I am trying to understand DCTCP behavior. For that I am using RED queue discipline on switch port. I am generating traffic using iperf3 for 30 seconds. To capture the packets i am using tcpdump. However the tcpdump file is too large.
So, I wish to extract the packets that have been marked with ECN. Can someone please suggest a way so that I can filter only those packets that have ECN bit set in TCP headers ? Thanks in advance.
Best Answer
You can load the packet trace in Wireshark, and apply the filter
tcp.flags.ecn==1to see only packets with the ECN-Echo bit set in the TCP header, and
tcp.flags.cwr==1to see only the packets with the ECN-CWR (Congestion Window Reduced) bit set in the TCP header.
Here is the list of TCP filters in Wireshark.
You may also be interested in filtering on ECN-CE flags in the IP header, which you can do with
ip.dsfield.ecn == 0x03Here is the list of IP filters in Wireshark.
To see what it should look like, you can download this sample capture from the Wireshark Sample Captures page. This capture includes packets with ECN events.