ChkDiff

Topology example, with shapers

Topology example, with shapers

Chkdiff expected output

Chkdiff expected output

Downstream tool coming soon!
ChkDiff is a tool that enables you to verify whether your access ISP is shaping any of your traffic. It dumps your Internet traffic for a configurable time window of a few minutes, shuffles it and replays it with a limited IP Time-To-Live value in order to target the routers at the first few hops away from you. By comparing the delays and packet losses of each flow against the distribution of delays and losses of the entire trace, ChkDiff is able to identify the presence of shapers and locate them.

A preview of the tool is available here.

More details about the methodology can be found in this presentation and in our paper “Towards a General Solution for Detecting Traffic Differentiation at the Internet Access“.

Typical usage looks like this:
sudo ./upstream.py -d 180 --hops 1 2 3 --analyse --rate 200 -i eth0
In the above example we dump Internet traffic for 180 seconds from the interface eth0, we shuffle the flows in the dumped packet trace and replay it three times (by default) at a constant rate of 200 packets per second to routers at hops 1, 2 and 3 from our client machine.

The option --analyse performs a per-flow delay and loss analysis in order to check whether any flow delay distribution deviates significantly from the overall delay distribution of the trace and whether the any flow losses are any larger than those experienced globally by the trace. We use one-sided Kolmogorov Smirnov test for the delay analysis and a binomial-inspired test for the loss analysis. ChkDiff flags a flow as being differentiated if either delay or loss analysis rejects it in all runs for a given hop. We then attempt to locate a shaper by observing if a given rejected flow is rejected in our analysis from a given hop onwards.

More script options include:
-f, --file: it replays a previously dumped trace. All dumped traces are stored in the dumpedTraces folder.
--run: number of experiment runs for each specified hop. Default is 3.
--debug: more details are printed on the terminal

The tool makes use of tcpdump to capture packets and tcpreplay to replay them. Both need to be installed on the user machine and can only run with sudo privileges. To install them, simply run sudo apt-get install tcpdump tcpreplay from a terminal.

The following libraries are required: scapy, numpy, scipy, prettytable, netaddr, netifaces
The easiest way to do it is to first install pip and then install the above libraries with pip:
sudo apt-get install python-pip
sudo pip install scapy numpy scipy prettytable netaddr

Advertisements