Skitter Output Packets

Center for Applied Internet Data Analysis

DONATE

HOME
- About
- Program Plan
- Annual Report
- Joining CAIDA
- Staff
- Jobs
- Legal Agreements
- How-To
- Blog
- Contact Us
CATALOG
- Datasets
- Media
- Papers
- Recipes
- Software
RESEARCH
DATA
TOOLS
- Overview
SERVICES
PUBLICATIONS
WORKSHOPS
- Overview
- AIMS
- DUST
- IMAPS
- KISMET
- WIE
- WOMBIR
- Collaborative
- Archive
PROJECTS
FUNDING
- PANDA
- FANTAIL
- PENMAN
- SLAM
- Censorship Outages
- MapKIT
- STARDUST
- MADDVIPR
- Program Plan

www.caida.org > tools : measurement : skitter : packets

Skitter sends ICMP echo requests. In the payload, we reserve 12 bytes at the start for kernel timestamping (FreeBSD). When not using our FreeBSD kernel timestamping, the next 8 bytes are used in the same manner as ping: they hold a timeval representing the time the packet was sent, filled with a gettimeofday() call from user space. The next 4 bytes hold the destination address. This is necessary because in the case of receiving an ICMP echo reply (where none of the original request packet will be present), the source address of the echo reply need not be the destination address of the echo request. For example, a box may transmit an echo reply via an interface that is different than the interface to which the echo request was sent, and may use the IP address of the transmitting interface as the source address in the echo reply.

Echo Request with Incrementing TTL

Below is a picture of the ICMP echo request sent by skitter The fields we fill from application space:

user transmit timeval in the payload
destination IP address in the payload
ttl in the header (via setsockopt(fd,IPPROTO_IP,IP_TTL,...))
all of the ICMP header fields (type, code, checksum, identifier and sequence number)

Last Modified: Tue Oct-13-2020 22:22:00 UTC

Page URL: https://www.caida.org/tools/measurement/skitter/packets/index.xml