Detecting and profiling TCP connections experiencing abnormal performance

  • Authors:

  • Aymen Hafsaoui;Guillaume Urvoy-Keller;Matti Siekkinen;Denis Collange

  • Affiliations:

  • Eurecom, France;Laboratoire I3S CNRS/UNS UMR 6070, France;Aalto University, Finland;Orange Labs, France

  • Venue:
  • TMA'12 Proceedings of the 4th international conference on Traffic Monitoring and Analysis
  • Year:
  • 2012

Quantified Score

Hi-index 0.00

Visualization

Abstract

We study functionally correct TCP connections --- normal set-up, data transfer and tear-down --- that experience lower than normal performance in terms of delay and throughput. Several factors, including packet loss or application behavior, may lead to such abnormal performance. We present a methodology to detect TCP connections with such abnormal performance from packet traces recorded at a single vantage point. Our technique decomposes a TCP transfer into periods where: (i) TCP is recovering from losses, (ii) the client or the server are thinking or preparing data, respectively, or (iii) the data is sent but at an abnormally low rate. We apply this methodology to several traces containing traffic from FTTH, ADSL, and Cellular access networks. We discover that regardless of the access technology type, packet loss dramatically degrades performance as TCP is rarely able to rely on Fast Retransmit to recover from losses. However, we also find out that the TCP timeout mechanism has been optimized in Cellular networks as compared to ADSL/FTTH technologies. Concerning loss-free periods, our technique exposes various abnormal performance, some being benign, with no impact on user, e.g., p2p or instant messaging applications, and some that are more critical, e.g., HTTPS sessions.