tcpflows

 

tcpflows is a tool that processes packet level TCP/IP traces that have been collected passively , with the monitoring point located anywhere,  in the “middle”, of the TCP connection’s end-end path.

 

What does it do?

 

Monitoring both the data and ACK streams of a TCP connection, the tool aims to reconstruct or infer the state of the TCP sender and the events occurring in the connection’s end-end path; Specifically it:

 

1. Identifies packets that are out-of-sequence in the TCP connection and determines the cause behind the out-of-sequence event as either a :

 

                          a) Retransmission,

                          b) Reordering or

                          c) Network Duplication.

 

2. Computes RTT samples across the lifetime of a TCP connection.

3. Keeps track of the sender’s congestion window (cwnd).

4. Infers loss events, and based on sender behavior  and knowledge of  sender’s cwnd infers the TCP congestion control (Tahoe, Reno, NewReno) flavor implemented at the sender.

5. And checks if the sender behavior is “greedy” with respect to window size.

 

Input Trace Format

 

As is currently implemented, tcpflows is designed for traces collected in the format captured by a DAG card  (a description of the structure of the DAG frame is here) or over tcpdump traces.

 

tcpflows  requires both the data and ACK  directions of a TCP connection, hence the  measurements have to be from a duplex link through which both directions of  the monitored TCP connections go through.

 

How to Use?

 

The tcpflows code can be downloaded from here

 

Download, untar and unzip the code. And then do a “make”. The executable is called “tcpflows”. Usage information is available here, or can be gotten by just typing “./tcpflows” at the prompt.

 

Very simply, the standard way to run it would be:

 

./tcpflows –w –t <trace-type, dag = 0, tcpdump = 1 > –i <input-trace>

 

The “-w” flag is required to produce output files, input-trace corresponds to trace collected two directions of the monitored duplex link.

 

A typical output from running tcpflows (with explanatory notes) is available here, and so is a list of the output files and their fields.

 

We have provided a set of example traces (under subdirectory example-trace) on which you can run and test tcpflows.

 

Contact

 

tcpflows was written by Gianluca Iannaccone and Sharad Jaiswal at Sprint ATL and the Univ. of Massachusetts, Amherst. All inquiries should be sent to  sharad@cs.umass.edu . 

 

Other Documentation

 

A general description of how and what tcpflows does and results from applying this tool to traces collected in the Sprint IP backbone network are available in the following papers:

 

 Sharad Jaiswal, Gianluca Iannaccone, Christophe Diot, Jim Kurose and Don Towsley

"Inferring TCP Connection Characteristics through Passive Measurements"

Proceedings of Infocom 2004 [pdf]

Related UMass CS Technical Report 04-10 [pdf]

 

 

Sharad Jaiswal, Gianluca Iannaccone, Christophe Diot, Jim Kurose and Don Towsley

" Measurement and Classification of Out-of-Sequence Packets in a Tier-1 IP backbone "

Proceedings of Infocom 2003 [pdf].

Related UMass CS Technical Report TR 02-17 [pdf].

 

~