[OT ? ] getting stats out of network capture
Chuck Swiger
cswiger at mac.com
Fri Jul 25 00:42:10 UTC 2008
Hi--
On Jul 24, 2008, at 5:12 PM, Norberto Meijome wrote:
> I'm interested in knowing the application level RTT for a HTTP
> application -
> ie, not from SYN , SYN/ACK ... FIN , FIN/ACK , but from the POST
> (http.request
> in wireshark) by an app on my side to the response by the server
> (http.response). I have no access to either app's code.
Try something like this on the webserver or client machine:
# tcpdump -ttt -q -n -A tcp port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes
000000 IP 17.227.140.124.49729 > 199.103.21.227.80: tcp 488
E....K at ./.%....|.g...A.P.4`...&8...."c.....
9".,....GET /server-status HTTP/1.1
H
001348 IP 199.103.21.227.80 > 17.227.140.124.49729: tcp 1448
E....Y at .@....g.....|.P.A..&8.4b.....J......
....9".,HTTP/1.1 200 OK
...which indicates a delay of 1.348 ms from the HTTP GET to the HTTP
200 response. This is using the following "delta timestamp" mode;
-ttt Print a delta (in micro-seconds) between current and
previous
line on each dump line.)
If you use tcpdump -w to save the packets captured to a file for
analysis, you can feed it to net/tcpflow port to reconstruct this into
individual flows, which will make it easier to figure out if your
traffic starts getting interleaved.
Regards,
--
-Chuck
More information about the freebsd-questions
mailing list