CSS 432
FAQ on Program 3: TCP Analysis


Q1: In how much detail should I draw a timing chart for hw3?

A: As much as possible.

The tcpdump shows all ip packets exchanged between the local host and a given remote host. For each packet, indicate all the information including timestamps, message sequence numbers, ip addresses, port numbers and appropriate notations.

Q2: Can I reuse the code from HW1?

A: Yes

Q3: I don't know how to use shutdown( ).

A: Type "man 2 shutdown".

Actuall all you need is shutdown( serverSd, SHUT_WR ); where serverSd is a socket descriptor obtained from the server's accept( ) call.

Q5: When does an IP packet have a P notation. When does an IP packet have a "." notation.

A: An IP packet that carries the last data of a given write( ) call has a P(Push) option.

If you try to send data whose size is more than MSS, it is segmented into several packets. All those packets except the very last one has a "." notation, but the last one has a "p" notation indicating that this is the last data of a given write( ) call.

Q6: Parameters passed to ttcp

I have a question about ttcp. You stated that the format for the arguments for ttcp is as follows:
       -l#     length of bufs read from or written to network (default 8192)
       -b#     set the socket buffer size if supported (default is 16384)
       -p#     specify another service port (default is 5001)
Should we have a space between the argument character and the number?

A: No, the number should follow the option without a space.

Q7: For Analysis 1 and 3, we are to make a graph or table in terms of Mbps. Should we look at the client or server Mbps? I know the two do not greatly differ.

A: Focus on the client Mbps.

Q8: Does the nagle-off option slow down the network?

I've got an issue with strace and I'm not sure if it's suppose to be like this or not. When I'm running strace -c -e trace=write ./ttcp -l 64 -n 1048576, and tcpdump at the same time(test#4), the finish times are really slow. I'm getting mbps from 6.78407(nagle off) to 10.3316(nagle on). It takes 18 microseconds per write for nagle on and 51 mircoseconds per write for nagle off. Should it be that slow(almost 1 minute to finish with nagle off)? If I don't run strace, it's faster(~90 mbps for nagle on, ~15 mbps for nagle off). So are the results truly accurate when I'm running strace?

A: With the nagle off, the performance should be degraded as you saw in your correct results.

This is because OS need a certain time to transmit data to NIC, and the nagle-off situation requires more frequent writes which cumulates such OS overhead.

Q9: With using strace, the times are considerably slower if I don't use strace

A: Since strance traces every single OS system call and prints it out to the display, it causes more frequent interrputs and thus slows down.

Q10: There are two independent sequences of packet IDs.

I expected there would be packets of data being sent to my server besides, but since I'm only listening on port 5001 I'm confused as to why I'm seeing the packet IDs change as if there were two sockets on the same port:
1273986401.734004 IP (tos 0x0, ttl  64, id 9891, offset 0, flags [DF], proto: TCP (6), length: 52) uw1-320-10.uwb.edu.35853 > uw1-320-11.uwb.edu.commplex-link: ., cksum 0x63d0 (correct), ack 1 win 46 < nop,nop,timestamp 98161313 99209533>
1273986401.734020 IP (tos 0x0, ttl  64, id 9892, offset 0, flags [DF], proto: TCP (6), length: 56) uw1-320-10.uwb.edu.35853 > uw1-320-11.uwb.edu.commplex-link: P, cksum 0x6344 (correct), 1:5(4) ack 1 win 46 < nop,nop,timestamp 98161313 99209533>
1273986401.734028 IP (tos 0x0, ttl  64, id 11268, offset 0, flags [DF], proto: TCP (6), length: 52) uw1-320-11.uwb.edu.commplex-link > uw1-320-10.uwb.edu.35853: ., cksum 0x63cc (correct), ack 5 win 46 < nop,nop,timestamp 99209533 98161313>
1273986401.734272 IP (tos 0x0, ttl  64, id 9893, offset 0, flags [DF], proto: TCP (6), length: 1500) uw1-320-10.uwb.edu.35853 > uw1-320-11.uwb.edu.commplex-link: . 5:1453(1448) ack 1 win 46 < nop,nop,timestamp 98161313 99209533>
1273986401.734302 IP (tos 0x0, ttl  64, id 11269, offset 0, flags [DF], proto: TCP (6), length: 52) uw1-320-11.uwb.edu.commplex-link > uw1-320-10.uwb.edu.35853: ., cksum 0x5e0e (correct), ack 1453 win 68 < nop,nop,timestamp 99209533 98161313>

A. Both a client and the corresponding server have their own packet IDs.

Q11: hw3 bad checksum question

I notice that at a certain point one packet always returns with a bad checksum, its always the same packet in he same place. Are we supposed to hard code a bad checksum in our program? That seems like a weird thing to do so I wanted to make sure.

A: Just ignore this problem. :-)

This checksum error occured due to a packet returned from the server to the client. Note that tcpdump is checking only the data correctness of packets from the client to the server. So, ignore this problem.

Q12: For the output from the "strace -ttT ttcp" call, I forgot how we are supposed to interpret the data

Here's some sample output:
------------------------------------------------------------------------------------------------------------------------------
 ...
19:16:29.574171 write(3, "\4\0\0\0\3245\212\0\270\305\266\277i>\204\0\3\0\0\0\1\0\0\0\4\0\0\0\0\0\0\0"..., 64) = 64 < 0.000018>
19:16:29.574265 write(3, "\4\0\0\0\3245\212\0\270\305\266\277i>\204\0\3\0\0\0\1\0\0\0\4\0\0\0\0\0\0\0"..., 64) = 64 < 0.000015>
19:16:29.574343 write(3, "\4\0\0\0\3245\212\0\270\305\266\277i>\204\0\3\0\0\0\1\0\0\0\4\0\0\0\0\0\0\0"..., 64) = 64 < 0.000014>
 ...
------------------------------------------------------------------------------------------------------------------------------

I remember hearing something about the timestamp in the beginning (i.e. 19:16:29.574171),
and something about the stuff at the end of the line (i.e. < 0.000018>)?

A: Each lap time is time elapsed to handle this write system call.

the timestamp in the beginning is the time at which the system call was called, the time at the right is a lap timestamp that shows the total time for the system call to complete. For example, the first write call:
start time: 19.16.29.574171
+lap time:         0.000018
end time:   19.16.29.574189
Notice the end time of the first system call is a bit behind the start time of the next system call. Additional .000076 is the kernel doing other jobs (such as process scheduling).