A few years ago, I wrote a small app showing the open network connections (announcement following shortly). I never figured out how to measure transfer rates over the connections since the kernel does not seem to provide this info through the /proc filesystem (only some data queue length which is related to kernel mem usage).
Today we all know and love iftop, but where does it get that info? Simple: pcap! Out of curiosity, I checked out the libpcap docs to see how hard it would be to get started. Turned out to be pretty simple! There are a few excellent tutorials which get you started real fast. In about half an hour I made this very simple sniffer which accumulates the received bytes and packets per second and prints it out when the second changes. Each line contains the timestamp (sec), KB/s and number of packets received in that second. Here you can see me watching a youtube vid 🙂
Opening device eth0
ts = 1285276934, load = 0.7 KB/s (4)
ts = 1285276935, load = 0.3 KB/s (1)
ts = 1285276939, load = 0.9 KB/s (4)
ts = 1285276940, load = 14.4 KB/s (44)
ts = 1285276941, load = 294.9 KB/s (764)
ts = 1285276942, load = 608.9 KB/s (1505)
ts = 1285276943, load = 1164.4 KB/s (2882)
ts = 1285276944, load = 1242.6 KB/s (3064)
ts = 1285276945, load = 1166.6 KB/s (2880)
ts = 1285276946, load = 69.9 KB/s (179)
ts = 1285276947, load = 140.1 KB/s (363)
ts = 1285276948, load = 139.9 KB/s (361)
ts = 1285276949, load = 139.7 KB/s (358)
ts = 1285276950, load = 139.7 KB/s (358)
ts = 1285276951, load = 139.3 KB/s (358)
....
It is a good test to see if the calculated payload is correct. The initial burst of ~1.2MB/s confirms that. 🙂