1 / 6

Basic TCP/IP Analysis June 17, 2010 Hansang Bae

Learn essential TCP/IP protocol analysis skills from a senior expert. Explore packet analysis best practices, including sequence & acknowledgment, retransmissions, and new features like Selective Acknowledgment (SACK) to troubleshoot network issues effectively. Practice using Wireshark for real-world impact understanding.

rtudor
Download Presentation

Basic TCP/IP Analysis June 17, 2010 Hansang Bae

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Basic TCP/IP Analysis June 17, 2010 Hansang Bae Senior Vice President | Citi (f.k.a. Citigroup) Email: hansang@gmail.com Please refer to the “answersheet.docx” file for additional information about this presentation. These sessions will be available on youtube: http://www.youtube.com/user/hansangb SHARKFEST‘10 Stanford University June 14-17, 2010

  2. The Basic Building Blocks Lot of people will tell you they know TCP/IP, but most don’t. This includes me! Advice for someone starting out in this field (packet analysis): • Learn the protocols! There is no way around it. I can recommend some books if you’re interested. • Don’t just learn the technical specifications. Try to understand the real world impact. • Everywhere you go, fire up Wireshark and try to observe. Osmosis will kick in sooner or later. • Packet analysis is based on pattern recognition.

  3. Internet Protocol (IP)! How can the IP header information help you? • Look at the IP Identification field. This is not fool proof but it can help pin-point problems. • Look at the TTL field. It too can help your troubleshooting. What is TTL, anyway? • “Don’t Fragment” bit can play a crucial role so you need to learn about this as well. • Practice, practice, practice.

  4. Sequence/Acknowledgement It’s a simple concept. Don’t over think it! • Use relative sequence numbers. “Edit, Preferences, Protocols, TCP, Relative Sequence Numbers….” • If you are new to this, analyze the sequence numbers in one direction at a time. But keep in mind that TCP is a duplex protocol. • Sequence number represents how many bytes have been sent. SEQ + DATA = Next Seq#. It also represents the ACK for the other side. “This is where I’m at, and I’m going to send you this much more” • ACKs are cumulative. (I’m good up to this point)

  5. Retransmissions There are two types of retransmissions. “Regular” retransmissions and “Fast Retransmissions” • If the sender does not get any feedback from the receiver (what feedback?), the sender will retransmit the packet. • The problem with retransmissions is that a timer has to go off before retransmitting. This can be 100ms to 200ms. • Fast Retransmissions address this delay. The receiver notifies the sender “I’m missing a packet, I’m missing a packet, I’m missing a packet” After the third notification, the sender immediately retransmits.

  6. New TCP Features to the Rescue! If you have packet loss, Selective Acknowledgement (SACK) may help to improve throughput. Main Concept: • How do you interpret the SACK field? (use real seq/ack#s) • How does SACK help vis-à-vis normal ACK? • Is there a downside to using SACK?

More Related