Abstract. We propose two methods to passively measure and monitor changes in round-trip times (RTTs) throughout the lifetime of a TCP connection. Our first method associates data segments with the acknowledgments (ACKs) that trigger them by leveraging the TCP timestamp option. Our second method infers TCP RTT by observing the repeating patterns of segment clusters where the pattern is caused by TCP selfclocking. We evaluate the two methods using both emulated and real Internet tests. 1

The network simulator ns-2 implements both wireless networks and emulation -- a feature that allows to simulate a network environment among real stations. However, the real-time requirements of a network emulation introduce an inaccurate timing behavior of the simulator scheduler. These timing errors have a negative impact on the performance of network protocols in ns-2. Even more, they lead to false simulation results in the IEEE 802.11 protocol implementation. In this paper we present performance improvements in ns-2, that increase the accuracy of its virtual clock and the the exactness of the real-time simulation. Then we describe a simple time monitoring and correction technique that ensures a timely correct execution of network protocols and enables wireless network emulation in ns-2.

In this paper we analyze a new class of pulsing denialof-service (PDoS) attacks that could seriously degrade the throughput of TCP flows. During a PDoS attack, periodic pulses of attack packets are sent to a victim. The magnitude of each pulse should be significant enough to cause packet losses. We describe two specific attack models according to the timing of the attack pulses with respect to the TCP’s congestion window movement: timeout-based and AIMD (additive-increasemultiplicative-decrease)-based. We show through an analysis that even a small number of attack pulses can cause significant throughput degradation. The second part of this paper is a novel two-stage scheme to detect PDoS attacks on a victim network. The first stage is based on a wavelet transform used to extract the desired frequency components of the data traffic and ACK traffic. The second stage is to detect change points in the extracted components. Through both simulation and testbed experiments, we verify the feasibility and effectiveness of the detection scheme. 1

This paper uses a high-performance, eventdriven, HTTP server (the µserver) to compare the performance of the select, poll, and epoll event mechanisms. We subject the µserver to a variety of workloads that allow us to expose the relative strengths and weaknesses of each event mechanism. Interestingly, initial results show that the select and poll event mechanisms perform comparably to the epoll event mechanism in the absence of idle connections. Profiling data shows a significant amount of time spent executing a large number of epoll_ctl system calls. As a result, we examine a variety of techniques for reducing epoll_ctl overhead including edge-triggered notification, and introducing a new system call (epoll_ctlv) that aggregates several epoll_ctl calls into a single call. Our experiments indicate that although these techniques are successful at reducing epoll_ctl overhead, they only improve performance slightly. 1

www.orbit-lab.org This paper presents the software architecture of the ORBIT radio grid testbed 1. We describe the requirements for supporting the lifecycle of an experiment and how they influenced the overall design of the architecture. We specifically highlight those components and services which will be visible to a user of the ORBIT testbed. 1.

Student member IEEE Abstract — Measuring the performance of an implementation of a set of protocols and analyzing the results is crucial to understanding the performance and limitations of the protocols in a real network environment. Based on this information the protocols and their interactions can be improved to enhance the performance of the whole system. To this end, we have developed a network mobility testbed and implemented the NEMO Basic Support Protocol and have identified problems in the architecture which affect the handoff and routing performance. To address the identified handoff performance issues, we have proposed the use of Make-Before-Break handoffs with two network interfaces for NEMO. We have carried out a comparison study of handoffs with NEMO and have shown that the proposed scheme provides near-optimal performance. Further, we have extended a previously proposed route optimization scheme, OptiNets. We have compared the routing and header overheads using experiments and analysis and shown that the use of the extended OptiNets scheme reduces these overheads of NEMO to a level comparable with Mobile IPv6 route optimization. Finally, the paper shows that the proposed handoff and route optimization schemes enable NEMO Protocol to be used in applications sensitive to delay and packet loss. Index Terms — Network mobility, mobile router, handoffs, route optimization

In this paper, we present a high fidelity and efficient emulation framework called TWINE, which combines the accuracy and realism of emulated and physical networks and the scalability and repeatability of simulation in an integrated testbed, for evaluation of real protocols and applications. Our measurements show that the TWINE emulation kernel has a memory footprint of less than 100KB, and occupies no more than 3.5 % CPU cycles. Thanks to such small overhead and the accurate modelling of physical layer events(at microseconds level), application throughput measured in TWINE is within 5 % of the measured throughput from an equivalent physical wireless LAN. A single commodity PC in TWINE can emulate at least four wireless hosts or simulate sixty nodes in real time at microseconds granularity. This paper also illustrates TWINE’s novel capabilities via two case studies: a protocol to maintain fairness in mesh networks and an adaptive streaming media application operating in heterogeneous wireless networks. The results from the case studies clearly show the benefit of the TWINE evaluation methodology, by identifying a mismatch between the performance of the protocol or application based on actual user experience versus its performance as measured using traditional network performance metrics such as application throughput. 1.

Testing and deploying mobile wireless networks and applications are very challenging tasks, due to the network size and administration as well as node mobility management. Well known simulation tools provide a more flexible environment but they do not run in real time and they rely on models of the developed system rather than on the system itself. Emulation is a hybrid approach allowing real application and tra#c to be run over a simulated network, at the expense of accuracy when the number of nodes is too important. In this paper, emulation is split in two stages: first, the simulation of network conditions is precomputed so that it does not undergo real-time constraints that decrease its accuracy; second, real applications and tra#c are run on an emulation platform where the precomputed events are scheduled in soft real-time. This allows the use of accurate models for node mobility, radio signal propagation and communication stacks. An example shows that a simple situation can be simply tested with real applications and tra#c while relying on accurate models.

During the past four years, several papers have proposed rules for sizing buffers in Internet core routers. Appenzeller et al. suggest that a link needs a buffer of size (� �), where � is the capacity of the link, and is the number of flows sharing the link. If correct, buffers could be reduced by 99 % in a typical backbone router today without loss in throughput. Enachecsu et al., and Raina et al. suggest that buffers can be reduced even further to 20-50 packets if we are willing to sacrifice a fraction of link capacities, and if there is a large ratio between the speed of core and access links. If correct, this is a five orders of magnitude reduction in buffer sizes. Each proposal is based on theoretical analysis and validated using simulations. Given the potential benefits (and the risk of getting it wrong!) it is worth asking if these results hold in real operational networks. In this paper, we report buffer-sizing experiments performed on real networks- either laboratory networks with commercial routers as well as customized switching and monitoring

This paper studies the degradation of anonymity in a flow-based wireless mix network under flow marking attacks, in which an adversary embeds a recognizable pattern of marks into wireless traffic flows by electromagnetic interference. We find that traditional mix technologies are not effective in defeating flow marking attacks, and it may take an adversary only a few seconds to recognize the communication relationship between hosts by tracking such artificial marks. Flow marking attacks utilize frequency domain analytical techniques and convert time domain marks into invariant feature frequencies. To counter flow marking attacks, we propose a new countermeasure based on digital filtering technology, and show that this filter-based countermeasure can effectively defend a wireless mix network from flow marking attacks. 1