TCP flow chart

From Allegro Network Multimeter Manual
Revision as of 13:06, 6 April 2022 by Ralf (talk | contribs)
Jump to navigation Jump to search

The TCP flow chart feature allows for a detailed view of a TCP connection by using a retrospective analysis. It will extract all packets for a selected connection from the ring buffer or packet buffer and runs a detailed analysis on these packets.

TCP flow chart

Table packet view

The results are shown in a table on the left hand side containing all packets, their time (which can be toggled between relative and absolute time by clicking on it) and detailed packet information. This information contains the direction of the packet and the packet type, like actual data, SYN, ACKs, DUP-ACKS, retransmission, etc. For ACK packets, the ack'ed packet number is shown and can be clicked to jump to that packet. Below the direction arrow the delta time to the previous packet is shown.

A simplified TCP state is shown for both client and server side.

Some packets like dup-acks or retransmissions also describe a reference packet to which they refer too which can be seen and clicked in the corresponding column.

The last column shows the time between ACK packets and the previous data packet this is being acknowledged.

Summarized statistics

The right hand side of the window contains some summarized values about the analysis.

A text field can be used to enter any packet number to jump to that packet in the table view.

The connection can be captured by using the corresponding button.

The maximum time between data and its acknowledgement is shown. Large values indicates network problems when packets may not have been received.

Limitations

  1. Since the analysis takes significant memory per connection, the analysis is not performed on live traffic. Instead, a ring buffer (or packet buffer for pcap analysis) is required to be able to extract the connection and run the analysis on that data. The analysis only uses the TCP header information and therefore it is ok if the ring buffer is configured to truncated stored packet to the L4 header only.
  2. The analysis result is stored on internal storage instead of main memory to keep as much memory available for live processing. Therefore, there is a size limit on how large the connection can be. The maximum number of packets is 100,000, but it can be lower if not enough disk space is available.
  3. Due to disk space limitations, the number of parallel opened analysis windows is limited to 5. Starting another TCP flow chart will invalidate the oldest one automatically.
  4. The analysis of a TCP connection starts at the beginning of the connection and stops either at the end of connection or the end time configured in BIT-Mode. Since the packets are extracted from ring buffer, the analysis may take some time especially if it is a long-lasting connection. A progress bar informs about the status of the analysis.