[e2e] Is a non-TCP solution dead?

Cannara cannara at attglobal.net
Thu Apr 24 21:08:54 PDT 2003


Now Spencer, you know the answer -- neither 1) or 2).  :]

The key in making any deductions is to know what the measurement tools do and
how they might be fooled.

Alex

Spencer Dawkins wrote:
> 
> OK, I'll byte (ha!).
> 
> And the difference to the network between
> 
> (1) a TCP flow and
> 
> (2) a non-TCP flow tunneled over TCP
> 
> is?
> 
> (signed) curious
> 
> Or are we saying "a non-TCP flow tagged as TCP to get through
> firewalls, but not conforming to TCP congestion avoidance"? I'd
> be thrilled to see that...
> 
> It's interesting to look at the contents of tunneled packets for
> traffic analysis, but if you tunnel over TCP/HTTP to get through
> firewalls, the network thinks (correctly!) it's carrying
> TCP/HTTP, end of sentence.
> 
> I would be interested in seeing references for "traffic that
> masquarades as TCP, and probably as HTTP as well (how else would
> you get through proxies?), but doesn't behave like TCP"...
> 
> --- Cannara <cannara at attglobal.net> wrote:
> > John, I don't know enough about Inet2 to argue, but what you
> > say makes sense
> > from what my friends at Stanford, who manage parts of the SU
> > net, have to
> > say.  I believe, as the other emails have pointed out, that
> > unless one
> > actually looks at pkt contents, one can't really get good
> > stats, due to the
> > mimicking of TCP to get through filters.  This is likely why
> > tools used by
> > CAIDA, Sprint, etc. would have to be examined to see what
> > they're actually
> > looking at, if anything, other than simple port #s.
> >
> > Alex





More information about the end2end-interest mailing list