Information Technology Reference
In-Depth Information
•
Round Trip Time (RTT).
In our context, RTT measures the time elapsed between
the sending of a packet to a destination and the receipt of the same packet from the
source. The destination is forced to send back the received packet at once, in order
to assess RTT. Latency has been measured through
hping3
[19] using different
packet sizes from 16 to 1024 byte each. Also in this case, packets have been filled
with real data.Since ping is not realizable in TCP over DNS tools, we built a proper
tunneling interface for managing ICMP packets. In particular, we define a fake in-
terface by customizing an SSH client and serverin order to avoid ciphering that
would increase overhead.!
•
Overhead.
It measures the number of packets generated by tools that are not di-
rectly related to the transport of tunneled data. This includes, for instance, packets
for polling the rouge DNS server. The overhead of each tool has been measured by
calculating the number of packets in a tunnel in a ping session, and thus comparing
it with the amount of packets in a ping session without tunneling. The amount of
packets has been calculated through the
tshark
tool, synchronized with the ping
session.
5 Testing and Analysis of Results
We tested all network configurations in terms of all metrics. Each test has been re-
peated several times.Due to the lack of space,we provide a summary with a global
evaluation of the performance of each tool, without detailing the test results. The
comparative analysis of performance has been made both analytically (making inves-
tigation at a granularity of single packets with Wireshark [20]) and graphically, by
comparing the trend of single metrics among the different tools (e.g. Fig. 3).
The previous tests allow recognizing a unique set of characteristics for each tool in
term of performance:
Dns2Tcp.
The TCP-over-Tunnel built with Dns2Tcp shows a higher throughput in
comparison to the IP-over-DNS solutions and the RTT is low. However, a tunnel
made through Dns2Tcp is easily recognizable by the high amount of packet over-
head (around 1500%), which significantly lowers the global network performance.
•
•
NSTX.
It shows the lower RTT in all IP-over-DNS tools but it has globally a low
throughput. Moreover, since NSTX is not configurable, it cannot be customized to
different scenarios and, thus, the throughput cannot be raised. A high throughput
has been measured only in the Direct configuration, that is, as remarked, an unreal-
istic case.
•
DnsCat.
It has an acceptable level of throughput and RTT, making it suitable for
Internet surfing without sensitive delays. However, it is characterized by a non-
regular trend and high overhead. Differently from NSTX, it is a highly configur-
able tool, so the overhead can potentially be reduced by properly customizing the
tool if the network configuration is known.
•
Iodine.
Iodine is the only tool showing a linear behavior in all metrics and all con-
figurations. Notwithstanding the average throughput, Iodine shows the lower over-
head and a low RTT value. Since it is particularly configurable, it is suitable for
almost all network scenarios.
Search WWH ::
Custom Search