How to automate measuring of bandwidth usage between two hosts

Question

I have an application that has a TCP client and a server. I set up the client and server on separate machines. Now I want to measure how much bandwidth is being consumed ( bytes

Answer 1

Bro is an appropriate tool to measure connection-oriented statistics. You can either record a trace of your application communication or analyze it in realtime:

bro -r <trace>
bro -i <interface>

Thereafter, have a look at the connection log (conn.log) in the same directory for the amount of bytes sent and received by the application. Specifically, you're interested in the TCP payload size, which conn.log exposes via the columns orig_bytes and resp_bytes. Here is an example:

bro-cut id.orig_h id.resp_h conn_state orig_bytes resp_bytes < conn.log | head 

which yields the following output:

192.168.1.102   192.168.1.1     SF      301     300
192.168.1.103   192.168.1.255   S0      350     0
192.168.1.102   192.168.1.255   S0      350     0
192.168.1.103   192.168.1.255   S0      560     0
192.168.1.102   192.168.1.255   S0      348     0
192.168.1.104   192.168.1.255   S0      350     0
192.168.1.104   192.168.1.255   S0      549     0
192.168.1.103   192.168.1.1     SF      303     300
192.168.1.102   192.168.1.255   S0      -       -
192.168.1.104   192.168.1.1     SF      311     300

Each row represents a single connection, transport-layer ports omitted. The last two columns represent the bytes sent by the originator (first column) and responder (second column). The column conn_state represents the connection status. Please refer to the documentation for all possible field values. Some important values are:

• S0: Connection attempt seen, no reply.
• S1: Connection established, not terminated.
• SF: Normal establishment and termination. Note that this is the same symbol as for state S1. You can tell the two apart because for S1 there will not be any byte counts in the summary, while for SF there will be.
• REJ: Connection attempt rejected.