{"id":468,"date":"2010-09-23T23:42:01","date_gmt":"2010-09-23T21:42:01","guid":{"rendered":"http:\/\/mattiesworld.gotdns.org\/weblog\/2010\/09\/23\/i\/"},"modified":"2011-04-17T18:14:10","modified_gmt":"2011-04-17T16:14:10","slug":"i","status":"publish","type":"post","link":"https:\/\/mattiesworld.gotdns.org\/weblog\/2010\/09\/23\/i\/","title":{"rendered":"I <3 libpcap"},"content":{"rendered":"

A few years ago, I wrote a small app showing the open network connections (announcement following shortly<\/a>). I never figured out how to measure transfer rates over the connections since the kernel does not seem to provide this info through the \/proc filesystem (only some data queue length which is related to kernel mem usage).<\/p>\n

Today we all know and love iftop, but where does it get that info? Simple: pcap<\/a>! Out of curiosity, I checked out the libpcap docs to see how hard it would be to get started. Turned out to be pretty simple! There are a few excellent<\/a> tutorials<\/a> which get you started real fast. In about half an hour I made this very simple sniffer which accumulates the received bytes and packets per second and prints it out when the second changes. Each line contains the timestamp (sec), KB\/s and number of packets received in that second. Here you can see me watching a youtube vid \ud83d\ude42
\n
\nOpening device eth0
\nts = 1285276934, load = 0.7 KB\/s (4)
\nts = 1285276935, load = 0.3 KB\/s (1)
\nts = 1285276939, load = 0.9 KB\/s (4)
\nts = 1285276940, load = 14.4 KB\/s (44)
\nts = 1285276941, load = 294.9 KB\/s (764)
\nts = 1285276942, load = 608.9 KB\/s (1505)
\nts = 1285276943, load = 1164.4 KB\/s (2882)
\nts = 1285276944, load = 1242.6 KB\/s (3064)
\nts = 1285276945, load = 1166.6 KB\/s (2880)
\nts = 1285276946, load = 69.9 KB\/s (179)
\nts = 1285276947, load = 140.1 KB\/s (363)
\nts = 1285276948, load = 139.9 KB\/s (361)
\nts = 1285276949, load = 139.7 KB\/s (358)
\nts = 1285276950, load = 139.7 KB\/s (358)
\nts = 1285276951, load = 139.3 KB\/s (358)
\n....
\n<\/code><\/p>\n

It is a good test to see if the calculated payload is correct. The initial burst of ~1.2MB\/s confirms that. \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"

A few years ago, I wrote a small app showing the open network connections (announcement following shortly). I never figured out how to measure transfer rates over the connections since the kernel does not seem to provide this info through the \/proc filesystem (only some data queue length which is related to kernel mem usage). … Continue reading I <3 libpcap<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32,4,5],"tags":[],"class_list":["post-468","post","type-post","status-publish","format-standard","hentry","category-konnectionmonitor","category-linux","category-programming"],"_links":{"self":[{"href":"https:\/\/mattiesworld.gotdns.org\/weblog\/wp-json\/wp\/v2\/posts\/468","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mattiesworld.gotdns.org\/weblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mattiesworld.gotdns.org\/weblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mattiesworld.gotdns.org\/weblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mattiesworld.gotdns.org\/weblog\/wp-json\/wp\/v2\/comments?post=468"}],"version-history":[{"count":0,"href":"https:\/\/mattiesworld.gotdns.org\/weblog\/wp-json\/wp\/v2\/posts\/468\/revisions"}],"wp:attachment":[{"href":"https:\/\/mattiesworld.gotdns.org\/weblog\/wp-json\/wp\/v2\/media?parent=468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mattiesworld.gotdns.org\/weblog\/wp-json\/wp\/v2\/categories?post=468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mattiesworld.gotdns.org\/weblog\/wp-json\/wp\/v2\/tags?post=468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}