[Scamper-dev] fyi [mjl@luckie.org.nz: Re: ICMP quoting idea...]
k claffy
kc at caida.org
Wed May 25 13:16:56 PDT 2005
----- Forwarded message from Matthew Luckie <mjl at luckie.org.nz> -----
Date: Wed, 25 May 2005 08:20:55 +1200
From: Matthew Luckie <mjl at luckie.org.nz>
Subject: Re: ICMP quoting idea...
To: David Malone <dwmalone at maths.tcd.ie>
Cc: k claffy <kc at caida.org>
David Malone wrote:
>I've been playing with an idea that I had after flicking through
>the proceedings of last year's IMC. The idea was to do tcptraceroutes
>and look in detail at the headers quoted by the ICMP TTL exceeded
>messages for changes indicating things like:
>
> 1) middleboxes clearing ECN bits,
> 2) middleboxes adding MSS options,
> 3) middleboxes clearing DF,
> 4) NAT/PAT,
> 5) IPID/sequence number modulation,
> 6) quoting random chunks of router memory,
> ...
>
>I have some initial work done, and the results look like they may
>be interesting (there's certainly a lot of strange things going on
>out there).
>
>The idea seems to be fairly obvious, so I've been trying to see if
>anyone has tried something like this before. I've found some work
>using the size of the quote for OS fingerprinting, but haven't
>managed to turn up much else yet. I was wondering if either of you
>might have heard of similar work?
I haven't heard of similar work. I've had it suggested to me a few
times to do an ECN debugging traceroute to infer where in an IP path
packets with ECN bits set are dropped in a similar way to work i did with
"Inferring and Debugging Path MTU Discovery Failures"
http://www.wand.net.nz/~mjl12/debugging-pmtud.pdf
Submitted to IMC 2005.
I have intended to build tcptraceroute into scamper, but have not got to
that yet. The main thing stopping me doing that was the lack of a
common way to do tcptraceroute for both IPv4 and IPv6 in parallel, but I
think I've got beyond that now that I can form raw packets on the
datalink (BPF and such).
The work sounds like interesting stuff. If you'd like me to hack
anything into scamper to support this work, i'd be happy to. Have you
considered how you'll construct the data set, in terms of target
addresses / networks?
Matthew
----- End forwarded message -----
More information about the Scamper-dev
mailing list