Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
Like its predecessor skitter, scamper is a tool that actively probes the Internet in order to analyze topology and performance. Unlike skitter, scamper supports both IPv6 and IPv4 probing. In addition, scamper supports the well-known ping and traceroute techniques, as well as Paris and MDA traceroute, radargun, ally, mercator, sting, speedtrap, and parts of tbit. Scamper is the prober deployed in CAIDA's Macroscopic Topology Project. Scamper's developer is Matthew Luckie.


Scamper is designed to actively probe destinations in the Internet in parallel (at a specified packets-per-second rate) so that bulk data can be collected in a timely fashion. Scamper's native output file format is called warts: a warts file contains substantial meta data surrounding each individual measurement conducted, as well as substantial detail of responses received. The measurements conducted can range from simple to complex. An example of a simple measurement is where a single measurement method (e.g. traceroute) is used on a list of IP addresses to conduct a bulk measurement. A more complex measurement might be where the outcome of a previous test influences what happens next: for example, for each hop in a traceroute path, infer the address of the outgoing interface for the previous hop. Complex measurements are conducted by connecting to a running scamper process with a driver program which contains the logic.

Source Code

The current snapshot of scamper's source code is cvs-20161204a, released June 23rd 2017. Scamper should compile and run under FreeBSD, OpenBSD, NetBSD, Linux, MacOS X, Solaris, Windows, and DragonFly. Not all of scamper will run on all systems: for example, the sting and tbit modules require IPFW or PF. All releases of scamper are licensed under the GPL v2.

Building Scamper

make install
Scamper is available in FreeBSD ports, NetBSD pkgsrc, OpenBSD ports, and in Debian/Ubuntu packages. The FreeBSD, NetBSD, and OpenBSD packages should be up to date with the latest version of scamper. When building on PlanetLab, pass the --without-privsep option to configure. When building on systems that use the Clang compiler, spurious warnings can be suppressed with:
CFLAGS='-Wno-unneeded-internal-declaration -Wno-unused-const-variable -Wno-deprecated-declarations' ./configure


usage: scamper [-?Dv] [-c command] [-p pps] [-w window]
               [-M monitorname] [-l listname] [-L listid] [-C cycleid]
               [-o outfile] [-O options] [-F firewall] [-e pidfile]
               [-d debugfile]
               [-i IPs | -I cmds | -f file | -P [ip:]port | -U unix-dom]

            -? give an overview of the usage of scamper
            -c command string (default: trace)
            -C cycle id
            -d write debugging information to the specified file
            -D start as a daemon listening for commands on a port
            -e write process ID to specified file
            -f list of files provided on the command line
            -F use the system firewall to install rules as necessary
            -i list of IP addresses provided on the command line
            -I list of scamper commands provided on the command line
            -l name to assign to default list
            -L list id for default list
            -M specify the canonical name of the monitor
            -o specify the file to write output to
            -O specify options to use:
               text: output results in plain text for interactive use
               warts: output results in warts format for science
               json: output results in json format, better to use warts
               outcopy: output copy of all results collected to file
               tsps: input file for ping -T tsprespec=%s
               rawtcp: use raw socket to send IPv4 TCP probes
               notls: do not use TLS anywhere in scamper
               planetlab: necessary to use safe raw sockets on planetlab
               noinitndc: do not initialise neighbour discovery cache
               debugfileappend: append to debugfile, rather than truncate
               select: use select(2) rather than poll(2)
               kqueue: use kqueue(2) rather than poll(2)
            -p number of packets per second to send (1 <= pps <= 10000)
            -P [ip:]port for control socket, default to loopback
            -U name of control socket in the file system
            -v output the version of scamper this binary is
            -w limit the window of actively probing tasks


The paper Scamper: a Scalable and Extensible Packet Prober for Active Measurement of the Internet describes scamper's motivation and architecture. The cite for the paper is:

M. Luckie. Scamper: a Scalable and Extensible Packet Prober for Active Measurement of the Internet.
Proceedings of the 10th ACM SIGCOMM conference on Internet measurement (IMC), Melbourne, Australia, 1-3 Nov 2010, p. 239-245.
Most of scamper is documented in man pages included in the source code package. PDF files of these man pages are:
  • scamper: main data collection program.
  • sc_ally: driver for Ally implementation.
  • sc_analysis_dump: convert scamper traces to something easily parsed with perl.
  • sc_attach: connect to scamper daemon and execute series of commands, collecting the results in a warts file.
  • sc_bdrmap: scamper driver to map first hop border routers of networks.
  • sc_filterpolicy: scamper driver to test systems for congruent filtering policy.
  • sc_ipiddump: utility to dump IP-ID values embedded in ping and dealias objects in warts files.
  • sc_prefixscan: scamper driver to test if a set of IPv4 links are point-to-point.
  • sc_radargun: scamper driver to run radargun on a list of candidate aliases.
  • sc_remoted: interact with a collection of remotely controlled scamper instances.
  • sc_speedtrap: scamper driver to resolve aliases for a set of IPv6 interfaces.
  • sc_tbitblind: scamper driver to test systems for resilience to blind TCP attacks.
  • sc_tracediff: display traceroute paths that have changed.
  • sc_warts2json: print a JSON object representing each warts object in a file.
  • sc_warts2pcap: generate pcap files from tbit and sting data.
  • sc_warts2text: generate simple text for human parsing.
  • sc_wartscat: concatenate warts files.
  • sc_wartsdump: detailed dump of scamper data that was collected in warts format.
  • libscamperfile.3: documentation on libscamperfile, a library to read and write warts files, as well as read CAIDA's ARTS files.
  • warts.5: documentation on the internal format of a warts file.

Release Announcements

If you would like to receive notifications of future releases of scamper, you may subscribe to the receive only mailing list scamper-announce by filling out the scamper-announce mailman form.

Network Research

Here is a list of research done by the author using scamper.

  • bdrmap: Inference of Borders Between IP Networks
    M. Luckie, A. Dhamdhere, B. Huffaker, D. Clark, and k. claffy
    Proceedings of the 16th ACM SIGCOMM conference on Internet Measurement (IMC), November 2016.
  • Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy
    J. Czyz, M. Luckie, M. Allman, M. Bailey
    Proceedings of Network and Distributed Systems Security (NDSS) Conference, February 2016.
  • Resilience of Deployed TCP to Blind Attacks
    M. Luckie, R. Beverly, T. Wu, M. Allman, k claffy
    Proceedings of the 15th ACM SIGCOMM conference on Internet measurement (IMC), October 2015.
  • Measuring and Characterizing IPv6 Router Availability
    R. Beverly, M. Luckie, L. Mosley, k claffy
    Proceedings of the 16th Passive and Active Measurement (PAM 2015) Conference, New York, March 2015.
  • Challenges in Inferring Internet Interdomain Congestion
    M. Luckie, A. Dhamdhere, D. Clark, B. Huffaker, k claffy
    Proceedings of the 14th ACM SIGCOMM conference on Internet measurement (IMC), November 2014.
  • Speedtrap: Internet-scale IPv6 Alias Resolution
    M. Luckie, R. Beverly, W. Brinkmeyer, and k claffy
    Proceedings of the 13th ACM SIGCOMM Internet Measurement Conference (IMC), October 2013.
  • Measuring the Deployment of IPv6: Topology, Routing and Performance
    A. Dhamdhere, M. Luckie, B. Huffaker, k.c. claffy, A. Elmokashfi, E. Aben
    Proceedings of the 12th ACM SIGCOMM Internet Measurement Conference (IMC), November 2012.
  • Revealing MPLS tunnels obscured from traceroute
    B. Donnet, M. Luckie, P. Merindol, J-J Pansiot
    ACM SIGCOMM Computer Communication Review, 42 (2), pp. 87-93, April 2012.
  • Measured Impact of Crooked Traceroute
    M. Luckie, A. Dhamdhere, k.c. claffy, D. Murrell
    ACM SIGCOMM Computer Communication Review, 41 (1), pp. 14-21, January 2011.
  • Measuring Path MTU Discovery Behaviour
    M. Luckie and B. Stasiewicz
    Proceedings of the 10th ACM SIGCOMM Internet Measurement Conference (IMC), Melbourne, Australia, pp. 102-108, November 2010
  • Traceroute probe method and forward IP path inference
    M. Luckie, Y. Hyun, and B. Huffaker
    Proceedings of the 8th ACM SIGCOMM Internet Measurement Conference (IMC), Vouliagmeni, Greece, pp. 311-324, October 2008
  • Inferring and Debugging Path MTU Discovery Failures
    M. Luckie, K. Cho, and B. Owens
    Proceedings of the 5th ACM SIGCOMM Internet Measurement Conference (IMC), pp. 193-198, October 2005
  • Identifying IPv6 Network Problems in the Dual-Stack World
    K. Cho, M. Luckie, and B. Huffaker
    Proceedings of ACM/SIGCOMM Network Troubleshooting Workshop 2004, pp. 283-288, August 2004

Bonus Material

  • A library written by Young Hyun at CAIDA for reading warts files with Ruby is available at RubyForge.
  • Robert Beverly (NPS) wrote native Python implementations of sc_attach and sc_wartsdump without any scamper dependencies. His code is available at CMAND's GitHub.
  • Baptiste Jonglez wrote a native Python warts library for traceroute and ping records, also without any scamper dependencies. His code is available at the Drakkar group's GitHub.
  • Ovidiu Dan wrote a C# library for parsing traceroute output stored in warts files. His code is available on GitHub.


The development of scamper was funded by the WIDE Project in association with CAIDA for the 12 month period ending April 2005.

  Last Modified: Thu Jun-22-2017 13:36:23 PDT
  Page URL: