Early Retransmit

After many years our Early Retransmit specification is now an RFC.

• Mark Allman, Konstantin Avrachenkov, Urtzi Ayesta, Josh Blanton, Per Hurtig. Early Retransmit for TCP and SCTP, April 2010. RFC 5827.

An Assessment of Web Timeouts

Two weeks ago at PAM Zak presented our work in assessing the length and implications of various timeouts associated with the process of downloading web pages. The paper are slides:

• Zakaria Al-Qudah, Michael Rabinovich, Mark Allman. Web Timeouts and Their Implications. Passive and Active Measurement Conference, April 2010. Zak's slides.

A Longitudinal Look at Web Traffic

A couple weeks back at PAM Tom presented our initial analysis of 3.5 years of HTTP traffic from ICSI's border. The paper and slides from the talk:

• Tom Callahan, Mark Allman, Vern Paxson. A Longitudinal View of HTTP Traffic. Passive and Active Measurement Conference, April 2010. Tom's slides.

ICSI Netalyzr leaves beta

Today we are taking the ICSI Netalyzr out of the beta stage. Among the changes we are rolling out are:

• New tests. We now provide a path MTU test, IP fragmentation support, improved DNS examination, and look up additional names. Besides the client-side transcript you can now inspect the server-side one, which is useful for debugging highly troubled sessions. In addition, we have improved the overall robustness of the existing tests.
• Interface improvements. A frequent complaint we received was that the results summary is overwhelming. As a first step to improve the situation, you can now selectively show or hide result summary detail. On the summary page, you find clickable plus/minus symbols that will expand/collapse test results on the entire page, in a particular test class, or on a particular test. When you first arrive at the summary page, any issues we have noticed remain expanded by default.
• Updated info pages. Each of our tests comes with an info page, available by clicking on the test's name (such as "Path MTU" in the above). We have given those info pages a makeover, which will hopefully make them easier to understand and more useful to less technical users.

We hope you will enjoy the new Netalyzr. Many thanks to everyone who has tried out the tool in the past!

Securing Web Content

Former ICSI visitor Joakim Koskela recently presented a joint paper on securing web content at the Re-Architecting the Internet workshop held at CoNext 2009. The paper is available as:

• Joakim Koskela, Nicholas Weaver, Andrei Gurtov, Mark Allman. Securing Web Content. ACM CoNext Workshop on ReArchitecting the Internet (ReArch), December 2009.

CCS'09 paper on automatic protocol reverse-engineering

At this week's CCS conference we presented a technique for automating protocol reverse-engineering from executable programs and its application to botnet C&C protocols.

• J. Caballero, P. Poosankam, C. Kreibich, and D. Song. Dispatcher: Enabling Active Botnet Infiltration using Automatic Protocol Reverse-Engineering. 16th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, USA. [PDF, BibTeX]

This is joint work with the BitBlaze team at UC Berkeley. MIT Technology Review has published an article on our work.

IMC '09 Paper on Characterizing Residential Broadband Traffic

Last week at IMC we presented initial work on characterizing residential broadband traffic. The paper is:

• Gregor Maier, Anja Feldmann, Vern Paxson, Mark Allman. On Dominant Characteristics of Residential Broadband Internet Traffic. ACM SIGCOMM/USENIX Internet Measurement Conference, November 2009.