Tracebox is an open source topology discovery software that has been developped by the Université de Liège et by the Université catholique de Louvain in Belgium. Tracebox is an extension to the widely used traceroute tool. The objective of tracebox is to detect various types of middlebox interference over almost any path. To do so, tracebox sends IP packets containing TCP segments with different TTL values and anlyses the packet encapsulated in the returned ICMP message. Further, as recent routers quote, in the ICMP message, the entire IP packet that they received, tracebox is able to detect any modification performed by upstream middleboxes. In addition, tracebox can often pinpoint the network hop where the middlebox interference occurs.
The figure above ((a) topology) shows a simple network, where MB1 is a middlebox that changes the TCP sequence number and the MSS size in the TCP MSS option but that does not decrement the TTL. R1 is an old router while R2 is a router that is able to quote, in the returned ICMP message, the entire message that is responsible of the problem. The server always answer with a TCP reset. The output of running tracebox between ``Source'' and ``Destination'' is given by the below part of the figure ((b) output). The output shows that tracebox is able to effectively detect the middlebox interference but it may occur at a downstream hop. Indeed, as R1 does not quote the full packet, tracebox can only detect the TCP sequence change when analyzing the reply of R1. Nevertheless, when receiving the full message quoted from R2, that contains the complete IP and TCP header, tracebox is able to detect that a TCP option has been changed upstream of R2. At the second hop, \tracebox shows additional modifications on top of the expected ones. The TTL and IP checksum are modified by each router and the TCP checksum modification results from the modification of the header.
Tracebox comes in three flavours:
tracebox brings two important features.
The original software is freely available at tracebox.org (with the source code). The software works under Mac OS X, BSD, and Linux distribution. If you are under Mac OS X, the easiest way to install tracebox is to run homebrew (brew install tracebox).
Source can be found at http://www.github.com/tracebox/tracebox.
Tracebox requires:
To build Tracebox:
$ ./bootstrap.sh
$ make
$ sudo make install
There are two possible ways to use tracebox either with the Python scripts (see some samples scripts in /tracebox/examples) or with the default binary. The later only sends one TCP probe and look for changes in the path.
Scamper Port
The current snapshot of scamper's source code is cvs-20140404 and do not contain Tracebox. Scamper should compile and run under FreeBSD, OpenBSD, NetBSD, Linux, MacOS X, Solaris, Windows, and DragonFly. All releases of scamper are licensed under the GPL v2.
Scamper with tracebox can be found at: https://github.com/fp7mplane/components/tree/master/scamper/source
To build Scamper:
$ ./configure
$ make
$ sudo make install
The Scamper Tracebox implementation is the most complete and efficient. It involves different options to modify the text output format (e.g: traceroute-like output vs simplified middlebox locations only output, add the ICMP quoting size standard used by each hop, ... ). It also contains other non-tracebox middlebox detection methods that are not interface within mPlane.
Android Port
The tracebox Android port is available at androidtracebox.org (with the source code).
To install tracebox Android:
tracebox Android usage is very intuitive. You can either enter yourself a destination to probe or download, from the back office (the source code of the back office is also available), a targets file.
The current mPlane Tracebox interface is part of the scamper component and contains 3 capabilities (each one subdivided for IPv4/IPv6):
Thanks to the support of the mPlane project we extended tracebox functionalities with the following features:
The tracebox has been merged into the Scamper component.