Scamper Tool

Networking Mar 01, 2020
Fatmawati Achmad Zaenuri/Shutterstock

The Scamper tool was developed by Matthew Luckie of the WAND group at the University of Waikato (New Zealand) to facilitate large-scale measurements over the Internet, as for now Scamper is the prober deployed in CAIDA's Macroscopic Topology Project. It performs various types of measurement, including traceroutes with UDP, ICMP, or TCP probes, to large numbers of destination addresses. The load generated by Scamper can be limited to a given number of packets. Recent versions also include code to perform "ping" measurements, Path MTU discovery, as well as the Paris Traceroute mechanism.

Scamper's source code is distributed as Free Software, under the GNU General Public License. And latest announcement and distribution info can be found at:

Scamper
Like its predecessor skitter, scamper is a tool that actively probes the Internet in order to analyze topology and performance. Unlike skitter, scamper supports both IPv6 and IPv4 probing. In addition, scamper supports the well-known ping and traceroute techniques, as well as Paris and MDA tracerout…
CAIDA: Center for Applied Internet Data AnalysisCAIDA

Scamper package

Scamper was included in Debian distribution starting from Jessie, therefore, you can easily install the package through apt-get install command and no need to build by yourself. I include the various version from Debian release here so you can get a clear picture of what version shall you install based on your Debian-based installation.

Package scamper

* jessie (oldoldstable) (admin): parallel Internet measurement utility
  - 20140122-1: amd64 armel armhf i386
* stretch (oldstable) (admin): parallel Internet measurement utility
  - 20161113-1: amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x
* buster (stable) (admin): parallel Internet measurement utility
  - 20181219-1: amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x
* bullseye (testing) (admin): parallel Internet measurement utility
  - 20191102-1: amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x
* sid (unstable) (admin): parallel Internet measurement utility
  - 20191102-1: alpha amd64 arm64 armel armhf hppa i386 m68k mips64el mipsel ppc64 ppc64el riscv64 s390x sh4 sparc64 x32
  - 20181219-1 [debports]: powerpcspe

Before you start to use Scamper

I know most of people don't like to read manpage even me, it's time-consuming and I just wanna get into it and let the command do the job. Well, that's true and I'd like to

https://manpages.debian.org/buster/scamper/scamper.1.en.html

TL;DR

To use the default traceroute command to trace the path to 192.0.2.1:

scamper -i 192.0.2.1

To infer Path MTU changes in the network and associate them with a traceroute path:

scamper -I "trace -P udp-paris -M 192.0.2.1"

To use paris traceroute with ICMP probes, using 3 probes per hop, sending all probes, writing to a specified warts file:

scamper -O warts -o file.warts -I "trace -P icmp-paris -q 3 -Q 192.0.2.1"

To ping a series of addresses defined in filename, probing each address 10 times:

scamper -c "ping -c 10" filename

Care must be taken with shell quoting when using commands with multiple levels of quoting, such as when giving a probe description with a dealias command. The following sends UDP probes to alternating IP addresses, one second apart, and requires the IP-ID values returned to be strictly in sequence.

scamper -O warts -o ally.warts -I "dealias -O inseq -W 1000 -m ally -p '-P udp -i
192.0.2.1' -p '-P udp -i 192.0.2.4'"

Alternatively, the following accomplishes the same, but without specifying the UDP probe method twice.

scamper -O warts -o ally.warts -I "dealias -O inseq -W 1000 -m ally -p '-P udp'
192.0.2.1 192.0.2.4"

The following command scans 198.51.100.0/28 for a matching alias to 192.0.2.4, but skips 198.51.100.3.

scamper -O warts -o prefixscan.warts -I "dealias -O inseq -W 1000 -m prefixscan -p '-P udp' -x 198.51.100.3 192.0.2.4 198.51.100.0/28"

The following uses UDP probes to enumerate all per-flow load-balanced paths towards 192.0.2.6 to 99% confidence; it varies the source port with each probe.

scamper -I "tracelb -P udp-sport -c 99 192.0.2.6"

Example Output

: root@mamp1[scamper-cvs-20070201]; ./scamper -c trace -p 20 target-list.txt
traceroute from 2001:620:0:11a:213:21ff:feae:19db to 2001:620:0:114:20b:cdff:fe1b:3d1a
 1  2001:620:0:11a::1  0.340 ms
 2  2001:620:0:c02d::2  0.325 ms
 3  2001:620:0:c06d::1  3.181 ms
 4  2001:620:0:c06a::1  3.922 ms
 5  2001:620:0:c03d::1  3.951 ms
 6  2001:620:0:114:20b:cdff:fe1b:3d1a  3.797 ms
traceroute from 130.59.35.78 to 130.59.35.130
 1  130.59.35.77  0.265 ms
 2  130.59.36.194  0.220 ms
 3  130.59.37.77  3.095 ms
 4  130.59.37.65  3.773 ms
 5  130.59.36.209  3.883 ms
 6  130.59.35.130  3.718 ms
traceroute from 130.59.35.78 to 130.59.48.15
 1  130.59.35.77  0.267 ms
 2  130.59.36.194  0.227 ms
 3  130.59.37.77  3.174 ms
 4  130.59.37.65  3.781 ms
 5  130.59.48.15  4.222 ms
traceroute from 2001:620:0:11a:213:21ff:feae:19db to 2001:620:0:113:20b:cdff:fe1b:45ec
 1  2001:620:0:11a::1  0.296 ms
 2  2001:620:0:c02d::2  0.345 ms
 3  2001:620:0:c06d::1  3.156 ms
 4  2001:620:0:c06a::1  3.933 ms
 5  2001:620:0:113:20b:cdff:fe1b:45ec  3.798 ms
traceroute from 130.59.35.78 to 130.59.35.134
 1  130.59.35.77  0.278 ms
 2  130.59.36.194  0.218 ms
 3  130.59.37.77  3.051 ms
 4  130.59.37.65  3.783 ms
 5  130.59.35.134  3.709 ms
[...]

Further reading (Documentation)

The paper Scamper: a Scalable and Extensible Packet Prober for Active Measurement of the Internet describes scamper's motivation and architecture. The cite for the paper is:

M. Luckie. Scamper: a Scalable and Extensible Packet Prober for Active Measurement of the Internet.
Proceedings of the 10th ACM SIGCOMM conference on Internet measurement (IMC), Melbourne, Australia, 1-3 Nov 2010, p. 239-245.

Joshua Tu

ExcellentOps Advisory founder, ICT solution designer, CBAP certified business analyst, TOGAF certified enterprise architect.

Recommended for you

No results for your search, please try with something else.