PRTT-- Passive Packet Round-Trip Time Calculation
Prtt is a program to passively monitor network latency in real time. Prtt utilizes Libpcap and the TCP handshake process
to obtain packet round-trip time measurements. For each TCP connection it sees, it measures the time offset
between each SYN and SYN-ACK, thereby obtaining a latency measurement. In this manner, prtt builds a database
of known hosts and the latencies between them. The database can then be queried to generate round-trip times not only for each
host pair, but also aggregate averages over any subnets or DNS entries. Prtt comes in two pieces: a server and a client.
The server runs as a daemon collecting statistics and can be queried either locally or remotely by the client.
For best results, run the prtt server on a network tap that sees a lot of traffic.
Prttd, the prttd server, now comes in two (technically 3) variations:
- sqlprttd -- This is the newest iteration of prttd, it is built on top of mysql as a backend. This is the current development branch of prttd and it sees the most active work.
- prttd, (prttd_old) -- This is the original iteration of prttd. It is built upon GLib and holds all of the prtt data in tables in memory (prttd_old uses a combination of b-trees and g_sequences and is less efficient - it is not recommended for usage).
NOTE: There is a shortcoming in the configure script, it will fail out if mysql is not present. Mysql is not required to build prttd, only sqlprttd - sqlprttd is the recommended version, however.
Libpcap, GLib 2.6, GThread-2.0, [mysql]
./prtt -h Usage: prtt [OPTION...] ACTION [ACTION ARGUMENTS] Possible actions: lookup (SOURCE) (DESTINATION) Lookup looks up RTT data for the given source and destination in the server's database. list [SOURCE] [DESTINATION] List lists all known sources or destinations or a given subset, depending on arguments. dump Effects a dump of all data in the server's database to a .gz file in the server's working directory. flush Causes the server to flush all data and start 'fresh'. Statistics are NOT saved before executing this command; if you wish to save the data, issue a 'dump' command first stats Prints out some server statistics. SOURCE and DESTINATION arguments can be given as any of a dotted quad, a dotted quad slash netmask, or a DNS name (the last for "lookup" only. Examples: 123.456.654.321 123.456.789.0/24 www.google.com (lookup only) Help Options: -?, --help Show help options Application Options: -s, --server=(xxx.xxx.xxx.xxx | server.com) prtt server address (defaults to localhost) -v, --verbose verbose output Prtt is the client interface to the prtt server daemon (prttd). Prttd utilizes libpcap to measure in the background the time offsets between TCP SYN and SYN-ACK packets, thereby measuring packet round-trip time for a given host pair. It compiles a database of these measurements which can be queried by the client program with the ability to aggregate over any subnets or DNS entries. prtt version 2.0 by Manish Karir, Jim Brusstar, Pat Pannuto, and Tyler Sanderson Please direct comments and bug reports to firstname.lastname@example.org, email@example.com. More information is available at software.merit.edu.
- Manish Karir - mkarir [at] merit [dot] edu
- Jim Brusstar - jimbru [at] umich [dot] edu
- **Pat Pannuto - ppannuto [at] umich [dot] edu
- **Tyler Sanderson - tysand [at] umich [dot] edu