Middleboxes such as firewalls, NAT, proxies, or Deep Packet Inspection play an
increasingly important role in various types of IP networks, including
enterprise and cellular networks. Recent studies have shed the light on their
impact on real traffic and the complexity of managing them. Network operators
and researchers have few tools to understand the impact of those boxes on any
path. In this paper, we propose tracebox, an extension to the widely used
traceroute tool, that is capable of detecting various types of middlebox
interference over almost any path. tracebox sends IP packets containing TCP
segments with different TTL values and analyses the packet encapsulated in the
returned ICMP messages. Further, as recent routers quote, in the ICMP message,
the entire IP packet that they received, tracebox is able to detect any
modification performed by upstream middleboxes. In addition, tracebox can often
pinpoint the network hop where the middlebox interference occurs. We evaluate
tracebox with measurements performed on PlanetLab nodes. Our analysis reveals
various types of middleboxes that were not expected on such an experimental
testbed supposed to be connected to the Internet without any restriction.

Gregory Detal, Benjamin Hesmans, Olivier Bonaventure, Yves Vanaubel and Benoit Donnet
Proceedings of the 2013 ACM SIGCOMM conference on Internet measurement conference, October 2013. ACM.
Full text
pdf   (317.33 KB)
Cite it
See here

