The msl_test tool was developed by Glenn Chisholm and introduced in Polygraph version 2.2.0. This page has been synchronized with Poly 2.2.3.

Msl_test will initiate a connection to the specified machine and issue a bogus request. Once it has read the response, it will sleep and wait for the remote end to close the connection. Once MSL the test closes the connection from the client end, the server side will be in TIME_WAIT. At that stage, every second, msl_test will send a SYN packet (from the previous connection) to the server.

The SYN packets are retransmitted to detect the response of the remote TCP stack. No response should be returned until the TIME_WAIT state has expired. However some TCP stacks are not correctly implemented and have a tendency to ACK the SYN while the connection is still in the TIME_WAIT state. To prevent extra ACKs from interfering with the test, a blackhole route is established on the local machine. This route prevents responses from the remote TCP stack being received or responded to by the local TCP stack (the SYN packets will still be visible to msl_test).

Once the TIME_WAIT state expires, the remote machine should respond to our SYN packet with a SYN/ACK as the second phase of the three way handshake. This indicates that TIME_WAIT has ended, and msl_test will report the value of the duration of the TIME_WAIT state. The MSL is half of the TIME_WAIT value.

Msl_test uses the Berkeley Packet Filter (BPF) to capture TCP sessions.

Msl_test.c source file can be found in the polygraph/tools/ directory. At the time of writing, the msl_test program is not compiled by default when you do ``make all''. To compile the tool, run a command similar to the one below.

        example:root 104> g++ -o msl_test msl_test.c

Usage: ./msl_test -i interface-name -s src-host -d dst-host -p dst-port
       -i interface-name The name of the interface which to listen.
       -s src-host       The IP address of the local host
       -d dst-host       The IP address of the destination.
       -p dst-port       Port which to connect to.

To run msl_test your system has to have the BPF enabled in the kernel and have at least one BPF device. If you are running another program that utilizes BPF such as tcpdump or dhcpd, you will require a second BPF device. Additional BPF devices can be made using the MAKEDEV command in the /dev directory.

Msl_test needs to be executed as root to allow it to utilize the BPF device.

Some kind of a server must be running on the remote address and port that you specify on the command line. The best choice is an HTTP server or proxy, but an ssh daemon is known to work as well.

	example:root 105> ./msl_test -i xl0 -s 10.0.1.104 -d 10.0.1.105 -p 22
	Determining MSL of 10.0.1.105 ...
	Sending packets -> 10.0.1.104.1478 > 10.0.1.105.22    SYN 
	TCP TIME_WAIT of 60

As you can see, msl_test has detected a 60 sec TIME_WAIT state (or a 30 sec MSL value).

Msl_test creates a temporary blackhole route to the machine that you are testing. The latter means that your local computer will not be able to communicate with the remote machine at all. Therefore if you are logged in to or via the machine under test, your connection will fail and so will the test! If you interrupt msl_test, or it crashes during the test, check for blackhole routes using the netstat -rn command. The blackhole route can be manually removed with the route command as shown below.

	example:root 106> ./msl_test -i xl0 -s 10.0.1.104 -d 10.0.1.105 -p 22
	Determining MSL of 10.0.1.105 ...
	^C

	example:root 107> netstat -rn
	Routing tables

	Internet:
	Destination        Gateway            Flags     Refs     Use     Netif Expire
	10.0.1.105         127.0.0.1          UGHSB       0        0      lo0

	example:root 108> route delete -host 10.0.1.105

At the moment msl_test can only be run on FreeBSD. Other platforms may be supported in the future.