Difficulties in Analysis


Normal TCP/IP "crud"
Vern Paxson's Bro system at UC Berkeley
inconsistent TCP retransmissions
inconsistent, overlapping IP fragments

e.g. 6 packets, 6 possible outcomes
only two variables: IP TTL, TCP segment forward overlap

Many more combinations possible
platform-specific timing
supported IP or TCP options
TCP urgent data application handling
other implementation-specific behaviour