PRTT
-- Passive Packet Round-Trip Time CalculationDescription
Prtt is a program to passively monitor network latency in real time. Prtt utilizes Libpcap and the TCP handshake process
to obtain packet round-trip time measurements. For each TCP connection it sees, it measures the time offset
between each SYN and SYN-ACK, thereby obtaining a latency measurement. In this manner, prtt builds a database
of known hosts and the latencies between them. The database can then be queried to generate round-trip times not only for each
host pair, but also aggregate averages over any subnets or DNS entries. Prtt comes in two pieces: a server and a client.
The server runs as a daemon collecting statistics and can be queried either locally or remotely by the client.
For best results, run the prtt server on a network tap that sees a lot of traffic.
Prttd, the prttd server, now comes in two (technically 3) variations:
- sqlprttd -- This is the newest iteration of prttd, it is built on top of mysql as a backend. This is the current development branch of prttd and it sees the most active work.
- prttd, (prttd_old) -- This is the original iteration of prttd. It is built upon GLib and holds all of the prtt data in tables in memory (prttd_old uses a combination of b-trees and g_sequences and is less efficient - it is not recommended for usage).
NOTE: There is a shortcoming in the configure script, it will fail out if mysql is not present. Mysql is not required to build prttd, only sqlprttd - sqlprttd is the recommended version, however.
Dependencies
Libpcap, GLib 2.6, GThread-2.0, [mysql]
Help Text
./prtt -h
Usage:
prtt [OPTION...] ACTION [ACTION ARGUMENTS]
Possible actions:
lookup (SOURCE) (DESTINATION)
Lookup looks up RTT data for the given source and destination in the server's database.
list [SOURCE] [DESTINATION]
List lists all known sources or destinations or a given subset, depending on arguments.
dump
Effects a dump of all data in the server's database to a .gz file in the server's working directory.
flush
Causes the server to flush all data and start 'fresh'. Statistics are NOT saved before executing this
command; if you wish to save the data, issue a 'dump' command first
stats
Prints out some server statistics.
SOURCE and DESTINATION arguments can be given as any of a dotted quad, a dotted quad slash netmask,
or a DNS name (the last for "lookup" only.
Examples: 123.456.654.321
123.456.789.0/24
www.google.com (lookup only)
Help Options:
-?, --help Show help options
Application Options:
-s, --server=(xxx.xxx.xxx.xxx | server.com) prtt server address (defaults to localhost)
-v, --verbose verbose output
Prtt is the client interface to the prtt server daemon (prttd). Prttd utilizes libpcap
to measure in the background the time offsets between TCP SYN and SYN-ACK packets,
thereby measuring packet round-trip time for a given host pair. It compiles a database
of these measurements which can be queried by the client program with the ability to
aggregate over any subnets or DNS entries.
prtt version 2.0 by Manish Karir, Jim Brusstar, Pat Pannuto, and Tyler Sanderson
Please direct comments and bug reports to ppannuto@umich.edu, tysand@umich.edu.
More information is available at software.merit.edu.
Author(s)
- Manish Karir - mkarir [at] merit [dot] edu
- Jim Brusstar - jimbru [at] umich [dot] edu
- **Pat Pannuto - ppannuto [at] umich [dot] edu
- **Tyler Sanderson - tysand [at] umich [dot] edu