Rolf Leutert. Network Expert & Trainer Leutert NetServices Switzerland. Tuning Win7 Using Wireshark s TCP Stream Graph Leutert NetServices



Similar documents
COMP 3331/9331: Computer Networks and Applications. Lab Exercise 3: TCP and UDP (Solutions)

B-2 Analyzing TCP/IP Networks with Wireshark. Ray Tompkins Founder of Gearbit

Sample Network Analysis Report

Visualizations and Correlations in Troubleshooting

Transport Layer Protocols

Network Security: Workshop. Dr. Anat Bremler-Barr. Assignment #2 Analyze dump files Solution Taken from

Mike Canney Principal Network Analyst getpackets.com

High Speed Internet Access Using Satellite-Based DVB Networks

T2-6: Trace File Analysis - The Elephant Coming From Behind: Full Window, Window Update and TCP Keep-Alive s

Rolf Leutert. Network Expert & Trainer Leutert NetServices Switzerland. Analyzing WLAN Roaming Problems Leutert NetServices

High-Speed TCP Performance Characterization under Various Operating Systems

ICOM : Computer Networks Chapter 6: The Transport Layer. By Dr Yi Qian Department of Electronic and Computer Engineering Fall 2006 UPRM

TCP/IP Optimization for Wide Area Storage Networks. Dr. Joseph L White Juniper Networks

Operating Systems and Networks Sample Solution 1

Troubleshooting Tips and Tricks

TFTP TRIVIAL FILE TRANSFER PROTOCOL OVERVIEW OF TFTP, A VERY SIMPLE FILE TRANSFER PROTOCOL FOR SIMPLE AND CONSTRAINED DEVICES

Pig Laboratory. Additional documentation for the laboratory. Exercises and Rules. Tstat Data

Mobile Communications Chapter 9: Mobile Transport Layer

Solution of Exercise Sheet 5

Mike Canney. Application Performance Analysis

Computer Networks. Chapter 5 Transport Protocols

Application Performance Analysis and Troubleshooting

TCP Window Size for WWAN Jim Panian Qualcomm

Improving Effective WAN Throughput for Large Data Flows By Peter Sevcik and Rebecca Wetzel November 2008

TCP and Wireless Networks Classical Approaches Optimizations TCP for 2.5G/3G Systems. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme

Question: 3 When using Application Intelligence, Server Time may be defined as.

Chapter 5. Transport layer protocols

Final for ECE374 05/06/13 Solution!!

NetView for z/os V6.1 Packet Trace Analysis

First Midterm for ECE374 03/09/12 Solution!!

Network Probe. Figure 1.1 Cacti Utilization Graph

How to Enable/Disable TCP Offload Overview

HyperIP : VERITAS Replication Application Note

La couche transport dans l'internet (la suite TCP/IP)

Voice over IP. Demonstration 1: VoIP Protocols. Network Environment

Application-Centric Analysis Helps Maximize the Value of Wireshark

Outline. TCP connection setup/data transfer Computer Networking. TCP Reliability. Congestion sources and collapse. Congestion control basics

Digital Audio and Video Data

Comparing the Network Performance of Windows File Sharing Environments

Midterm Exam CMPSCI 453: Computer Networks Fall 2011 Prof. Jim Kurose

TCP loss sensitivity analysis ADAM KRAJEWSKI, IT-CS-CE

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Applications. Network Application Performance Analysis. Laboratory. Objective. Overview

Application Note. Windows 2000/XP TCP Tuning for High Bandwidth Networks. mguard smart mguard PCI mguard blade

RFC 6349 Testing with TrueSpeed from JDSU Experience Your Network as Your Customers Do

First Midterm for ECE374 03/24/11 Solution!!

Improving the Performance of TCP Using Window Adjustment Procedure and Bandwidth Estimation

Expert Reference Series of White Papers. Troubleshooting Slow Networks with Wireshark

Key Components of WAN Optimization Controller Functionality

How do I get to

Troubleshooting TCP/IP Networks with Wireshark

This sequence diagram was generated with EventStudio System Designer (

Frequently Asked Questions

Access Control: Firewalls (1)

TCP over Multi-hop Wireless Networks * Overview of Transmission Control Protocol / Internet Protocol (TCP/IP) Internet Protocol (IP)

File Transfer Protocol (FTP) Throughput Testing by Rachel Weiss

2 TCP-like Design. Answer

Application Level Congestion Control Enhancements in High BDP Networks. Anupama Sundaresan

D. SamKnows Methodology 20 Each deployed Whitebox performs the following tests: Primary measure(s)

TCP over Wireless Networks

Pump Up Your Network Server Performance with HP- UX

TCP in Wireless Networks

DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses.

Host Fingerprinting and Firewalking With hping

Acceleration Systems Performance Assessment Tool (PAT) User Guide v 2.1

Top 10 Tips for z/os Network Performance Monitoring with OMEGAMON Ernie Gilman

La couche transport dans l'internet (la suite TCP/IP)

Data Networks Summer 2007 Homework #3

Measuring IP Performance. Geoff Huston Telstra

Written examination in Computer Networks

First Midterm for ECE374 02/25/15 Solution!!

Network Security TCP/IP Refresher

Ethernet. Ethernet Frame Structure. Ethernet Frame Structure (more) Ethernet: uses CSMA/CD

Solving complex performance problems in TCP/IP and SNA environments.

A Reliable and Fast Data Transfer for Grid Systems Using a Dynamic Firewall Configuration

SSL DOES NOT MEAN SOL What if you don t have the server keys?

TCP/IP Inside the Data Center and Beyond. Dr. Joseph L White, Juniper Networks

Performance and Bandwidth Testing for Data Circuits

Homework 2 assignment for ECE374 Posted: 02/21/14 Due: 02/28/14

High Performance VPN Solutions Over Satellite Networks

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide

Nalini Elkins Introduction to TCP/IP Diagnostics (Web-based Seminar)

Technology/Internet Usage Workshop

Computer Networks UDP and TCP

The Problem with TCP. Overcoming TCP s Drawbacks

Transport and Network Layer

What is Network Latency and Why Does It Matter?

Challenges of Sending Large Files Over Public Internet

LESSON Networking Fundamentals. Understand TCP/IP

IP - The Internet Protocol

MANAGING NETWORK COMPONENTS USING SNMP

Burst Testing. New mobility standards and cloud-computing network. This application note will describe how TCP creates bursty

Measure wireless network performance using testing tool iperf

Discovering IPv6 with Wireshark. presented by Rolf Leutert

Hands-on Network Traffic Analysis Cyber Defense Boot Camp

Iperf Tutorial. Jon Dugan Summer JointTechs 2010, Columbus, OH

Using TrueSpeed VNF to Test TCP Throughput in a Call Center Environment

Introduction, Rate and Latency

TCP Adaptation for MPI on Long-and-Fat Networks

SAN/iQ Remote Copy Networking Requirements OPEN iscsi SANs 1

Transcription:

Rolf Leutert Network Expert & Trainer Leutert NetServices Switzerland Tuning Win7 Using Wireshark s TCP Stream Graph 1 2012 Leutert NetServices

Case Study Customer is distributing Software over night to remote office in Asia But the process does not finish before local business hours starts Customer is paying for a WAN bandwidth of 45 Mbps He calculates an available throughput of only around 2 Mbps Does the bandwidth provider limit the rate? Is the server or the client not performing? Analyze the performance of a TCP session using TCP Stream graph 2 2012 Leutert NetServices

TCP Extension for High performance TCP was designed to operate in the range 100bps to 10Mbps and delays of 1ms to 100sec. The introduction of fiber optics is resulting in ever higher transmission speeds paths and are moving out of the domain for which TCP was originally engineered. TCP performance depends not upon the transfer rate itself, but rather upon the product of the transfer rate and the round-trip delay. If the bandwidth x delay product is large, TCP throughput will be limited. Internet path operating in this region are called "long, fat pipe", and a network containing this path as an "LFN" (pronounced "elephan(t)"). 3 2012 Leutert NetServices

Long - Fat - Pipe Problems Maximum standard TCP window size is 65536 Bytes (=2 16 ) Idle time 65536 Bytes / 55ms Server USA 10Mbit/s Speed x 100ms Delay Long, fat pipe Server Europa 4 2012 Leutert NetServices

Long - Fat - Pipe Problems High-capacity packet satellite channels are LFN's. Delay 4 x 35 800 km = 470ms Round Trip Time Terrestrial fiber-optical paths will also fall into the LFN class There are three fundamental performance problems with the current TCP over LFN paths: Window Size Limit (max 65k bytes) Remedy: TCP option Window scale Recovery from Segment Losses Remedy: TCP option Selective acknowledges Round-Trip Measurement Remedy: TCP option Time stamp 5 2012 Leutert NetServices

TCP Window Scaling Option TCP Window Size of 65 535 Bytes is too small. A multiplier Skaling Factor resolves this limitation. Scaling Factor S is negotiated at TCP setup. Each end can offer an individual Scaling Factor. The value for the Scaling Factors can vary from 0 to14. Calculation for the scaled Window Size is as follows: Scaled Window Size = Window Bytes x 2 S Example: Window Size 46 Bytes, Scaling Factor S=7 2 7 = 128 46 Bytes x 128 = 5 888 Bytes The maximum Window Size can be 1 073 741 824 Bytes = 1 Gigabyte 6 2012 Leutert NetServices

TCP Window Scaling Option 576k 512k 448k 384k 320k 256k 192k 128k 64k Bytes sent Data Throughput without Window Scaling: Line Speed 10Mbit/sec with Round trip time 200ms Ack Max. Throughput = TCP Window Size Round-trip time Maximum data throughput with standard TCP window size of 64kBytes is = 2,5Mbit/s only idle time Window idle time idle time 50 100 150 200 250 300 350 400 450 500 550 Time 7 2012 Leutert NetServices

TCP Window Scaling Option 576k 512k Throughput with Window Scaling: 10Mbit/sec 448k 384k 320k 256k 192k Window x 4 Scaling Factor Calculation: Bandwidth x Round Trip Time TCP Window Size 128k 64k Data Ack 10Mbit/s x 200ms ~500 000bits 50 100 150 200 250 300 350 400 450 500 550 = Factor 4 Time 8 2012 Leutert NetServices

TCP Window Scaling Option Window Scaling factor from Client Window Size unscaled Window Size scaled Window Scaling factor from Server After the two TCP SYN frames, the window size is announced in the scaled format and Wireshark displays the scaled value. 9 2012 Leutert NetServices

TCP Extensions for High Performance The following TCP options are defined in RFC1323: 01 No operation (for padding) 02 Max. Window size (SYN) 03 Window scale (SYN) 04 SACK permitted (SYN) 05 SACK option (Acknowledges) 08 Time stamp (SYN and Acknowledges) 10 2012 Leutert NetServices

TCP Selective Acknowledge Option The usage of the TCP SACK option is negotiated during the 3-Way hand shake. The SACK option can be activated from one or both sides. Without SACK option, only the last received segment of a contiguous series can be acknowledged. The SACK Option allows to acknowledge non-contiguous segments of a series and can request for specific segments. The SACK Option can improve the throughput of LFN s significantly. 11 2012 Leutert NetServices

TCP Selective Acknowledge Option Trace file: TCP SACK Packets C,D missing Packet F missing Packets C,D delivered Packet F delivered Seq. # 1 1311 5241 7861 2621 3931 6551 1310 2620 6550 9103 3930 5240 7860 Data Packets Packet A Packet B Packet E Packet G Packet C Packet D Packet F Length 1310B 1310B 1310B 1243B 1310B 1310B 1310B TCP Selective Acknowledges Ack. # 2621 No Opt. 2621 SACK Block 1 2621 SACK Block 2 Block 1 6551 SACK Block 1 9104 No Opt. Frame 1 Frame 2 Frame 3 Frame 4 Frame 5 Frame 6 Frame 7 Frame 8 Frame 9 Frame 10 Frame 11 Frame 12 12 2012 Leutert NetServices

TCP Analysis with Wireshark Expert TCP performance can be influenced by these three main components The Wireshark Expert is offering great support in analyzing TCP sessions Understanding TCP and Expert Messages helps isolating problems Network Client Server 13 2012 Leutert NetServices

TCP Analysis with Wireshark Expert The Wireshark Expert System recognizes many abnormalities or errors and creates a list sorted by severities: Segment Lost Duplicate ACK Retransmissions Fast Retransmissions Zero Window Window Full and many more You still need well-founded TCP knowledge to understand the error messages and to draw the right conclusions. 14 2012 Leutert NetServices

TCP Analysis with Wireshark Expert Click on the colored Expert Button to open the Expert Infos window Level 0 = No Expert info available for protocols present in trace file (i.e. for protocols using UDP) Level 1 = Chats: Information about normal data flow, e.g. TCP session establishment and closing. HTTP Get/OK/404 etc. Level 2 = Notes: Reference to slight abnormalities like Duplicate ACK, Retransmissions etc. Level 3 = Warnings: Informs about abnormalities like Segment lost, Segments out of order etc. Level 4 = Errors: Messages on serious problems like deformed segments (i.e. missing fields) 15 2012 Leutert NetServices

TCP Analysis with TCP Stream Graph Sometimes, a graphic tells us more than a thousand frames Wireshark offers excellent graphical TCP session presentations TCP Stream Graph allows to recognize all the following abnormalities: Lost Frames Duplicate Frames Out of order Frames TCP Sequence number and Segment Sizes Acknowledges, Delayed Acknowledges Duplicate and Selective Acknowledges Retransmissions and Fast Retransmissions Windows Sizes, sliding Window, exceeded und frozen Windows Size Window Scaling Zero Window and Window Full Situation Slow Start, full Flow rate and Flow throttling 16 2012 Leutert NetServices

TCP Analysis with TCP Stream Graph Server Client Notice direction of TCP Half-Session Press F1 für Navigation Help Window Size Data Frames Acknowledges 17 2012 Leutert NetServices

TCP Analysis with TCP Stream Graph Now, let us analyze our customer case using Frame Analysis 18 2012 Leutert NetServices

TCP Analysis with TCP Stream Graph Now, let us analyze our customer case using TCP Stream Graph 19 2012 Leutert NetServices

TCP Analysis with TCP Stream Graph What can be read out of the trace file and the TCP Stream graph: Client and Server are both using Window Scaling and Selective ACKs The trace file has been captured on the server side The Round-Trip-Time is 186ms The receiver (Client) window is wide open The network is dropping frames The server is retransmitting frames Network Client Server At this stage, we can exclude the client! 20 2012 Leutert NetServices

TCP Analysis with TCP Stream Graph TCP Three-way Handshake Client SYN Start Sequence Number Window Size Options: Maximum Segment Size Window Scaling Selective Acknowledges Timestamp PAWS (Protection against wrapped sequence #) Client ACK Acknowledge Server Sequence Number 1 - SYN 2 - SYN; ACK 3 - ACK Server SYN; ACK Start Sequence Number Acknowledge Client Sequence Number Window Size Options: Maximum Segment Size Window Scaling Selective Acknowledges Timestamp PAWS (Protection against wrapped sequence #) 21 2012 Leutert NetServices

TCP Analysis with TCP Stream Graph Let us have a closer look at the servers behavior! 15 Mbit/s 1.5 Mbit/s 22 2012 Leutert NetServices

TCP Analysis with TCP Stream Graph What can be read out of the TCP Stream graph: The server is starting with 15Mbit/s transmission rate The network is dropping some frames (pretty normal on WAN) Server is throttling down to 1.5 Mbit/s Server is not trying to speed up again But why? Network Client Server At this stage we can exclude the network 23 2012 Leutert NetServices

MS Windows TCP Autotuning Features Microsoft has implemented new autotuning in Vista, Win7, Server2008 These features should improve TCP throughput and are ON by default However, this is not always the case, and may cause some Internet related issues and problems! C:\Windows\system32>netsh interface tcp show global Querying active state TCP Global Parameters ------------------------------------ Receive-Side Scaling State : enabled Chimney Offload State : enabled Receive Window Auto-Tuning Level : normal Add-On Congestion Control Provider : none ECN Capability : disabled RFC 1323 Timestamps : disabled 24 2012 Leutert NetServices

MS Windows TCP Autotuning Features Autotuning Activate: netsh interface tcp set global autotuning=normal Deactivate: netsh interface tcp set global autotuning=disabled Compound TCP Activate: netsh interface tcp set global congestionprovider=ctcp Deactivate: netsh interface tcp set global congestionprovider=none ECN Support Activate: netsh interface tcp set global ecncapability=enabled Deactivate: netsh interface tcp set global ecncapability=disabled TCP Chimney offloading Activate: netsh interface tcp set global chimney=enabled Deactivate: netsh interface tcp set global chimney=disabled Receive-side Scaling (RSS) Activate: netsh interface tcp set global rss=enabled Deactivate: netsh interface tcp set global rss=disabled This command did solve the issue in our case: Windows Scaling heuristics Deactivate: netsh int tcp set heuristics disabled Activate: netsh int tcp set heuristics enabled 25 2012 Leutert NetServices

TCP Analysis with TCP Stream Graph Now let us have a closer look at the servers behavior again! 24 Mbit/s Problem solved! 26 2012 Leutert NetServices

Thanks for visiting SeaPics.com Hope you learned something useful Rolf Leutert, Leutert NetServices, www.wireshark.ch 27 2012 Leutert NetServices

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information