SHARKFEST '09 | Stanford University | June 15–18, 2009 Tips and Tricks: Case Studies Laura Chappell Founder, Wireshark University

Slides:

Advertisements

Similar presentations

EE:450 – Computer Networks

Advertisements

Chapter 7 EM Math Probability.

EE384Y: Packet Switch Architectures

Ethernet Switch Features Important to EtherNet/IP

Multicast congestion control on many-to- many videoconferencing Xuan Zhang Network Research Center Tsinghua University, China.

Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.

Autotuning in Web100 John W. Heffner August 1, 2002 Boulder, CO.

Helping TCP Work at Gbps Cheng Jin the FAST project at Caltech

Welcome to Who Wants to be a Millionaire

Who Wants To Be A Millionaire?

Transmission & Error control

Evaluation of VoIP QoS over WiBro

CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 14 Introduction to Computer Networks.

Anders Magnusson TCP Tuning and E2E Performance TREFpunkt - October 20, 2004.

Tuning and Evaluating TCP End-to-End Performance in LFN Networks P. Cimbál* Measurement was supported by Sven Ubik**

TCP Sliding Windows, Flow Control, and Congestion Control Lecture material taken from Computer Networks A Systems Approach, Fourth Ed.,Peterson and Davie,

Streaming Video over the Internet

SHARKFEST '09 | Stanford University | June 15–18, 2009 The Reality of 10G Analysis Presented by: Network Critical Wednesday, June 17 th, :30 pm –

PERFORMANCE One important issue in networking is the performance of the networkhow good is it? We discuss quality of service, an overall measurement.

TCP transfers over high latency/bandwidth network & Grid TCP Sylvain Ravot

FISP1 ECE 7750 Distributed Control Systems FISP1 Topic: Network Delay Mitigation Prepared by: Nathan Erni Dept. of Electrical and Computer Engineering.

LOGO Transmission Control Protocol 12 (TCP) Data Flow.

FileCatalyst Performance Presentation.

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Expose VoIP Problems With Wireshark June 15, 2010 Sean Walberg Vantage Media SHARKFEST ‘10 Stanford.

TYPES; 1. Analog Analog 2. ISDN ISDN 3. B-ISDN B-ISDN 4. DSL DSL 5. ADSL ADSL 6. SDSL SDSL 7. VDSL VDSL 8. CABLE CABLE 9. Wireless Wireless 10. T-1 lines.

Probability Review.

Spring 2000CS 4611 Introduction Outline Statistical Multiplexing Inter-Process Communication Network Architecture Performance Metrics.

Top Causes for Poor Application Performance Case Studies Mike Canney.

SHARKFEST '09 | Stanford University | June 15–18, 2009 Wireshark is divine! Network Forensics: Wireshark as Evidence Collector Laura Chappell Founder,

Fundamentals of Computer Networks ECE 478/578

Guide to TCP/IP, Third Edition

BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.

Iperf Tutorial Jon Dugan Summer JointTechs 2010, Columbus, OH.

Fundamentals of Computer Networks ECE 478/578 Lecture #21: TCP Window Mechanism Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Interactions Between Delayed Acks and Nagle’s Algorithm in HTTP and HTTPS: Problems and Solutions Arthur Goldberg Robert Buff New York University March.

1 Chapter 3 Transport Layer. 2 Chapter 3 outline 3.1 Transport-layer services 3.2 Multiplexing and demultiplexing 3.3 Connectionless transport: UDP 3.4.

Ch. 28 Q and A IS 333 Spring Q1 Q: What is network latency? 1.Changes in delay and duration of the changes 2.time required to transfer data across.

All rights reserved © 2006, Alcatel Accelerating TCP Traffic on Broadband Access Networks  Ing-Jyh Tsang 

Process-to-Process Delivery:

KEK Network Qi Fazhi KEK SW L2/L3 Switch for outside connections Central L2/L3 Switch A Netscreen Firewall Super Sinet Router 10GbE 2 x GbE IDS.

Courtesy: Nick McKeown, Stanford 1 TCP Congestion Control Tahir Azim.

COMT 4291 Communications Protocols and TCP/IP COMT 429.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 4. Active Monitoring Techniques.

Implementing High Speed TCP (aka Sally Floyd’s) Yee-Ting Li & Gareth Fairey 1 st October 2002 DataTAG CERN (Kinda!)

UDT: UDP based Data Transfer Yunhong Gu & Robert Grossman Laboratory for Advanced Computing University of Illinois at Chicago.

2000 년 11 월 20 일 전북대학교 분산처리실험실 TCP Flow Control (nagle’s algorithm) 오 남 호 분산 처리 실험실

CS 164: Slide Set 2: Chapter 1 -- Introduction (continued).

ICOM 6115©Manuel Rodriguez-Martinez ICOM 6115 – Computer Networks and the WWW Manuel Rodriguez-Martinez, Ph.D. Lecture 7.

TCP Trunking: Design, Implementation and Performance H.T. Kung and S. Y. Wang.

IT 210: Web-based IT Winter 2012 Measuring Speed on the Internet and WWW.

Laura Chappell Author Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide wiresharkbook.com SESSION CODE: WSV303.

Low Latency Adaptive Streaming over TCP Authors Ashvin Goel Charles Krasic Jonathan Walpole Presented By Sudeep Rege Sachin Edlabadkar.

Winter 2008CS244a Handout 71 CS244a: An Introduction to Computer Networks Handout 7: Congestion Control Nick McKeown Professor of Electrical Engineering.

SCTP: A new networking protocol for super-computing Mohammed Atiquzzaman Shaojian Fu Department of Computer Science University of Oklahoma.

TCP continued. Discussion – TCP Throughput TCP will most likely generate the saw tooth type of traffic. – A rough estimate is that the congestion window.

1 Sheer volume and dynamic nature of video stresses network resources PIE: A lightweight latency control to address the buffer problem issue Rong Pan,

1 Ram Dantu University of North Texas, Practical Networking.

Performance Metrics & Network Architectures Professor Jinhua Guo CIS 427 Winter 2003.

Network Protocols: Design and Analysis Polly Huang EE NTU

iperf a gnu tool for IP networks

Window Control Adjust transmission rate by changing Window Size

Chapter 5 TCP Sliding Window

Understanding Throughput & TCP Windows

Process-to-Process Delivery:

PUSH Flag A notification from the sender to the receiver to pass all the data the receiver has to the receiving application. Some implementations of TCP.

Review of Internet Protocols Transport Layer

Ram Dantu University of North Texas,

Achieving reliable high performance in LFNs (long-fat networks)

Summer 2002 at SLAC Ajay Tirumala.

Ram Dantu University of North Texas,

Presentation transcript:

SHARKFEST '09 | Stanford University | June 15–18, 2009 Tips and Tricks: Case Studies Laura Chappell Founder, Wireshark University | Presenter, Wireshark Jumpstart Series | SHARKFEST '09 Stanford University June 15 th, :45-12:15

SHARKFEST '09 | Stanford University | June 15–18, 2009 In this Session Attacking Enterprise Problems The Case of the Lousy Latency

SHARKFEST '09 | Stanford University | June 15–18, 2009 Wheres the Problem?

SHARKFEST '09 | Stanford University | June 15–18, 2009 Packet Pigs

SHARKFEST '09 | Stanford University | June 15–18, 2009 The Case of the Lousy Latency Video-based application requires consistent availability of 20 Mbps throughput to run properly. The latency is measured at 100ms. It looks terrible now.

Tcp1323Opts HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ Parameters Add a new Registry DWORD for Tcp1323Opts Tcp1323Opts Key: Tcpip\Parameters Value Type: REG_DWORDnumber (flags) Valid Range: 0, 1, 2, 3 0 (disable RFC 1323 options) 1 (window scaling enabled only) 2 (timestamps enabled only) 3 (both options enabled) Default: No value.

TcpWindowSize Key: Tcpip\Parameters Value Type: REG_DWORDNumber of bytes Valid Range: 0–0x3FFFFFFF ( decimal; however, values greater than 64 KB can only be achieved when connecting to other systems that support RFC 1323 window scaling) Default: This parameter does not exist by default.

SHARKFEST '09 | Stanford University | June 15–18, 2009 Calculating Bandwidth*Delay Product Bandwidth*delay product: measures amount of data that will fill the pipe defines the buffer space at sender and receiver to gain maximum throughput on the TCP connection over the path defines the amount of unacknowledged data TCP must handle to keep pipe full 100 (Mbps) x 0.1 (RTT) 10 Mb Convert to bytes: 10,000,000/8 = 1,250,000 ~The optimal send/receive buffer sizes are 1.5*BDP (or 1,875,000 bytes)

SHARKFEST '09 | Stanford University | June 15–18, 2009 Router Network x/24 Network /16 iperf –c iperf –s The iPerf Lab Test The Effects of Latency, TCP Receive Window Size and Window Scaling

SHARKFEST '09 | Stanford University | June 15–18, 2009 Lab TestDela y A: 1323 On B: rWin- 1,875,000 iperf –s rWin at 1,875,000 iperf –c rWin at 1,875,000 Results #1: Local iPerf94.5, 90, 92, 94, 94 Lab Test Results: Throughput/Scaling Relationship

SHARKFEST '09 | Stanford University | June 15–18, 2009 Lab TestDela y A: 1323 On B: rWin- 1,875,000 iperf –s rWin at 1,875,000 iperf –c rWin at 1,875,000 Results #1: Local iPerf94.5, 90, 92, 94, 94 #2: iPerf at 100ms delay 100 ms 4.6, 4.8, 4.58, 4.61, 4.62 Lab Test Results: Throughput/Scaling Relationship

SHARKFEST '09 | Stanford University | June 15–18, 2009 Lab TestDela y A: 1323 On B: rWin- 1,875,000 iperf –s rWin at 1,875,000 iperf –c rWin at 1,875,000 Results #1: Local iPerf94.5, 90, 92, 94, 94 #2: iPerf at 100ms delay 100 ms 4.6, 4.8, 4.58, 4.61, 4.62 #3: iPerf w/delay + reg change 100 ms Reg sets (x32) 1323 on 1,875,000 rWin 5.6, 4.6, 4.7, 4.7, 4.7 Lab Test Results: Throughput/Scaling Relationship

Application not taking advantage of maximum rWin value

SHARKFEST '09 | Stanford University | June 15–18, 2009 Lab TestDelayA: 1323 On B: rWin- 1,875,000 iperf –s rWin at 1,875,000 iperf –c rWin at 1,875,000 Results #6: iPerf to w/delay + rWin at receiver set 100 ms Receive window (-w) set at 1,875, Lab Test Results: Throughput/Scaling Relationship

SHARKFEST '09 | Stanford University | June 15–18, 2009 Lab Test Results: Throughput/Scaling Relationship Lab TestDelayA: 1323 On B: rWin- 1,875,000 iperf –s rWin at 1,875,000 iperf –c rWin at 1,875,000 Results #6: iPerf to w/delay + rWin at receiver set 100 ms Receive window (-w) set at 1,875, #7: iPerf to 10:10:16:16 w/delay + rWin at receiver set 100 ms Sender window (-w) set at 1,875, Lab Test Results: Throughput/Scaling Relationship

Application optimized for maximum rWin values

SHARKFEST '09 | Stanford University | June 15–18, 2009 Lab Test Results: Throughput/Scaling Relationship Lab TestDelayA: 1323 On B: rWin- 1,875,000 iperf –s rWin at 1,875,000 iperf –c rWin at 1,875,000 Results #6: iPerf to w/delay + rWin at receiver set 100 ms Receive window (-w) set at 1,875, #7: iPerf to 10:10:16:16 w/delay + rWin at receiver set 100 ms Sender window (-w) set at 1,875, #8: iPerf to 10:10:16:16 w/delay – satellite link speed simulation 800 ms 1.2 Lab Test Results: Throughput/Scaling Relationship

Satellite Simulation

SHARKFEST '09 | Stanford University | June 15–18, 2009 The Case of the Sputtering Stream Network Forensics 101 Evidence of Reconnaissance Evidence of Breaches LIVE ANALYSIS

SHARKFEST '09 | Stanford University | June 15–18, 2009 Held in Queue Sent through Queue Dropped by Queue Path Issues - Whos Special?

SHARKFEST '09 | Stanford University | June 15–18, 2009 TCP Packet Loss

SHARKFEST '09 | Stanford University | June 15–18, 2009 UDP: In the Hands of the Developers

SHARKFEST '09 | Stanford University | June 15–18, 2009 HOT in the Enterprise Bad cops are everywhere!

SHARKFEST '09 | Stanford University | June 15–18, 2009 Now… Enough of this slide stuff…

SHARKFEST '09 | Stanford University | June 15–18, 2009 Links Wireshark Weekly Tips Bandwidth*Delay Product Calculator Yes – I tweet – laurachappell Yes – I blog - feeds2.feedburner.com/InsideLaurasLab Yes – I Facebook – laurachappell

SHARKFEST '09 | Stanford University | June 15–18, 2009 Thank You! Check out Lauras live seminars at chappellseminars.com. Help us spread the word! Thanks!