{"title":"Analysis of TCP SYN traffic: an empirical study","authors":"Seungwon Shin, Kiyoung Kim, Jongsoo Jang","doi":"10.1109/ICACT.2005.245954","DOIUrl":null,"url":null,"abstract":"There are a lot of studies that have measured TCP traffic, but none of them provide the investigation results of TCP SYN packet. In this paper, we show and explain common behavior of TCP SYN packets in traces from a research center using various statistical analysis methods. We selected three parameters to find the behavior of TCP SYN traffic - number of received SYN packets in every 10 ms, SYN PPS (packet per second), and SYN/TCP (ratio between SYN packets and total TCP packets every in 10ms). Our analysis mechanisms are divided into two groups. We started our examination with general statistical tool to provide the knowledge of data distribution. In the second place, we applied change point detection algorithm to our traces to discover the change of state. We summarized our findings in two main categories, qualitative and quantitative. In qualitative findings, we exhibit the characteristics of arising TCP connection and the amount of SYN packet existing in real network and also expose which parameter can explain the characteristics of SYN traffic well. Quantitative findings provide lots of numerical examples to support qualitative findings","PeriodicalId":293442,"journal":{"name":"The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005.","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICACT.2005.245954","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
There are a lot of studies that have measured TCP traffic, but none of them provide the investigation results of TCP SYN packet. In this paper, we show and explain common behavior of TCP SYN packets in traces from a research center using various statistical analysis methods. We selected three parameters to find the behavior of TCP SYN traffic - number of received SYN packets in every 10 ms, SYN PPS (packet per second), and SYN/TCP (ratio between SYN packets and total TCP packets every in 10ms). Our analysis mechanisms are divided into two groups. We started our examination with general statistical tool to provide the knowledge of data distribution. In the second place, we applied change point detection algorithm to our traces to discover the change of state. We summarized our findings in two main categories, qualitative and quantitative. In qualitative findings, we exhibit the characteristics of arising TCP connection and the amount of SYN packet existing in real network and also expose which parameter can explain the characteristics of SYN traffic well. Quantitative findings provide lots of numerical examples to support qualitative findings
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
