From: Paul Hyder (Paul.Hyder@noaa.gov)
Date: 01/10/05
Message-ID: <41E2B50A.803@noaa.gov> Date: Mon, 10 Jan 2005 10:02:02 -0700 From: "Paul Hyder" <Paul.Hyder@noaa.gov> Subject: Re: tcptrace Time Sequence Graphs
Most of the time the green line will show a "stairstep" as ACKs arrive,
you often have to zoom in a lot in xplot to see it. The exact display
depends on what is extracted from the tcpdump. Some modified TCP stacks
don't send as many ACKs as others. It is an important part of the analysis.
You appear to be trying to analyze a connection (looks like ssh in your case)
but to do this you need to capture the traffic in both directions in your
tcpdump. Then you will have ACK information. If you don't capture the ACKs
going the other direction you can't plot them.
Since you should always have traffic in both directions for the
analysis it creates two files. [Yes, one of the two is almost always of
little interest. However you need to see the entire connection to
meaningfully plot the transmitter's data.] Hope this makes sense.
Paul Hyder
NOAA Forecast Systems Lab
Boulder, CO
Vaishnavi Sannidhanam wrote:
> I am plotting time sequence graphs of a tcp dump file. I am not quite sure
> as to what the green line gives....The user manual says that "Green Line
> keeps track of the ACK values received from the other endpoint". If I look
> at the graph I am getting, it appears as if, the other end point keeps on
> sending out a bunch of acks for a single seq no. I am attaching that file
> along with this mail. Please let me know if this is what it is saying.
>
> Also I was wondering what are a2b files and b2a files if I do a tcpdump just
> on the receiver?
>
> Any quick help is really appreciated :D
>
> Thanks a lot for all the help,
> Vaishnavi
----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.
This archive was generated by hypermail 2.1.7 : 01/11/05 EST