Giters

sirupsen / initcwnd

Script to analyze the initial congestion window of any https server

Home Page:https://sirupsen.com/napkin/problem-15/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

initcwnd

This simple, hacky Ruby script will attempt to guess the initial congestion window and subsequent window sizes. It accompanies Napkin Math post 15. It has to be run as root, as it uses tcpdump(1) to monitor the connection.

Note: Tested to work on MacOS. Not fully compatible with Linux for some reason. Contributions encouraged!

# You may need to install libpcap development packages for packetfu to work,
# depending on your operating system.

sudo gem install packetfu net-ping
sudo ruby initcwnd.rb https://github.com/sirupsen/initcwnd en0

This script uses a lot of heuristics to make an educated guess at TCP windows. It's not great code, if you're intrigued by the problem, I'd love contributions to clean this up (potentially completely rewrite it).

Because it uses hacky heuristics it's not a definitive answer. Ideally, we'd write a custom TCP/IP implementation and an HTTP client on top of it to get a more definitive answer, but this was frankly more work than I was wiling to put in.

How does it work?

The idea is to send an HTTP 1.1 request with curl (used over the built in Ruby client primarily because it easily supports writing out the SSL keys for Wireshark debugging). We fork off tcpdump to monitor the connection, and write the whole session to a .pcap file.

In the beginning of the request, we do a few dozen pings to the server to obtain some simple statitics around the roundtrip time that we use to figure out the TCP windows.

When the request is done we move on to a super hacky loop that goes through all the packets from the .pcap files and guesses the TCP transfer windows. Finally, it'll print out the windows and various other cool things about the session.

FAQ

Why am I getting a million small windows? Likely the server is streaming back a chunked response to you. This script unfortunately can't differentiate between that and many small TCP windows, but in this case, it's safe to assume it's because of how the origin server sends back the response. This makes it very difficult to guess the windows without writing a custom TCP/IP implementation for this purpose.

I ran the script a few times, and now the initial window is much larger? Yes, the kernel has a feature called the IP route cache which remembers the congestion window negotiated with you. This is a great feature so you're not starting from scratch each time, making the web faster. Typically this expires after around 10 minutes, but it could be longer, or shorter.

The script is erroring! Yes, there are so many edge-cases on the web this script doesn't deal with. You're welcome to debug it and submit a patch. Usually it'll work if you try it again, or just try a different website.

This script's code quality is not good, seriously. Yes, I agree. Slightly embarrassed. But also wanted to ship the post.

License

MIT

About

Script to analyze the initial congestion window of any https server

https://sirupsen.com/napkin/problem-15/

Languages

Language:Ruby 96.3%Language:Gnuplot 3.7%