Hi, A picture is worth a thousand words, so for explaining that actually the application is trying to steer TCP instead of leaving it to TCP, how can i: 1.graph or proof this phenomenon and 2.tell if it does a good job or not? link:A brief explanation of Bound by Push Bit All advice always highly appreciated! regards, Marc asked 15 Jun '11, 01:03  Marc |
One Answer:
You can easily see this by using Stevens throughput graph. What you'll notice is clumps of transfers (sharp vertical slopes). At the end of the vertical jumps, you'll typically see the PSH bit in the packet. Another way to see it is to just watch how many bytes are being transferred from PSH to PSH bit. You can add the cumulative byte field as a column and use the "mark time reference" to see how many bytes are being transferred per push. Many of my sharkfest presentations cover this scenario. Google for "sharkfest 2009" then grab "AU-4, AU-5 (Bae) Protocol Analysis in a Complex Enterprise" Look at case III. If this doesn't make sense, let me know and I'll post some pics of what I'm talking about. Good luck. hsb answered 22 Jun '11, 18:55  hansangb First off: thak you verymuch for the answer! Hansang, Saw the presentation for Sharkfest 2009, had a look at the ftp tracefile, worked out I had to look for sharp vertical slopes with a psh bit at the end, made a column for cumulative bytes, scrolled through the trace looking for pattern, I can see the rhythm in your trace [PSH,ACK],[ACK],[ACK],[ACK],[ACK],[PSH,ACK] but don’t see it in mine as clearly yet.., I do need to zoom in quite a bit in the Stevens trace right? (25 Jun '11, 06:04) Marc Yes, if you keep zooming in, you'll see the "banks" of packets that make up the sharp vertical track. If you want, you can use editcap to chop the packet to its header and email it to me. I can check it out for you. (27 Jun '11, 14:11) hansangb allright, i'll work it down to the headers and mail it to you, thanks! (28 Jun '11, 04:01) Marc yup, I got it. I'll take a look. (29 Jun '11, 16:38) hansangb hansang, did you see the trace? (18 Jul '11, 23:57) Marc |
Hi, maybe i should clarify: i'm searching for a way to prove that it's the application that uses the tcp function push (the tcp.flags.push == 1) to get more control. I'm thinking of recognizing a pattern, any idea's?