• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 617
  • Last Modified:

TCP connection analysis

i need to see how congestion window increases with every received acknowledgement in tcp connection.

The tcp connection details were captured using tcpdump. Is there a way where in I can plot a graph between congestion window and number of acknowledgement received using data captured with tcpdump ?


  • 2
  • 2
1 Solution
Hi perfect_tranquility,


perfect_tranquilityAuthor Commented:
hi sunnycoder

i am not interested in timesequence graph. There are many utilities like ethereal,tcptrace where time sequence graph can be plotted.
what i need is plotting of congestion window vs no of acknowledgement received.

Should have read a bit more carefully. I could not locate a utility that does what you want (not sure if some of the common ones can handle it). A possible way will be to write scripts to extract the information from tcpdump data pass it to gnuplot.
Hope this will help for your question:

TCP is required to support an algorithm called slow start. Slow start is used to control the rate of
packets injected into the network so that the sender does not overload the network. Slow start adds
another window to the sender TCP's state, called the congestion window. This is denoted by the
variable tcp snd cwnd.
When a new connection is established, tcp snd cwnd is initialized to one segment. (For most
TCP implementations, the maximum segment size is 512 bytes and this is the value we will use in
the lab. Note that the congestion window is maintained in bytes). The sender can transmit upto

a minimum of the congestion window and the receiver's advertised window (tcp snd wnd). Every
time an ACK is received, the congestion window is increased by one segment size in bytes. The
congestion window is not allowed to grow beyond the receiver's advertised window (For most TCP
implementations, the maximum window size is 64K bytes and we will also use this value).
As a result of the slow start algorithm, the sender starts by transmitting one segment and waiting
for the ACK. When it receives the ACK, it increases the congestion window by one segment size, so
now it can send two segments. For each of these segments' ACKs, the congestion window is increased
by one. The time between sending the segment and receiving its ACK is approximately one round
trip time for the connection. As a result, the congestion window doubles about every round trip
time due to slow start. Thus, slow start speci¯es an exponential increase of the congestion window
for every round trip. It should be noted that slow start is °ow control imposed by the sender to
protect the network from being °ooded, while the advertised window is °ow control imposed by the
receiver based on its bu®er space.
At some point, the congestion window may become large enough to exceed the capacity of the
network. In this case the network may drop one or more segments from the connection. The next
two subsections describe how the TCP connection recovers from packet loss.
perfect_tranquilityAuthor Commented:
Mr Nataraj

what you have stated is perfect and it this precise behaviour i need to check in a TCp coneection. From this point onwards i intend to hack the linux kernel and change the behaviour of increse of congestion window. thus the concept  as it is in place, could be theoriticaly depicted by a graph. (increase of congestion window). I am looking for a way to do so using output of packet sniffer say tcpdump.

Thus the above stated explanation is theory of what i am intending to depict graphicaly.

perfect tranquility.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now