Techniques for the Detection of Faulty Packet Header Modifications

TitleTechniques for the Detection of Faulty Packet Header Modifications
Publication TypeTechnical Report
Year of Publication2014
AuthorsCraven, R., Beverly R., & Allman M.
Other Numbers3672

Understanding, measuring, and debugging IP networks, particularly across administrative domains, is challenging. Compounding the problem are transparent in-path appliances and middleboxes that can be difficult to manage and sometimes left out-of-date or misconfigured. As a result, packet headers can be modified in unexpected ways, negatively impacting end-to-end performance. We discuss the impact of such packet header modifications, present an array of techniques for their detection, and define strategies to add tamper-evident protection to our detection techniques. We select a solution for implementation into the Linux TCP stack and use it to examine real-world Internet paths. We discover various instances of in-path modifications and extract lessons learned from them to help drive future design efforts.


This work was partially supported by funding provided through National Science Foundation grant NeTS : 1213155 (“User-Centric Network Measurement”). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation.

Bibliographic Notes

Naval Postgraduate School Technical Report NPS-CS-14-002

Abbreviated Authors

R. Craven, R. Beverly, and M. Allman

ICSI Research Group

Networking and Security

ICSI Publication Type

Technical Report