Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


TCP connection analysis

Posted on 2004-09-21
Medium Priority
Last Modified: 2011-09-20
i need to see how congestion window increases with every received acknowledgement in tcp connection.

The tcp connection details were captured using tcpdump. Is there a way where in I can plot a graph between congestion window and number of acknowledgement received using data captured with tcpdump ?


Question by:perfect_tranquility
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 45

Expert Comment

ID: 12120118
Hi perfect_tranquility,


Author Comment

ID: 12120165
hi sunnycoder

i am not interested in timesequence graph. There are many utilities like ethereal,tcptrace where time sequence graph can be plotted.
what i need is plotting of congestion window vs no of acknowledgement received.

LVL 45

Expert Comment

ID: 12120337
Should have read a bit more carefully. I could not locate a utility that does what you want (not sure if some of the common ones can handle it). A possible way will be to write scripts to extract the information from tcpdump data pass it to gnuplot.

Accepted Solution

dnataraj earned 1500 total points
ID: 12122596
Hope this will help for your question:

TCP is required to support an algorithm called slow start. Slow start is used to control the rate of
packets injected into the network so that the sender does not overload the network. Slow start adds
another window to the sender TCP's state, called the congestion window. This is denoted by the
variable tcp snd cwnd.
When a new connection is established, tcp snd cwnd is initialized to one segment. (For most
TCP implementations, the maximum segment size is 512 bytes and this is the value we will use in
the lab. Note that the congestion window is maintained in bytes). The sender can transmit upto

a minimum of the congestion window and the receiver's advertised window (tcp snd wnd). Every
time an ACK is received, the congestion window is increased by one segment size in bytes. The
congestion window is not allowed to grow beyond the receiver's advertised window (For most TCP
implementations, the maximum window size is 64K bytes and we will also use this value).
As a result of the slow start algorithm, the sender starts by transmitting one segment and waiting
for the ACK. When it receives the ACK, it increases the congestion window by one segment size, so
now it can send two segments. For each of these segments' ACKs, the congestion window is increased
by one. The time between sending the segment and receiving its ACK is approximately one round
trip time for the connection. As a result, the congestion window doubles about every round trip
time due to slow start. Thus, slow start speci¯es an exponential increase of the congestion window
for every round trip. It should be noted that slow start is °ow control imposed by the sender to
protect the network from being °ooded, while the advertised window is °ow control imposed by the
receiver based on its bu®er space.
At some point, the congestion window may become large enough to exceed the capacity of the
network. In this case the network may drop one or more segments from the connection. The next
two subsections describe how the TCP connection recovers from packet loss.

Author Comment

ID: 12129934
Mr Nataraj

what you have stated is perfect and it this precise behaviour i need to check in a TCp coneection. From this point onwards i intend to hack the linux kernel and change the behaviour of increse of congestion window. thus the concept  as it is in place, could be theoriticaly depicted by a graph. (increase of congestion window). I am looking for a way to do so using output of packet sniffer say tcpdump.

Thus the above stated explanation is theory of what i am intending to depict graphicaly.

perfect tranquility.

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : All lightning effects with instructions : http://www.mediaf…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question