Presentation is loading. Please wait.

Presentation is loading. Please wait.

B5 – TCP Analysis - First Steps Jasper Bongertz, Senior Consultant Airbus Defence and Space.

Published byWarren Gibbs Modified over 9 years ago

Similar presentations

Presentation on theme: "B5 – TCP Analysis - First Steps Jasper Bongertz, Senior Consultant Airbus Defence and Space."— Presentation transcript:

1 B5 – TCP Analysis - First Steps Jasper Bongertz, Senior Consultant Airbus Defence and Space

2 About this presentation file Since this presentation contains lot of animated slides I decided against converting it to a static PDF and offer that for the Sharkfest retrospective page. Instead, you get the PPT, so you can watch stuff happen in presentation mode. Use the slides in your own trainings if you like. If you do, don‘t forget to mention where you got them from – it was a lot of work creating these Cheers, Jasper

3 Agenda Basics of managing Data Transfers The Sliding Window Packet Loss - „when Things go wrong“

4 Basics of managing Data Transfers

5 Basics of managing data transfers 1.Application data is segmented in small chunks before transfer Data

6 Basics of managing data transfers 2.Sucessful Transfer of segmented data is not guaranteed by the physical network...

7 3 3 Basics of managing data transfers 3....so let‘s number those segments and confirm which ones are received... 1 1 2 2 3 3 4 4 5 5 1 1 2 2 3 3

8 Basics of managing data transfers Question: is numbering the packets good enough to ensure everything is fine? Answer: unfortunately not......because we only know a certain segment was received, but not if it was complete

9 Basics of managing data transfers How about this? Can we improve that further? #1 Len 100 #1 Len 100 Got #1 Len 100 Got #1 Len 100

10 Basics of managing data transfers So let‘s see how TCP does it: The confirmation is the number of continuous bytes received (meaning: no gaps) Start at 0 Len 100 Start at 0 Len 100 Got 100 Start at 100 Len 100 Start at 100 Len 100 Got 200

11 TCP Sequence and Acknowledge The „Start at“ number is called „Sequence Number“ The „Got it“ number is called „Acknowledgement“ This is how it looks like in Wireshark: So what‘s the correct ACK number?

12 TCP Session Start Before exchanging data, TCP needs to establish the session „Three Way Handshake“: SYN -> SYN/ACK -> ACK ** Special rule: SYN flags count as 1 byte! ** Sharkfest 2014

13 It‘s Wireshark time First, let‘s turn of TCP reassembly: Sharkfest 2014

14 Demo

15 Initial Sequence Numbers Wireshark displays „Relative Sequence Numbers“ by default In reality, the initial sequence number is random It can be anything between 0 and 2 32: 0 - 4294967296

16 Relative Sequence Numbers You can turn them on and off in the TCP preferences: Sharkfest 2014

17 Sequence Numbers – The Rules 1.Each TCP sequence starts with random number 2.It is increased by 1 for each byte transmitted 3.SYN and FIN flags count as 1 Byte („Phantom Byte“) Sharkfest 2014

18 Okay, let‘s see... Sharkfest 2014 SYN, SeqNo = 100,000 SYN, SeqNo = 500,000 ACK, AckNo = 100,001 ACK, SeqNo = 100,001 AckNo = 500,001 80 Byte Data SeqNo = 100,001 ACK, SeqNo = 500,001 AckNo = 100,081

19 Additional things to consider Every direction tracks its own sequence number Relative sequence numbers can fool you because they may look similar for both directions Sharkfest 2014

20 The Sliding Window Sharkfest 2014

21 Positive Ack with Retransmission It is not very efficient to send single packets back and forth: Sharkfest 2014 3 3 1 1 2 2 3 3 4 4 5 5 1 1 2 2 3 3

22 Start at 100 Len 100 Start at 100 Len 100 Instead, send more... Sharkfest 2014 Send me a maximum of 200 bytes at once! Start at 0 Len 100 Start at 0 Len 100 Got 200

23 Start at 300 Len 100 Start at 300 Len 100 Instead, send more... Sharkfest 2014 Send me a maximum of 200 bytes at once! Start at 200 Len 100 Start at 200 Len 100 Got 400

24 Demo

25 TCP Window Size The TCP window size is very important as a speed and congestion factor Look for „Calculated Window Size“ to read the current value Sharkfest 2014

26 Insufficient TCP window size A small window can slow down the transmission: Sharkfest 2014 HTTP GET Winsize=4k ACK Waiting for the ACK

27 Performance Problems The TCP Window is a great help for locating congested servers and clients If a computer sends very low window sizes, or window sizes of zero, it may be in trouble Hardware apparently not fast enough to cope with incoming packets Exceptions: Reset Packets -> always has window size of zero Busy servers that do not receive much, e.g. Newstickers often have low window sizes Sharkfest 2014

28 Packet Loss – When things go wrong Sharkfest 2014

29 Start at 100 Len 100 Start at 100 Len 100 First, everything looks good Sharkfest 2014 Send me a maximum of 200 bytes at once! Start at 0 Len 100 Start at 0 Len 100 Got 200

30 Start at 300 Len 100 Start at 300 Len 100 Then something goes wrong... Sharkfest 2014 Start at 200 Len 100 Start at 200 Len 100 Got 200

31 Retransmission Sharkfest 2014 Start at 200 Len 100 Start at 200 Len 100 Got 400

32 Demo

33 TCP Retransmissions Retransmissions happen in every network Different ways to trigger a retransmission: By time out By Triple Duplicate ACK By Selective Acknowledgement (SACK) Most important aspect: How much time do they cost? Sharkfest 2014

34 Thanks! Questions? eMail:jasper@packet-foo.com Blog:blog.packet-foo.com Twitter:@packetjay Sharkfest 2014

Download ppt "B5 – TCP Analysis - First Steps Jasper Bongertz, Senior Consultant Airbus Defence and Space."

Similar presentations

Introduction 1 Lecture 13 Transport Layer (Transmission Control Protocol) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer.

Introduction 1 Lecture 13 Transport Layer (Transmission Control Protocol) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer.
TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.

TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Transport Layer – TCP (Part2) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.

Transport Layer – TCP (Part2) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
Guide to TCP/IP, Third Edition

Guide to TCP/IP, Third Edition
Lecture 7 Transport Layer

Lecture 7 Transport Layer
Chapter 7 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain the need for the transport layer.  Identify.

Chapter 7 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain the need for the transport layer.  Identify.
Fundamentals of Computer Networks ECE 478/578 Lecture #20: Transmission Control Protocol Instructor: Loukas Lazos Dept of Electrical and Computer Engineering.

Fundamentals of Computer Networks ECE 478/578 Lecture #20: Transmission Control Protocol Instructor: Loukas Lazos Dept of Electrical and Computer Engineering.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
1 TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.

1 TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
1 CS 4396 Computer Networks Lab Transmission Control Protocol (TCP) Part I.

1 CS 4396 Computer Networks Lab Transmission Control Protocol (TCP) Part I.
Transport Layer – TCP (Part1) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.

Transport Layer – TCP (Part1) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
TCP segment structure source port # dest port # 32 bits application data (variable length) sequence number acknowledgement number rcvr window size ptr.

TCP segment structure source port # dest port # 32 bits application data (variable length) sequence number acknowledgement number rcvr window size ptr.
1 TCP - Part II. 2 What is Flow/Congestion/Error Control ? Flow Control: Algorithms to prevent that the sender overruns the receiver with information.

1 TCP - Part II. 2 What is Flow/Congestion/Error Control ? Flow Control: Algorithms to prevent that the sender overruns the receiver with information.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
TDC365 Spring 2001John Kristoff - DePaul University1 Internetworking Technologies Transmission Control Protocol (TCP)

TDC365 Spring 2001John Kristoff - DePaul University1 Internetworking Technologies Transmission Control Protocol (TCP)
Cs4411 – Operating Systems Practicum November 4, 2011 Zhiyuan Teo Supplementary lecture 4.

Cs4411 – Operating Systems Practicum November 4, 2011 Zhiyuan Teo Supplementary lecture 4.
TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.

TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.

Similar presentations

Ads by Google