Home page logo
/

nanog logo nanog mailing list archives

Re: Questions about Internet Packet Losses
From: Vern Paxson <vern () ee lbl gov>
Date: Mon, 13 Jan 1997 19:33:49 PST

Yeah, but I doubt that they're in the majority.  Recent stats indicate that
about 9% of the packets out there are using an MSS of 512.  Another 1% are
using an MSS of 256.  Only 6% are using 536, and 7% are using 1460.  This
indicates to me that there are a whole lot of broken boxes out there still.

I believe you're misinterpreting the numbers.  The raw data for those
numbers (if they're the same ones I'm thinking of) indicate that 9% of the
packets had a 512 byte *payload*.  This is quite different than whether the
TCP sending the packet had a 512 byte MSS, because often the TCP doesn't
*have* 512 bytes to send.  Crunching through the 340,000 HTTP connections
in and out of LBNL last Friday, less than 10% had requests exceeding 512
bytes.  Even 35% of the replies were <= 512 bytes.  Toss in SYN/FIN and
pure acks and you rapidly dilute the relationship between measured packet
size and MSS.

A much more solid way to estimate MSS's is to look at MSS options in SYN
packets.  Rich Stevens did this in TCP/IP Illustrated Vol 3.  I don't have
it here at home for precise figures, but he found that the large majority
of the MSS's were from a few standard sizes.  He also found an immense range
of bizarre values (my personal favorite: 17,520 bytes), but they were rare.

All that said, at the next NANOG I'll talk about some findings from a TCP
behavior study I've been doing (it's part of the packet dynamics study).
One of my main findings is that independently-written (i.e., non-BSD-derived)
TCP's are much more likely to have serious performance and congestion problems.

                Vern
- - - - - - - - - - - - - - - - -


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault