[Date Prev][Date Next][Date Index]
[etc] Analysis of tcpdump output
HI All,
Below is the TCPdump o/p for the packets that I captured during the
transfer.
I will try to explain the meaning of each packet as I go thru the trace and
try to explain, how Tcptrace calculates the Inst. BW.
1. The first three Packets are for the 3-way Handshake.. reqd for
establishing a TCP connection, as given below.
****************************************************************************
****************************************************************************
**********
1. 12:08:42.470844 172.21.21.23.1081 > 172.22.22.24.5555: S
3728479044:3728479044(0) win 16384 <mss 9140,nop,wscale 0,nop,nop,timestamp
850846 0,[|tcp]> (DF)
2. 12:08:42.677585 172.22.22.24.5555 > 172.21.21.23.1081: S
617395557:617395557(0) ack 3728479045 win 65535 <mss 9140,nop,wscale
2,nop,nop,timestamp 5238018 850846,[|tcp]> (DF)
3. 12:08:42.677630 172.21.21.23.1081 > 172.22.22.24.5555: . ack 1 win 16384
<nop,nop,timestamp 850847 5238018,nop,nop,cc 157> (DF)
****************************************************************************
****************************************************************************
**********
Observe that the sender advertises a window of 16384 bytes, while the
receiver advertises a window pf 65535 bytes.. (I had increased the Buffer
space).
2. The next packet (4) is a of 2048 bytes sent by the sender.. this is due
to slow start.
****************************************************************************
****************************************************************************
**********
4. 12:08:42.678666 172.21.21.23.1081 > 172.22.22.24.5555: P 1:2049(2048) ack
1 win 16384 <nop,nop,timestamp 850847 5238018,nop,nop,cc 157> (DF)
5. 12:08:42.884153 172.22.22.24.5555 > 172.21.21.23.1081: . ack 1 win 51200
<nop,nop,timestamp 5238019 850847,nop,nop,cc 284> (DF)
6. 12:08:42.947523 172.22.22.24.5555 > 172.21.21.23.1081: . ack 2049 win
51200 <nop,nop,timestamp 5238019 850847,nop,nop,cc 284> (DF)
****************************************************************************
****************************************************************************
**********
The packet (5) is sent by the recv to reduce the window size from 65535
bytes to 51200 bytes.. (This is due to some internal mechanics of TCP).
The packet (6) is an ack for the packet (4)... Since an ACk has been
received, tcptrace calculates the inst. BW as
2048 / (12:08:42.947523 - 12:08:42.678666) ==> 2048/0.288857 ==> 7.617
KBYTES/sec
3. Now observe the next set of packets....
****************************************************************************
****************************************************************************
**********
7. 12:08:42.947595 172.21.21.23.1081 > 172.22.22.24.5555: . 2049:10241(8192)
ack 1 win 16384 <nop,nop,timestamp 850847 5238019,nop,nop,cc 157> (DF)
8. 12:08:42.947647 172.21.21.23.1081 > 172.22.22.24.5555: .
10241:18433(8192) ack 1 win 16384 <nop,nop,timestamp 850847
5238019,nop,nop,cc 157> (DF)
9. 12:08:43.183786 172.22.22.24.5555 > 172.21.21.23.1081: . ack 18433 win
51200 <nop,nop,timestamp 5238019 850847,nop,nop,cc 284> (DF)
****************************************************************************
****************************************************************************
**********
Again here the sender sends packets 7 and 8 , each of 8192 bytes and waits
for an ACK.. It receives an ACK in packet 9.. Now again tcptrace calculates
the Inst. BW..
8192*2 / (12:08:43.183786 - 12:08:42.947595) ==> 8192 * 2 / 0.236191 ==>
69.367 KBytes/sec
4. Now observe the next set of packets.
****************************************************************************
****************************************************************************
**********
10. 12:08:43.183860 172.21.21.23.1081 > 172.22.22.24.5555: .
18433:26625(8192) ack 1 win 16384 <nop,nop,timestamp 850848
5238019,nop,nop,cc 157> (DF)
11. 12:08:43.183923 172.21.21.23.1081 > 172.22.22.24.5555: .
26625:34817(8192) ack 1 win 16384 <nop,nop,timestamp 850848
5238019,nop,nop,cc 157> (DF)
12. 12:08:43.183968 172.21.21.23.1081 > 172.22.22.24.5555: .
34817:43009(8192) ack 1 win 16384 <nop,nop,timestamp 850848
5238019,nop,nop,cc 157> (DF)
13. 12:08:43.420480 172.22.22.24.5555 > 172.21.21.23.1081: . ack 34817 win
51200 <nop,nop,timestamp 5238020 850848,nop,nop,cc 284> (DF)
14. 12:08:43.420563 172.21.21.23.1081 > 172.22.22.24.5555: .
43009:51201(8192) ack 1 win 16384 <nop,nop,timestamp 850848
5238020,nop,nop,cc 157> (DF)
15. 12:08:43.420615 172.21.21.23.1081 > 172.22.22.24.5555: .
51201:59393(8192) ack 1 win 16384 <nop,nop,timestamp 850848
5238020,nop,nop,cc 157> (DF)
16. 12:08:43.420657 172.21.21.23.1081 > 172.22.22.24.5555: .
59393:67585(8192) ack 1 win 16384 <nop,nop,timestamp 850848
5238020,nop,nop,cc 157> (DF)
17. 12:08:43.547472 172.22.22.24.5555 > 172.21.21.23.1081: . ack 43009 win
51200 <nop,nop,timestamp 5238020 850848,nop,nop,cc 284> (DF)
****************************************************************************
****************************************************************************
**********
again sender sends packets 10, 11, 12 each of 8192 bytes of data and then
waits for an ACk.. It receives an ACK in the 13th packet but it only covers
packet 10 and 11 and hence ttcptrace again calculates the BW as
8192 * 2 / (12:08:43.420480 - 10. 12:08:43.183860) ==> 8192*2 / 0.23662 ==>
69.241 Kbytes.