Date: Thu, 24 Jul 2008 17:42:04 -0700 From: Chuck Swiger <cswiger@mac.com> To: Norberto Meijome <freebsd@meijome.net> Cc: FreeBSD Questions ML <freebsd-questions@freebsd.org> Subject: Re: [OT ? ] getting stats out of network capture Message-ID: <40515BC3-EB63-4A74-9A4F-B91A6C1D1B4D@mac.com> In-Reply-To: <20080725101242.64fdabc1@ayiin> References: <20080725101242.64fdabc1@ayiin>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi-- On Jul 24, 2008, at 5:12 PM, Norberto Meijome wrote: > I'm interested in knowing the application level RTT for a HTTP > application - > ie, not from SYN , SYN/ACK ... FIN , FIN/ACK , but from the POST > (http.request > in wireshark) by an app on my side to the response by the server > (http.response). I have no access to either app's code. Try something like this on the webserver or client machine: # tcpdump -ttt -q -n -A tcp port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes 000000 IP 17.227.140.124.49729 > 199.103.21.227.80: tcp 488 E....K@./.%....|.g...A.P.4`...&8...."c..... 9".,....GET /server-status HTTP/1.1 H 001348 IP 199.103.21.227.80 > 17.227.140.124.49729: tcp 1448 E....Y@.@....g.....|.P.A..&8.4b.....J...... ....9".,HTTP/1.1 200 OK ...which indicates a delay of 1.348 ms from the HTTP GET to the HTTP 200 response. This is using the following "delta timestamp" mode; -ttt Print a delta (in micro-seconds) between current and previous line on each dump line.) If you use tcpdump -w to save the packets captured to a file for analysis, you can feed it to net/tcpflow port to reconstruct this into individual flows, which will make it easier to figure out if your traffic starts getting interleaved. Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40515BC3-EB63-4A74-9A4F-B91A6C1D1B4D>