hi,
I'm tring to use libpcap to measure bandwith.. the reason I need this is to launch this small program that will measure the bandwith usage (tcpdump filter based).. it will not be ncurses based,,
My problem is how to set this program to capture the traffic for 10 seconds for example ... and most importanly how u calculate that 1 second is passed, so that u calc "kbps"...
Could u explain...(i'm not a C programmer but have idea what is all about)
Second question I've used pcap sniffer.c example from tcpdump.org, and modified so that i calculate the packet sizes in two different ways i.e :
total_len2 += ntohs(ip->ip_len); total_len += header->len;
into got_packet() callback function... I see that iftop uses the first one, is it more correct...
tia..
PS. One second question is what if I put several filters in text files and loop over them i.e. read the first filter, setfilter(), mesure for 10 sec, then read the second filter...etc.etc.. will there be some calculation error 'cause I'm switching filters i.e. will I have to wait some time before start measuting say : 1. setfilter() 2. wait 1 sec 3. measure 10 sec 4. goto 1
On Sun, May 02, 2004 at 05:24:27PM +0300, raptor wrote:
hi,
I'm tring to use libpcap to measure bandwith.. the reason I need this is to launch this small program that will measure the bandwith usage (tcpdump filter based).. it will not be ncurses based,,
I take it you need to measure the bandwidth used by particular packets which pass a given bpf filter? If not, you may be best off reading the sent/received totals from /proc/net/dev or equivalent.
My problem is how to set this program to capture the traffic for 10 seconds for example ... and most importanly how u calculate that 1 second is passed, so that u calc "kbps"...
Most easily, by calling time(), for instance using,
time_t t;
t = time(NULL); /* or time(&t) */
but that only gives times accurate to the nearest second. Alternatively,
#include <sys/time.h>
/* ... */
struct timeval t; gettimeofday(&t, NULL); /* now the time is t.tv_sec + t.tv_usec / 1000000 */
Could u explain...(i'm not a C programmer but have idea what is all about)
So one possibility is to start your program, record the time, and keep recording packets until ten seconds have passed.
Second question I've used pcap sniffer.c example from tcpdump.org, and modified so that i calculate the packet sizes in two different ways i.e :
total_len2 += ntohs(ip->ip_len); total_len += header->len;
into got_packet() callback function... I see that iftop uses the first one, is it more correct...
One gives the on-the-wire size, the other the size of the IP packet. The former includes the ethernet header, the latter doesn't. If you care about the amount of IP traffic -- and if your ISP bills you for `bandwidth', this is probably how they calculate it -- you need to know the total amount of IP traffic.
PS. One second question is what if I put several filters in text files and loop over them i.e. read the first filter, setfilter(), mesure for 10 sec, then read the second filter...etc.etc.. will there be some calculation error 'cause I'm switching filters i.e. will I have to wait some time before start measuting say :
- setfilter()
- wait 1 sec
- measure 10 sec
- goto 1
You shouldn't have to wait between changing filters. All the packets you receive after setting a filter should match that filter.
-
Chris Lightfoot -
raptor