Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

(urgent) Ethereal TCP Throughput Graph calculation

Posted on 2003-10-29
9
Medium Priority
?
1,217 Views
Last Modified: 2013-11-29
Ethereal can show a graph of the throughput of a singe TCP connection. How is the Y value of each dot calculated?
I know this is an application question but it seemed more likely that the networking experts would be able to answer this one.

I googled and found similar questions, but never any answer to them.

I figured out the following already:
- every dot represents an incoming packet
- the Y value is NOT the packet size divided by the time elapsed since the last packet arrived.
- the first 20 Y values are "simply" the average so far: Y-value = ((packet number) * 524) / (X-value)
  (you may assume that all packets are size 524)

So if the first packet arrived after 1 sec, the Y is 524 Bytes/sec. If the second then arrives at X = 1.44 sec, the Y-value is 2*524 / 1.44 = 727 Bytes / sec.

But the formula results start to differ after about 20 packets. I thought about a sliding window that averages the last 20 packets and tried the following:
etime = this packet arrival time
stime = arrival time of (this packet number - 20)
if packetnumber > 20
Y-value = 20 * 524 / (etime - stime)

Thereby averaging over the interval of the last 20 packets, but that formula also fails when applied to the following values that I see in my graph:
pkt number   -   pkt arrival time   -  graph value (read from screen)
1    - 1.03    - 524
2    - 1.44    - 730
3    - 2.55    - 630
4    - 2.66    - 790
5    - 3.06    - 860
..
20   - 7.29   - 1437
21   - 7.53   - 1462
22   - 7.74   - 1669
23   - 8.11   - 1627
24   - 8.33   - 1674
25   - 8.53   - 1905

It feels like I'm close, does anyone know what the actual formula is or can anyone think of a formula that will closely estimate the values I read from the graph?

I'm gonna look at the source code now, but that might take me a while..
0
Comment
Question by:OnixExp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 35

Expert Comment

by:ShineOn
ID: 9644366
0
 
LVL 4

Author Comment

by:OnixExp
ID: 9644429
That's exactly where I found the two questions posted in 2002 and 2003 that both received no answer at all so I'm not very hopeful that it will give any result at all :(
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9644457
Have you checked in their developer mailing list?
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 4

Author Comment

by:OnixExp
ID: 9644614
Nope, I just googled. Looking at the source code I found the answer I believe though. They are indeed sliding an averaging window of 20 packets over the connection and calculating from there. I'm gonna redo my calculations to see why it didn't come out like I first thought it should.
0
 
LVL 4

Accepted Solution

by:
OnixExp earned 0 total points
ID: 9645272
Okay, figured it out for who's interested. Technically the source also counts the SYN and last ACK from the handshake. But for some reason the averaging is done over 22 packets, not 20. That means a general formula that assumes all packet sizes are 524 can only be applied to packet number 24 and over (because the last 22 are measured, and the first two are zero).

The Y value of packet(nr) is therefore calculated as:

(nr <= 22, and numbering starts at 1):
(nr - 2)*524 / arrival_time(nr)

special SYN/ACK case (22 < nr <= 24):
(nr - 2)*524 / (arrival_time(nr) - arrival_time(nr-22))

formula (nr>24):
22 * 524  / (arrival_time(nr) - arrival_time(nr-22))

To verify, my original numbering scheme needs to be adjusted to take into account the SYN and ACK that are being counted too:
1    - 0     (SYN)
2    - 0.8  (ACK)
3    - 1.03    - 524  ~ ((3-2)*524)/1.03
4    - 1.44    - 730  ~ ((4-2)*524)/1.44
5    - 2.48    - 630  ~ ((5-2)*524)/2.48
..
22   - 7.29   - 1437
-------------------- (special case)
23   - 7.53   - 1462  ~  (23-2)*524 / (7.53 - 0)   = 1461  OK
24   - 7.74   - 1669  ~  (24-2)*524 / (7.74 - 0.8) = 1661 OK
-------------------- (formula)
25   - 8.11   - 1627  ~  524 * 22 / (8.11 - 1.03) = 1628  OK
26   - 8.33   - 1674  ~  524 * 22 / (8.33 - 1.44) = 1673  OK
27   - 8.53   - 1905  ~  524 * 22 / (8.53 - 2.48) = 1906  OK
0
 
LVL 4

Author Comment

by:OnixExp
ID: 9645296
D'oh, no need for special case:
1    - 0     (SYN)
2    - 0.8  (ACK)
3    - 1.03    - 524  ~ ((3-2)*524)/1.03
4    - 1.44    - 730  ~ ((4-2)*524)/1.44
5    - 2.48    - 630  ~ ((5-2)*524)/2.48
..
22   - 7.29   - 1437  ~  (22-2)*524/7.29
23   - 7.53   - 1462  ~  (23-2)*524/7.53 = 1461  OK
-------------------- (formula)
24   - 7.74   - 1669  ~  524 * 22 / (7.74 - 0.8) = 1661 OK
25   - 8.11   - 1627  ~  524 * 22 / (8.11 - 1.03) = 1628  OK
26   - 8.33   - 1674  ~  524 * 22 / (8.33 - 1.44) = 1673  OK
27   - 8.53   - 1905  ~  524 * 22 / (8.53 - 2.48) = 1906  OK
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9645692
PAQ and refund sounds like a plan.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question