[General boards] [Fall 2018 courses] [Summer 2018 courses] [Winter 2018 courses] [Older or newer terms]

Flow Size and Flow Type for Per-Flow Statistics


#1
  1. Flow Type:

For the results, since it is the same as the per-packet statistics, is only difference the % occurrence (# packets / # of TCP/UDP packets).

  1. Do we count the UDPError or TCPError as flows?

  2. Flow Size: Do you mean the size of the entire ethernet packet or just the TCP/UDP packet size?


#2
  1. We want to know the portion of all IP flows that are TCP or UDP. Count the total number of IP flows, and then report which portion are UDP and which portion are TCP.
  2. What do you mean by UDPerror and TCPError? If you are referring to another type of transport layer protocol, then simply consider them as another category and the result will be that the total % of TCP and UDP flows will not be 100% (because there are other types of transport layer flows as well).
  3. The size of entire packets.

#3

Hi there are protocols with name TCP in ICMP and UDP in ICMP, I’m not sure if they considered as TCP/UDP or a separate transport protocol?

Thanks!


#4

The assignment handout says “We only define TCP and UDP flows.” so I’ve ignored everything that is not either TCP or UDP. Is it OK if we assumed that since the assignment handout said we only define TCP and UDP flows that we don’t have an “other” category here?


#6

I am confused by the statement “portion of all IP flows”.

I thought that { all flows } = {TCP flows } union {UDP flows}.


#7

No. There could be IP packets that are neither TCP nor UDP. You should look at the protocol field in the IP header. It either tells you that the packet is TCP, UDP, or something else. Put everything else in an “other” category. Also note that source port and destination port are only defined for TCP and UDP packets. Other IP packets may not have such a header field.


#8

Professor, apologies for the confusion. I just want to confirm for the flow analysis, we only look at TCP and UDP flows only.

From the post above, it’s stated:

We want to know the portion of all IP flows that are TCP or UDP. Count the total number of IP flows, and then report which portion are UDP and which portion are TCP

However the project handout states that a flow is defined as only TCP and UDP:

To analyze flows, you need to reconstruct flows. We only define TCP and UDP flows. We define a set of packets as a flow if they have the same source IP, destination IP, source port, destination port, protocol, and the maximum packet inter‐arrival time between those packets is not more than 90 minutes.

The last answer in this thread also states:

Also note that source port and destination port are only defined for TCP and UDP packets

Does this not imply then that we only look at TCP and UDP flows since we need the source port and destination port to correctly identify a flow? Just wondering where this part fits in:

Count the total number of IP flows, and then report which portion are UDP and which portion are TCP

I was assuming the total (ie. all flows) meant UDP flows + TCP flows, but it looks like this is not the case from the answer above. Would it be possible to get some clarification on the meaning of “all flows”?

Thank you


"All Flows"
#9

IP flows are TCP+UDP flows.