– measuring the Internet.

Network Architectures and Services

The extended NAT tests are a collection of tests that require raw sockets or take much more time than the usual NAT tests. To run the test you need:

  • A Linux PC with a mobile broadband modem (USB or integrated). While phone tethering also works it is less desirable for measurements, because it add another NAT on the phone.
  • Python 2 with python-scapy and python-netifaces installed
  • Agree to run the client as root

Some notes about the client and the measurements:

  • The client adds some iptables rules, these rules are removed again after the experiments:
    • Block the TCP RST messages from the Linux kernel.
    • Directly accept all traffic to and from the server. Otherwise a configured firewall with connection tracking could disturb the measurements.
  • The complete tests take around 2 hours and generate traffic up to 40 MB
  • You can limit the duration of the timeout test, which takes by default one hour.
  • The port exhaustion test could break your connection and must be enabled explicitly.
  • The client contains the compiled binary of tracebox. If you do not want to run this binary as root, just delete tools/tracebox.
  • The result is a JSON file that contains all details from the experiments. An evaluation script is also part of the client, so you get an overview about your ISPs settings.

Run the tests

To run the tests, download the client here and unpack it:

$ unzip middlebox-testing-raw-sockets-master-*.zip
$ cd middlebox-testing-raw-sockets-master-...

You need to know the interface name of your modem, use ip a to get it. As mentioned before you can disable or restrict some tests. A description of all executed tests can be found below.

Run the test with default configuration

(The timeout test takes 60 minutes by default)

$ sudo python -i ppp0

Set the tested time interval for the timeout test

Reduce the timeout to 10 minutes:

$ sudo python -i ppp0 --max-timeout 10

Enable the port space exhaustion test

The port space exhaustion test opens a configurable amount of UDP and TCP connections:

$ sudo python -i ppp0 --port-exhaustion-limit 8000

Evaluate your results

You can run the following command to get an overview about the test results:

$ python result.json

You can already have a look at the first results while the tests are still running!

Submitting the results

After the tests are finished, you get the file result.json. Please send this file to wohlfart (at) and also add the name of your ISP. Thank you!

Included experiments

Port allocation strategy

This test should detect a correlation between the internal port and the assigned public port number. It is possible that the port number is preserved by the NAT, but there can also be another allocation pattern or a random allocation.

During this test, the following requests are done several time: the client sends a packet to the server and the server replies with the observed public IP and port number.

This exchange is done 100 times for UDP and TCP, once for sequentially increasing port numbers and then again for randomly shuffled port numbers. So all in all this exchange is done 400 times.

Timeout test

The goal of this test is to determine the time until an unused NAT mapping is removed again. This value differs for TCP and UDP, for UDP it is also relevant if traffic was seen in one or both directions. Additionally the UDP timeout may be higher after a STUN exchange.

The following message exchange happens during the test: the client sends a packet to the server and therefore creates the mapping. This packet contains a certain timeout value, the server then waits for the specified time and sends a reply. If the NAT mapping still exists after this timeout, the client receives the response and we know that the configured timeout in the NAT device must be higher.

This simple test is done for increasing timeouts, for UDP we expect the timeout to be less then 10 minutes. For TCP a timeout up to one hour is tested.

Port space exhaustion

An interesting value is the maximal number of existing NAT mappings per client, so this test opens 213 UDP or TCP connections. There is a small gap between two following outgoing connections, so we can observe if new connections are rejected or old mappings are removed after reaching the limit.

Hole punching

During NAT hole punching usually a connection to a closed remote port is opened, so as a result an ICMP error message is sent back and received by the NAT. It is important that the mapping is not removed as a reaction of the ICMP error. This test simulates these incoming ICMP messages and detects the behaviour of the NAT:

Several ICMP message types are tested for TCP and UDP:

  • ICMP destination unreachable
  • ICMP port unreachable
  • ICMP TTL exceeded


The STUN algorithm is executed for UDP using the pystun library. As result the detected NAT type and public endpoint are saved.


This is a normal traceroute for UDP and TCP.

IP spoofing test

An IP packet with a spoofed source IP address is sent to the server, the payload is an UDP packet. The result of this test is whether IP spoofing works or not.

Tracebox (external test)

Tracebox is a tool to detect packet modifications from middleboxes. More details can be found on