Design and implementation of Portolan for desktop operating systems Linux, Windows and OS X

(1)

Design and implementation of Portolan for

desktop operating systems Linux, Windows

and OS X

Candidate: Daniele Formichelli

Supervisors: Prof. Luciano Lenzini, Prof. Enzo Mingozzi, Ing. Valerio

Luconi

University of Pisa

School of Engineering

Department of Information Engineering

Master of Science in Computer Engineering

(2)

Introduction Portolan Desktop Outcomes Conclusions What is Portolan? Android Limitations

What is Portolan?

Portolan is a research project started with the aim of enhancing

the knowledge of the Internet structure at the Autonomous

System level of abstraction

active measures

bottom-up

crowdsourcing

(3)

What is Portolan?

Portolan is a research project started with the aim of enhancing

the knowledge of the Internet structure at the Autonomous

System level of abstraction

active measures

bottom-up

crowdsourcing

(4)

What is Portolan?

Portolan is a research project started with the aim of enhancing

the knowledge of the Internet structure at the Autonomous

System level of abstraction

active measures

bottom-up

crowdsourcing

AS4 AS5 AS6

AS1

(5)

What is Portolan?

Portolan is a research project started with the aim of enhancing

the knowledge of the Internet structure at the Autonomous

System level of abstraction

active measures

bottom-up

crowdsourcing

(6)

Android Limitations

Android usage imposes some restrictions on the

client:

UDP only

battery

performance

user base

(7)

Android Limitations

Android usage imposes some restrictions on the

client:

UDP only

battery

performance

user base

(8)

Android Limitations

Android usage imposes some restrictions on the

client:

UDP only

battery

performance

user base

(9)

Android Limitations

Android usage imposes some restrictions on the

client:

UDP only

battery

performance

user base

(10)

Android Limitations

Android usage imposes some restrictions on the

client:

UDP only

battery

performance

user base

(11)

Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer

Portolan Desktop

(12)

Objectives

The objective is to design and develop a dekstop client that:

allows to perform ICMP, UDP and TCP measures

supports major desktop platforms (Linux, Windows and

OS X)

gives the user some analysis tools as a payoff for being

part of the project

(13)

Objectives

The objective is to design and develop a dekstop client that:

allows to perform ICMP, UDP and TCP measures

supports major desktop platforms (Linux, Windows and

OS X)

gives the user some analysis tools as a payoff for being

part of the project

(14)

Objectives

The objective is to design and develop a dekstop client that:

allows to perform ICMP, UDP and TCP measures

supports major desktop platforms (Linux, Windows and

OS X)

gives the user some analysis tools as a payoff for being

part of the project

(15)

Objectives

The objective is to design and develop a dekstop client that:

allows to perform ICMP, UDP and TCP measures

supports major desktop platforms (Linux, Windows and

OS X)

gives the user some analysis tools as a payoff for being

part of the project

(16)

Architecture

Portolan Desktop Client

Background Service

Low Level Network API

User Interface

Portolan Server

Internet

(17)

Architecture

Portolan Desktop Client

Low Level Network API User Interface

Portolan Server

Internet

Measures Analyzer

The Low Level Network

API allows to send ICMP,

UDP or TCP probes and

receive their responses

using raw sockets.

(18)

Architecture

Portolan Desktop Client

Portolan Server

Internet

The Measures module

provides tools to measure

the Internet

(19)

Architecture

Portolan Desktop Client

Portolan Server

Internet

The Analyzer module

provides a number of

utilities to analyze the

user’s network

(20)

Architecture

Portolan Desktop Client

Portolan Server

Internet

The Background

Service module interacts

with the server, obtains

microtasks, executes

them and sends back the

results

(21)

Architecture

Portolan Desktop Client

Portolan Server

Internet

The User Interface

module provides both a

Command Line Interface

(CLI) and a Java Swing

Graphical User Interface

(GUI)

(22)

Architecture

Portolan Desktop Client

Portolan Server

Internet

The Server module is

responsible for sending

microtasks and receive and

store their results

(23)

Measures

(24)

Measures

The Measures subsystem is written from scratch using raw socket

and allows to performs not only UDP but also ICMP and TCP

measures:

more replies with ICMP

higher firewall penetration with TCP

more possibilities (e.g. fingerprinting)

(25)

Measures

ping

traceroute

paris traceroute

AS traceroute

MDA

ICMP ping portolan.iet.unipi.it (131.114.58.113), 2 bytes of data

Reply from portolan.iet.unipi.it (131.114.58.113): seq=1 rtt=28 ms

131.114.58.113 ping statistics

---5 packets transmitted, ---5 received, 0.000% packet loss rtt min/avg/max = 26/29.0/34 ms

(26)

Measures

ping

traceroute

paris traceroute

AS traceroute

MDA

ICMP traceroute to portolan.iet.unipi.it (131.114.58.113), 30 hops max 0: archlinux (192.168.1.32) 0 ms 1: * 2: 192.168.100.1 (192.168.100.1) 20 ms 3: 172.17.161.161 (172.17.161.161) 21 ms 4: 172.17.160.25 (172.17.160.25) 23 ms 5: 172.17.10.193 (172.17.10.193) 27 ms 6: r-rm83-vl3.opb.interbusiness.it (151.99.29.139) 22 ms 7: 172.17.5.206 (172.17.5.206) 26 ms 8: garr-nap.namex.it (193.201.28.15) 36 ms 9: rx1-rm2-r-rm2.rm2.garr.net (90.147.80.54) 24 ms 10: rx1-rm2-rx1-pi1.pi1.garr.net (90.147.80.206) 32 ms 11: rx1-pi1-ru-unipi.pi1.garr.net (193.206.136.14) 114 ms 12: jing-jser.unipi.it (131.114.191.130) 107 ms 13: portolan.iet.unipi.it (131.114.58.113) 118 ms Destination reached

(27)

Measures

ping

traceroute

paris traceroute

AS traceroute

MDA

ICMP paris traceroute to portolan.iet.unipi.it (131.114.58.113), 30 hops max 0: archlinux (192.168.1.32) 0 ms 1: * 2: 192.168.100.1 (192.168.100.1) 20 ms 3: 172.17.161.161 (172.17.161.161) 21 ms 4: 172.17.160.25 (172.17.160.25) 23 ms 5: 172.17.10.193 (172.17.10.193) 27 ms 6: r-rm83-vl3.opb.interbusiness.it (151.99.29.139) 22 ms 7: 172.17.5.206 (172.17.5.206) 26 ms 8: garr-nap.namex.it (193.201.28.15) 36 ms 9: rx1-rm2-r-rm2.rm2.garr.net (90.147.80.54) 24 ms 10: rx1-rm2-rx1-pi1.pi1.garr.net (90.147.80.206) 32 ms 11: rx1-pi1-ru-unipi.pi1.garr.net (193.206.136.14) 114 ms 12: jing-jser.unipi.it (131.114.191.130) 107 ms 13: portolan.iet.unipi.it (131.114.58.113) 118 ms Destination reached

(28)

Measures

ping

traceroute

paris traceroute

AS traceroute

MDA

ICMP AS traceroute to portolan.iet.unipi.it (131.114.58.113), 30 hops max

SBTAP-AS Comune di San Benedetto del Tronto AS Number: 59715

No location 172.16.0.0/12

ASN-IBSNAZ Telecom Italia S.p.a. AS Number: 3269

null, Italy 151.99.0.0/16

SBTAP-AS Comune di San Benedetto del Tronto AS Number: 59715 No location 172.16.0.0/12 NaMeX AS Number: Unknown No location 193.201.28.0/25 ASGARR Consortium GARR

(29)

Measures

ping

traceroute

paris traceroute

AS traceroute

MDA

ICMP MDA to rx2.mi1.garr.net (90.147.84.12), 30 hops max 0: archlinux (192.168.1.32) 1: gateway (192.168.1.1) 2: 192.168.100.1 (192.168.100.1) 3: 172.17.161.33 (172.17.161.33) 4: 172.17.160.9 (172.17.160.9) 5: 172.17.5.113 (172.17.5.113) 6: r-rm180-vl3.opb.interbusiness.it (151.99.29.150) 7: 172.17.5.210 (172.17.5.210) 8: garr-nap.namex.it (193.201.28.15) 9: rx2-rm2-r-rm2.rm2.garr.net (90.147.80.58) r-rm2-r-bo1-l1.bo1.garr.net (90.147.80.1) 10: 90.147.80.5 (90.147.80.5) r-bo1-rx2-bo1.bo1.garr.net (90.147.80.38) rx2-rm2-rx2-bo1-l3.bo1.garr.net (90.147.80.113) 11: rx2.mi1.garr.net (90.147.84.12) Destination reached

(30)

Network Fingerprinting

Network fingerprinting allows to classify network equipments

discovered during a traceroute. Portolan’s fingerprint is composed

of the source TTL of the replies to 3 types of probes:

ICMP echo reply

packets in response to ICMP echo probes

ICMP time exceeded

packets in response to ICMP echo probes

(31)

Network Fingerprinting

Network fingerprinting allows to classify network equipments

discovered during a traceroute. Portolan’s fingerprint is composed

of the source TTL of the replies to 3 types of probes:

ICMP echo reply

packets in response to ICMP echo probes

ICMP time exceeded

packets in response to ICMP echo probes

(32)

Network Fingerprinting

Network fingerprinting allows to classify network equipments

discovered during a traceroute. Portolan’s fingerprint is composed

of the source TTL of the replies to 3 types of probes:

ICMP echo reply

packets in response to ICMP echo probes

ICMP time exceeded

packets in response to ICMP echo probes

(33)

Network Fingerprinting

Network fingerprinting allows to classify network equipments

discovered during a traceroute. Portolan’s fingerprint is composed

of the source TTL of the replies to 3 types of probes:

ICMP echo reply

packets in response to ICMP echo probes

ICMP time exceeded

packets in response to ICMP echo probes

(34)

MPLS Tunnels Discovery

The MPLS discovery tool allows to discover and classify MPLS

tunnels during a traceroute.

MPLS tunnels can be classified in four categories depending on:

ttl-propagate

if enabled the TTL of the IP header is copied into

the MPLS header

RFC 4950

if implemented the router attaches the current MPLS

stack to error ICMP messages

(35)

MPLS Tunnels Discovery

The MPLS discovery tool allows to discover and classify MPLS

tunnels during a traceroute.

MPLS tunnels can be classified in four categories depending on:

ttl-propagate

if enabled the TTL of the IP header is copied into

the MPLS header

RFC 4950

if implemented the router attaches the current MPLS

stack to error ICMP messages

(36)

MPLS Tunnels Discovery

The MPLS discovery tool allows to discover and classify MPLS

tunnels during a traceroute.

MPLS tunnels can be classified in four categories depending on:

ttl-propagate

if enabled the TTL of the IP header is copied into

the MPLS header

RFC 4950

if implemented the router attaches the current MPLS

(37)

MPLS Tunnels Taxonomy

ttl-propagate

no ttl-propagate

RFC 4950

Explicit

Opaque

no RFC 4950

Implicit

Invisible

(38)

MPLS Tunnels Taxonomy

ttl-propagate

no ttl-propagate

RFC 4950

Explicit

Opaque

no RFC 4950

Implicit

Invisible

(39)

MPLS Tunnels Taxonomy

ttl-propagate

no ttl-propagate

RFC 4950

Explicit

Opaque

no RFC 4950

Implicit

Invisible

(40)

MPLS Tunnels Taxonomy

ttl-propagate

no ttl-propagate

RFC 4950

Explicit

Opaque

no RFC 4950

Implicit

Invisible

(41)

MPLS Tunnels Taxonomy

ttl-propagate

no ttl-propagate

RFC 4950

Explicit

Opaque

no RFC 4950

Implicit

Invisible

(42)

Analyzer

(43)

Analyzer Tools (ported)

BitTorrent

Throughput

LAN Scan

Net Calculator

Port Map

UPLOAD TEST:

Sending control flow... Rate: 0.454 Mbps Sending BitTorrent flow... Rate: 0.412 Mbps Upload BitTorrent traffic is not discriminated DOWNLOAD TEST:

Receiving control flow... Rate: 3.461 Mbps Receiving BitTorrent flow... Rate: 3.515 Mbps Download BitTorrent traffic is not discriminated

(44)

Analyzer Tools (ported)

BitTorrent

Throughput

LAN Scan

Net Calculator

Port Map

(45)

Analyzer Tools (ported)

BitTorrent

Throughput

LAN Scan

Net Calculator

Port Map

254 addresses to scan gateway (192.168.1.1) Ping: responsive Accepted: TCP/80 Refused: TCP/7 TCP/53 TCP/455 TCP/8080 192.168.1.20 (192.168.1.20) Ping: responsive Accepted: Refused: TCP/7 TCP/53 TCP/80 TCP/455 TCP/8080 archlinux (192.168.1.27) Ping: responsive Accepted: Refused: TCP/7 TCP/53 TCP/80 TCP/455 TCP/8080 Done! Found 3 responsive addresses

(46)

Analyzer Tools (ported)

BitTorrent

Throughput

LAN Scan

Net Calculator

Port Map

Network calculator target: 192.168.1.0/24 Network address: 192.168.1.0 11000000.10101000.00000001.00000000 Network mask: 255.255.255.0 11111111.11111111.11111111.00000000 Broadcast address: 192.168.1.255 11000000.10101000.00000001.11111111 Minimum address: 192.168.1.1 11000000.10101000.00000001.00000001 Maximum address: 192.168.1.254 11000000.10101000.00000001.11111110 Network class: C Maximum hosts: 254

(47)

Analyzer Tools (ported)

BitTorrent

Throughput

LAN Scan

Net Calculator

Port Map

Ping completed in 369.0 ms 100 ports to scan: Port 22 is open Port 80 is open Done

(48)

Analyzer Tools (implemented)

Public Address

NAT

IPv6

Fragmentation

MTU

DNS Lookup

(49)

Analyzer Tools (implemented)

Public Address

NAT

IPv6

Fragmentation

MTU

DNS Lookup

(50)

Analyzer Tools (implemented)

Public Address

NAT

IPv6

Fragmentation

MTU

DNS Lookup

(51)

Analyzer Tools (implemented)

Public Address

NAT

IPv6

Fragmentation

MTU

DNS Lookup

(52)

Analyzer Tools (implemented)

Public Address

NAT

IPv6

Fragmentation

MTU

DNS Lookup

Sending probe with MTU equals to 1500 bytes... Fragmentation needed packet received

Sending probe with MTU equals to 1462 bytes... Response packet received

(53)

Analyzer Tools (implemented)

Public Address

NAT

IPv6

Fragmentation

MTU

DNS Lookup

Hostname: portolan.iet.unipi.it AS Number: 137

AS Info: ASGARR Consortium GARR

Position: Serra, Italy (43.93330383300781, 12.25) Addresses:

(54)

Introduction Portolan Desktop Outcomes Conclusions Measurements Network Fingerprinting MPLS Discovery

Outcomes

(55)

Measurements

Measures validation has been done on GARR network:

source: PoP-PI1

destination: one address for each PoP in GARR network

Result:

all discovered paths are reflected on the real topology

load balancers have been discovered

(56)

Network Fingerprinting

Sheet1 255,255 255,64 255,-1 128,128 64,64 Others 0 0,1 0,2 0,3 0,4 0,5 0,6 0,52 0,13 0,08 0,02 0,22 0,03 255,255 255,64 255,-1 128,128 64,64 Others 0 0,1 0,2 0,3 0,4 0,5 0,6 Fingerprint distribution -1 32 64 128 255

<ICMP TTL Exceeded, ICMP Echo Reply> Fingerprint

P D F 0.1 0.2 0.3 0.4 0.5 0.6 Portolan Vanuabel P ro b a b ili ty

(57)

MPLS Discovery

Measurements campaign towards Portolan target list:

30% of paths contain an MPLS tunnels

1507 explicit tunnels

758 implicit tunnels

1061 opaque tunnels

(58)

Introduction Portolan Desktop Outcomes Conclusions Conclusions Future Works

Conclusions

1

Design and development of Portolan desktop

client

2

Validation of new tools

3

Beta launch in December

(59)

Conclusions

1

Design and development of Portolan desktop

client

2

Validation of new tools

3

Beta launch in December

(60)

Conclusions

1

Design and development of Portolan desktop

client

2

Validation of new tools

3

Beta launch in December

(61)

Conclusions

1

Design and development of Portolan desktop

client

2

Validation of new tools

3

Beta launch in December

(62)

Conclusions

(63)

Future Works

import new tools into Android client

mobile client for other platforms

add more tools to Measures and Analyzer

Web UI

(64)

Future Works

import new tools into Android client

mobile client for other platforms

add more tools to Measures and Analyzer

Web UI

(65)

Future Works

import new tools into Android client

mobile client for other platforms

add more tools to Measures and Analyzer

Web UI

(66)

Future Works

import new tools into Android client

mobile client for other platforms

add more tools to Measures and Analyzer

Web UI

(67)

Future Works

import new tools into Android client

mobile client for other platforms

add more tools to Measures and Analyzer

Web UI

(68)