Measuring window sizes scaling using statistical graphs

Analysis of Traffic using Wireshark-

Measurement of TCP Window Size Under Different Traffic Conditions

 

1. Introduction

Computer networks rely on efficient data transmission mechanisms to ensure reliable communication between devices. One important parameter that influences network performance is the TCP window size. The TCP window size controls how much data can be sent by a sender before waiting for an acknowledgement from the receiver.

The TCP window size is part of the Transmission Control Protocol (TCP) and plays a crucial role in flow control. It helps prevent network congestion by limiting the amount of data transmitted before receiving confirmation from the receiving host.

In this experiment, the TCP window size parameter is analyzed using Wireshark under three different traffic conditions: normal traffic, medium traffic, and heavy traffic. By observing how the TCP window size behaves under varying network loads, we can understand how TCP adapts to changing network conditions.

2. Network Parameter Chosen

The network parameter chosen for this experiment is:

TCP Window Size

The TCP window size represents the amount of data (in bytes) that a receiver can accept before sending an acknowledgment. It is used by TCP to manage flow control and prevent buffer overflow at the receiver.

Wireshark allows us to inspect the TCP window size field present in TCP packets.

 

3. Formula Used for Measurement

The TCP window size can be calculated as:

Effective Window Size = TCP Window Size × Window Scaling Factor

Where:

 TCP Window Size – value present in the TCP header

 Window Scaling Factor – multiplier used to increase the maximum window size

If window scaling is not used, then:

Effective Window Size = TCP Window Size

The window size determines how much unacknowledged data the sender can transmit at a time.

4. Tools Used

The following tools were used in this experiment:

 Wireshark – for capturing and analyzing network packets

 Ping command – for generating controlled network traffic

 Web browser / system network activity – for observing normal traffic conditions

 

 

5. Procedure Used for Measurement

Step 1 – Capturing Network Traffic

1. Open Wireshark.

2. Select the active network interface (Wi-Fi or Ethernet).

3. Start capturing network packets.

Step 2 – Normal Traffic Measurement

1. Keep the system idle with minimal network activity.

2. Capture packets for a short duration.

3. Apply the filter:

tcp

4. Select any TCP packet.

5. Expand the Transmission Control Protocol section.

6. Observe the Window Size Value field.



 

Step 3 – Medium Traffic Measurement

1. Generate moderate traffic using the command:

ping google.com -n 50

(or ping -c 50 google.com on Linux)

2. Continue capturing packets in Wireshark.

3. Apply the TCP filter again:

tcp

4. Observe the TCP Window Size in multiple packets.



Step 4 – Heavy Traffic Measurement

1. Generate heavy traffic using:

ping google.com -n 200

(or ping -c 200 google.com)

2. Continue capturing packets.

3. Observe the TCP window size values in the TCP packet details.





6. Observations

The TCP window size values were observed under different network conditions.

Traffic Condition

Observation

Normal Traffic

TCP window size remained stable due to low network load

Medium Traffic

TCP window size showed variation due to increased data transmission

Heavy Traffic

TCP window size adapted dynamically to handle high traffic conditions

These observations demonstrate how TCP flow control adjusts to different traffic loads.

7. Conclusion

In this experiment, the TCP window size parameter was analyzed using Wireshark under different traffic conditions. The analysis showed that TCP dynamically adjusts its window size based on the network load to maintain efficient data transmission.

Under normal traffic conditions, the window size remained stable. As the traffic increased to medium and heavy levels, the TCP protocol adapted by modifying the window size to ensure proper flow control and prevent network congestion.

This experiment demonstrates the importance of TCP window size in maintaining reliable and efficient communication in computer networks.

Comments

Post a Comment

Popular posts from this blog

Analysis of an example malware pcap file

Image
   Malware Presence Confirmation using Network Traffic Analysis of a PCAP File Introduction Malware is malicious software designed to infiltrate, damage, or gain unauthorized access to computer systems. Many types of malware communicate with external servers in order to receive commands or exfiltrate stolen data. Network traffic analysis is a powerful technique used to detect such malicious behavior by examining captured packet data.   In this assignment, a packet capture (PCAP) file containing network traffic from an infected system was analyzed using Wireshark. The objective was to identify suspicious communication patterns and confirm the presence of malware by analyzing DNS queries, HTTP requests, and FTP communication observed in the captured traffic. Objectives 1. To analyze network traffic captured in a PCAP file using Wireshark. 2. To identify suspicious domains, protocols, and communication patterns in the captured traffic. 3. To detect evidence of malware activi...
Read more