I have a proxy traffic server which is an extra hop on a network and is handling large quantity's of traffic.
I would like to calculate the cost in seconds of how long it takes for the proxy server to handle the incoming request, process them and forward it on.
I had been playing to write a python script to perform a tcpdump and some how time packets entering into the server until they had left.
I would probably have to perform tcpdump for a certain period of time and then analysis it to calculate times?
Is this a good way of achieving what I want or would there be a more elegant solution?
I always found it easier to utilize a switch's 'port mirror' to copy all data in and out of the proxy's switchport to a separate port that connects to a dedicated capture box, which does the tcpdump work for you.
If your switch(es) have this capability, it reduces the load on the busy proxy. If they don't, then yes, tcpdump full packets to a file: "tcpdump -i interface -s 0 -w /path/to/file".
You can then (on a different machine) throw together some code to examine and report on anything you want, or even open it in wireshark for detailed analysis.