Confusion about TCP packet analysis terms

Posted by Berkay on Server Fault See other posts from Server Fault or by Berkay
Published on 2011-01-09T22:58:49Z Indexed on 2011/01/09 23:55 UTC
Read the original article Hit count: 438

Filed under:

networking

|

tcp

|

packet-analyzer

|

network-protocols

|

packet

I'm analyzing our network and have some confusion about the terms: this is the 2-packet output from source to destination.

alt text

from these i have to get some features as describe, pls make me clear...

packets with at least a bytes of TCP data payload: it seems tcp.len>0;
The minimum segment size (confusion is headers are included or or not)
The average segment size observed during the lifetime of the connection, the definition: is calculated as the value reported in the actual data bytes divided by the actual data pkts reported.
Total bytes in IP packets, should be ip_len value.
Total bytes in (Ethernet)
The total number of bytes sent

probably related to frame.len and frame.cap_len these two terms are describes as, also make me clear about these two terms.

frame.cap_len: Frame length stored into the capture file
frame.len: Frame length on the wire

© Server Fault or respective owner

Related posts about networking

Networking stopped working on Ubuntu

as seen on Super User - Search for 'Super User'
I installed Ubuntu 10.04 through the Wubi installer (Funny, I installed it today and thought I would have gotten 10.10). I had a network connection and everything was working fine. I rebooted my coumputer a couple of times and then suddenly, I could not connect to the network and when I click the… >>> More
Troubles with start up defenition of networking service in Ubuntu

as seen on Super User - Search for 'Super User'
I use Ubuntu 12.04.1. I put attention that networking script starting in runlevel 0: user@comp:/etc/rc0.d$ chkconfig -l networking networking 0:on 1:off 2:off 3:off 4:off 5:off 6:off When I try to move it working to appropriate run levels I get error: user@comp:/etc/rc0… >>> More
Installing the Elgg Social Networking CMS

as seen on Internet.com - Search for 'Internet.com'
One Open Source CMS that stands out above the rest for small businesses and personal networks is the Elgg open source "social engine," which can be used to create social applications. Scott Clark shows you how to install and get started with this social networking CMS. >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More

Related posts about tcp

TCP RST Reset Every 5 Minutes on Windows 2003 sp2

as seen on Server Fault - Search for 'Server Fault'
Hey, Recently I had a web developer come to me and ask why he was receiving connection errors in his app that was accessing a sql database. So, I went through my normal trouble shooting steps to isolate or reproduce the issue. I discovered that if I connected to the database using Query Analyzer… >>> More
iptables issue on plesk

as seen on Server Fault - Search for 'Server Fault'
i don't know how to open a specific port (rtmp=1935) on my CentOS server using Plesk or itables. I created new rules for port 1935 i/o using Plesk/Modules/Firewall but this doesn't work. Nmap scanning tells me this : 1935/tcp filtered rtmp . So i decided to have look at my iptable using SSH (iptables… >>> More
Httpd problem, suspect an attack but not sure

as seen on Server Fault - Search for 'Server Fault'
On one of my servers when I type netstat -n I get a huge output, something like 400 entries for httpd. The bandwidth on the server isn't high, so I'm confused as to what's causing it. I'm suspecting an attack, but not sure. Intermittently, the web server will stop responding. When this happens… >>> More
Why can blocked IPs get through my iptables? What's wrong with this configuration?

as seen on Server Fault - Search for 'Server Fault'
(Why can/How are) blocked IPs (get/getting) through my iptables? Hello and thanks for your consideration... I have configured iptables and included (below) output from the command "iptables --line-numbers -n -L" yet IP addresses (like 31.41.219.180) from IP blocks I have already blocked are getting… >>> More
iptables syn flood countermeasure

as seen on Server Fault - Search for 'Server Fault'
I'm trying to adjust my iptables firewall to increase the security of my server, and I found something a bit problematic here : I have to set INPUT policy to ACCEPT and, in addition, to have a rule saying iptables -I INPUT -i eth0 -j ACCEPT. Here comes my script (launched manually for tests) : #… >>> More