Measure the Internet from anywhere. Prove every packet you sent.
Debuglet runs untrusted, programmable measurements across globally distributed vantage points — and cryptographically attributes every probe back to the program that sent it. Open like code, accountable like infrastructure.
Measurement that behaves like real traffic
A debuglet is a small, sandboxed program that runs inside the network, at a precise point on a path, probing with ordinary data packets. The original architecture set out to do what ping and traceroute can't: pinpoint which link or AS is at fault, with results others can trust and reuse.
Real data packets, not probes
Networks forward TCP, UDP, ICMP and raw IP differently — the paper measured it across the globe. So a debuglet sends packets indistinguishable from the traffic it's diagnosing.
Run at the right place
ASes host executors — sandboxed WASM runtimes, typically at their border routers — that run others' debuglets on demand and collect the results.
Two ends, one segment
Each measurement pairs a client and server executor on consecutive ASes, isolating a single inter-domain link so it can be tested on its own, in either direction.
Originally introduced in
Debuglet: Programmable and Verifiable Inter-domain Network Telemetry.Tabaeiaghdaei, Costa, Kwon, Bamert, Hu, Perrig — IEEE ICDCS 2024.Read the paper ↗
Building on the foundation
The original gave us programmable, verifiable inter-domain measurement. The current work — under review — opens it up further and hardens it for shared, untrusted use: richer programs, per-probe attribution, and coordinated limits.
Debuglets, not a probe menu
Measurements are sandboxed WASM programs. Express closed-loop adaptive probing, stateful protocol interaction, and logic a fixed vocabulary can't.
WASM sandboxEvery probe carries its origin
Every probe carries a cryptographic tag, so anyone — including the target — can prove which program sent a packet, without trusting us.
verifiable originNo target gets overwhelmed
Globally coordinated, per-target limits shared across every debuglet hitting the same destination — so no target ever sees the sum of all of us.
per-target budgetsRun a measurement
Write a debuglet, submit it, and watch it execute across vantage points. Start with the programming model and API.
Host a node
Lend a vantage point. Request hardware, flash an image, or install the agent — attribution and rate limits are enforced for you.
Were you probed?
Upload the trace. We'll show exactly which program sent each packet — and how to opt out or report abuse.