Tracking Middleboxes in the Mobile World with TraceboxAndroid

  • Valentin Thirion
  • Korian Edeline
  • Benoit DonnetEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9053)


Middleboxes are largely deployed over cellular networks. It is known that they might disrupt network performance, expose users to security issues, and harm protocols deployability. Further, hardly any network measurements tools for smartphones are able to infer middlebox behaviors, specially if one cannot control both ends of a path. In this paper, we present TraceboxAndroid a proof-of-concept measurement application for Android mobile devices implementing the tracebox algorithm. It aims at diagnosing middlebox-impaired paths by detecting and locating rewriting middleboxes. We analyze a dataset sample to highlight the range of opportunities offered by TraceboxAndroid. We show that TraceboxAndroid can be useful for mobile users as well as for the research community.


Mobile Device Internet Engineer Task Super User Mobile World WiFi Connection 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Anderson, D.P., Cobb, J., Korpela, E., Lebofsky, M., Werthimer, D.: SETI@home: An experiment in public-resource computing. Communications of the ACM 45(11), 56–61 (2002). CrossRefGoogle Scholar
  2. 2.
    Shavitt, Y., Shir, E.: DIMES: Let the internet measure itself. ACM SIGCOMM Computer Communication Review 35(5), 71–74 (2005). CrossRefGoogle Scholar
  3. 3.
    Chen, K., Choffnes, D., Potharaju, R., Chen, Y., Bustamante, F., Pei, D., Zhao, Y.: Where the sidewalk ends: Extending the Internet AS graph using traceroutes from P2P users. In: Proc. ACM SIGCOM CoNEXT, December 2009Google Scholar
  4. 4.
    Rivera, J., Van Der Meulen, R.: Forecast: Devices by operating system and user type, worldwide, 2010–2017. Technical Report 1Q13 Update, Garnter Inc., April 2013.
  5. 5.
    Faggiani, A., Gregori, E., Lenzini, L., Mainardi, S., Vecchio, A.: On the feasibility of measurement the Internet through smartphone-based crowdsourcing. In: Proc. IEEE International Symposium on Modeling and Optimization in Mobile, Ad-Hoc and Wireless Networks (WiOpt), May 2012Google Scholar
  6. 6.
    Carpenter, B., Brim, S.: Middleboxes: Taxonomy and issues. RFC 3234, Internet Engineering Task Force, February 2002Google Scholar
  7. 7.
    Sherry, J., Hasan, S., Scott, C., Krishnamurthy, A., Ratnasamy, S., Sekar, V.: Making middleboxes someone else’s problem: network processing as a cloud service. In: Proc. ACM SIGCOMM, August 2012Google Scholar
  8. 8.
    Wang, Z., Qian, Z., Xu, Q., Mao, Z., Zhang, M.: An untold story of middleboxes in cellular networks. In: Proc. ACM SIGCOMM, August 2011Google Scholar
  9. 9.
    Honda, M., Nishida, Y., Raiciu, C., Greenhalgh, A., Handley, M., Tokuda, H.: Is it still possible to extend TCP. In: Proc. ACM/USENIX Internet Measurement Conference (IMC), November 2011Google Scholar
  10. 10.
    Detal, G., Hesmans, B., Bonaventure, O., Vanaubel, Y., Donnet, B.: Revealing middlebox interference with tracebox. In: Proc. ACM/USENIX Internet Measurement Conference (IMC), October 2013Google Scholar
  11. 11.
    Baker, F.: Requirements for IP version. RFC 1812, Internet Engineering Task Force, June 1995Google Scholar
  12. 12.
    Postel, J.: Internet control message protocol. RFC 792, Internet Engineering Task Force, September 1981Google Scholar
  13. 13.
    Vlasenko, D.: BusyBox: the swiss army knife of embedded Linux.
  14. 14.
    Kühlewind, M., Neuner, S., Trammell, B.: On the state of ECN and TCP options on the internet. In: Roughan, M., Chang, R. (eds.) PAM 2013. LNCS, vol. 7799, pp. 135–144. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  15. 15.
    Gilad, Y., Herzberg, A.: Spying in the dark: TCP and tor traffic analysis. In: Fischer-Hübner, S., Wright, M. (eds.) PETS 2012. LNCS, vol. 7384, pp. 100–119. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  16. 16.
    Bellovin, S.M.: A technique for counting NATed hosts. In: Proc. ACM SIGCOMM Internet Measurement Workshop (IMW), November 2002Google Scholar
  17. 17.
    Zalewski, M.: Silence on the Wire: a Field Guide to Passive Reconnaissance and Indirect Attacks. No Starch Press (2005)Google Scholar
  18. 18.
    Gilad, Y., Herzberg, A.: Off-path attacking the web. In: Proc. 6th USENIX Workshop on Offensive Technologies (WOOT), August 2012Google Scholar
  19. 19.
    West, M., McCann, S.: TCP/IP field behavior. RFC 4413, Internet Engineering Task Force, March 2006Google Scholar
  20. 20.
    Qian, Z., Mao, Z.M.: Off-path TCP sequence number inference aattack - how firewall middleboxes reduce security. In: Proc. IEEE Symposium on Security and Privacy (SP), May 2012Google Scholar
  21. 21.
    Qian, Z., Mao, Z.M., Xie, Y.: Collaborative TCP sequence number inference attack: how to crack sequence number under a second. In: Proc. ACM Conference on Computer and Communications Security (CCS), October 2012Google Scholar
  22. 22.
    Wing, D., Cheshire, S., Boucadair, M., Penno, R.: Port control protocol (PCP). RFC 6887, Internet Engineering Task Force, April 2013Google Scholar
  23. 23.
    Aboba, B., Dixon, W.: IPsec-network address translation (NAT) compatibility requirements. RFC 3715, Internet Engineering Task Force, March 2004Google Scholar
  24. 24.
    Medina, A., Allman, M., Floyd, S.: Measuring interactions between transport protocols and middleboxes. In: Proc. ACM SIGCOMM Internet Measurement Conference (IMC), October 2004Google Scholar
  25. 25.
    Hesmans, B., Duchene, F., Paasch, C., Detal, G., Bonaventure, O.: Are TCP extensions middlebox-proof? In: Proc. Workshop on Hot Topics in Middleboxes and Network Function Virtualization, December 2013Google Scholar
  26. 26.
    Jacobson, V., Braden, R., Borman, D., Satyanarayan, M., Kistler, J.J., Mummert, L.B., Ebling, M.: TCP extension for high performance. RFC 1323, Internet Engineering Task Force, May 1992Google Scholar
  27. 27.
    Microsoft: Network connectivity fails when you try to use Windows Vista behind a firewall device. Technical report, Microsoft (2012).
  28. 28.
    Android Developers: Device monitor.
  29. 29.
    Donnet, B., Friedman, T.: Internet topology discovery: a survey. IEEE Communications Surveys and Tutorials 9(4), December 2007Google Scholar
  30. 30.
    Luckie, M., Hyun, Y., Huffaker, B.: Traceroute probe methode and forward IP path inference. In: ACM SIGCOMM Internet Measurement Conference (IMC), October 2008Google Scholar
  31. 31.
    Augustin, B., Cuvellier, X., Orgogozo, B., Viger, F., Friedman, T., Latapy, M., Magnien, C., Teixeira, R.: Avoiding traceroute anomalies with paris traceroute. In: Proc. ACM/USENIX Internet Measurement Conference (IMC), October 2006Google Scholar
  32. 32.
    Katz-Bassett, E., Madhyastha, H., Adhikari, V., Scott, C., Sherry, J., van Wesep, P., Krishnamurthy, A., Anderson, T.: Reverse traceroute. In: Proc. USENIX Symposium on Networked Systems Design and Implementations (NSDI), June 2010Google Scholar
  33. 33.
    Donnet, B., Raoult, P., Friedman, T., Crovella, M.: Efficient algorithms for large-scale topology discovery. In: Proc. ACM SIGMETRICS, June 2005Google Scholar
  34. 34.
    Beverly, R., Berger, A., Xie, G.: Primitives for active Internet topology mapping: Toward high-frequency characterization. In: Proc. ACM/USENIX Internet Measurement Conference (IMC), November 2010Google Scholar
  35. 35.
    Craven, R., Beverly, R., Allman, M.: Middlebox-cooperative TCP for a non end-to-end Internet. In: Proc. ACM SIGCOMM, August 2014Google Scholar
  36. 36.
    Xu, X., Jiang, Y., Flach, T., Katz-Bassett, E., Choffnes, D., Govindan, R.: Investigating transparent web proxies in cellular networks. In: Mirkovic, J., Liu, Y. (eds.) PAM 2015. LNCS, vol. 8995, pp. 262–276. Springer, Heidelberg (2015) CrossRefGoogle Scholar
  37. 37.
    Kingo: Warranty disclaimer (2014).
  38. 38.
    Touch, J., Mankin, A., Bonica, R.: The TCP authentication option. RFC 5925, Internet Engineering Task Force, June 2010Google Scholar
  39. 39.
    Zweig, J., Partridge, C.: TCP alternate checksum options. RFC 1145, Internet Engineering Task Force, February 1990Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  • Valentin Thirion
    • 1
  • Korian Edeline
    • 1
  • Benoit Donnet
    • 1
    Email author
  1. 1.Université de LiègeLiègeBelgium

Personalised recommendations