I use one tshark instance to sniff for 30 sec a network interface before a web server:
tshark -a duration:30 -f "(tcp dst port 8080) && (tcp=0x02 or tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420)" -w sniff.pcap
to capture packets with TCP.SYN and/or HTTP.GET requests.
Following that, I call tshark to gather statistics from the capture file:
tshark -r sniff.pcap -qz "io,stat,0,COUNT(tcp.flags)tcp.flags==0x02" -z "io,stat,0,COUNT(http.request.method)http.request.method=="GET""
Both these calls are made from a Java program using Runtime.exec() method in different threads.
The concept is that capturing happens for 30 sec, then the next 30-sec-capturing starts, while in another thread statistics are gathered from the first capture.
The problem is that the statistics call almost never runs to completion in the 30 sec window until its next call (sometimes takes minutes).
Is this delay something expected? Is there a way to speed the statistics up?
asked 26 Jan '12, 14:53
accept rate: 0%