Personal tools

Skip to content. | Skip to navigation

This Logo Viewlet registered to qPloneSkinTechlight
You are here: Home ConChart Examples First Packets

First Packets

— filed under: ,

An HTTP connection captured with TCPdump with the correct filter, gives us the following when run with conchart (-a -l):

 single.png

 

At first glance it shows us a client with IP 135.25.21.195 (source port 44961) opening a connection to 132.25.21.121 on port 80. The connection takes a litte more than 2.5ms.

Every little triangle shows a packet being transmitted: A triangle on the lower side of the bar is a TCP packet send from the client to the server, one on the bottom side of the bar indicates a packet in the opposite direction. The blue color surface indicates that the a packet from client to server contained data, the red wine color is a packet containing data from the server to the client. So even without knowing the protocol internals, we can distinguish request and response for a given communication.

Looking closer gives us even more information:

single_det.png

As indicated above we can determine the relative length of the fundamental steps of the connection. For example, we notice that the time to complete the 3-way TCP handshake is significant compared with the time the server needs for processing.

Note:

The size of the blue and red bar is completely different. This has nothing to do with the amount of data that has been sent, but with how the image is constructed. When a packet with non-zero data length is detected, a blue or red (depending on the direction of the packet) rectangle is drawn until another packet arrives. As this capture is taken on the client side of the connection, the time between packets sent and the arrival of the matching acknowledging packet is long compared to the time between a received packet and its matching ack. Hence the blue rectangle is large compared to the red one.

 

 

Document Actions