220 likes | 368 Views
TCP ( Transmission Control Protocol). Etkileşimli ( Interactive) Veri Akışı Hacimli ( Bulk) Veri Akışı Timeout – Retransmission Persist Timer Keepalive Timer TCP Başarımı ve Geleceği SNMP, Telnet & Rlogin, FTP, SMTP , NFS ve Diğer TCP Uygulamaları. TCP Trafik Analizi.
E N D
TCP (Transmission Control Protocol) • Etkileşimli (Interactive) Veri Akışı • Hacimli (Bulk) Veri Akışı • Timeout – Retransmission • Persist Timer • Keepalive Timer • TCP Başarımı ve Geleceği • SNMP, Telnet & Rlogin, FTP, SMTP , NFS ve Diğer TCP Uygulamaları
TCP Trafik Analizi • TCP segmentlerinin %50 ‘si etkileşimli, %50’si hacimli veri içermekte • Byte tabanlı, olarak %90 hacimli, %10 etkileşimli veri taşınmakta
tuşa basılma 1 byte veri Sunucu uygulama ack echo karakteri ekran ack Etkileşimli Veri Akşı istemci sunucu
bsdi.2023 svr4.login bsdi.2023 svr4.login 1 13 PSH 0:1(1) ack 1 (“d”) PSH 4:5(1) ack 1 (newline) 16.5ms 2 14 PSH 1:2(1) ack 1 (echo of “d”) PSH 5:7(2) ack 5 (CR,LF) delayed ACK 123.5ms 3 15 ack 2 ack 7 4 16 PSH 7:37(30) ack 5 (currnet date) PSH 1:2(1) ack 2 (“a”) 16.3ms 5 PSH 2:3(1) ack 2 (echo of “a”) 17 ack 37 delayed ACK 65.6ms 6 ack 3 PSH 37:44(7) ack 5 (“svr4 %”) 18 7 PSH 2:3(1) ack 3 (“t”) ack 44 19 8 PSH 3:4(1) ack 3 (echo of “t”) ack 4 9 10 PSH 3:4(1) ack 4 (“e”) 11 PSH 4:5(1) ack 4 (echo of “e”) 12 ack 5
Nagle Algoritması bsdi.2023 svr4.login 1 PSH 5:6(1) ack 47 197.7 ms 2 PSH 47:48(1) ack 6 34.8 ms 3 PSH 6:7(1) ack 48 205.1 ms 4 PSH 48:49(1) ack 7 26.7 ms PSH 7:9(2) ack 48 5 PSH 49:51(2) ack 9 7
Hacimli (Bulk) Veri Akışı • WWW, FTP, e-posta gibi yoğun veri akışı olan • uygulamalarda kullanılır • TCP veri akış denetimi için Sliding Window • algoritmasını kulanır
Sliding Window Algoritması • 4.2BSD’de pencere boyu 2048 byte, 4.3BSD’de pencere boyu 4096 byte olarak belirlenmiştir. • Socket API pencere boyunun değiştirilmesine olanak verir.
SYN 1305814529: 1305814529(0) 1 SYN 1367249409: 1367249409(0) 2 3 ack 1, win4096 data sent in segments 4,5,6 4 PSH 1:1025(1024) ack 1,win 4096 ACKed by segment 7 5 PSH 1025:2049(1024) ack 1,win 4096 win advertised by segment 7 6 PSH 2049:3073(1024) ack 1,win 4096 ACKed by segment 8 win advertised by segment 8 ack 2049, win 4096 7 data sent segment 9 ack 3073, win 3072 8 PSH 3073:4097(1024) ack 1,win 4096 9 ack 4097, win 4096 10 ACKed by segment 10 win advertised by segment 10 11 PSH 4097:5121(1024) ack 1, win 4096 data sent in segments 11,12,13 PSH 5121:6145(1024) ack 1, win 4096 12 13 ACKed by segment 14 PSH 6145:7169(1024) ack 1, win 4096 win advertised by segment 14 ack 6145,win 4096 14 data sent segment 15 15 PSH 7169:8193(1024) ack 1, win 4096 ack 8193, win 4096 16 ACKed by segment 16 1 1024 1025 2048 2049 3072 3073 4096 4097 5120 5121 6144 6145 7168 7169 8192 Window advertised by segment 2
PSH 1025:2049(1024) ack 1, win 4096 PSH 1:1025(1024) ack 1, win 4096 SYN 1227520000:1227520000(0) win 4096 ack 1, win 4096 5 4 1 3 SYN 236371521: 236371521(0) win 4096 ack 4097, win 4096 ack 4097, win 0 9 8 2 PSH 6145:7169(1024) ack 1, win 4096 PSH 2049:3073(1024) ack 1, win 4096 PSH 5121:6145(1024) ack 1, win 4096 PSH 3073:4097(1024) ack 1, win 4096 PSH 4097:5121(1024) ack 1, win 4096 PSH 7169:8193(1024) FIN,ack 1, win 4096 11 13 12 10 6 7
Urgent Mode 16-bit source port number 16-bit source port number 32-bit sequence number 32-bit acknowledgement number length 4-bit Reserved 6-bit 16- bit window size URG ACK PSH RST SYN FIN 16-bit TCP checksum 16-bit urgent pointer options (if any) offset of urgent data from seq. number URG = 1
TCP Timeout & Retransmission • Retransmission timer bir ack beklenirken, • Persist timer, penceresini boyu kontrolünde • Keepalive timer karşı tarafın bağlantısının koptuğunun tespit edilmesinde kullanılır
0.0 bsdi.1029 > svr4.discard: S 1747921409:1747921409(0) win 4096 <mss 1024> 0.004 (0.0048) svr4.discard > bsdi.1029: S 3416685569:3416685569(0) ack 1747921410 win 4096 0.006441 ( 0.0016) bsdi.1029 > svr4.discard: . ack 1 win 4096 6.102290 ( 6.0958) bsdi.1029 > svr4.discard: P 1:15(14) ack 1 win 4096 6.259410 ( 0.1571) svr4.discard > bsdi.1029: . ack 15 win 4096 24.480158 (18.2207) bsdi.1029 > svr4.discard: P 15:23(8) ack 1 win 4096 25.493733 ( 1.0136) bsdi.1029 > svr4.discard: P 15:23(8) ack 1 win 4096 28.493795 ( 3.0001) bsdi.1029 > svr4.discard: P 15:23(8) ack 1 win 4096 34.493971 ( 6.0002) bsdi.1029 > svr4.discard: P 15:23(8) ack 1 win 4096 46.484427 (11.9905) bsdi.1029 > svr4.discard: P 15:23(8) ack 1 win 4096 70.485105 (24.0007) bsdi.1029 > svr4.discard: P 15:23(8) ack 1 win 4096 118.486408 (48.0013) bsdi.1029 > svr4.discard: P 15:23(8) ack 1 win 4096 182.488164 (64.0018) bsdi.1029 > svr4.discard: P 15:23(8) ack 1 win 4096 246.489921 (64.0018) bsdi.1029 > svr4.discard: P 15:23(8) ack 1 win 4096 310.491678 (64.0018) bsdi.1029 > svr4.discard: P 15:23(8) ack 1 win 4096 374.493431 (64.0018) bsdi.1029 > svr4.discard: P 15:23(8) ack 1 win 4096 438.495196 (64.0018) bsdi.1029 > svr4.discard: P 15:23(8) ack 1 win 4096 502.486941 (63.9917) bsdi.1029 > svr4.discard: P 15:23(8) ack 1 win 4096 566.488478 (64.0015) bsdi.1029 > svr4.discard: R 23:23(0) ack 1 win 4096
Repacketization • Zaman aşımına uğrayan ve yeniden gönderilmesi gereken segmentleri ayrı bir segment olarak yeniden göndermez bsdi. 1032 > svr4.discard: P 1:13(12) ack 1 svr4.discard > bsdi.1032: . ack 13 Ethernetkablosu çıkarılıyor bsdi.1032 > svr4.discard: P 13:27(14) ack 1 bsdi.1032 > svr4.discard: P 13:27(14) ack 1 bsdi.1032 > svr4.discard: P 13:27(14) ack 1 Üçüncü satır yazılyor bsdi.1032 > svr4.discard: P 13:33(20) ack 1 bsdi.1032 > svr4.discard: P 13:33(20) ack 1 bsdi.1032 > svr4.discard: P 13:33(20) ack 1 Ethernet kablosu yeniden takılıyor svr4.discard > bsdi.1032: . ack 33
Round-Trip Time (RTT) • Bir segmentin gönderilmesinden, o segmentle ilgili ack segmentinin alnmasına kadar geçen süre • R = aR + (1-a)M
Persist Timer • Kapalı olan pencerenin yeni boyunu belirten ack segmenti kaybolduğunda kullanılır • Gönderen taraf pencerenin açılmasını, alan taraf ise yeni segmentleri bekler durumdadır (deadlock) • Gönderen taraf bir persist timer tutar ve periodik olarak alıcı tarafın pencere boyunun sorgulanmasını sağlar (window probes)
1 bsdi.1027 > svr4.5555: P 1:1025(1024) ack 1 win 4096 2 svr4.5555 > bsdi.1027: . ack 1025 win 4096 3 bsdi.1027 > svr4.5555: . 1025 :2049(1024) ack 1 win 4096 4 bsdi.1027 > svr4.5555: . 2049:3073(1024) ack 1 win 4096 5 svr4.5555 > bsdi.1027: . ack 3073 win 4096 6 bsdi.1027 > svr4.5555: . 3073 :4097(1024) ack 1 win 4096 7 bsdi.1027 > svr4.5555: P 4097 :5121(1024) ack 1 win 4096 8 bsdi.1027 > svr4.5555: P 5121 :6145(1024) ack 1 win 4096 9 svr4.5555 > bsdi.1027: . ack 5121 win 4096 10 bsdi.1027 > svr4.5555: P 6145 :7169(1024) ack 1 win 4096 11 bsdi.1027 > svr4.5555: P 7169 :8193(1024) ack 1 win 4096 12 bsdi.1027 > svr4.5555: P 8193 :9217(1024) ack 1 win 4096 13 svr4.5555 > bsdi.1027: . ack 9217 win 0
14 bsdi.1027 > svr4.5555: . 9217 : 9218(1) ack 1 win 4096 15 svr4.5555 > bsdi.1027: . ack 9217 win 0 16 bsdi.1027 > svr4.5555: . 9217 :9218 (1) ack 1 win 4096 17 svr4.5555 > bsdi.1027: . ack 9217 win 0 18 bsdi.1027 > svr4.5555: . 9217 : 9218(1) ack 1 win 4096 19 svr4.5555 > bsdi.1027: . ack 9217 win 0 20 bsdi.1027 > svr4.5555: . 9217 :9218 (1) ack 1 win 4096 21 svr4.5555 > bsdi.1027: . ack 9217 win 0 22 bsdi.1027 > svr4.5555: . 9217 : 9218(1) ack 1 win 4096 23 svr4.5555 > bsdi.1027: . ack 9217 win 0 24 bsdi.1027 > svr4.5555: . 9217 : 9218(1) ack 1 win 4096 25 svr4.5555 > bsdi.1027: . ack 9217 win 0 26 bsdi.1027 > svr4.5555: . 9217 :9218 (1) ack 1 win 4096 27 svr4.5555 > bsdi.1027: . ack 9217 win 0 28 bsdi.1027 > svr4.5555: . 9217:9218(1) ack 1 win 4096 29 svr4.5555 > bsdi.1027: . ack 9217 win 0 30 bsdi.1027 > svr4.5555: . 9217 : 9218(1) ack 1 win 4096 31 svr4.5555 > bsdi.1027: . ack 9217 win 0
Aptal Pencere Sendromu(Silly Window Syndrome) Alan tarafın küçük pencere boyu belirtmesi ve bu nedenle tam dolmamış segmentler göndermesi durumu Kullanılan çözüm yöntemi : • Alan taraf belirttiği boydan daha büyük bir boy belirtmesi için pencere boyunda MSS kadar ya da buffer alanının yarısı kadar bir artış sağlamalıdır
PSH 1025:2049(1024) ack 1, win 4096 PSH 1:1025(1024) ack 1, win 4096 1 2 FIN 1:2(1) ack 6146, win 4096 ack 4100, win 1533 ack 5634, win 1279 ack 6146, win 2816 ack 5124, win 509 ack 6146, win 767 ack 4097, win 0 ack 4099, win 0 ack 5633, win 0 ack 4098, win 0 5 PSH 3073:4097(1024) ack 1, win 4096 PSH 2049:3073(1024) ack 1, win 4096 5124:5633(509) ack 1, win4096 4099:4100(1) ack 1, win4096 4100:5124(1) ack 1, win4096 4097:4098(1) ack 1, win4096 4098:4099(1) ack 1, win4096 5633:5634(1) ack 1, win4096 14 16 12 10 3 4 6 8 17 FIN,PSH 5634:6145(511) ack 1, win4096 18 19 20 7 21 9 ack 2, win4096 22 11 13 15
Keepalive Timer Bir TCP oturumunda veri akışı yoksa, herhangi bir segment akışı da yoktur Uygulama düzeyinde bir denetim yoksa, oturum, günler, haftalar ya da aylarca açık kalabilir Keepalive Timer RFC de yoktur. Bunun nedenleri : • Geçici çakılmalarda, oturumun kapanmasına neden olabilir • Gereksiz ağ trafiği oluştururlar • Paket tabanlı İSS’lerde maddi kayıplara neden olabilirler
Keepalive Timer socket API ‘ de setsockopt(...,SO_KEEPALIVE,...) işlevi kullanılarak aktif hale getirilebilir Genelde server tarafından kullanılır
10.0 bsdi.1055 > svr4.echo : P 1:14(13) ack 1 20.006105 ( 0.0061) svr4.echo > bsdi.1055 : P 1:14(13) ack 14 30.093140 ( 0.0870) bsdi.1055 > svr4 .echo : . ack 14 47199.972793 (7199.8797) arp who-has svr4 tell bsdi 57199.974878 ( 0.0021) arp reply svr4 is-at 0:0:c0: c2:9b:26 67199.975741 ( 0.0009) bsdi.1055 > svr4.echo : . ack 14 77199.979843 ( 0.0041) svr4 .echo > bsdi.1055 : . ack 14 814400.134330 (7200.1545) arp who-has svr4 tell bsdi 914400.136452 ( 0.0021) arp reply svr4 is-at 0:0:c0: c2:9b:26 1014400.137391 ( 0.0009) bsdi.1055 > svr4.echo : . ack 14 1114400.141408 ( 0.0040) svr4.echo > bsdi.1055 : . ack 14 1221600.318309 (7200.1769) arp who-has svr4 tell bsdi 1321675.320373 ( 75.0021) arp who-has svr4 tell bsdi 1421750.322407 ( 75.0020) arp who-has svr4 tell bsdi 1521825.324460 ( 75.0021) arp who-has svr4 tell bsdi 1621900.436749 ( 75.1123) arp who-has svr4 tell bsdi 1721975.438787 ( 75.0020) arp who-has svr4 tell bsdi 1822050.440842 ( 75.0021) arp who-has svr4 tell bsdi 1922125.432883 ( 74.9920) arp who-has svr4 tell bsdi 2022200.434697 ( 75.0018) arp who-has svr4 tell bsdi 2122275.436788 ( 75.0021) arp who-has svr4 tell bsdi