This page will contain outlines in packet trace analysis techniques, primarily with TCP using NS and TCPDump.

References

TCP Packet Trace Analysis, T. J. Shepard, 1991
End-to-End Internet Packet Dynamics, V. Paxson, 1997

Breakdown

It would be useful to plot segment traces against time. Should state the lower and upperbound of the window, which would indicate arrival of ACKs, and the progressing of the window.

ACKs can be seen as a zero length segment, which using the standard notation would be represented by a 'x' as a series of segments would be represented by a vertical line with arrows at each end pointing inwards.

Inactivity of recieving ACKs can be seen by a flat line horizontally wrt to the windows. Usually, TCP should timeout, sending more packets as a result, and as long as the connection is still alive, the window should progress.

The notion of viewing the information as time versus segment number should, as long as the TCP is behaving, cause the progression of the window to go from the bottom left to the top right. It should also be possible to see the effects of slow start as a exponentially growing curve, and congestion avoidance to be a linear increase.

An integration of the instantaneous rate of each byte send in the packet would also be useful in analysing the burstiness of the transfer. The plot is basically the bytes per second against the total accumated bytes.

From the above example, one can see that most of the burstiness involved large amounts of packets being transfered, whilst only a small (1/3) of all packets being quite small.

Wed, 23 July, 2003 13:07