Of mice, elephants, ants, and lemmings.... I frequently take packet captures to look at actual traffic on my production network, then look at them in wireshark or take them apart via tcptrace. eyeball gives one measurement. Tcptrace gives me a measurement of how many tcp flows were present over that interval, and completed, but not udp. We can't easily measure udp quic traffic for "completion", but we can look at peaks and valleys and the actual presence of that "flow". DNS, and a zillion other sorts of transactions (even arp), to me, count as one or two packet flows.
Is there a tool out there that can pull out active flows of all sorts from a cap? somewhat relevant paper: https://dl.acm.org/citation.cfm?id=987190 There was a classic one (early 90s) on self similar behavior that I cannot remember just now. Used to cite it.... -- Dave Täht CEO, TekLibre, LLC http://www.teklibre.com Tel: 1-669-226-2619 _______________________________________________ Bloat mailing list [email protected] https://lists.bufferbloat.net/listinfo/bloat
