Geek Answers Handbook

How to measure TCP / IP overhead without sniffing?

I am wondering if there is a programmatic way to get the full bandwidth metric used when sending data over a TCP stream. Since I can’t understand how the network stack will split the stream into packets or when it sends TCP SYN or ACK or many of the things that it does in the background for you, I can only get an approximate estimate for this.

The only solution I can think of is to actually sniff the interface, but I would like to think that the stack can already collect these statistics for me.

This works in Java on Windows or Linux (of course, a portable solution is preferable), but I can JNI-ize answer C / C ++ so that (and calls to the OS API) is also a good answer. Thanks!

+7
performance networking tcp
source share
7 answers

[Windows specific answer]

On Windows, you might consider using ETW (Event Tracing for Windows). In general, ETW is the technology used to provide tracing / logging information on Windows, and most Microsoft programs are already equipped with ETW providers that you can use. In your case, I think that the Microsoft-Windows-TCPIP provider has information (for example, local / remote address and port, operation, sent / received bytes, etc.) that may be useful to you.

For example, I was able to start collecting TCPIP events into a file using the command:

logman start MyTcpipLog -p Microsoft-Windows-TCPIP -ets

And stop with

logman stop MyTcpipLog -ets

Then, the MyTcipipLog.etl file can be opened using several different tools (for example, xperf), but there are APIs that you can use to analyze this file yourself.

If you want to do this at run time, you can create a “real-time” ETW session to process events as they arrive at.

If you are new to ETW, here is a useful article on MSDN that I used.

+2
source share

It is not possible to speak for Windows, but the Linux kernel, starting from 2.6.37, does not collect the statistics you are looking for. Socket statistics should be in the sock structure or its descendants, and I do not see the receive / receive counters there:

http://lxr.linux.no/linux+v2.6.37.3/include/net/sock.h#L224

+1
source share

On Linux, this is pretty trivial information for getting root (just create a netfilter chain that matches your traffic, you can use a match with the process ID, for example, read the chain-related counts later). Performing this with limited rights may not be possible.

Not sure for Windows.

0
source share

A conntrack account must be available to measure packets and bytes for each connection. Information should then be requested using netlink sockets. Get information about your socket named getsockname and getpeername and use this information to look up the connection tracking record.

This requires a fairly recent kernel, a loaded conntrack module, and libnetfilter_conntrack.

Also, the same information is available in / proc / net / nf _conntrack, but this file should not be parsed too often.

And there is a tool called "conntrack" that gives you access to this information from the command line.

0
source share

You can look at consuming Perfmon counters. The network interface counter / current bandwidth counter may be what you need. You can create and use performance counters from .NET code.

0
source share

Well TCP is a fixed gram of data that is specified by MTU. If you know your MTU, you can figure out how many grams of data you have to transfer, and TCP follows the standard model for confirmation.

Here's a good article on how to find out the overhead of data transfer, which includes the overhead of Ethernet and other stack levels.

-one
source share

If this TCP stream is the only thing that happens through your interface, you can simply request interface statistics (sent / received bytes) and measure the time yourself (+ do the math).

-one
source share

More articles:


All Articles