ICMP Rate Limiting
Executive SummaryPart 1: Introduction Tools and Techniques
Part 2: Detailed Study and List of Candidates
This led me to experiment with other tools such as Sting and Synack, both of which use TCP, the same transport protocol that actual data is sent over, and hence less susceptible to artificial blocking/limiting.
While synack raised the hackles of some system admins, and we therefore needed to assure them beforehand that we were not doing anything that would damage their systems, Sting, inspite of producing somewhat less reliable results, went through without anybody taking cognizance and hence proved to be my tool of choice. I carried out several sets of experiments of simultaneous measurements by Ping and Sting to detect if TCP traffic under Sting suffered much less loss than Ping, which would indicate that data traffic was receiving preferential treatment as compared to ICMP and hence indicate ICMP rate limiting.
The early results have been somewhat mixed in proving which sites actually carry out rate-limiting and I believe more measurements separate them out more clearly.
At the same time, analysis of responses to pings of 100 bytes and 1000 bytes have revealed clearly that the sites we suspect to be rate-limiting, on the average *do* seem to be carrying out rate-limiting (avg asymmetry is almost = 2*(avg over all sites) )
Also, Ping vs Sting over those sites that exhibit low network reachability has illustrated some sites to be definitely rate-limiting.
Back to top
Created June 4, 2000
Comments to email@example.com