TP-Traceroute Tool

TP-Traceroute tool is an enhanced traceroute version which applies the Third-Party address detection technique. TP-Traceroute is able to identify third-party addresses on traceroute trace. TP-traceroute traces the IP path toward a destination and labels each discovered hop as third-party or on-path address.

TP-Traceroute is based on Paris-Traceroute. The source code of Paris-Traceroute is released under GPLv2 Licence can be downloaded here.

Download

TP-Traceroute is licensed under the GNU GPLv3 license.
The latest version was released on July, 2013: download link.

For technical support, bugs reporting, suggestions or comments, please send us an e-mail.

Citing

When refering to our active probing technique or/and its implementation please cite the following Reference:

• Pietro Marchetta, Walter de Donato, Antonio Pescapè, "Detecting Third-party Addresses in Traceroute Traces with IP Timestamp Option", PAM 2013, Hong Kong, China, March 18-20, 2013.

Dependencies

TP-Traceroute depends on IPPO library.

Usage

	Usage: tp-traceroute [Options] [Destination]

		Options:
			  -h, --help               print this help
			  -V, --version            print version
			  -v, --verbose            print debug messages
			  -Q, --quiet              print only results
			  -f, --first_ttl=TTL      set the initial ttl to TTL (default: 1)
			  -m, --max_ttl=TTL        set the maximum ttl to TTL (default: 30)
			  -s, --source_port=PORT   set PORT as source port (default: 33456) pid: use PID
			  -d, --dest_port=PORT     set PORT as destination port (default: 33457)
			  -t, --tos=TOS            set TOS as type of service (default: 0)
			  -w MS                    wait MS ms between each probe (default: 50ms)
			  -T, --timeout=MS         set a timeout of MS ms on each probe. The default is 5000ms
			  -q, --query=NBR          send NBR probes to each host (default: 3)
			  -M, --missing_hop=HOP    stop traceroute after HOP consecutive down hops. The default is 3
			  -a, --algo=ALGO          algorithm to use (--algo=help for more help). The default is 'hopbyhop'
			  -L, --length=LEN         set the packet length to be used in outgoing packets. The default is 0
			  -i  --ipid               print the IP Identifier of the reply
			  -l  --print_ttl          print the TTL of the reply
			  -F                       targets file for the MT algo
			  -B                       set the bandwidth in packets/s
			  -E                       probe multiplier
			  -r                       set the return flow identifier
	

How it works

Once a UDP-traceroute trace is collected, TP-traceoute first sends an UDP probe to the destination IP address D, prespecifying four times the same IP address D. Three possibilities may occur:

1. no reply from the destination is received: NO-UDPTS-REP;
2. the option is removed from the destination reply: NO-UDPTS-OPT;
3. the destination reply is received and the TS option is preserved.

In the first and second cases, the algorithm stops and all traced IPs are labeled as NO-UDPTS-REP or NO-UDPTS-OPT, accordingly.

In the third case, the algorithm continues by sending an ICMP Echo Request packet equipped with the TS option toward each IP discovered along the path. This step is necessary because there are other less common router behaviours that may lead the technique to misleading results.

For each IP, we can have one of the following cases:

1. no reply is received from the targeted hop: NO-REP;
2. the TS option is removed from the hop reply: NO-OPT;
3. the TS option is ignored, i.e. no timestamps are inserted in the option: NO-TS;
4. the hop is not a per network interface stamping router, i.e. there are four timestamps in the reply, (Juniper-like): J;
5. the hop reply contains between one and three timestamps.

In the last case, a new UDP probe is sent toward the destination IP address prespecifying four times the intermediate hop in TS option because the traceroute hop is considered classifiable only if it provides from one to three timestamps when directly probed. At this point, several possibilities may occur:

1. no reply is received from the destination: NO-UDPTS-REP;
2. the option is removed from the destination reply: NO-UDPTS-OPT;
3. the intermediate hop provides one or more timestamps, i.e. the intermediate IP address is on the path toward the destination: ON-PATH
4. the intermediate hop does not provide any timestamps, i.e. the intermediate IP address is not on the path toward the destination: THIRD-PARTY

Hence, each IP address collected toward the destination is labelled as:

Classifiable hop labels:

• ON-PATH: the IP is on the path toward the destination.
• THIRD-PARTY: the IP is not on the path toward the destination.
• NO-UDPTS-REP: the IP is classifiable but non-classified; the reply from the destination is not received.
• NO-UDPTS-OPT: the IP is classifiable but non-classified; the option is removed from the destination reply.

Non-classifiable hop labels:

• NO-REP: No reply from the intermediate hop.
• NO-OPT: the TS option is removed from the intermediate hop reply.
• NO-TS: the TS option is ignored from the intermediate hop.
• J: the intermediate hop is not a per network interface stamping behavior (Juniper-like).

Example

	$ sudo ./tp-traceroute 206.108.100.133

	Start tracing process 206.108.100.133 ...

	Start third party process 206.108.100.133 ...

	traceroute [(xxx.xxx.xxx.xxx:33456) -> (206.108.100.133:33457)], protocol udp, algo hopbyhop, duration 440 s
	 1  xxx.xxx.xxx.xxx                			     0.451 ms     0.457 ms     0.320 ms 
	 2   143.225.190.82                THIRD-PATH    0.434 ms     0.531 ms     0.600 ms 
	 3    193.206.130.5                         J    0.425 ms     0.419 ms    31.097 ms 
	 4    90.147.80.165                         J    4.435 ms     4.449 ms     4.566 ms 
	   MPLS Label 302640 TTL=1
	 5     90.147.80.53                         J    4.281 ms     4.300 ms     4.411 ms 
	 6      149.6.22.73                THIRD-PATH    4.405 ms     4.393 ms     4.404 ms 
	 7      130.117.2.9                THIRD-PATH   11.311 ms    11.253 ms    11.266 ms 
	 8     130.117.48.2                THIRD-PATH   14.214 ms    14.196 ms    14.171 ms 
	 9    130.117.3.157                     NO-TS   16.831 ms    16.829 ms    16.887 ms 
	10    154.54.59.233                     NO-TS   28.226 ms    27.883 ms    27.842 ms 
	11    154.54.43.149                     NO-TS   99.396 ms    99.400 ms  *
	12     154.54.24.30                     NO-TS  126.733 ms  * *
	13    154.54.45.206                     NO-TS  127.734 ms  * *
	14    154.54.29.194                     NO-TS  126.049 ms  * *
	15     154.54.11.30                     NO-TS  128.640 ms  * *
	16   64.230.186.197                     NO-TS  126.558 ms  * *
	17   64.230.186.121                     NO-TS  139.124 ms  * *
	18     64.230.48.20                     NO-TS  143.390 ms  * *
	19  * * *
	20  * * *
	21   206.108.99.146                THIRD-PATH  127.074 ms  * *
	22  206.108.100.133                   ON-PATH  130.187 ms  * *
	

Authors

TP-Traceroute is maintained and continueously improved by the Traffic group of the University of Napoli (UoN), headed by Antonio Pescapè.

Contributors: Francesco Cesareo,Pietro Marchetta, Antonio Pescapè

---

Publications

• Pietro Marchetta, Walter de Donato, Antonio Pescapè, "Detecting Third-party Addresses in Traceroute Traces with IP Timestamp Option", PAM 2013, Hong Kong, China, March 18-20, 2013.
• Pietro Marchetta, Walter de Donato, Antonio Pescapè, "Detecting Third-party Addresses in Traceroute IP Paths ", ACM SIGCOMM 2012, Helsinki, Finland, August 13-17, 2012. Best Poster SIGCOMM 2012.