Detecting intentional packet drops on the internet via TCP/IP side channels

Roya Ensafi, Jeffrey Knockel, Geoffrey Alexander, Jedidiah R. Crandall

Research output: Chapter in Book/Report/Conference proceedingConference contribution

27 Scopus citations


We describe a method for remotely detecting intentional packet drops on the Internet via side channel inferences. That is, given two arbitrary IP addresses on the Internet that meet some simple requirements, our proposed technique can discover packet drops (e.g., due to censorship) between the two remote machines, as well as infer in which direction the packet drops are occurring. The only major requirements for our approach are a client with a global IP Identifier (IPID) and a target server with an open port. We require no special access to the client or server. Our method is robust to noise because we apply intervention analysis based on an autoregressive-moving-average (ARMA) model. In a measurement study using our method featuring clients from multiple continents, we observed that, of all measured client connections to Tor directory servers that were censored, 98% of those were from China, and only 0.63% of measured client connections from China to Tor directory servers were not censored. This is congruent with current understandings about global Internet censorship, leading us to conclude that our method is effective.

Original languageEnglish (US)
Title of host publicationPassive and Active Measurement - 15th International Conference, PAM 2014, Proceedings
PublisherSpringer Verlag
Number of pages10
ISBN (Print)9783319049175
StatePublished - 2014
Externally publishedYes
Event15th International Conference on Passive and Active Measurement, PAM 2014 - Los Angeles, CA, United States
Duration: Mar 10 2014Mar 11 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8362 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference15th International Conference on Passive and Active Measurement, PAM 2014
Country/TerritoryUnited States
CityLos Angeles, CA

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Detecting intentional packet drops on the internet via TCP/IP side channels'. Together they form a unique fingerprint.

Cite this