Date: Thu, 24 Jul 2008 17:42:04 -0700 From: Chuck Swiger <cswiger@mac.com> To: Norberto Meijome <freebsd@meijome.net> Cc: FreeBSD Questions ML <freebsd-questions@freebsd.org> Subject: Re: [OT ? ] getting stats out of network capture Message-ID: <40515BC3-EB63-4A74-9A4F-B91A6C1D1B4D@mac.com> In-Reply-To: <20080725101242.64fdabc1@ayiin> References: <20080725101242.64fdabc1@ayiin>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi--
On Jul 24, 2008, at 5:12 PM, Norberto Meijome wrote:
> I'm interested in knowing the application level RTT for a HTTP
> application -
> ie, not from SYN , SYN/ACK ... FIN , FIN/ACK , but from the POST
> (http.request
> in wireshark) by an app on my side to the response by the server
> (http.response). I have no access to either app's code.
Try something like this on the webserver or client machine:
# tcpdump -ttt -q -n -A tcp port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes
000000 IP 17.227.140.124.49729 > 199.103.21.227.80: tcp 488
E....K@./.%....|.g...A.P.4`...&8...."c.....
9".,....GET /server-status HTTP/1.1
H
001348 IP 199.103.21.227.80 > 17.227.140.124.49729: tcp 1448
E....Y@.@....g.....|.P.A..&8.4b.....J......
....9".,HTTP/1.1 200 OK
...which indicates a delay of 1.348 ms from the HTTP GET to the HTTP
200 response. This is using the following "delta timestamp" mode;
-ttt Print a delta (in micro-seconds) between current and
previous
line on each dump line.)
If you use tcpdump -w to save the packets captured to a file for
analysis, you can feed it to net/tcpflow port to reconstruct this into
individual flows, which will make it easier to figure out if your
traffic starts getting interleaved.
Regards,
--
-Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40515BC3-EB63-4A74-9A4F-B91A6C1D1B4D>