Check out the new USENIX Web site. next up previous
Next: Delaying connection termination Up: Extending the algorithm Previous: Fast ack parity

Sending data bursts

The second limitation is that we cannot send large packets. The reason for this is that the amount of buffer space provided by the receiver is limited. Many TCP implementations default to 8KB receiver buffers. Consequently, the receiver can accommodate no more than five 1500 byte packets, a number far too small to be statistically significant. While we could simply create a new connection and restart the tool, this limitation prevents us from exploring larger packet bursts.

Luckily, we observe that TCP implementations trim packets that overlap the sequence space that has already been received. Consequently, if a packet arrives that overlaps a previously received packet, then the receiver will only buffer the portion that occupies ``new'' sequence space. By explicitly overlapping the sequence numbers of our probe packets we can map each large packet into a single byte of sequence space, and hence only a single byte of buffer at the receiver.


  
Figure: Mapping packets into sequence numbers by overlapping sequence numbers.
\begin{figure}
\begin{center}

\epsfig {file=space.ps,width=4.5in,angle=270}

\vspace*{-2.4in}\end{center}\end{figure}

Figure 4 illustrates this technique. The first 1500 byte packet is sent with sequence number 1500, and when it arrives at the target it occupies 1500 bytes of buffer space. However, the next 1500 byte packet is sent with sequence number 1501. The target will note that the first 1499 bytes of this packet have already be received, and will only use a single byte of buffer space. Using this technique we can map every additional packet into a single sequence number, eliminating much of the buffering limitation. This technique only allows us to send bursts of data in one direction - towards the target host. Coercing the target host to send arbitrarily sized bursts of data back to the source is more problematic since TCP's congestion control mechanisms normally control the rate at which the target may send data. We have investigated techniques to remotely bypass TCP's congestion control [SCWA99] but we believe they represent a security risk and aren't suited for common measurement tasks.


next up previous
Next: Delaying connection termination Up: Extending the algorithm Previous: Fast ack parity
Stefan Savage
8/31/1999