bbonev
[Feature request] Visualize how much of the traffic is incoming and how much is outgoing
Hi,
thanks for bpfmon! It's a very nice tool to debug traffic impacts of configuration changes on high-load services. Helped me a lot to debug forwarding Syslog servers.
There's though one feature I'm missing (especially with regards to servers which forward data): Being able to (optionally) see how much of the traffic is incoming and how much is outgoing.
I'm not sure how to visualize that best, but some ideas I had:
- 4 graphs instead of 2
- 2 graphs, but (via commandline option) just bytes or just packets
- Each graph being drawn from to top (incoming) and bottom (outgoing), or from a middle axis. (Which is both more or less four graphs just half of it with the opposite direction.)
- Color-coded graphs, e.g. the part of the traffic which is incoming is drawn in a different color than the one for outgoing traffic (e.g. red and green) — in the same graph and with the same bar height as now, just that the bar is drawn in two different colors, maybe even being able to toggle which traffic is shown as bottom graph and which traffic is added on top of that.
Hi,
Currently bpfmon is using a single data source - either pps/bps from iptables rule or pps/bps from libpcap rule.
What you describe is requiring more than one data source - combining that will require a more complex command line and also a screen split and/or coloring.
I am open to ideas on how to realize that but as of now I do not see a straight and clear path to follow...
BTW. Are you aware that you can split incoming from outgoing traffic in libpcap by using outbound and inbound keywords? Maybe opening more than one instance of bpfmon in separate windows will solve that?
Hi,
Currently bpfmon is using a single data source - either pps/bps from iptables rule or pps/bps from libpcap rule.
I see.
What you describe is requiring more than one data source
Understandable.
combining that will require a more complex command line and also a screen split and/or coloring.
Ack.
I am open to ideas on how to realize that but as of now I do not see a straight and clear path to follow...
Ok.
BTW. Are you aware that you can split incoming from outgoing traffic in libpcap by using
outboundandinboundkeywords? Maybe opening more that on instance of bpfmon in separate windows will solve that?
Actually that was exactly the pointer I needed 🎉 as I already thought about running two instances per host, but was wondering how to keep the traffic apart. Would have been a more complex libpcap expression involving multiple destination and source ports.
And indeed, I was not aware of them so far despite I'm using tcpdump for many, many years, probably around two decades now. But with tcpdump I never needed that feature, as I was usually debugging functionality, never traffic amount.
If you deem that feature request too unrealistic for the next few years, feel free to close it. (And maybe reopen it once there is a chance for it. 😉)
Oh, and thanks for providing official Debian and EPEL packages of bpfmon. I'm using both.
Happy to hear that bpfmon is useful :)
Implementing multiple sources is not a problem from technical point of view, but more of how to organize the interface and command line to control it in an easy and intuitive way.
Screen split and coloring are easy to do things, I'd rather consider implementing the color split as an option and combine that with screen split.