Trace box is an advantageous alternative to traceroute. This utility can show what changes are done to network traffic while it travels over many hops to the destination server. Shown below is an example.
[ jason@$deusexmachina.local ] [ Jobs 0. PWD: ~. -bash 3.2.57. ] [ 8-:$ ] -> sudo tracebox -n -p IP/TCP/MSS/MPCAPABLE/WSCALE 103.114.191.1 tracebox to 103.114.191.1 (103.114.191.1): 64 hops max 1: 192.168.1.1 1ms IP::CheckSum 2: 203.134.4.214 18ms [PARTIAL] +PartialTCP IP::TTL IP::CheckSum 3: 203.134.2.10 20ms [PARTIAL] +PartialTCP IP::TTL IP::CheckSum 4: 175.45.103.109 21ms TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize 5: 114.31.192.62 167ms TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize [Extra headers: ICMPExtension ICMPExtensionObject ICMPExtensionMPLS ] 6: 114.31.199.43 173ms TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize 7: 64.71.184.45 9451ms TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize 8: 184.104.196.34 171ms TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize 9: * 10: 184.104.196.134 402ms TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize 11: 184.104.196.97 9622ms TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize 12: * 13: * 14: 185.125.170.145 419ms [PARTIAL] +PartialTCP IP::TTL IP::CheckSum 15: 185.125.170.117 9612ms [PARTIAL] +PartialTCP IP::TTL IP::CheckSum 16: 103.114.191.1 9612ms TCP::SrcPort TCP::DstPort TCP::SeqNumber TCP::AckNumber TCP::DataOffset TCP::Flags TCP::WindowsSize TCP::CheckSum IP::TotalLength IP::Identification IP::Flags IP::TTL IP::CheckSum IP::SourceIP IP::DestinationIP TCPOptionMaxSegSize::MaxSegSize -TCPOptionMPTCPCapable TCPOptionWindowScale::Shift |
An example tracebox session. Visualising the changes in network packets by Middleboxes.
I installed this on a Mac as I had issues compiling this on Linux.
brew install tracebox.
This shows that changes were made to a TCP packet in transit, and extra headers were added to the packet. This is quite common, HTTP header manipulation is a thing across many servers. The paper from 2017 I linked in this post explains this in great detail. The MaxSegSize value was changed 5 times during the transit of the packet. Is it good or bad that TCP packet modification by servers on the Internet can modify HTTP headers using Middleboxes? It depends on the context in which TCP packet modification is occurring.
In some cases, modifying TCP packets, including HTTP headers, can be a useful tool for optimizing network performance or adding security measures. For example, a network administrator might use a middlebox to add security headers to HTTP packets as they pass through a network, or to compress the packets to reduce bandwidth usage. However, modifying TCP packets can also pose risks. If a middlebox is not configured correctly or is being used maliciously, it can potentially intercept, alter, or block legitimate traffic. This can cause issues such as degraded performance, security vulnerabilities, or loss of privacy. It’s important to carefully evaluate the benefits and risks of using middleboxes and to ensure that they are configured and used appropriately.
Below is another example, this is tracing a route to yahoo.com.
[ jason@$deusexmachina.local ] [ Jobs 0. PWD: ~. -bash 3.2.57. ] [ 3-:$ ] -> sudo tracebox 74.6.143.25 tracebox to 74.6.143.25 (74.6.143.25): 64 hops max 1: 192.168.1.1 (192.168.1.1) 2ms IP::CheckSum 2: lo10.lns42.sydnmtc.nsw.vocus.network (203.134.4.214) 19ms [PARTIAL] +PartialTCP IP::TTL IP::CheckSum 3: ae14-211.edg01.alexeqn.nsw.vocus.network (203.134.2.10) 22ms [PARTIAL] +PartialTCP IP::TTL IP::CheckSum 4: be106-99.bdr01.syd14.nsw.vocus.network (175.45.103.109) 22ms IP::TTL IP::CheckSum 5: be116.cor02.syd04.nsw.vocus.network (114.31.192.62) 178ms IP::TTL IP::CheckSum [Extra headers: ICMPExtension ICMPExtensionObject ICMPExtensionMPLS ] 6: be202.bdr03.sjc01.ca.us.vocus.network (114.31.199.43) 176ms IP::TTL IP::CheckSum [Extra headers: ICMPExtension ICMPExtensionObject ICMPExtensionMPLS ] 7: be101.bdr03.lax01.ca.us.vocus.network (114.31.199.35) 177ms IP::TTL IP::CheckSum 8: yahoo.as10310.any2ix.coresite.com (206.72.210.195) 179ms [PARTIAL] +PartialTCP IP::TTL IP::CheckSum 9: et-7-1-0.pat2.sjc.yahoo.com (209.191.64.244) 181ms IP::TTL IP::CheckSum [Extra headers: ICMPExtension ICMPExtensionObject ICMPExtensionMPLS ] 10: ae-9.pat2.dnx.yahoo.com (209.191.65.11) 9513ms IP::TTL IP::CheckSum [Extra headers: ICMPExtension ICMPExtensionObject ICMPExtensionMPLS ] 11: 209.191.68.2 (209.191.68.2) 466ms IP::TTL IP::CheckSum [Extra headers: ICMPExtension ICMPExtensionObject ICMPExtensionMPLS ] 12: ae-4.pat2.bfz.yahoo.com (209.191.64.73) 9268ms [PARTIAL] +PartialTCP IP::TTL IP::CheckSum 13: et-1-1-1.msr1.bf2.yahoo.com (72.30.223.53) 492ms [PARTIAL] +PartialTCP IP::TTL IP::CheckSum 14: et-1-1-0.clr2-a-gdc.bf2.yahoo.com (74.6.122.57) 9492ms [PARTIAL] +PartialTCP IP::TTL IP::CheckSum 15: lo0.fab8-1-gdc.bf2.yahoo.com (74.6.123.237) 235ms IP::TTL IP::CheckSum 16: usw1-1-lbb.bf2.yahoo.com (74.6.98.138) 9418ms IP::TTL IP::CheckSum 17: * 18: * 19: * 20: * 21: * 22: * 23: * 24: * 25: * 26: media-router-fp73.prod.media.vip.bf1.yahoo.com (74.6.143.25) 9467ms TCP::SrcPort TCP::DstPort TCP::SeqNumber TCP::AckNumber TCP::DataOffset TCP::Flags TCP::WindowsSize TCP::CheckSum IP::TotalLength IP::Identification IP::Flags IP::TTL IP::CheckSum IP::SourceIP IP::DestinationIP +TCPOptionMaxSegSize |
This was more successful than the first attempt. But it does show that even a failed traceroute can show interesting information.