Design and implementation of Portolan for
desktop operating systems Linux, Windows
and OS X
Candidate: Daniele Formichelli
Supervisors: Prof. Luciano Lenzini, Prof. Enzo Mingozzi, Ing. Valerio
Luconi
University of Pisa
School of Engineering
Department of Information Engineering
Master of Science in Computer Engineering
Introduction Portolan Desktop Outcomes Conclusions What is Portolan? Android Limitations
What is Portolan?
Portolan is a research project started with the aim of enhancing
the knowledge of the Internet structure at the Autonomous
System level of abstraction
active measures
bottom-up
crowdsourcing
Introduction Portolan Desktop Outcomes Conclusions What is Portolan? Android Limitations
What is Portolan?
Portolan is a research project started with the aim of enhancing
the knowledge of the Internet structure at the Autonomous
System level of abstraction
active measures
bottom-up
crowdsourcing
Introduction Portolan Desktop Outcomes Conclusions What is Portolan? Android Limitations
What is Portolan?
Portolan is a research project started with the aim of enhancing
the knowledge of the Internet structure at the Autonomous
System level of abstraction
active measures
bottom-up
crowdsourcing
AS4 AS5 AS6
AS1
Introduction Portolan Desktop Outcomes Conclusions What is Portolan? Android Limitations
What is Portolan?
Portolan is a research project started with the aim of enhancing
the knowledge of the Internet structure at the Autonomous
System level of abstraction
active measures
bottom-up
crowdsourcing
Introduction Portolan Desktop Outcomes Conclusions What is Portolan? Android Limitations
Android Limitations
Android usage imposes some restrictions on the
client:
UDP only
battery
performance
user base
Introduction Portolan Desktop Outcomes Conclusions What is Portolan? Android Limitations
Android Limitations
Android usage imposes some restrictions on the
client:
UDP only
battery
performance
user base
Introduction Portolan Desktop Outcomes Conclusions What is Portolan? Android Limitations
Android Limitations
Android usage imposes some restrictions on the
client:
UDP only
battery
performance
user base
Introduction Portolan Desktop Outcomes Conclusions What is Portolan? Android Limitations
Android Limitations
Android usage imposes some restrictions on the
client:
UDP only
battery
performance
user base
Introduction Portolan Desktop Outcomes Conclusions What is Portolan? Android Limitations
Android Limitations
Android usage imposes some restrictions on the
client:
UDP only
battery
performance
user base
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Portolan Desktop
Portolan Desktop
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Objectives
The objective is to design and develop a dekstop client that:
allows to perform ICMP, UDP and TCP measures
supports major desktop platforms (Linux, Windows and
OS X)
gives the user some analysis tools as a payoff for being
part of the project
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Objectives
The objective is to design and develop a dekstop client that:
allows to perform ICMP, UDP and TCP measures
supports major desktop platforms (Linux, Windows and
OS X)
gives the user some analysis tools as a payoff for being
part of the project
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Objectives
The objective is to design and develop a dekstop client that:
allows to perform ICMP, UDP and TCP measures
supports major desktop platforms (Linux, Windows and
OS X)
gives the user some analysis tools as a payoff for being
part of the project
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Objectives
The objective is to design and develop a dekstop client that:
allows to perform ICMP, UDP and TCP measures
supports major desktop platforms (Linux, Windows and
OS X)
gives the user some analysis tools as a payoff for being
part of the project
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Architecture
Portolan Desktop Client
Background Service
Low Level Network API
User Interface
Portolan Server
Internet
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Architecture
Portolan Desktop Client
Background Service
Low Level Network API User Interface
Portolan Server
Internet
Measures Analyzer
The Low Level Network
API allows to send ICMP,
UDP or TCP probes and
receive their responses
using raw sockets.
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Architecture
Portolan Desktop Client
Background Service
Low Level Network API User Interface
Portolan Server
Internet
Measures Analyzer
The Measures module
provides tools to measure
the Internet
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Architecture
Portolan Desktop Client
Background Service
Low Level Network API User Interface
Portolan Server
Internet
Measures Analyzer
The Analyzer module
provides a number of
utilities to analyze the
user’s network
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Architecture
Portolan Desktop Client
Background Service
Low Level Network API User Interface
Portolan Server
Internet
Measures Analyzer
The Background
Service module interacts
with the server, obtains
microtasks, executes
them and sends back the
results
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Architecture
Portolan Desktop Client
Background Service
Low Level Network API User Interface
Portolan Server
Internet
Measures Analyzer
The User Interface
module provides both a
Command Line Interface
(CLI) and a Java Swing
Graphical User Interface
(GUI)
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Architecture
Portolan Desktop Client
Background Service
Low Level Network API User Interface
Portolan Server
Internet
Measures Analyzer
The Server module is
responsible for sending
microtasks and receive and
store their results
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Measures
Measures
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Measures
The Measures subsystem is written from scratch using raw socket
and allows to performs not only UDP but also ICMP and TCP
measures:
more replies with ICMP
higher firewall penetration with TCP
more possibilities (e.g. fingerprinting)
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Measures
ping
traceroute
paris traceroute
AS traceroute
MDA
ICMP ping portolan.iet.unipi.it (131.114.58.113), 2 bytes of data
Reply from portolan.iet.unipi.it (131.114.58.113): seq=1 rtt=28 ms
Reply from portolan.iet.unipi.it (131.114.58.113): seq=2 rtt=26 ms
Reply from portolan.iet.unipi.it (131.114.58.113): seq=3 rtt=31 ms
Reply from portolan.iet.unipi.it (131.114.58.113): seq=4 rtt=26 ms
Reply from portolan.iet.unipi.it (131.114.58.113): seq=5 rtt=34 ms
131.114.58.113 ping statistics
---5 packets transmitted, ---5 received, 0.000% packet loss rtt min/avg/max = 26/29.0/34 ms
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Measures
ping
traceroute
paris traceroute
AS traceroute
MDA
ICMP traceroute to portolan.iet.unipi.it (131.114.58.113), 30 hops max 0: archlinux (192.168.1.32) 0 ms 1: * 2: 192.168.100.1 (192.168.100.1) 20 ms 3: 172.17.161.161 (172.17.161.161) 21 ms 4: 172.17.160.25 (172.17.160.25) 23 ms 5: 172.17.10.193 (172.17.10.193) 27 ms 6: r-rm83-vl3.opb.interbusiness.it (151.99.29.139) 22 ms 7: 172.17.5.206 (172.17.5.206) 26 ms 8: garr-nap.namex.it (193.201.28.15) 36 ms 9: rx1-rm2-r-rm2.rm2.garr.net (90.147.80.54) 24 ms 10: rx1-rm2-rx1-pi1.pi1.garr.net (90.147.80.206) 32 ms 11: rx1-pi1-ru-unipi.pi1.garr.net (193.206.136.14) 114 ms 12: jing-jser.unipi.it (131.114.191.130) 107 ms 13: portolan.iet.unipi.it (131.114.58.113) 118 ms Destination reached
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Measures
ping
traceroute
paris traceroute
AS traceroute
MDA
ICMP paris traceroute to portolan.iet.unipi.it (131.114.58.113), 30 hops max 0: archlinux (192.168.1.32) 0 ms 1: * 2: 192.168.100.1 (192.168.100.1) 20 ms 3: 172.17.161.161 (172.17.161.161) 21 ms 4: 172.17.160.25 (172.17.160.25) 23 ms 5: 172.17.10.193 (172.17.10.193) 27 ms 6: r-rm83-vl3.opb.interbusiness.it (151.99.29.139) 22 ms 7: 172.17.5.206 (172.17.5.206) 26 ms 8: garr-nap.namex.it (193.201.28.15) 36 ms 9: rx1-rm2-r-rm2.rm2.garr.net (90.147.80.54) 24 ms 10: rx1-rm2-rx1-pi1.pi1.garr.net (90.147.80.206) 32 ms 11: rx1-pi1-ru-unipi.pi1.garr.net (193.206.136.14) 114 ms 12: jing-jser.unipi.it (131.114.191.130) 107 ms 13: portolan.iet.unipi.it (131.114.58.113) 118 ms Destination reached
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Measures
ping
traceroute
paris traceroute
AS traceroute
MDA
ICMP AS traceroute to portolan.iet.unipi.it (131.114.58.113), 30 hops max
SBTAP-AS Comune di San Benedetto del Tronto AS Number: 59715
No location 172.16.0.0/12
ASN-IBSNAZ Telecom Italia S.p.a. AS Number: 3269
null, Italy 151.99.0.0/16
SBTAP-AS Comune di San Benedetto del Tronto AS Number: 59715 No location 172.16.0.0/12 NaMeX AS Number: Unknown No location 193.201.28.0/25 ASGARR Consortium GARR
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Measures
ping
traceroute
paris traceroute
AS traceroute
MDA
ICMP MDA to rx2.mi1.garr.net (90.147.84.12), 30 hops max 0: archlinux (192.168.1.32) 1: gateway (192.168.1.1) 2: 192.168.100.1 (192.168.100.1) 3: 172.17.161.33 (172.17.161.33) 4: 172.17.160.9 (172.17.160.9) 5: 172.17.5.113 (172.17.5.113) 6: r-rm180-vl3.opb.interbusiness.it (151.99.29.150) 7: 172.17.5.210 (172.17.5.210) 8: garr-nap.namex.it (193.201.28.15) 9: rx2-rm2-r-rm2.rm2.garr.net (90.147.80.58) r-rm2-r-bo1-l1.bo1.garr.net (90.147.80.1) 10: 90.147.80.5 (90.147.80.5) r-bo1-rx2-bo1.bo1.garr.net (90.147.80.38) rx2-rm2-rx2-bo1-l3.bo1.garr.net (90.147.80.113) 11: rx2.mi1.garr.net (90.147.84.12) Destination reached
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Network Fingerprinting
Network fingerprinting allows to classify network equipments
discovered during a traceroute. Portolan’s fingerprint is composed
of the source TTL of the replies to 3 types of probes:
ICMP echo reply
packets in response to ICMP echo probes
ICMP time exceeded
packets in response to ICMP echo probes
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Network Fingerprinting
Network fingerprinting allows to classify network equipments
discovered during a traceroute. Portolan’s fingerprint is composed
of the source TTL of the replies to 3 types of probes:
ICMP echo reply
packets in response to ICMP echo probes
ICMP time exceeded
packets in response to ICMP echo probes
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Network Fingerprinting
Network fingerprinting allows to classify network equipments
discovered during a traceroute. Portolan’s fingerprint is composed
of the source TTL of the replies to 3 types of probes:
ICMP echo reply
packets in response to ICMP echo probes
ICMP time exceeded
packets in response to ICMP echo probes
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Network Fingerprinting
Network fingerprinting allows to classify network equipments
discovered during a traceroute. Portolan’s fingerprint is composed
of the source TTL of the replies to 3 types of probes:
ICMP echo reply
packets in response to ICMP echo probes
ICMP time exceeded
packets in response to ICMP echo probes
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
MPLS Tunnels Discovery
The MPLS discovery tool allows to discover and classify MPLS
tunnels during a traceroute.
MPLS tunnels can be classified in four categories depending on:
ttl-propagate
if enabled the TTL of the IP header is copied into
the MPLS header
RFC 4950
if implemented the router attaches the current MPLS
stack to error ICMP messages
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
MPLS Tunnels Discovery
The MPLS discovery tool allows to discover and classify MPLS
tunnels during a traceroute.
MPLS tunnels can be classified in four categories depending on:
ttl-propagate
if enabled the TTL of the IP header is copied into
the MPLS header
RFC 4950
if implemented the router attaches the current MPLS
stack to error ICMP messages
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
MPLS Tunnels Discovery
The MPLS discovery tool allows to discover and classify MPLS
tunnels during a traceroute.
MPLS tunnels can be classified in four categories depending on:
ttl-propagate
if enabled the TTL of the IP header is copied into
the MPLS header
RFC 4950
if implemented the router attaches the current MPLS
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
MPLS Tunnels Taxonomy
ttl-propagate
no ttl-propagate
RFC 4950
Explicit
Opaque
no RFC 4950
Implicit
Invisible
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
MPLS Tunnels Taxonomy
ttl-propagate
no ttl-propagate
RFC 4950
Explicit
Opaque
no RFC 4950
Implicit
Invisible
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
MPLS Tunnels Taxonomy
ttl-propagate
no ttl-propagate
RFC 4950
Explicit
Opaque
no RFC 4950
Implicit
Invisible
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
MPLS Tunnels Taxonomy
ttl-propagate
no ttl-propagate
RFC 4950
Explicit
Opaque
no RFC 4950
Implicit
Invisible
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
MPLS Tunnels Taxonomy
ttl-propagate
no ttl-propagate
RFC 4950
Explicit
Opaque
no RFC 4950
Implicit
Invisible
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Analyzer
Analyzer
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Analyzer Tools (ported)
BitTorrent
Throughput
LAN Scan
Net Calculator
Port Map
UPLOAD TEST:Sending control flow... Rate: 0.454 Mbps Sending BitTorrent flow... Rate: 0.412 Mbps Upload BitTorrent traffic is not discriminated DOWNLOAD TEST:
Receiving control flow... Rate: 3.461 Mbps Receiving BitTorrent flow... Rate: 3.515 Mbps Download BitTorrent traffic is not discriminated
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Analyzer Tools (ported)
BitTorrent
Throughput
LAN Scan
Net Calculator
Port Map
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Analyzer Tools (ported)
BitTorrent
Throughput
LAN Scan
Net Calculator
Port Map
254 addresses to scan gateway (192.168.1.1) Ping: responsive Accepted: TCP/80 Refused: TCP/7 TCP/53 TCP/455 TCP/8080 192.168.1.20 (192.168.1.20) Ping: responsive Accepted: Refused: TCP/7 TCP/53 TCP/80 TCP/455 TCP/8080 archlinux (192.168.1.27) Ping: responsive Accepted: Refused: TCP/7 TCP/53 TCP/80 TCP/455 TCP/8080 Done! Found 3 responsive addressesIntroduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Analyzer Tools (ported)
BitTorrent
Throughput
LAN Scan
Net Calculator
Port Map
Network calculator target: 192.168.1.0/24 Network address: 192.168.1.0 11000000.10101000.00000001.00000000 Network mask: 255.255.255.0 11111111.11111111.11111111.00000000 Broadcast address: 192.168.1.255 11000000.10101000.00000001.11111111 Minimum address: 192.168.1.1 11000000.10101000.00000001.00000001 Maximum address: 192.168.1.254 11000000.10101000.00000001.11111110 Network class: C Maximum hosts: 254
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Analyzer Tools (ported)
BitTorrent
Throughput
LAN Scan
Net Calculator
Port Map
Ping completed in 369.0 ms 100 ports to scan: Port 22 is open Port 80 is open DoneIntroduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Analyzer Tools (implemented)
Public Address
NAT
IPv6
Fragmentation
MTU
DNS Lookup
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Analyzer Tools (implemented)
Public Address
NAT
IPv6
Fragmentation
MTU
DNS Lookup
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Analyzer Tools (implemented)
Public Address
NAT
IPv6
Fragmentation
MTU
DNS Lookup
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Analyzer Tools (implemented)
Public Address
NAT
IPv6
Fragmentation
MTU
DNS Lookup
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Analyzer Tools (implemented)
Public Address
NAT
IPv6
Fragmentation
MTU
DNS Lookup
Sending probe with MTU equals to 1500 bytes... Fragmentation needed packet received
Sending probe with MTU equals to 1462 bytes... Response packet received
Introduction Portolan Desktop Outcomes Conclusions Objectives Architecture Measures Analyzer
Analyzer Tools (implemented)
Public Address
NAT
IPv6
Fragmentation
MTU
DNS Lookup
Hostname: portolan.iet.unipi.it AS Number: 137AS Info: ASGARR Consortium GARR
Position: Serra, Italy (43.93330383300781, 12.25) Addresses:
Introduction Portolan Desktop Outcomes Conclusions Measurements Network Fingerprinting MPLS Discovery
Outcomes
Outcomes
Introduction Portolan Desktop Outcomes Conclusions Measurements Network Fingerprinting MPLS Discovery
Measurements
Measures validation has been done on GARR network:
source: PoP-PI1
destination: one address for each PoP in GARR network
Result:
all discovered paths are reflected on the real topology
load balancers have been discovered
Introduction Portolan Desktop Outcomes Conclusions Measurements Network Fingerprinting MPLS Discovery
Network Fingerprinting
Sheet1 255,255 255,64 255,-1 128,128 64,64 Others 0 0,1 0,2 0,3 0,4 0,5 0,6 0,52 0,13 0,08 0,02 0,22 0,03 255,255 255,64 255,-1 128,128 64,64 Others 0 0,1 0,2 0,3 0,4 0,5 0,6 Fingerprint distribution -1 32 64 128 255<ICMP TTL Exceeded, ICMP Echo Reply> Fingerprint
P D F 0.1 0.2 0.3 0.4 0.5 0.6 Portolan Vanuabel P ro b a b ili ty
Introduction Portolan Desktop Outcomes Conclusions Measurements Network Fingerprinting MPLS Discovery
MPLS Discovery
Measurements campaign towards Portolan target list:
30% of paths contain an MPLS tunnels
1507 explicit tunnels
758 implicit tunnels
1061 opaque tunnels
Introduction Portolan Desktop Outcomes Conclusions Conclusions Future Works
Conclusions
1
Design and development of Portolan desktop
client
2
Validation of new tools
3
Beta launch in December
Introduction Portolan Desktop Outcomes Conclusions Conclusions Future Works
Conclusions
1
Design and development of Portolan desktop
client
2
Validation of new tools
3
Beta launch in December
Introduction Portolan Desktop Outcomes Conclusions Conclusions Future Works
Conclusions
1
Design and development of Portolan desktop
client
2
Validation of new tools
3
Beta launch in December
Introduction Portolan Desktop Outcomes Conclusions Conclusions Future Works
Conclusions
1
Design and development of Portolan desktop
client
2
Validation of new tools
3
Beta launch in December
Introduction Portolan Desktop Outcomes Conclusions Conclusions Future Works
Conclusions
Introduction Portolan Desktop Outcomes Conclusions Conclusions Future Works
Future Works
import new tools into Android client
mobile client for other platforms
add more tools to Measures and Analyzer
Web UI
Introduction Portolan Desktop Outcomes Conclusions Conclusions Future Works
Future Works
import new tools into Android client
mobile client for other platforms
add more tools to Measures and Analyzer
Web UI
Introduction Portolan Desktop Outcomes Conclusions Conclusions Future Works
Future Works
import new tools into Android client
mobile client for other platforms
add more tools to Measures and Analyzer
Web UI
Introduction Portolan Desktop Outcomes Conclusions Conclusions Future Works
Future Works
import new tools into Android client
mobile client for other platforms
add more tools to Measures and Analyzer
Web UI
Introduction Portolan Desktop Outcomes Conclusions Conclusions Future Works
Future Works
import new tools into Android client
mobile client for other platforms
add more tools to Measures and Analyzer
Web UI
Introduction Portolan Desktop Outcomes Conclusions Conclusions Future Works