How China Detects and Blocks Shadowsocks

Authors: Alice, Bob, Carol, Jan Beznazwy, Amir Houmansadr

Internet Measurement Conference (IMC) 2020


Explanations on datasets

The open dataset contains code and datasets for the paper: How China Detects and Blocks Shadowsocks.

We introduce the major components of the dataset below.


The paper directory includes:

  1. the CSVs of probe metadata, along with the code that generates CSVs from PCAPs
  2. the source code, including Makefile, that reproduces all figures (except Figure 1 and 10) in the paper
  3. the source code of latex

code/ Parallelly Parses all pcap files in a specified directory; then it sorts packets by the timestamps and prints to stdin.

Example usage: path/to/pcap/dir > experiment_name.csv

The script requires tshark and parallel:

apt install tshark parallel # Debian-based
dnf install tshark parallel # Fedora-based


code/triggering_client_server includes the source code of the clients and sink/responding servers used in Section 4.1.

Prober simulator

code/prober_simulator includes the source code of the prober simulators introduced in Section 5.1. It can simulate both random and replay-based probes. One can use it to check if other Shadowsocks implementations (or other circumvention tools) have similar vulnerabilities introduced in the paper.


  • As of October 7, 2020, we have released our code and datasets to the maximum extend that does not harm our anonymity. These code and datasets support all major findings in our paper.
  • If you have any question, comment or feedback, please feel free to leave them in the comments section or use this pad.
  • We will have a summary of our paper on this page. Please check back!