Add to collection(s) Add to saved
  1. Business
  2. Finance

PPT - SharkFest

advertisement 
Session B1: The Art of
Packet Analysis
Hansang Bae
Director – Product Architecture
Hansang.bae@riverbed.com
Information
YouTube Channel with older sessions etc.
www.youtube.com/hansangb
www.box.com/Sharkfest2014
• Trace files
• Presentations
• Camtasia recordings (will be up within one
NET/NET
I’mofolder
than epoch,
month from=end
Sharkfest)
the beginning of time
Q4…2014
Information
(pester
me
*PLEASE*)
YouTube Channel with older sessions etc.
www.youtube.com/hansangb
www.box.com/Sharkfest2014
• Trace files
• Presentations
• Camtasia recordings
TCP – What does it mean?
• Reliable – but why?
• Connection oriented – very polite protocol
• Flow Control – built-in traffic report
• Stream oriented – I don’t need no stinkin’ packets!
• Sequence numbers – fundamental building block
Troubleshooting TCP
Nagle/Delayed Ack
• TCP is great for a lot of things, but real-time
transactions that require small packets is not one of
them.
• Nagle’s motivation was to maximize the ratio of packets
to data/content.
• Delayed-Ack can help in avoiding some “silly window”
scenarios.
• Nagle has its place and need. Delayed-Ack has its place
and need.
• However, Nagle + Delayed-ack = Bad news (sometimes).
If you are a financial organization, be on the lookout!
Sharkfest 2014
Troubleshooting TCP
Nagle/Delayed Ack
Nagle rules:
1. If there are unacknowledged in-flight data,new data is buffered
2. If the data to be sent is < MSS, it is buffered until MSS
3. RFC896 (Congestion control in IP/TCP internetworks )
When to send data:
1.
2.
3.
Immediately if a full MSS size packet can be sent (at least MSS
data is accumulated)
All previously sent data has been acknowledged AND PSH flag is
set
PSH flag is set AND the override timeout (0.1 ... 1s) expired
RFC1122 (Requirements for Internet Hosts – Communication Layers)
Sharkfest 2014
Troubleshooting TCP
Nagle/Delayed Ack
Receiver
Sender
MSS
MSS
Application data is accumulated until MSS
Sharkfest 2014
Troubleshooting TCP
Nagle/Delayed Ack
Receiver
Sender
PSH
Application data is
being accumulated
Sharkfest 2014
MSS
Troubleshooting TCP
Nagle/Delayed Ack
Receiver
Sender
PSH
New small packet (not full
MSS) with PUSH flag
Nagle override timeout (200 ms)
Sharkfest 2014
Transmit timer expires
Troubleshooting TCP
Nagle/Delayed Ack
• TCP is great for a lot of things, but real-time
transactions that require small packets is not one of
them.
Sharkfest 2014
Troubleshooting TCP
Nagle/Delayed Ack
No more data coming
in? I can’t send the
ACK until I have some
data of my own to
send; another packet
arrives; or my timer
Receiver expires
Sender
ACK delay
200 ms
Hmm, I can’t send
more data now
because I haven’t
received any ACK
yet. I better start
buffering!
Now I can send more
data!
PSH
MSS
Sharkfest 2014
Related documents
(Bae) Stump the Expert! Packet Trace Whispering
(Bae) Stump the Expert! Packet Trace Whispering
Up to State-Level Societies
Up to State-Level Societies
HTTP/TCP Interactions Outline So Far… TCP Timers
HTTP/TCP Interactions Outline So Far… TCP Timers
(Bae) CASE STUDY: Wireshark in the Large Enterprise
(Bae) CASE STUDY: Wireshark in the Large Enterprise
PPT - SharkFest
PPT - SharkFest
“One to One” Classrooms
“One to One” Classrooms
上課要求(Network Requirement)
上課要求(Network Requirement)
Oefeningen_1_TCP_EN_10_okt_07
Oefeningen_1_TCP_EN_10_okt_07
A-5 (LDegioanni) The Shark Distributed Monitoring
A-5 (LDegioanni) The Shark Distributed Monitoring
How to Troubleshoot the Top 5 Causes for Poor
How to Troubleshoot the Top 5 Causes for Poor
How to Send e-mail
How to Send e-mail
MSS GM Minutes 2015-02
MSS GM Minutes 2015-02
Download
advertisement