Tcptrace

Tcptrace is a tool to analyze TCP (and now, also UDP) sessions captured with TcpDump. It provides a lot of different kinds of statistics and information, a lot of which is useful in diagnosing problems with TCP sessions. It also supports various graphing options.

Example usage

This shows the sessions in a tcpdump log:

tcptrace trace.log

You can select a subset of them for further information; here we take sessions 3 and 4 and show a lot of information about them (long statistics, RTT information, Window information):

tcptrace -o3-4 -lrW trace.log

Example output

Here you can easily see lots of interesting information, for example, the advertised window size, outoforder packet counts, window scaling factor, SACK counts, idletime, throughput (in *bytes*/sec), number of duplicate/triple acks and retransmissions (packet loss/congestion?), etc.

TCP connection 3:
        host e:        elvis.tigo.cl:2199
        host f:        cemp1.switch.ch:2630
        complete conn: yes
        first packet:  Fri Sep 29 11:03:12.044472 2006
        last packet:   Fri Sep 29 11:13:26.934554 2006
        elapsed time:  0:10:14.890081
        total packets: 559379
        filename:      file2net-2006-09-27.pcap
   e->f:                              f->e:
     total packets:        364147           total packets:        195232
     ack pkts sent:        364146           ack pkts sent:        195232
     pure acks sent:            2           pure acks sent:       195230
     sack pkts sent:            0           sack pkts sent:            0
     dsack pkts sent:           0           dsack pkts sent:           0
     max sack blks/ack:         0           max sack blks/ack:         0
     unique bytes sent: 523337536           unique bytes sent:         0
     actual data pkts:     364144           actual data pkts:          0
     actual data bytes: 527280440           actual data bytes:         0
     rexmt data pkts:        2723           rexmt data pkts:           0
     rexmt data bytes:    3942904           rexmt data bytes:          0
     zwnd probe pkts:           0           zwnd probe pkts:           0
     zwnd probe bytes:          0           zwnd probe bytes:          0
     outoforder pkts:         749           outoforder pkts:           0
     pushed data pkts:        770           pushed data pkts:          0
     SYN/FIN pkts sent:       1/1           SYN/FIN pkts sent:       1/1
     req 1323 ws/ts:          Y/Y           req 1323 ws/ts:          Y/Y
     adv wind scale:            9           adv wind scale:            9
     req sack:                  Y           req sack:                  N
     sacks sent:                0           sacks sent:                0
     urgent data pkts:          0 pkts      urgent data pkts:          0 pkts
     urgent data bytes:         0 bytes     urgent data bytes:         0 bytes
     mss requested:          1460 bytes     mss requested:          8960 bytes
     max segm size:          1448 bytes     max segm size:             0 bytes
     min segm size:          1376 bytes     min segm size:             0 bytes
     avg segm size:          1447 bytes     avg segm size:             0 bytes
     max win adv:            6144 bytes     max win adv:         5991424 bytes
     min win adv:            6144 bytes     min win adv:           35840 bytes
     zero win adv:              0 times     zero win adv:              0 times
     avg win adv:            6144 bytes     avg win adv:         5977948 bytes
     max owin:            2319697 bytes     max owin:                  1 bytes
     min non-zero owin:         1 bytes     min non-zero owin:         1 bytes
     avg owin:              37320 bytes     avg owin:                  1 bytes
     wavg owin:            183495 bytes     wavg owin:                 0 bytes
     initial window:         1448 bytes     initial window:            0 bytes
     initial window:            1 pkts      initial window:            0 pkts
     ttl stream length: 523635824 bytes     ttl stream length:         0 bytes
     missed data:          298288 bytes     missed data:               0 bytes
     truncated data:    507616664 bytes     truncated data:            0 bytes
     truncated packets:    364144 pkts      truncated packets:         0 pkts
     data xmit time:      614.256 secs      data xmit time:        0.000 secs
     idletime max:          781.9 ms        idletime max:          782.0 ms
     hardware dups:             0 segs      hardware dups:             3 segs
       ** WARNING: presence of hardware duplicates makes these figures suspect!
     throughput:           851107 Bps       throughput:                0 Bps

     RTT samples:          167791           RTT samples:               2
     RTT min:                 0.0 ms        RTT min:               281.4 ms
     RTT max:               104.5 ms        RTT max:               281.7 ms
     RTT avg:                 0.2 ms        RTT avg:               281.5 ms
     RTT stdev:               3.2 ms        RTT stdev:               0.0 ms

     RTT from 3WHS:           0.0 ms        RTT from 3WHS:         281.7 ms

     RTT full_sz smpls:    167789           RTT full_sz smpls:         1
     RTT full_sz min:         0.0 ms        RTT full_sz min:       281.4 ms
     RTT full_sz max:       104.5 ms        RTT full_sz max:       281.4 ms
     RTT full_sz avg:         0.2 ms        RTT full_sz avg:       281.3 ms
     RTT full_sz stdev:       3.2 ms        RTT full_sz stdev:       0.0 ms

     post-loss acks:          691           post-loss acks:            0
          For the following 5 RTT statistics, only ACKs for
          multiply-transmitted segments (ambiguous ACKs) were
          considered.  Times are taken from the last instance
          of a segment.
     ambiguous acks:            7           ambiguous acks:            0
     RTT min (last):          0.0 ms        RTT min (last):          0.0 ms
     RTT max (last):          2.1 ms        RTT max (last):          0.0 ms
     RTT avg (last):          0.4 ms        RTT avg (last):          0.0 ms
     RTT sdv (last):          0.8 ms        RTT sdv (last):          0.0 ms
     segs cum acked:       192933           segs cum acked:            0
     duplicate acks:        26510           duplicate acks:            0
     triple dupacks:          280           triple dupacks:            0
     max # retrans:             1           max # retrans:             0
     min retr time:        1820.3 ms        min retr time:           0.0 ms
     max retr time:        8403.4 ms        max retr time:           0.0 ms
     avg retr time:        4862.4 ms        avg retr time:           0.0 ms
     sdv retr time:        1815.5 ms        sdv retr time:           0.0 ms

-- PekkaSavola - 26 Oct 2006

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2006-12-13 - SimonLeinen
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2004-2009 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.