如何在不嗅探的情况下测量 TCP/IP 开销? [英] How to measure the TCP/IP overhead without sniffing?

问题描述

我想知道是否有一种编程方式来衡量通过 TCP 流发送数据时使用的全部带宽.由于我似乎不知道网络堆栈如何将流划分为数据包，或者当它发送 TCP SYN 或 ACK 或它在后台为您做的许多事情时，我只能对此进行粗略估计.

I'm wondering whether there is a programmatic way to obtain a measure of the full bandwidth used when sending data through a TCP stream. Since I cannot seem to know how the network stack would divide the stream into packets, or when it sends a TCP SYN or ACK or many of the things it does in the background for you, I can only get a rough estimate for this.

我能想到的唯一解决方案是实际嗅探接口，但我想堆栈已经可以为我收集这些统计信息.

The only solution I can think of is to actually sniff the interface, but I would like to think that the stack can already collect this stats for me.

这在 Windows 或 Linux 下的 Java 中运行(当然，首选便携式解决方案)，但我可以对 C/C++ 答案进行 JNI 化，以便(和 OS API 调用)也是一个很好的答案.谢谢！

This is running in Java under either Windows or Linux (of course, a portable solution would be preferred), but I can JNI-ize a C/C++ answer so that (and OS API calls) is a fine answer too. Thank you!

推荐答案

[Windows 特定答案]

[Windows specific answer]

在 Windows 上，您可以考虑查看 ETW(Windows 事件跟踪).一般而言，ETW 是用于在 Windows 上提供跟踪/日志信息的技术，并且大多数 Microsoft 软件已经配备了您可以使用的 ETW 提供程序.在您的情况下，我认为 Microsoft-Windows-TCPIP 提供程序具有可能对您有帮助的信息(例如本地/远程地址和端口、操作、发送/接收的字节等).

On Windows you can consider looking at ETW (Event Tracing for Windows). In general, ETW is the technology used to provide tracing/logging information on Windows, and most Microsoft software is already instrumented with ETW providers that you can use. In your case, I think the Microsoft-Windows-TCPIP provider has information (e.g. local/remote address and port, operation, bytes sent/received, etc) that might be helpful for you.

例如，我可以使用以下命令开始将 TCPIP 事件收集到文件中:

For example, I was able to start collecting the TCPIP events to a file using the command:

logman start MyTcpipLog -p Microsoft-Windows-TCPIP -ets

然后停止

logman stop MyTcpipLog -ets

然后可以使用多种不同的工具(例如 xperf)打开 MyTcipipLog.etl 文件，但您可以使用 API 自行解析此文件.

Then the MyTcipipLog.etl file can be opened using a number of different tools (e.g. xperf), but there are APIs that you can use to parse this file yourself.

如果您想在运行时执行此操作，您可以创建一个 "实时" ETW 会话 来处理进入的事件.

If you wanted to be doing this at runtime, you can create a "real-time" ETW session to process the events as they come in.

如果您不熟悉 ETW，请参阅一篇关于 MSDN 的有用文章 我用过的.

If you're new to ETW, here's a helpful article on MSDN that I used.

这篇关于如何在不嗅探的情况下测量 TCP/IP 开销?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！