Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki."— Presentation transcript:

1 1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki MQP Presentation February 11,2004

2 2 Project Motivation Increase in broadband use Motorola is seeking more efficient hardware Changing Internet traffic Emergence of P2P applications Streaming media Captured TCP packets show trends Can draw conclusions based on data

3 3 Project Goals Characterize traffic patterns in traces Identify possible optimizations Hardware Software

4 4 Capture File Summary Packet sniffer at cable ISP head-end Captures traffic from upstream & downstream links Packet traces generated by tcpdump Uses libpcap capture file format Common format used by many Open Source tools Traces include all headers up to Transport layer Packets anonymized Each IP address mapped to unique, anonymous address Port numbers preserved

5 5 Tools libpcap Used to interpret tcpdump files Facilitated writing of custom programs to analyze data tcptrace Attempt to recreate the TCP flow Gathers many useful statistics about the flow Ethereal GUI front-end for tcpdump Allowed visualization of data

6 6 Results (Transport Protocols) TCP - 98.14% total bytes transmitted UDP – 1.74% total bytes transmitted ICMP, GRE, ESP and OSPFIGP combine for the final 0.12%

7 7 Results (Application Protocols)

8 8 Results (Packet Sizes) We graphed the cumulative distribution function (CDF) of packet sizes. Most common packet size - 54 bytes 2 nd common packet size – 1514 bytes Average packet size – 619.9 bytes Largest size encountered – 2062 bytes

9 9 Results (TCP-SACK) Prevalence among SYN- sending hosts Enabled on 30,377 hosts out of 33,542 Enabled on 97% of downstream hosts

10 10 Results (TCP-SACK)

11 11 Results (ECN) Nearly non-existent use of ECN Only 7 out of the 38,572 unique hosts were ECN capable Negligible performance implications with this low level of deployment

12 12 Results (Non-Responsive Traffic) What is non-responsive traffic? TCP accounts for 98.12% of traffic on average UDP accounts for most non-TCP traffic For our purposes, we assume all non-TCP traffic is non-responsive

13 13 Results (Non-Responsive Traffic) Methodology Set “high” and “low” as percentage of total traffic “high” = >5% of traffic during selected period “low” = <1% of traffic during selected period 3 30-second samples for high and low Performance metrics: RTT, Retransmission Rate

14 14 Results (Non-Responsive Traffic)

15 15 Results (Non-Responsive Traffic)

16 16 Results (Non-Responsive Traffic) Problems Finding suitable samples Difficult to find periods during which non- responsive traffic at peak

17 17 Results (Sample Sizes) We split trace files into 15 minute subunits SACK loss rates were computed: 15 minute trace files 30 minute trace files 1 hour trace files

18 18 Results (Sample Sizes cont.) These tests show a significant difference between the 15 and 30 min. samples and a much smaller difference between the 30 and 60 min samples Based on these results, we were able to determine that a 30 minute sample is sufficient for SACK analysis

19 19 Conclusions Internet traffic is changing KaZaa is the biggest bandwidth user (traditionally WWW) Cable modems can be optimized PEPs can help relieve ACK-compression Additional upstream bandwidth TCP can be optimized Further deployment of SACK & ECN

20 20 Questions?

Download ppt "1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki."

Similar presentations

Ningning HuCarnegie Mellon University1 Optimizing Network Performance In Replicated Hosting Peter Steenkiste (CMU) with Ningning Hu (CMU), Oliver Spatscheck.

Ningning HuCarnegie Mellon University1 Optimizing Network Performance In Replicated Hosting Peter Steenkiste (CMU) with Ningning Hu (CMU), Oliver Spatscheck.
Networks and TCP/IP Part 2. PORTS Ports – What and Why are They?  Typically: Computers usually have only one network access point to the internet 

Networks and TCP/IP Part 2. PORTS Ports – What and Why are They?  Typically: Computers usually have only one network access point to the internet 
Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
4123702 Data Communications System By Ajarn Preecha Pangsuban.

Data Communications System By Ajarn Preecha Pangsuban.
An Empirical Study of Real Audio Traffic A. Mena and J. Heidemann USC/Information Sciences Institute In Proceedings of IEEE Infocom Tel-Aviv, Israel March.

An Empirical Study of Real Audio Traffic A. Mena and J. Heidemann USC/Information Sciences Institute In Proceedings of IEEE Infocom Tel-Aviv, Israel March.
Copyright © 2005 Department of Computer Science CPSC 641 Winter 20111 WAN Traffic Measurements There have been several studies of wide area network traffic.

Copyright © 2005 Department of Computer Science CPSC 641 Winter WAN Traffic Measurements There have been several studies of wide area network traffic.
Internet Traffic Patterns Learning outcomes –Be aware of how information is transmitted on the Internet –Understand the concept of Internet traffic –Identify.

Internet Traffic Patterns Learning outcomes –Be aware of how information is transmitted on the Internet –Understand the concept of Internet traffic –Identify.
Characterization by Measurement of a CDMA 1x EVDO Network Presenter: Mingzhe Li Wireless Internet Conference (WICON’06) Boston, Massachusetts,

Characterization by Measurement of a CDMA 1x EVDO Network Presenter: Mingzhe Li Wireless Internet Conference (WICON’06) Boston, Massachusetts,
Network Traffic Measurement and Modeling CSCI 780, Fall 2005.

Network Traffic Measurement and Modeling CSCI 780, Fall 2005.
Introduction To Networking

Introduction To Networking
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
1 WAN Measurements Carey Williamson Department of Computer Science University of Calgary.

1 WAN Measurements Carey Williamson Department of Computer Science University of Calgary.
KaZaA: Behind the Scenes Shreeram Sahasrabudhe Lehigh University

KaZaA: Behind the Scenes Shreeram Sahasrabudhe Lehigh University
Wireshark Presented By: Hiral Chhaya, Anvita Priyam.

Wireshark Presented By: Hiral Chhaya, Anvita Priyam.
Prentice HallHigh Performance TCP/IP Networking, Hassan-Jain Chapter 3 Performance Measurement of TCP/IP Networks.

Prentice HallHigh Performance TCP/IP Networking, Hassan-Jain Chapter 3 Performance Measurement of TCP/IP Networks.
Module 1: Reviewing the Suite of TCP/IP Protocols.

Module 1: Reviewing the Suite of TCP/IP Protocols.
Network Monitoring School of Electronics and Information Kyung Hee University. Choong Seon HONG Selected from ICAT 2003 Material of James W. K. Hong.

Network Monitoring School of Electronics and Information Kyung Hee University. Choong Seon HONG Selected from ICAT 2003 Material of James W. K. Hong.
Reading Report 14 Yin Chen 14 Apr 2004 Reference: Internet Service Performance: Data Analysis and Visualization, Cross-Industry Working Team, July, 2000.

Reading Report 14 Yin Chen 14 Apr 2004 Reference: Internet Service Performance: Data Analysis and Visualization, Cross-Industry Working Team, July, 2000.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Similar presentations

Ads by Google