1 / 7

How to Display TCP Window Size using Sniffer and Excel.

How to Display TCP Window Size using Sniffer and Excel. Taken from the ‘ Getting Techknowledgable Course’. TCP Window Size Concepts. One reason for poor performance or throughput can be seen by observing the TCP Window Size.

Olivia
Download Presentation

How to Display TCP Window Size using Sniffer and Excel.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How to Display TCP Window Size using Sniffer and Excel. Taken from the ‘Getting Techknowledgable Course’

  2. TCP Window Size Concepts • One reason for poor performance or throughput can be seen by observing the TCP Window Size. • When the Window size of the receiving station reaches Zero, the sending station will wait until the receiving station advertises a Window Size greater than Zero. • Reasons for Zero Window • Legacy Applications not recompiled for 16/32 bit operating systems • Poorly designed application • Overloaded station or Server • To eliminate an overloaded server, try other file transfer utilities [i.e. FTP] or observe if other application ports are having Window Zero symptoms. • Zero Windows may be followed with ‘Window Exceeded’ symptoms when the sending station sends 1 byte packets. • The ability to view the TCP Window, provides an idea if the application may no be efficient.

  3. Step One: Filter Out All Packets except ACKS • The ACK packet from the receiver advertises the TCP WINDOW size. • We need to create a filter that only displays these packets. • Simply find a frame from the receiver acknowledging a packet. • These packets typically do not have SEQ identifiers, only ACK=. • After you find one packet, create a display filter with the following characteristics; • Anything only from the Receiver’s IP address and a pattern match for the ACK bit. • For Ethernet II encapsulation the offset is Hex 2F with a value of 10.

  4. Step Two: Import to Excel • Now that you have a filtered display, export the data to Excel.

  5. Step Three: Parse Data • The dilemma now is to parse the value from the test so we can graph it. • Of course there are many ways to skin a … well I won’t go there. You know what I mean. • This is one of many techniques to can use to parse the data from the numeric value.

  6. Step Four: Parse Data cont.. • Select the entire column • Select Data->Text to Columns • Choose Fixed width • Draw a line after the ‘=‘.

  7. Step Five: Graph as always. • You can graph the values as individual values, but may be a bit too granular for most. • I suggest you use the Data subtotal feature and graph the Window average per second. • Keep in mind that the frames may be more than a second apart.

More Related