BLOG     |     FORUM
Welcome, Guest
Username: Password: Remember me
All your questions answered real quick by Unleash Networks Engineers.
  • Page:
  • 1

TOPIC: Maximum Segment Size

Maximum Segment Size 7 years 8 months ago #3830

  • Andy
  • Andy's Avatar
  • OFFLINE
  • Karma: 0
The Ruby (anastm.rb) code sample contains the following function:

# attempt to 'discover MSS' by observing the SYN-ACK-ACK
def find_mss (hand2)
layer_tcp = hand2.FindLayer("TCP")
f_o = layer_tcp.FindField("MSS")
print "the mss is #{f_o.value}\n"
f_o.value.to_i
end

When I execute the script, I get:

in `find_mss': undefined method `value' for nil:NilClass (NoMethodError)

I tried this with an upper case “V” on “.value”, but I get the same error.

I printed the value of “f_o” and it comes out as empty.

I tried passing “mss”, “"Max Segment Size”, "Maximum Segment Size”, etc. into the FindField function…. Bu no luck.

If I remove the “.value”, then I get:
the mss is 0

But that is only because:
C:\ruby193>irb
irb(main):001:0> "".to_i
=> 0

Why am I not getting a value for “MSS” ?

Thanks,
Andy
The administrator has disabled public write access.
The following user(s) said Thank You: Olegtorpeda

Maximum Segment Size 7 years 8 months ago #3833

Hi Andy,

The script assumes the 2nd packet in the TCP flow (stream) is the SYN-ACK packet. This packet contains the effective MSS.

If you look at the code line 556 we look for the 2nd packet in the stream, Item(1) to compute the MSS.


mss3.PNG


I suspect that your capture file is missing the SYN-ACK packet that is causing the script not to find the MSS TCP Option.


I've attached a sample file that works, observe how the 2nd packet has the MSS option!

Attached Packet Capture file USNF format www.unleashnetworks.com/lib/private/pcaps/tt.usnf
Vivek R
Unleash Networks
Support : www.unleashnetworks.com/forums
Last Edit: 7 years 8 months ago by vivek [unleash].
The administrator has disabled public write access.

Maximum Segment Size 7 years 8 months ago #3834

  • Andy
  • Andy's Avatar
  • OFFLINE
  • Karma: 0
Thank you, Vivek.

I did some reading on the 3-way hand shaking, MSS, and Syn-Ack……

I did a test, and if I start the UnSniff capture before I start our application then the anastm.rb appears to work ok..
It then has the 2nd packet of the stream.

I had modified the code in the “find_mss” function to use 1460 as a default value if the “FindField” function did not find the “MSS” value.
With that, I had been starting the capture while our application was already up and running.

As a test I’ve opened some of those capture files with UnSniff, selected the Sessions tab, and then opened the stream(s) with the “TCP Congestion Analyzer” tool.
With that I can see the bandwith graphs ok.
From what I’ve read on your site, I think that tool was derived from the anastm.rb code.

How is with the “TCP Congestion Analyzer” tool working on these captures where anastm.rb does not?
Does the “TCP Congestion Analyzer” use a default if it can’t find the 2nd packet of the stream?
Is 1460 a safe default value to use? (I am primarily interested in bandwidth.)

Andy
The administrator has disabled public write access.

Maximum Segment Size 7 years 8 months ago #3836

If it is your internal network and you have knowledge of the link layers involved (ethernet/wireless/gige) than the MSS is unlikely to change for each connection. So if you've seen
1460 being used, its probably safe to assume that as a default.

The TCP Congestion Analyzer follows the exact same logic as the anastm.rb code (looks for advertised value in SYN-ACK). However unlike the ruby version it doesnt crash out, instead assumes a default of 1460 bytes.

Hope that helps,

THanks
Vivek R
Unleash Networks
Support : www.unleashnetworks.com/forums
The administrator has disabled public write access.
The following user(s) said Thank You: Andy

Maximum Segment Size 4 years 1 week ago #4642

  • Rusya27
  • Rusya27's Avatar
It's difficult for me, but thank you. I love to read some informative posts. It develop my the different sides.
Usually I buy college papers online.
The administrator has disabled public write access.
  • Page:
  • 1
Moderators: vivek [unleash]
Time to create page: 0.049 seconds