Like its predecessor skitter, scamper is a tool that actively probes the Internet in order to analyze topology and performance. Scamper supports both IPv6 and IPv4 probing, the well-known ping and traceroute techniques, as well MDA traceroute, radargun, ally, mercator, sting, speedtrap, DNS probes, and parts of tbit. Scamper is the prober deployed in CAIDA's Macroscopic Topology Project. Scamper's developer is Matthew Luckie.


Scamper is designed to actively probe destinations in the Internet in parallel (at a specified packets-per-second rate) so that bulk data can be collected in a timely fashion. Scamper's native output file format is called warts: a warts file contains substantial meta data surrounding each individual measurement conducted, as well as substantial detail of responses received. The measurements conducted can range from simple to complex. An example of a simple measurement is where a single measurement method (e.g. traceroute) is used on a list of IP addresses to conduct a bulk measurement. A more complex measurement might be where the outcome of a previous test influences what happens next: for example, for each hop in a traceroute path, infer the address of the outgoing interface for the previous hop. Complex measurements are conducted by connecting to a running scamper process with a driver program which contains the logic.

Source Code

The current snapshot of scamper's source code is cvs-20211212a, released February 9th 2022. Scamper should compile and run under FreeBSD, OpenBSD, NetBSD, Linux, MacOS X, Solaris, Windows, and DragonFly. Not all of scamper will run on all systems: for example, the sting and tbit modules require IPFW or PF. All releases of scamper are licensed under the GPL v2.

Building Scamper

make install
Scamper is available in FreeBSD ports, NetBSD pkgsrc, OpenBSD ports, in Debian/Ubuntu packages, as well as an Ubuntu PPA. The FreeBSD and OpenBSD packages should be up to date with the latest version of scamper.


usage: scamper [-?Dv] [-c command] [-p pps] [-w window]
               [-M monitorname] [-l listname] [-L listid] [-C cycleid]
               [-o outfile] [-O options] [-F firewall] [-e pidfile]
               [-n nameserver]
               [-d debugfile]
               [-i IPs | -I cmds | -f file | -P [ip:]port | -R name:port |
                -U unix-dom]
            -? give an overview of the usage of scamper
            -c command string (default: trace)
            -C cycle id
            -d write debugging information to the specified file
            -D start as a daemon listening for commands on a port
            -e write process ID to specified file
            -f list of files provided on the command line
            -F use the system firewall to install rules as necessary
            -i list of IP addresses provided on the command line
            -I list of scamper commands provided on the command line
            -l name to assign to default list
            -L list id for default list
            -M specify the canonical name of the monitor
            -o specify the file to write output to
            -O specify options to use:
               text: output results in plain text for interactive use
               warts: output results in warts format for science
               tsps: input file for ping -T tsprespec=%s
               cmdfile: input file specifies whole commands
               json: output results in json format, better to use warts
               planetlab: necessary to use safe raw sockets on planetlab
               noinitndc: do not initialise neighbour discovery cache
               outcopy: output copy of all results collected to file
               rawtcp: use raw socket to send IPv4 TCP probes
               notls: do not use TLS anywhere in scamper
               notls-remote: do not use TLS on remote control sockets
               cafile=file: use the CA certificates in the specified file
               select: use select(2) rather than poll(2)
               kqueue: use kqueue(2) rather than poll(2)
               debugfileappend: append to debugfile, rather than truncate
            -p number of packets per second to send (1 <= pps <= 10000)
            -P [ip:]port for control socket, default to loopback
            -R name and port of remote host to receive commands from
            -U name of control socket in the file system
            -v output the version of scamper this binary is
            -w limit the window of actively probing tasks


The paper Scamper: a Scalable and Extensible Packet Prober for Active Measurement of the Internet describes scamper's motivation and architecture. The cite for the paper is:

M. Luckie. Scamper: a Scalable and Extensible Packet Prober for Active Measurement of the Internet.
Proceedings of the 10th ACM SIGCOMM conference on Internet measurement (IMC), Melbourne, Australia, 1-3 Nov 2010, p. 239-245.
Most of scamper is documented in man pages included in the source code package. PDF files of these man pages are:
  • scamper: main data collection program.
  • sc_ally: driver for Ally implementation.
  • sc_analysis_dump: convert scamper traces to something easily parsed.
  • sc_attach: connect to scamper daemon and execute series of commands, collecting the results in a warts file.
  • sc_bdrmap: scamper driver to map first hop border routers of networks.
  • sc_erosprober: scamper driver to periodically probe addresses and rotate output files.
  • sc_filterpolicy: scamper driver to test systems for congruent filtering policy.
  • sc_hoiho: holistic orthography of Internet hostname observations.
  • sc_ipiddump: utility to dump IP-ID values embedded in ping and dealias objects in warts files.
  • sc_pinger: scamper driver to run ping with different probe methods on a list of addresses.
  • sc_prefixscan: scamper driver to test if a set of IPv4 links are point-to-point.
  • sc_radargun: scamper driver to run radargun on a list of candidate aliases.
  • sc_remoted: interact with a collection of remotely controlled scamper instances.
  • sc_speedtrap: scamper driver to resolve aliases for a set of IPv6 interfaces.
  • sc_tbitblind: scamper driver to test systems for resilience to blind TCP attacks.
  • sc_tbitpmtud: scamper driver to test systems for responsiveness to ICMP packet too big messages.
  • sc_tracediff: display traceroute paths that have changed.
  • sc_ttlexp: dump source addresses from ICMP TTL expired messages in warts files.
  • sc_uptime: scamper driver to infer reboot windows for systems with IPv6 addresses.
  • sc_warts2csv: dump traceroutes collected by scamper in csv format.
  • sc_warts2json: print a JSON object representing each warts object in a file.
  • sc_warts2pcap: generate pcap files from tbit and sting data.
  • sc_warts2text: generate simple text for human parsing.
  • sc_wartscat: concatenate warts files.
  • sc_wartsdump: detailed dump of scamper data that was collected in warts format.
  • sc_wartsfilter: select specific records from a warts file.
  • sc_wartsfix: truncate damaged warts files.
  • libscamperfile.3: documentation on libscamperfile, a library to read and write warts files, as well as read CAIDA's ARTS files.
  • warts.5: documentation on the internal format of a warts file.

Release Announcements

If you would like to receive notifications of future releases of scamper, you may subscribe to the receive only mailing list scamper-announce by filling out the scamper-announce mailman form.

Network Research

Here is a list of research done by the author using code in scamper.

  • Learning Regexes to Extract Router Names from Hostnames
    M. Luckie, A. Marder, B. Huffaker, and k. claffy
    Proceedings of the Asian Internet Engineering Conference (AINTEC), December 2021
  • Learning to Extract Geographic Information from Internet Router Hostnames
    M. Luckie, B. Huffaker, A. Marder, Z. Bischof, M. Fletcher, and k. claffy
    Proceedings of the 17th ACM Conference on emerging Networking EXperiments and Technologies (CoNEXT), December 2021.
  • Inferring Regional Access Network Topologies: Methods and Applications
    Z. Zhang, A. Marder, R. Mok, B. Huffaker, M Luckie, k. claffy, and A. Schulman
    Proceedings of the 21st ACM Internet measurement Conference (IMC), November 2021.
  • Learning to Extract and Use ASNs in Hostnames
    M. Luckie, A. Marder, M. Fletcher, B. Huffaker, and k. claffy
    Proceedings of the 20th ACM Internet measurement Conference (IMC), October 2020.
  • Learning to Extract Router Names from Hostnames
    M. Luckie, B. Huffaker, and k. claffy
    Proceedings of the 19th ACM Internet measurement Conference (IMC), October 2019.
  • The Impact of Router Outages on the AS-level Internet
    M. Luckie and R. Beverly
    Proceedings of ACM SIGCOMM, August 2017
  • bdrmap: Inference of Borders Between IP Networks
    M. Luckie, A. Dhamdhere, B. Huffaker, D. Clark, and k. claffy
    Proceedings of the 16th ACM SIGCOMM conference on Internet Measurement (IMC), November 2016.
  • Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy
    J. Czyz, M. Luckie, M. Allman, M. Bailey
    Proceedings of Network and Distributed Systems Security (NDSS) Conference, February 2016.
  • Resilience of Deployed TCP to Blind Attacks
    M. Luckie, R. Beverly, T. Wu, M. Allman, k claffy
    Proceedings of the 15th ACM SIGCOMM conference on Internet measurement (IMC), October 2015.
  • Measuring and Characterizing IPv6 Router Availability
    R. Beverly, M. Luckie, L. Mosley, k claffy
    Proceedings of the 16th Passive and Active Measurement (PAM 2015) Conference, New York, March 2015.
  • Challenges in Inferring Internet Interdomain Congestion
    M. Luckie, A. Dhamdhere, D. Clark, B. Huffaker, k claffy
    Proceedings of the 14th ACM SIGCOMM conference on Internet measurement (IMC), November 2014.
  • Speedtrap: Internet-scale IPv6 Alias Resolution
    M. Luckie, R. Beverly, W. Brinkmeyer, and k claffy
    Proceedings of the 13th ACM SIGCOMM Internet Measurement Conference (IMC), October 2013.
  • Measuring the Deployment of IPv6: Topology, Routing and Performance
    A. Dhamdhere, M. Luckie, B. Huffaker, k.c. claffy, A. Elmokashfi, E. Aben
    Proceedings of the 12th ACM SIGCOMM Internet Measurement Conference (IMC), November 2012.
  • Revealing MPLS tunnels obscured from traceroute
    B. Donnet, M. Luckie, P. Merindol, J-J Pansiot
    ACM SIGCOMM Computer Communication Review, 42 (2), pp. 87-93, April 2012.
  • Measured Impact of Crooked Traceroute
    M. Luckie, A. Dhamdhere, k.c. claffy, D. Murrell
    ACM SIGCOMM Computer Communication Review, 41 (1), pp. 14-21, January 2011.
  • Measuring Path MTU Discovery Behaviour
    M. Luckie and B. Stasiewicz
    Proceedings of the 10th ACM SIGCOMM Internet Measurement Conference (IMC), Melbourne, Australia, pp. 102-108, November 2010
  • Traceroute probe method and forward IP path inference
    M. Luckie, Y. Hyun, and B. Huffaker
    Proceedings of the 8th ACM SIGCOMM Internet Measurement Conference (IMC), Vouliagmeni, Greece, pp. 311-324, October 2008
  • Inferring and Debugging Path MTU Discovery Failures
    M. Luckie, K. Cho, and B. Owens
    Proceedings of the 5th ACM SIGCOMM Internet Measurement Conference (IMC), pp. 193-198, October 2005
  • Identifying IPv6 Network Problems in the Dual-Stack World
    K. Cho, M. Luckie, and B. Huffaker
    Proceedings of ACM/SIGCOMM Network Troubleshooting Workshop 2004, pp. 283-288, August 2004

Bonus Material

  • A library written by Young Hyun at CAIDA for reading warts files with Ruby is available at RubyForge.
  • Robert Beverly (NPS) wrote native Python implementations of sc_attach and sc_wartsdump without any scamper dependencies. His code is available at CMAND's GitHub.
  • Baptiste Jonglez wrote a native Python warts library for traceroute and ping records, also without any scamper dependencies. His code is available at the Drakkar group's GitHub.
  • Ovidiu Dan wrote a C# library for parsing traceroute output stored in warts files. His code is available on GitHub.


The development of scamper was funded by the WIDE Project in association with CAIDA for the 12 month period ending April 2005.

Related Objects

See to explore related objects to this document in the CAIDA Resource Catalog.
Last Modified