Library

[3]

Z. Wang, Z. Qian, Q. Xu, Z. Mao, and M. Zhang, "An untold story of middleboxes in cellular networks," in Proc. ACM SIGCOMM, August 2011.

Digital Library

[4]

M. Honda, Y. Nishida, C. Raiciu, A. Greenhalgh, M. Handley, and H. Tokuda, "Is it still possible to extend TCP," in Proc. ACM/USENIX Internet Measurement Conference (IMC), November 2011.

Digital Library

[5]

R. Stewart, Q. Xie, K. Morneault, C. Sharp, H. Schwarzbauer, T. Taylor, I. Rytina, M. Kalla, L. Zhang, and V. Paxson, "Stream control transmission protocol," Internet Engineering Task Force, RFC 2960, October 2000.

Digital Library

[6]

A. Ford, C. Raiciu, M. Handley, and O. Bonaventure, "TCP extensions for multipath operation with multiple addresses," Internet Engineering Task Force, RFC 6824, January 2013.

[7]

V. Jacobson et al., "traceroute," UNIX," man page, 1989, see source code: ftp://ftp.ee.lbl.gov/traceroute.tar.gz.

[8]

J. Postel, "Internet control message protocol," Internet Engineering Task Force, RFC 792, September 1981.

Digital Library

[9]

F. Baker, "Requirements for IP version 4 routers," Internet Engineering Task Force, RFC 1812, June 1995.

Digital Library

[10]

R. Ierusalimschy, L. H. de Figueiredo, and W. Celes, "LUA, an extensible extension language," Software: Pactice & Experience, vol. 26, no. 6, pp. 635--652, June 1996.

Digital Library

[11]

P. Biondi, "Scapy," see http://www.secdev.org/projects/scapy/.

[12]

G. Detal, "\tracebox," July 2013, see http://www.tracebox.org.

[13]

E. Kohler, R. Morris, B. Chen, J. Jannotti, and F. Kaashoek, "The click modular router," ACM Transactions on Computer Systems, vol. 18, no. 3, pp. 263--297, August 2000.

Digital Library

[14]

B. Hesmans, "Mbclick," July 2013, see https://bitbucket.org/bhesmans/mbclick.

[15]

A. Heffernan, "Protection of BGP sessions via the TCP MD5 signature option," Internet Engineering Task Force, RFC 2385, August 1998.

Digital Library

[16]

V. Jacobson, R. Braden, and D. Borman, "TCP extensions for high performance," Internet Engineering Task Force, RFC 1323, May 1992.

Digital Library

[17]

Microsoft, "Patch available to improve TCP initial sequence number randomness," Microsoft, Microsoft Security Bulletin MS99-066, October 1999, see http://technet.microsoft.com/en-us/security/bulletin/ms99-046.

[18]

M. Mathis, J. Mahdavi, S. Floyd, and A. Romanow, "TCP selective acknowledgement options," Internet Engineering Task Force, RFC 2018, October 1996.

Digital Library

[19]

C. Paasch, "Presentation ietf 87," July 2013, see http://tools.ietf.org/agenda/87/slides/slides-87-tcpm-11.pdf.

[20]

J. Mogul and S. Deering, "Path MTU discovery," Internet Engineering Task Force, RFC 1191, November 1990.

Digital Library

[21]

A. Medina, M. Allman, and S. Floyd, "Measuring interactions between transport protocols and middleboxes," in Proc. ACM SIGCOMM Internet Measurement Conference (IMC), October 2004.

Digital Library

[22]

P. Srisuresh and M. Holdrege, "IP network address translator (NAT) terminology and considerations," Internet Engineering Task Force, RFC 2663, August 1999.

Digital Library

[23]

B. Donnet and T. Friedman, "Internet topology discovery: a survey," IEEE Communications Surveys and Tutorials, vol. 9, no. 4, December 2007.

Digital Library

[24]

H. Haddadi, G. Iannaccone, A. Moore, R. Mortier, and M. Rio, "Network topologies: Inference, modeling and generation," IEEE Communications Surveys and Tutorials, vol. 10, no. 2, pp. 48--69, April 2008.

Digital Library

[25]

M. Torren, "tcptraceroute - a traceroute implementation using TCP packets," UNIX," man page, 2001, see source code: http://michael.toren.net/code/tcptraceroute/.

[26]

M. Luckie, Y. Hyun, and B. Huffaker, "Traceroute probe methode and forward IP path inference," in ACM SIGCOMM Internet Measurement Conference (IMC), October 2008.

Digital Library

[27]

B. Augustin, X. Cuvellier, B. Orgogozo, F. Viger, T. Friedman, M. Latapy, C. Magnien, and R. Teixeira, "Avoiding traceroute anomalies with Paris traceroute," in Proc. ACM/USENIX Internet Measurement Conference (IMC), October 2006.

Digital Library

[28]

E. Katz-Bassett, H. Madhyastha, V. Adhikari, C. Scott, J. Sherry, P. van Wesep, A. Krishnamurthy, and T. Anderson, "Reverse traceroute," in Proc. USENIX Symposium on Networked Systems Design and Implementations (NSDI), June 2010.

Digital Library

[29]

B. Donnet, P. Raoult, T. Friedman, and M. Crovella, "Efficient algorithms for large-scale topology discovery," in Proc. ACM SIGMETRICS, June 2005.

Digital Library

[30]

R. Beverly, A. Berger, and G. Xie, "Primitives for active Internet topology mapping: Toward high-frequency characterization," in Proc. ACM/USENIX Internet Measurement Conference (IMC), November 2010.

Digital Library

[31]

T. Bourgeau and T. Friedman, "Efficient IP-level network topology capture," in Proc. Passive and Active Measurement Conference (PAM), March 2013.

Digital Library

[32]

K. Ramakrishnan, S. Floyd, and D. Black, "The addition of explicit congestion notification (ECN) to IP," Internet Engineering Task Force, RFC 3168, September 2001.

Digital Library

Cited By

Xing YLu CLiu BDuan HSun JLi ZVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Yesterday Once More: Global Measurement of Internet Traffic Shadowing BehaviorsProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3689023(230-240)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3689023
Lukaszewski DXie G(2024)Software Defined Layer 4.5 Customization for Agile Network OperationIEEE Transactions on Network and Service Management10.1109/TNSM.2023.328887521:1(35-50)Online publication date: Mar-2024
https://doi.org/10.1109/TNSM.2023.3288875
Hill LRotsos CEdwards CHutchison D(2024)Katoptron: Efficient State Mirroring for Middlebox ResilienceNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575815(1-9)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575815
Show More Cited By

Index Terms

Revealing middlebox interference with tracebox
1. Networks
  1. Network services
    1. Network monitoring

Recommendations

Are TCP extensions middlebox-proof?
HotMiddlebox '13: Proceedings of the 2013 workshop on Hot topics in middleboxes and network function virtualization

Besides the traditional routers and switches, middleboxes such as NATs, firewalls, IDS or proxies have a growing importance in many networks, notably in entreprise and wireless access networks. Many of these middleboxes modify the packets that they ...
Measuring interactions between transport protocols and middleboxes
IMC '04: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement

In this paper we explore the evolution of both the Internet's most heavily used transport protocol, TCP, and the current network environment with respect to how the network's evolution ultimately impacts end-to-end protocols. The traditional end-to-end ...
Is it still possible to extend TCP?
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

We've known for a while that the Internet has ossified as a result of the race to optimize existing applications or enhance security. NATs, performance-enhancing-proxies,firewalls and traffic normalizers are only a few of the middleboxes that are ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IMC '13: Proceedings of the 2013 conference on Internet measurement conference

October 2013

480 pages

ISBN:9781450319539

DOI:10.1145/2504730

General Chair:
Konstantina (Dina) Papagiannaki
Telefonica Research
,
Program Chairs:
Krishna Gummadi
MPI-SWS
,
Craig Partridge
Raytheon BBN Technologies

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 October 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

IMC'13

Sponsor:

IMC'13: Internet Measurement Conference

October 23 - 25, 2013

Barcelona, Spain

Acceptance Rates

IMC '13 Paper Acceptance Rate 42 of 178 submissions, 24%;

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

83
Total Citations
View Citations
503
Total Downloads

Downloads (Last 12 months)53
Downloads (Last 6 weeks)6

Reflects downloads up to 28 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xing YLu CLiu BDuan HSun JLi ZVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Yesterday Once More: Global Measurement of Internet Traffic Shadowing BehaviorsProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3689023(230-240)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3689023
Lukaszewski DXie G(2024)Software Defined Layer 4.5 Customization for Agile Network OperationIEEE Transactions on Network and Service Management10.1109/TNSM.2023.328887521:1(35-50)Online publication date: Mar-2024
https://doi.org/10.1109/TNSM.2023.3288875
Hill LRotsos CEdwards CHutchison D(2024)Katoptron: Efficient State Mirroring for Middlebox ResilienceNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575815(1-9)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575815
Pournaghshband VReiher P(2024)End-to-End Detection of Middlebox InterferenceNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575716(1-9)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575716
Islam SWelzl MHapnes EFeng B(2024)Using the IPv6 Flow Label for Path Consistency: A Large-Scale Measurement StudyICC 2024 - IEEE International Conference on Communications10.1109/ICC51166.2024.10622542(3022-3027)Online publication date: 9-Jun-2024
https://doi.org/10.1109/ICC51166.2024.10622542
Hill LRotsos CEdwards CHutchison D(2024)REMEDIATE: Improving Network and Middlebox Resilience With VirtualisationInternational Journal of Network Management10.1002/nem.231735:1Online publication date: 3-Dec-2024
https://doi.org/10.1002/nem.2317
Sander CKunze IBlöcher LKosek MWehrle KMontpetit MLeivadeas AUhlig SJaved M(2023)ECN with QUIC: Challenges in the WildProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624821(540-553)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624821
Shmeis ZAbdullah MNikolopoulos PArgyraki KChoffnes DGill PMontpetit MLeivadeas AUhlig SJaved M(2023)Localizing Traffic DifferentiationProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624809(591-605)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624809
Salamatian LAnderson SMathews JBarford PWillinger WCrovella M(2023)A Manifold View of Connectivity in the Private Backbone Networks of HyperscalersCommunications of the ACM10.1145/360462066:8(95-103)Online publication date: 25-Jul-2023
https://dl.acm.org/doi/10.1145/3604620
Hilal FGasser O(2023)Yarrpbox: Detecting Middleboxes at Internet-ScaleProceedings of the ACM on Networking10.1145/35952901:CoNEXT1(1-23)Online publication date: 5-Jul-2023
https://dl.acm.org/doi/10.1145/3595290
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten