Traceroute Probe Method and Forward IP Path Inference
Several traceroute probe methods exist, each designed to perform better in a scenario where another fails. This paper examines the effects that the choice of probe method has on the inferred forward IP path by comparing the paths inferred with UDP, ICMP, and TCP-based traceroute methods to (1) a list of routable IP addresses, (2) a list of known routers, and (3) a list of well-known websites. We further compare methods by examining seven months of macroscopic Internet topology data collected by CAIDA's Archipelago infrastructure.
We found significant differences in the topology observed using different probe methods. In particular, we found that ICMP-based traceroute methods tend to successfully reach more destinations, as well as collect evidence of a greater number of AS links. UDP-based methods infer the greatest number of IP links, despite reaching the fewest destinations. We hypothesise that some per-flow load balancers implement different forwarding policies for TCP and UDP, and run a specific experiment to confirm this hypothesis.