transmission control protocol - wireshark · everything you always wanted to know about tcp* (*but...
TRANSCRIPT
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 2
Uli Heilmeier
SharkFest ’17 Europe
#sf17eu • Estoril, Portugal • 7-10 november 2017
8 November 2017
Transmission Control Protocol Illustrated:
everything you always wanted to know about TCP*(*but were afraid to ask)
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 3
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 4
PCAPshttps://www.dropbox.com/s/wfarn3dfp5ro3dc/14_
TCP_Illustrated_SF17EU.zip?dl=0
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 5
SEQ #
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 6
SYN | FIN
01_TCP_SYN_FIN.pcapng
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 7
Zero Window
04_TCP_zero_window_fast_retransmit.pcapng
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 8
Dup ACKs!1!
04_TCP_zero_window_fast_retransmit.pcapng
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 9
Window Size ∼108k
1460 bytes MSS➜ ∼74 packets in flight➜ ∼74 Dup ACKS
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 10
Bandwidth ≌ Throughput ?
05_TCP_WS_RTT1.pcapng
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 11
Bandwidth Delay Product
Receive Buffer (max WS) / RTT
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 12
theory:1MB WS / 0.123s ➜∼68MBit/s
practice:40kB WS / 0.123s ➜∼2.6MBit/s
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 13
Receive Buffer FTW ?
06_TCP_WS_RTT2.pcapng
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 14
theory:4MB WS / 0.115s ➜∼292MBit/s
practice:525kB WS / 0.115s ➜∼36.5MBit/s
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 15
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 16
Perfect ?
07_TCP_WS_RTT3.pcapng
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 17
slow start ruining it all
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 18
Keep Alive
03_TCP_keep_alive.pcapng
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 19
RFC793bis
https://tools.ietf.org/html/draft-ietf-tcpm-rfc793bis-06
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 20
Questions?
Email: [email protected]: @pizza_4u
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 21
Size ?
02_TCP_sequence_number.pcapng
#sf17eu • Estoril, Portugal Transmission Control Protocol Illustrated 22
4 bytes field ➜ ∼4 GB payload
1 Gbit/s ≈ 33 sec10 Gbit/s ≈ 3.5 sec