Middleboxes are widely deployed on the Internet mostly at the edge of the network, in enterprise and home networks. Middleboxes plays therefore an important role -- even if they are often criticized -- in today's Internet. Unfortunately, the widespread of middlebox contributed to the ossification of the Internet making it very difficult to innovate. As an example, Multipath TCP, a recent extension to TCP, includes a complex mechanism which constitute the major part of the protocol to deal with those middleboxes.
Middleboxes manipulates traffic for purposes other than simple packet forwarding and often transparently to the end-user (e.g. NAT, transparent proxies, DPI, etc.). Detecting such middleboxes is difficult today.
Tracebox is a tool that allows to detect middleboxes on any paths, i.e., between a source and any destination. Tracebox can be viewed as a tool similar to traceroute as it uses ICMP replies to identify changes in the packets. The fact that tracebox is able to detect middleboxes comes from the observation that ICMP messages are often not as defined in RFC792. Indeed it is quite common to receive a ICMP Time-to-Live exceeded message with the original datagram instead of 64 bits as described in the standard. This is caused by operating systems configured to reply with full ICMP (e.g., Linux, Cisco IOS-XR, etc.) as well as the ICMP Multi-Part Messages extension that standardize the fact that routers using MPLS tunnels replies and ICMP message containing the full datagram.
The tool is presented in the following paper: Gregory Detal, Benjamin Hesmans, Olivier Bonaventure, Yves Vanaubel and Benoit Donnet. Revealing Middlebox Interference with Tracebox. In Proceedings of the 2013 ACM SIGCOMM conference on Internet measurement conference, October 2013.
Tracebox is available on Mac OS X using Homebrew with
brew install tracebox. Yosemite and El Capitan users need to first ensure they installed the full command line developer tools provided by Apple using
Source can be found at http://www.github.com/tracebox/tracebox.
- The development package of libpcap, (lib)lua >= 5.1, json-c (or libjson).
- Automake, autoconf and libtool.
To build Tracebox:
$ ./bootstrap.sh $ make $ sudo make install
There are two possible ways to use tracebox either with the python scripts (see some samples scripts in /tracebox/examples) or with the default binary. The later only send one TCP probe and look for changes in the path. The following example sends a TCP SYN probe (to port 80 by default) with the TCP Maximum Segment Size, Multipath TCP and Window Scale options. The output shows that a middlebox close to the server removes the last two options and change the MSS value.
# tracebox -n -p IP/TCP/MSS/MPCAPABLE/WSCALE bahn.de tracebox to 184.108.40.206 (bahn.de): 64 hops max 1: 220.127.116.11 IP::CheckSum 2: 18.104.22.168 IP::TTL IP::CheckSum 3: 22.214.171.124 IP::TTL IP::CheckSum 4: 126.96.36.199 IP::TTL IP::CheckSum 5: 188.8.131.52 IP::TTL IP::CheckSum 6: 184.108.40.206 IP::TTL IP::CheckSum 7: 220.127.116.11 IP::TTL IP::CheckSum 8: 18.104.22.168 IP::TTL IP::CheckSum 9: 22.214.171.124 IP::TTL IP::CheckSum 10: 126.96.36.199 TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize -TCPOptionMPTCPCapable -TCPOptionWindowScale
Support or Contact
Feedback or comments are welcome @oliviertilmans