Solved

(urgent) Ethereal TCP Throughput Graph calculation

Posted on 2003-10-29
9
1,213 Views
Last Modified: 2013-11-29
Ethereal can show a graph of the throughput of a singe TCP connection. How is the Y value of each dot calculated?
I know this is an application question but it seemed more likely that the networking experts would be able to answer this one.

I googled and found similar questions, but never any answer to them.

I figured out the following already:
- every dot represents an incoming packet
- the Y value is NOT the packet size divided by the time elapsed since the last packet arrived.
- the first 20 Y values are "simply" the average so far: Y-value = ((packet number) * 524) / (X-value)
  (you may assume that all packets are size 524)

So if the first packet arrived after 1 sec, the Y is 524 Bytes/sec. If the second then arrives at X = 1.44 sec, the Y-value is 2*524 / 1.44 = 727 Bytes / sec.

But the formula results start to differ after about 20 packets. I thought about a sliding window that averages the last 20 packets and tried the following:
etime = this packet arrival time
stime = arrival time of (this packet number - 20)
if packetnumber > 20
Y-value = 20 * 524 / (etime - stime)

Thereby averaging over the interval of the last 20 packets, but that formula also fails when applied to the following values that I see in my graph:
pkt number   -   pkt arrival time   -  graph value (read from screen)
1    - 1.03    - 524
2    - 1.44    - 730
3    - 2.55    - 630
4    - 2.66    - 790
5    - 3.06    - 860
..
20   - 7.29   - 1437
21   - 7.53   - 1462
22   - 7.74   - 1669
23   - 8.11   - 1627
24   - 8.33   - 1674
25   - 8.53   - 1905

It feels like I'm close, does anyone know what the actual formula is or can anyone think of a formula that will closely estimate the values I read from the graph?

I'm gonna look at the source code now, but that might take me a while..
0
Comment
Question by:OnixExp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 35

Expert Comment

by:ShineOn
ID: 9644366
0
 
LVL 4

Author Comment

by:OnixExp
ID: 9644429
That's exactly where I found the two questions posted in 2002 and 2003 that both received no answer at all so I'm not very hopeful that it will give any result at all :(
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9644457
Have you checked in their developer mailing list?
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 4

Author Comment

by:OnixExp
ID: 9644614
Nope, I just googled. Looking at the source code I found the answer I believe though. They are indeed sliding an averaging window of 20 packets over the connection and calculating from there. I'm gonna redo my calculations to see why it didn't come out like I first thought it should.
0
 
LVL 4

Accepted Solution

by:
OnixExp earned 0 total points
ID: 9645272
Okay, figured it out for who's interested. Technically the source also counts the SYN and last ACK from the handshake. But for some reason the averaging is done over 22 packets, not 20. That means a general formula that assumes all packet sizes are 524 can only be applied to packet number 24 and over (because the last 22 are measured, and the first two are zero).

The Y value of packet(nr) is therefore calculated as:

(nr <= 22, and numbering starts at 1):
(nr - 2)*524 / arrival_time(nr)

special SYN/ACK case (22 < nr <= 24):
(nr - 2)*524 / (arrival_time(nr) - arrival_time(nr-22))

formula (nr>24):
22 * 524  / (arrival_time(nr) - arrival_time(nr-22))

To verify, my original numbering scheme needs to be adjusted to take into account the SYN and ACK that are being counted too:
1    - 0     (SYN)
2    - 0.8  (ACK)
3    - 1.03    - 524  ~ ((3-2)*524)/1.03
4    - 1.44    - 730  ~ ((4-2)*524)/1.44
5    - 2.48    - 630  ~ ((5-2)*524)/2.48
..
22   - 7.29   - 1437
-------------------- (special case)
23   - 7.53   - 1462  ~  (23-2)*524 / (7.53 - 0)   = 1461  OK
24   - 7.74   - 1669  ~  (24-2)*524 / (7.74 - 0.8) = 1661 OK
-------------------- (formula)
25   - 8.11   - 1627  ~  524 * 22 / (8.11 - 1.03) = 1628  OK
26   - 8.33   - 1674  ~  524 * 22 / (8.33 - 1.44) = 1673  OK
27   - 8.53   - 1905  ~  524 * 22 / (8.53 - 2.48) = 1906  OK
0
 
LVL 4

Author Comment

by:OnixExp
ID: 9645296
D'oh, no need for special case:
1    - 0     (SYN)
2    - 0.8  (ACK)
3    - 1.03    - 524  ~ ((3-2)*524)/1.03
4    - 1.44    - 730  ~ ((4-2)*524)/1.44
5    - 2.48    - 630  ~ ((5-2)*524)/2.48
..
22   - 7.29   - 1437  ~  (22-2)*524/7.29
23   - 7.53   - 1462  ~  (23-2)*524/7.53 = 1461  OK
-------------------- (formula)
24   - 7.74   - 1669  ~  524 * 22 / (7.74 - 0.8) = 1661 OK
25   - 8.11   - 1627  ~  524 * 22 / (8.11 - 1.03) = 1628  OK
26   - 8.33   - 1674  ~  524 * 22 / (8.33 - 1.44) = 1673  OK
27   - 8.53   - 1905  ~  524 * 22 / (8.53 - 2.48) = 1906  OK
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9645692
PAQ and refund sounds like a plan.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question