Your router examines each packet in order to determine whether to forward or drop the packet based on the criteria that you specify within the ACL. In order to filter network traffic, ACLs control whether routed packets are forwarded or blocked at the router interface. The number of retransimission is the difference between the total retransmission packets and the number of retransmission due to triple duplicate ack.This document provides sample configurations for commonly used IP Access Control Lists (ACLs), which filter IP packets based on: For out of order packets, the first duplicate ack appears after the retransmitted packet. To differentiate the packets retransmitted due to a triple duplicate ack and out of order packets, I check if the first duplicate ack in receiver appears before or after the retransmitted packet. This is found by first getting the ack that appear more than 3 times and finding the intersection of those ack with the seq of the packets sent by the sender with duplicate sequence numbers. The number of times a retransmission occurs due to triple duplicate ack is by finding number of packets sent by the receiver with the same ack number that appears more than 3 times (minimum packets for a triple duplicate ack is 3 duplicate acks and actual ack in response) subtracting the number of packets that have triple duplicate acks due to a packet being out of order. The total retransmission packets are found by checking number of duplicate sequence numbers in the ack packets sent by the sender. The congestion windows are double every RTT. Then, I found the number of packets sent by the sender between each RTT. The original difference is rounded to the hundredth place. This is done by searching for the time it takes to finish the first transaction, which is difference between the timestamp of the first ack sent by the sender and timestamp of the first ack sent by the receiver. The first three congestion window sizes are found by first estimating the time for one RTT. The period is found using the difference between the timestamp of the fin, ack packet and the first transaction. Then I exclude all the packets sent by sender after the fin,ack packet. The last ack packet is found by getting the fin,ack packet sent by receiver. The sender throughput is found using the amount of bytes sent by the sender from the first transaction (the first ack sent by the sender after the handshake) and the time it receives the last ack packet from the receiver. If the payload is not zero, then it is piggy-backed packet and is treated as the first transaction. In addition, we need to check the payload on the last ack in the handshake. In doing this, we found the packets for the three way handshake of flow. Using this ack from the receiver, we look for the an ack packet from sender in response that has an ack number 1 more than the sequence number of the receiver's ack. This is done by checking syn packet sent by sender and a corresponding syn, ack packet from the receiver which has an ack that is one greater than the sender's syn packet's sequence number. The first 2 transactions are found by separating the three-way handshake from the rest of the TCP flow. $ python analysis_pcap_tcp.py Explanation Part A
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |