RE: [OT ? ] getting stats out of network capture
On Behalf Of Norberto Meijome On Thu, 24 Jul 2008 17:42:04 -0700 Chuck Swiger [EMAIL PROTECTED] wrote: Try something like this on the webserver or client machine: # tcpdump -ttt -q -n -A tcp port 80 Excellent, thanks Chuck. I haven't got access to the server, and the client has to run on a win32 ... so i'll figure out how to tcpdump on w32 or howto in wireshark gui. On MS-Windows, the easiest option is to download and install Wireshark 1.0, which will also install Winpcap. It gives you the option of installing Winpcap as a system service, which enables it for all users, even the non-admin types. When you use it, if possible, always tie it to the NIC, not the NDIS layer. A lot of traffic is sidetracked before it gets to NDIS. In some cases where the NIC is not supported, we have found that the only traffic Wireshark can capture is what is left after every other process has received theirs. Bob McConnell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [OT ? ] getting stats out of network capture
Hi-- On Jul 24, 2008, at 5:12 PM, Norberto Meijome wrote: I'm interested in knowing the application level RTT for a HTTP application - ie, not from SYN , SYN/ACK ... FIN , FIN/ACK , but from the POST (http.request in wireshark) by an app on my side to the response by the server (http.response). I have no access to either app's code. Try something like this on the webserver or client machine: # tcpdump -ttt -q -n -A tcp port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes 00 IP 17.227.140.124.49729 199.103.21.227.80: tcp 488 [EMAIL PROTECTED]/.%|.g...A.P.4`...8c. 9.,GET /server-status HTTP/1.1 H 001348 IP 199.103.21.227.80 17.227.140.124.49729: tcp 1448 [EMAIL PROTECTED]@g.|.P.A..8.4b.J.. 9.,HTTP/1.1 200 OK ...which indicates a delay of 1.348 ms from the HTTP GET to the HTTP 200 response. This is using the following delta timestamp mode; -ttt Print a delta (in micro-seconds) between current and previous line on each dump line.) If you use tcpdump -w to save the packets captured to a file for analysis, you can feed it to net/tcpflow port to reconstruct this into individual flows, which will make it easier to figure out if your traffic starts getting interleaved. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [OT ? ] getting stats out of network capture
On Thu, 24 Jul 2008 17:42:04 -0700
Chuck Swiger [EMAIL PROTECTED] wrote:
Try something like this on the webserver or client machine:
# tcpdump -ttt -q -n -A tcp port 80
Excellent, thanks Chuck.
I haven't got access to the server, and the client has to run on a win32 ... so
i'll figure out how to tcpdump on w32 or howto in wireshark gui.
thanks again!
B
_
{Beto|Norberto|Numard} Meijome
You can discover what your enemy fears most by observing the means he uses to
frighten you.
Eric Hoffer (1902 - 1983)
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
