tshark/pcap 和 Web 服务器响应时间

tag-icon tag-icon linux networking web-server pcap tshark
tshark/pcap 和 Web 服务器响应时间

如何使用 tshark&shell 或其他工具从 pcap 文件获取每个主机名的 GET 和 HTTP/1.0 200 OK 之间的响应时间差异(我的意思是 Web 服务器的时间延迟)?您能给我推荐什么方法吗?

答案1

贾斯特尼弗是您正在寻找的:

 +---------+                           +---------+

 |         |                           |         |

 |  Client |                           | Server  |

 |         |                           |         |

 +---------+                           +---------+

      |                                     |

      |  -----   connect syn   -------->    |----+

      |                                     |    |

      |  <------   syn/ack    --------->    |    | %connection.time

      |                                     |    |

      |  -------     ack     ---------->    |    |

      |           ESTABLISHED               |----+

      |                                     |    | %idle.time.0 

      |                                     |    |(after connection, before 

      |                                     |    | request)

      |                                     |    |

      |  ---  request/first packet  --->    |----+

      |  <------     ack     -----------    |    |

      |                                     |    |

      |  ---  request/....          --->    |    | %request.time

      |  <------     ack     -----------    |    |

      |                                     |    |

      |  ---   request/last packet  --->    |    |

      |  <------     ack     -----------    |----+--------------------+

      |                                     |    |                    |

      |                                     |    |                    |

      |                                     |    |%response.time.begin |   

      |                                     |    |                    |

      |  <--  response/first packet ----    |----+                    | response 

      |  -------     ack     ---------->    |    |                    | time

      |                                     |    |                    |

      |  <--  response/....         ----    |    |%response.time.end   |

      |  -------     ack     ---------->    |    |                    |

      |                                     |    |                    |

      |  <--  response/last packet  ----    |    |                    |

      |  -------     ack     ---------->    |----+--------------------+

      |                                     |    |

      |                                     |    |

      |                                     |    | %idle.time.1 (after response, 

      |                                     |    | before new request or close)

      |                                     |    |

      |  <------   close      --------->    |----+

      |                                     |    |

      |                                     |    |

要获取服务器响应时间,您可以使用:

$ justniffer -l "%connection.timestamp(%F %T)%tab \
%source.ip:%source.port%tab \
%dest.ip:%dest.port%tab \
%response.time%tab \
%request.header.host%tab \
%request.url" -f admarket.pcap | sort -t$'\t' -k5,5 -k 4,4rn | head

2011-07-12 09:49:31  src:57351   dst:80  0.032874    domain.com  /home/estimate/?locat=&city=51
2011-07-12 09:49:25  src:34304   dst:80  0.012820    domain.com  /login
2011-07-12 09:49:25  src:38284   dst:80  0.007185    domain.com  /js/custom.js
2011-07-12 09:49:25  src:38320   dst:80  0.006726    domain.com  /js/swfobject.js
2011-07-12 09:49:25  src:38330   dst:80  0.006291    domain.com  /js/jquery.pngFix.pack.js
2011-07-12 09:49:25  src:38374   dst:80  0.004441    domain.com  /js/datepicker_v2.js
2011-07-12 09:49:25  src:38298   dst:80  0.004249    domain.com  /js/jquery.caret.1.02.js
2011-07-12 09:49:25  src:38742   dst:80  0.002814    domain.com  /js/jquery.tablesorter.js
2011-07-12 09:49:25  src:42555   dst:80  0.002737    domain.com  /images/quang_cao_baomoi.jpg
2011-07-12 09:49:25  src:38293   dst:80  0.002591    domain.com  /js/jquery.meio.mask.js

相关内容