README.md - OpenGrok cross reference for /freebsd/contrib/tcpdump/README.md

Lines Matching +full:data +full:- +full:transfer
3 **To report a security issue please send an e-mail to security@tcpdump.org.**
11 	https://github.com/the-tcpdump-group/tcpdump.git
14 monitoring and data acquisition.
22 which simplifies installation of updates and long-term maintenance. However,
32 * HP-UX 11i
43 Tcpdump uses libpcap, a system-independent interface for user-level
56 taken from Sun's etherfind were later re-written by Steven McCanne of
72 [tcpslice](https://github.com/the-tcpdump-group/tcpslice).
79 examples of ways to reduce tcpdump data when you're tracking
82 send-ack.awk
84 	tcp transfer).  Since we assume that one host only sends and
90 	to the start of the conversation.  Field 2 is delta-time
92 	"Send" means data going from sender to receiver, "ack"
94 	preceding "*" indicates that the data is a retransmission.
95 	A preceding "-" indicates a hole in the sequence space
96 	(i.e., missing packet(s)), a "#" means an odd-size (not max
101 	the delta-time from the first send of the packet to the
103 	delta-time from the first send of the packet to the
117 	bytes 1024-1535 were sent and again acked after 200ms.
118 	Then, for no apparent reason, 0-511 is retransmitted, 3.8
120 	ftp was 1sec, +-500ms).  Since the receiver is expecting
121 	1536, 1536 is re-acked when 0 arrives.
124 	Computes chunk summary data for an ftp (or similar
125 	unidirectional tcp transfer). [A "chunk" refers to
126 	a chunk of the sequence space -- essentially the packet
137 	   1 - the chunk number
138 	   2 - the start sequence number for this chunk
139 	   3 - time of first send
140 	   4 - time of last send
141 	   5 - time of first ack
142 	   6 - time of last ack
143 	   7 - number of times chunk was sent
144 	   8 - number of times chunk was acked
164 	536 packets to transfer the data (i.e., on the average
179 	transfer and <seq. number> is the sequence number being sent
180 	or acked.  I typically plot this data looking for suspicious
184 The problem I was looking at was the bulk-data-transfer
185 throughput of medium delay network paths (1-6 sec.  round trip
187 ftp transfer of a large file was used as the raw data source.
190   - On a local host (but not the Sun running tcpdump), connect to
193   - On the monitor Sun, start the trace going.  E.g.,
194       tcpdump host local-host and remote-host and port ftp-data >tracefile
196   - On local, do either a get or put of a large file (~500KB),
200   - When transfer is finished, stop tcpdump.  Use awk to make up
201     two files of summary data (maxsize is the maximum packet size,
203       awk -f send-ack.awk packetsize=avgsize tracedata >sa
204       awk -f packetdat.awk packetsize=avgsize tracedata >pd
206   - While the summary data files are printing, take a look at
207     how the transfer behaved:
208       awk -f stime.awk tracedata | xgraph
211   - Do all of the above steps several times, both directions,
215   - Using one of the Unix data analysis packages (in my case,
217     at the data.
219   - Change something in the local protocol implementation and
222   - Once a week, tell your funding agent that you're discovering