Tracebox for Android

tracebox is a middlebox detection tool that was desgined by Gregory Detal to detect middleboxes that modify IP or TCP headers [IMC] . The command line version of tracebox runs of various Linux variants and allows to craft special packets with various options to test for middleboxes that :

  • add TCP options (e.g. many ADSL routers would insert an MSS option in the SYN segment)
  • modify TCP options (e.g. a transparent proxy will change the timestamp option)
  • remove TCP options (e.g. some firewalls remove unknown TCP options)

The latter is problematic for extensions like Multipath TCP <http://www.multipath-tcp.org> and various testers and informed us that some 3G/4G networks block Multipath TCP by default. Some operators have even informed us that they’ve used tracebox to detect the offending firewall and change its configuration. However, running tracebox from a laptop is not always convenient.

Valentin Thirion, a student from the University of Liege, has been recently working on a port of some of the features of tracebox on the Android platform. His App, Android Tracebox runs on rooted smartphones and contains a basic implementation of tracebox that can be used to detect where some specific options, including the MP_CAPABLE option are removed or modified in the network.

../../../_images/tracebox.png

In the Mobistar network that I use, it does not reveal any strange behavior

traceboxing to 173.252.110.27
1 * * *
2 10.40.211.145 IP::DSCP/ECN IP::TTL IP::Checksum TCP::Checksum TCP::Option_MSS
3 172.31.5.238 IP::DSCP/ECN IP::TTL IP::Checksum
4 10.30.23.89 IP::DSCP/ECN IP::TTL IP::Checksum TCP::Checksum TCP::Option_MSS
5 212.65.36.129 IP::DSCP/ECN IP::TTL IP::Checksum
6 81.52.186.121 IP::TTL IP::Checksum
7 193.251.240.218 IP::TTL IP::Checksum TCP::Checksum TCP::Option_MSS
8 193.251.132.15 IP::TTL IP::Checksum TCP::Checksum TCP::Option_MSS
9 193.251.252.166 IP::TTL IP::Checksum
10 204.15.22.198 IP::TTL IP::Checksum TCP::Checksum TCP::Option_MSS
11 31.13.29.255 IP::TTL IP::Checksum TCP::Checksum TCP::Option_MSS
12 31.13.24.95 IP::TTL IP::Checksum TCP::Checksum TCP::Option_MSS
13 173.252.65.99 IP::DSCP/ECN IP::TTL IP::Checksum

This output indicates that this 3G provider is using DSCP to mark packets, and that it updates or inserts the MSS option. This is a common behavior to prevent some problems with Path MTU discovery.

On the WiFi access provided by Voo, the path seems to be even cleaner

traceboxing to 173.252.110.27
1 192.168.0.1 IP::Checksum
2 10.163.0.1 IP::TTL IP::Checksum
3 78.129.125.89 IP::TTL IP::Checksum
4 212.3.237.49 IP::TTL IP::Checksum
5 4.69.148.182 IP::TTL IP::Checksum TCP::Checksum
6 4.69.143.94 IP::TTL IP::Checksum TCP::Checksum
7 4.69.137.70 IP::TTL IP::Checksum TCP::Checksum
8 4.69.141.18 IP::TTL IP::Checksum TCP::Checksum
9 4.69.202.57 IP::TTL IP::Checksum TCP::Checksum
10 4.69.134.150 IP::TTL IP::Checksum TCP::Checksum
11 4.69.149.210 IP::TTL IP::Checksum
12 4.53.116.78 IP::TTL IP::Checksum
13 31.13.24.8 IP::TTL IP::Checksum TCP::Checksum
14 31.13.29.232 IP::TTL IP::Checksum TCP::Checksum
15 173.252.64.191 IP::TTL IP::Checksum

References

[IMC]Gregory Detal, Benjamin Hesmans, Olivier Bonaventure, Yves Vanaubel, and Benoit Donnet. 2013. Revealing middlebox interference with tracebox. In Proceedings of the 2013 conference on Internet measurement conference (IMC ‘13). ACM, New York, NY, USA, 1-8. DOI=10.1145/2504730.2504757 http://doi.acm.org/10.1145/2504730.2504757