Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1238
  • Last Modified:

(urgent) Ethereal TCP Throughput Graph calculation

Ethereal can show a graph of the throughput of a singe TCP connection. How is the Y value of each dot calculated?
I know this is an application question but it seemed more likely that the networking experts would be able to answer this one.

I googled and found similar questions, but never any answer to them.

I figured out the following already:
- every dot represents an incoming packet
- the Y value is NOT the packet size divided by the time elapsed since the last packet arrived.
- the first 20 Y values are "simply" the average so far: Y-value = ((packet number) * 524) / (X-value)
  (you may assume that all packets are size 524)

So if the first packet arrived after 1 sec, the Y is 524 Bytes/sec. If the second then arrives at X = 1.44 sec, the Y-value is 2*524 / 1.44 = 727 Bytes / sec.

But the formula results start to differ after about 20 packets. I thought about a sliding window that averages the last 20 packets and tried the following:
etime = this packet arrival time
stime = arrival time of (this packet number - 20)
if packetnumber > 20
Y-value = 20 * 524 / (etime - stime)

Thereby averaging over the interval of the last 20 packets, but that formula also fails when applied to the following values that I see in my graph:
pkt number   -   pkt arrival time   -  graph value (read from screen)
1    - 1.03    - 524
2    - 1.44    - 730
3    - 2.55    - 630
4    - 2.66    - 790
5    - 3.06    - 860
..
20   - 7.29   - 1437
21   - 7.53   - 1462
22   - 7.74   - 1669
23   - 8.11   - 1627
24   - 8.33   - 1674
25   - 8.53   - 1905

It feels like I'm close, does anyone know what the actual formula is or can anyone think of a formula that will closely estimate the values I read from the graph?

I'm gonna look at the source code now, but that might take me a while..
0
OnixExp
Asked:
OnixExp
  • 4
  • 3
1 Solution
 
OnixExpAuthor Commented:
That's exactly where I found the two questions posted in 2002 and 2003 that both received no answer at all so I'm not very hopeful that it will give any result at all :(
0
 
ShineOnCommented:
Have you checked in their developer mailing list?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
OnixExpAuthor Commented:
Nope, I just googled. Looking at the source code I found the answer I believe though. They are indeed sliding an averaging window of 20 packets over the connection and calculating from there. I'm gonna redo my calculations to see why it didn't come out like I first thought it should.
0
 
OnixExpAuthor Commented:
Okay, figured it out for who's interested. Technically the source also counts the SYN and last ACK from the handshake. But for some reason the averaging is done over 22 packets, not 20. That means a general formula that assumes all packet sizes are 524 can only be applied to packet number 24 and over (because the last 22 are measured, and the first two are zero).

The Y value of packet(nr) is therefore calculated as:

(nr <= 22, and numbering starts at 1):
(nr - 2)*524 / arrival_time(nr)

special SYN/ACK case (22 < nr <= 24):
(nr - 2)*524 / (arrival_time(nr) - arrival_time(nr-22))

formula (nr>24):
22 * 524  / (arrival_time(nr) - arrival_time(nr-22))

To verify, my original numbering scheme needs to be adjusted to take into account the SYN and ACK that are being counted too:
1    - 0     (SYN)
2    - 0.8  (ACK)
3    - 1.03    - 524  ~ ((3-2)*524)/1.03
4    - 1.44    - 730  ~ ((4-2)*524)/1.44
5    - 2.48    - 630  ~ ((5-2)*524)/2.48
..
22   - 7.29   - 1437
-------------------- (special case)
23   - 7.53   - 1462  ~  (23-2)*524 / (7.53 - 0)   = 1461  OK
24   - 7.74   - 1669  ~  (24-2)*524 / (7.74 - 0.8) = 1661 OK
-------------------- (formula)
25   - 8.11   - 1627  ~  524 * 22 / (8.11 - 1.03) = 1628  OK
26   - 8.33   - 1674  ~  524 * 22 / (8.33 - 1.44) = 1673  OK
27   - 8.53   - 1905  ~  524 * 22 / (8.53 - 2.48) = 1906  OK
0
 
OnixExpAuthor Commented:
D'oh, no need for special case:
1    - 0     (SYN)
2    - 0.8  (ACK)
3    - 1.03    - 524  ~ ((3-2)*524)/1.03
4    - 1.44    - 730  ~ ((4-2)*524)/1.44
5    - 2.48    - 630  ~ ((5-2)*524)/2.48
..
22   - 7.29   - 1437  ~  (22-2)*524/7.29
23   - 7.53   - 1462  ~  (23-2)*524/7.53 = 1461  OK
-------------------- (formula)
24   - 7.74   - 1669  ~  524 * 22 / (7.74 - 0.8) = 1661 OK
25   - 8.11   - 1627  ~  524 * 22 / (8.11 - 1.03) = 1628  OK
26   - 8.33   - 1674  ~  524 * 22 / (8.33 - 1.44) = 1673  OK
27   - 8.53   - 1905  ~  524 * 22 / (8.53 - 2.48) = 1906  OK
0
 
ShineOnCommented:
PAQ and refund sounds like a plan.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now