[Scamper-dev] fyi [mjl@luckie.org.nz: Re: ICMP quoting idea...]

k claffy kc at caida.org
Wed May 25 13:16:56 PDT 2005 

----- Forwarded message from Matthew Luckie <mjl at luckie.org.nz> -----

  Date: Wed, 25 May 2005 08:20:55 +1200
  From: Matthew Luckie <mjl at luckie.org.nz>
  Subject: Re: ICMP quoting idea...
  To: David Malone <dwmalone at maths.tcd.ie>
  Cc: k claffy <kc at caida.org>
  
  David Malone wrote:
  >I've been playing with an idea that I had after flicking through
  >the proceedings of last year's IMC. The idea was to do tcptraceroutes
  >and look in detail at the headers quoted by the ICMP TTL exceeded
  >messages for changes indicating things like:
  >
  >	1) middleboxes clearing ECN bits,
  >	2) middleboxes adding MSS options,
  >	3) middleboxes clearing DF,
  >	4) NAT/PAT,
  >	5) IPID/sequence number modulation,
  >	6) quoting random chunks of router memory,
  >	...
  >
  >I have some initial work done, and the results look like they may
  >be interesting (there's certainly a lot of strange things going on
  >out there).
  >
  >The idea seems to be fairly obvious, so I've been trying to see if
  >anyone has tried something like this before. I've found some work
  >using the size of the quote for OS fingerprinting, but haven't
  >managed to turn up much else yet. I was wondering if either of you
  >might have heard of similar work?
  
  I haven't heard of similar work.  I've had it suggested to me a few 
  times to do an ECN debugging traceroute to infer where in an IP path 
  packets with ECN bits set are dropped in a similar way to work i did with
  
  "Inferring and Debugging Path MTU Discovery Failures"
  http://www.wand.net.nz/~mjl12/debugging-pmtud.pdf
  Submitted to IMC 2005.
  
  I have intended to build tcptraceroute into scamper, but have not got to 
  that yet.  The main thing stopping me doing that was the lack of a 
  common way to do tcptraceroute for both IPv4 and IPv6 in parallel, but I 
  think I've got beyond that now that I can form raw packets on the 
  datalink (BPF and such).
  
  The work sounds like interesting stuff.  If you'd like me to hack 
  anything into scamper to support this work, i'd be happy to.  Have you 
  considered how you'll construct the data set, in terms of target 
  addresses / networks?
  
  Matthew

----- End forwarded message -----

More information about the Scamper-dev mailing list