Term
|
Definition
| Send one ack for each two data packets received |
|
|
Term
| What do you do if only one ack is received? |
|
Definition
| Wait a T(delack) timer, then send ack |
|
|
Term
|
Definition
| Reduces the number of acks send |
|
|
Term
| What does SACKs stand for? |
|
Definition
|
|
Term
|
Definition
| Allow the receiver to indicate which segments are missing |
|
|
Term
| How do you tell the difference between retransmission or misordering? |
|
Definition
|
|
Term
is this retransmission or misordering?
1(id=100) ... 7(id=106), 3(id=107), 8(id=108) |
|
Definition
|
|
Term
is this retransmission or misordering?
1(id=100) ... 7(id=106), 3(id=102), 8(id=108) |
|
Definition
| delayed packet / misordering |
|
|
Term
| What are the two timestamp fields? |
|
Definition
|
|
Term
| why packet shaping / quotas? |
|
Definition
| Because IP and internet provisioning are subject to concentiion ratios and abuse |
|
|
Term
|
Definition
| monitor using e.g. netflow, enforce using ACLs |
|
|
Term
| how is packet shaping...? |
|
Definition
| Monitor / enforce using packet shapers |
|
|
Term
| what's E[T]? (Not an alien) |
|
Definition
|
|
Term
|
Definition
| Estimated time spent in slow-start |
|
|
Term
|
Definition
| estimated time spent recovering from loss at the end of the slow-start period |
|
|
Term
|
Definition
| Estimated time spent in congestion avoidance |
|
|
Term
|
Definition
| estimated time for a receiver to send a delayed ack |
|
|
Term
| Is non-intrusive monitoring possible on a large scale? |
|
Definition
|
|
Term
| is intrusive monitoring possible on a large scale? |
|
Definition
| Partially possible, accepting the visibility limitations |
|
|
Term
| what kind of volume of data are you look at if you capture all traffic over a day? |
|
Definition
|
|
Term
| What kind of volume of data can you get with a reduced 'snaplength' |
|
Definition
| still a lot, not as much though |
|
|
Term
| what is 'reduced snaplength'? |
|
Definition
| capture only headers and a bit of data |
|
|
Term
| What kind of analysis can you / can't you get from snaplength? |
|
Definition
no interpretation
good for performance analysis |
|
|
Term
|
Definition
| Only store the nth packet |
|
|
Term
| What will sampling do to storage requirements and what does it do to analysis? |
|
Definition
| Analysis is meaningless, storage is low |
|
|
Term
| How can sampling be improved? |
|
Definition
| store every nth connection |
|
|
Term
| What are you looking for on the internet link? |
|
Definition
time patterns
overall utilisation
Peak time traffic |
|
|
Term
| In order to monitor what do you need to do |
|
Definition
establish monitoring reqs
design monitoring solution |
|
|
Term
| What's possible tools could you use |
|
Definition
netflow
Snmp
tCP Flow
Snort
Distributed solution |
|
|
Term
| what's an undesirable monitoring route? |
|
Definition
| monitor one out of two+ routes |
|
|
Term
| What's the most convenient configuration for connectivity? |
|
Definition
| end network, single connection to internet |
|
|
Term
| What is internet weather? |
|
Definition
| Typical heading for current monitoring resources - typically monitoring loss / delay statistics |
|
|
Term
| Why not release internet traces? |
|
Definition
privacy / security
Convienience |
|
|
Term
| why should you release internet traces? |
|
Definition
For a better understanding of the internet
for better cooperation in order to solve current problems
For improving existing protocols |
|
|
Term
| What 4 parts make up the E[T]? |
|
Definition
|
|
