Saturday, January 7, 2012

Dispatches From The Trading Floor - Analysis Technique

In the comments on my MoldUDP analysis post, Will asked:
So...uh, what are the chances you can show us in detail how you made those graphs?
And Will wasn't the only one to approach me with that question.

Well... I have a confession to make. I didn't have any MoldUDP data handy when I wrote that post. Not even a single packet.

Instead, what I had was a screencast that I recorded in 2007 or 2008. A screencast with a huge ugly watermark right through the middle of it.

So, in order to write the article, I pulled some stills from the screencast, edited out the watermark, and stuck 'em in the blog post.

I've decided to share the original screencast. I don't explain too much about how the protocol works or what the plot represents in this clip. Most of that info is contained in the previous post. Read it first.

Mostly, this screencast is intended to give a sense of how I'd actually do the analysis, and how quickly my tools allow me to tear through huge capture files and spot interesting problems.

The tools convert sniffer data into the interactive plots I demonstrate here. It's pretty fast. The packet capture I'm working with in this clip is about 30 seconds of data with roughly 300,000 packets. Import of this captured data ran at about 2x realtime (15 seconds) on my 2005 vintage G4 Macintosh. Working with the data once it's been imported is super snappy, almost no delay at all.

I'm sorry about the Demo Version watermark, the bleeps (company names - I wasn't cursing) and the general lack of polish and context. This video wasn't intended for wide distribution, nor for someone unfamiliar with the protocols in question - I made it for a colleague who was helping me work through a packet delivery issue.

Readers of my blog have expressed enough of an interest in trading floor trivia that I hope you'll all be willing to look past the warts.


I <3 protocols.

1 comment:

  1. Chris,

    Thanks a lot. I'll need to watch one more time and I think read the previous post a few more as well.

    ReplyDelete