The libtcpcsm software is designed to facilitate the analysis of TCP sending behaviour, i.e. detecting loss and reordering events or tracking congestion window size, in packet header traces. It is based on the libtrace trace processing library.
The software consists of both libtcpcsm, a library that passively detects TCP congestion events in network traffic traces, and analysis tools built using libtcpcsm.
Another rather fragmented week. Continued helping out where I could with the funding proposals, particularly finding references and tidying up some of the wording. Now we just have to wait and see if we actually get any of the funding we're asking for.
Taught 513 this week - we covered the recently published libtrace paper. I think I did a reasonable job of selling the students on libtrace. Wrote a possible libtrace programming assignment for the class which will be set if Richard gives it the go-ahead.
Prepared a 1.0.3 release for libtcpcsm. I've sent the release candidate off to a user who has been using the library quite a bit for testing prior to an actual release.
Started preparing for a new libprotoident release as well.
On the time series front, decomposing the time series seems to produce a trend line that can highlight genuine events in the data but there are still some caveats. In particular, none of our existing detectors work that well with the resulting data and it isn't clear that we can do the decomposition reliably when running live.
Re-ran my CAA analysis using the updated libprotoident and updated the results in my paper accordingly.
Made a few tweaks to libtcpcsm, based on suggestions from a user. Looking towards rolling out a new release soon.
Set up a build environment for BSOD client on BIGMAC. This took a bit longer than expected due to the move to Xcode 4. Managed to find and fix a bug in libwandevent that was preventing looping input from working properly. Also got the client building and running on tkn as well after a painful Windows 7 + Visual Studio install.
Finished the week by adding WASD movement back into BSOD client and an option to the server that forces it to wait for a client to connect before reading from the input
Detailed passive analysis of TCP sender behaviour requires accurate
identification of congestion events. Previous tools that attempt to
provide such information do not incorporate the behaviour of recent operating
systems and TCP features and are therefore of little use to researchers
analysing contemporary TCP traffic. In this paper, we present a new tool for
identifying and classifying TCP congestion events from a passive packet trace,
called tcpcsm, which understands modern operating system TCP behaviour.
We discuss the major problems that occur when passively identifying TCP
congestion events and describe how tcpcsm solves them. We also show that
tcpcsm is more accurate than previous tools using a series of controlled
experiments involving a variety of operating systems.
Published at ICT 2011, Ayia Napa, Cyprus.