[Planetlab-users] Fwd: Missing TCP handshake in tcpdump

Marco Slot marco at few.vu.nl
Thu Jul 10 09:37:12 EDT 2008 

Forwarded from the support list.
(summary)
I'm looking for a way to monitor TCP handshake packets in order to
perform SYN/ACK latency measurement. These do not appear anymore when
using a raw socket bound to the monitored port. The required ownership
is only obtained after establishing a connection. Sapan suggests to
add a vsys capability to request ownership of a port.

Marco

On 7/10/08, Sapan Bhatia via RT <support at planet-lab.org> wrote:
> Hi Marco,
>
>  This behavior is expected, since at the time of the TCP handshake you
>  do not own the connection. The way this would work for you is that we
>  would give you access to a vsys capability (request_port). You would
>  then use this capability to request ownership of a particular tcp
>  port. Once you have requested ownership, you'll get access to all
>  traffic that comes in or goes out of this port, including TCP
>  handshakes. Please post this question on the users mailing list, so
>  that we can take it from there.
>
>  Sapan
>
>  On Tue, Jul 8, 2008 at 9:17 AM, Marco Slot via RT
>  <support at planet-lab.org> wrote:
>  > I have been using raw sockets to do some latency measurements based on
>  > SYNACK/ACK round-trip-time during the TCP handshake. After resuming
>  > experiments today it appears this is no longer possible on PlanetLab
>  > nodes. The socket does not receive incoming packets during the
>  > handshake, only packets that are sent after the handshake.
>  >
>  > tcpdump has the same problem
>  >
>  > /usr/sbin/tcpdump -S on planetlab2.wiwi.hu-berlin.de produced the
>  > attached output tcpdump.out when accepting a simple TCP connection
>  > (telnet without data) from kits.few.vu.nl. I also attached the output
>  > on a regular machine: tcpdump-proper.dump. The SYN packet and first
>  > ACK packet have gone missing. The problem is the same on all PlanetLab
>  > nodes I have tried. When performing tcpdump at the initiating party
>  > the SYN and ACK (outgoing) packets do appear, but the SYNACK
>  > (incoming) does not.
>  >
>  > Is this intended behaviour? Is there another way to receive the
>  > handshake packets?
>  >
>  > Marco
>  >
>

More information about the Users mailing list