%0 Conference Paper %B ACM/USENIX Internet Measurement Conference (IMC) %D 2013 %T Network Fingerprinting: TTL-Based Router Signature %A Yves Vanaubel %A Jean-Jacques Pansiot %A Pascal Mérindol %A Benoit Donnet %K fingerprinting %K initial TTL %K MPLS router signature %K network discovery %X

Fingerprinting networking equipment has many potential applications and benefits in network management and security. More generally, it is useful for the understanding of network structures and their behaviors. In this paper, we describe a simple fingerprinting mechanism based on the initial TTL values used by routers to reply to various probing messages. We show that main classes
obtained using this simple mechanism are meaningful to distinguish routers platforms. Besides, it comes at a very low additional cost compared to standard active topology discovery measurements. As a proof of concept, we apply our method to gain more insight on the behavior of MPLS routers and to, thus, more accurately quantify their visible/invisible deployment.

%B ACM/USENIX Internet Measurement Conference (IMC) %C Barcelona, Spain %8 10/2013 %G eng %R 10.1145/2504730.2504761 %0 Conference Paper %B ACM Internet Measurement Conference (IMC) %D 2013 %T Network Fingerprinting: TTL-Based Router Signatures %A Yves Vanaubel %A Jean-Jacques Pansiot %A Pascal Mérindol %A Benoit Donnet %K fingerprinting %K initial TTL %K MPLS %K network discovery %K router signatures %X

Fingerprinting networking equipment has many potential applications and benefits in network management and security. More generally, it is useful for the understanding of network structures and their behaviors. In this paper, we describe a simple fingerprinting mechanism based on the initial TTL values used by routers to reply to various probing messages. We show that main classes obtained using this simple mechanism are meaningful to distinguish routers
platforms. Besides, it comes at a very low additional cost compared to standard active topology discovery measurements. As a proof of concept, we apply our method to gain more insight on the behavior of MPLS routers and to, thus, more accurately quantify their visible/invisible deployment.

%B ACM Internet Measurement Conference (IMC) %C Barcelona, Spain %8 10/2013 %G eng %0 Conference Paper %B ACM/USENIX Internet Measurement Conference (IMC) %D 2013 %T Revealing Middlebox Interference with Tracebox %A Gregory Detal %A Benjamin Hesmans %A Olivier Bonaventure %A Yves Vanaubel %A Benoit Donnet %K middlebox %K network discovery %K tracebox %X

Middleboxes such as firewalls, NAT, proxies, or Deep Pack-et Inspection play an increasingly important role in various types of IP networks, including enterprise and cellular networks. Recent studies have shed the light on their impact on real traffic and the complexity of managing them. Network operators and researchers have few tools to understand the impact of those boxes on any
path. In this paper, we propose tracebox, an extension to the widely used traceroute tool, that is capable of detecting various types of middlebox interference over almost any path.  tracebox sends IP packets containing TCP segments with different TTL values and analyses the packet encapsulated in the returned ICMP messages. Further, as recent routers quote, in the ICMP message, the entire IP packet that they received, tracebox is able to detect any modification performed by upstream middleboxes. In addition, tracebox can often pinpoint the network hop where the middlebox interference occurs. We evaluate tracebox with measurements performed on PlanetLab nodes. Our analysis reveals various types of middleboxes that were not expected on such an experimental testbed supposed to be connected to the Internet without any restriction.

%B ACM/USENIX Internet Measurement Conference (IMC) %8 10/2013 %G eng %R 10.1145/2504730.2504757