awk: hping: print difference between icmp originate/receive

Using perl, you can do something like this:

#!/usr/bin/perl -n#if (/Originate=(\d+) Receive=(\d+) Transmit=(\d+)/) {    ($o, $r, $t) = ($1, $2, $3);} elsif (/tsrtt=(\d+)/) {    print $r - $o, " ", $o + $1 - $t, "\n";}

If you call this icmpstats.pl, you can use as hping | perl icmpstats.pl.

A modification of the solution from janos, to provide a usable snippet.

Note that the output of hping becomes fully buffered when redirected to a pipe, which, surprisingly, quite inhibits in the portability of the solution. See https://unix.stackexchange.com/questions/25372/turn-off-buffering-in-pipe and https://unix.stackexchange.com/questions/102403/turn-off-buffering-for-hping-in-openbsd.

The following works on OpenBSD, after installing the expect package:

unbuffer hping --icmp-ts ntp1.yycix.ca \| perl -ne 'if (/icmp_seq=(\d+) rtt=(\d+\.\d)/) {($s, $p) = ($1, $2);} \if (/ate=(\d+) Receive=(\d+) Transmit=(\d+)/) {($o, $r, $t) = ($1, $2, $3);} \if (/tsrtt=(\d+)/) { \print $s, "\t", $p, "\t", $1, " = ", $r - $o, " + ", $o + $1 - $t, "\n"; }'

The following is required on OS X, since its expect is not accompanied by unbuffer:

script -q /dev/null hping3 --icmp-ts ntp1.yycix.ca \| perl -ne 'if (/icmp_seq=(\d+) rtt=(\d+\.\d)/) {($s, $p) = ($1, $2);} \if (/ate=(\d+) Receive=(\d+) Transmit=(\d+)/) {($o, $r, $t) = ($1, $2, $3);} \if (/tsrtt=(\d+)/) { \print $s, "\t", $p, "\t", $1, " = ", $r - $o, " + ", $o + $1 - $t, "\r\n"; }'

This is a sample output form the script, which shows that the forward path is congested, and the return path is most likely not:

0       145.5   146 = 75 + 711       142.7   142 = 72 + 702       140.7   140 = 70 + 703       146.7   146 = 76 + 704       148.3   148 = 77 + 715       157.5   157 = 87 + 706       167.1   167 = 96 + 717       166.3   166 = 95 + 718       167.7   167 = 97 + 709       159.0   159 = 88 + 7110      156.7   156 = 86 + 7011      154.9   155 = 84 + 7112      151.9   152 = 81 + 7113      157.3   157 = 86 + 7114      155.0   155 = 84 + 7115      157.7   158 = 87 + 7116      156.6   156 = 86 + 7017      157.8   158 = 87 + 7118      161.9   162 = 91 + 7119      160.1   160 = 89 + 7120      166.3   166 = 95 + 7121      163.9   164 = 93 + 7122      172.0   172 = 101 + 7123      177.9   178 = 107 + 7124      177.0   177 = 106 + 7125      172.1   172 = 101 + 7126      167.4   167 = 97 + 7027      167.1   167 = 96 + 7128      161.0   161 = 90 + 7129      150.5   150 = 80 + 7030      155.6   155 = 85 + 7031      162.0   162 = 91 + 7132      154.3   154 = 84 + 70

The following example is through the same path; notice how one value still goes up and down randomly, whereas the other one changes monotonically.

0       165.9   166 = -142113 + 1422791       160.2   160 = -142118 + 1422782       155.2   155 = -142122 + 1422773       156.5   156 = -142121 + 1422774       164.7   165 = -142112 + 1422775       164.4   164 = -142111 + 1422756       160.9   161 = -142114 + 1422757       158.1   158 = -142117 + 1422758       155.6   156 = -142119 + 1422759       143.0   143 = -142131 + 14227410      153.2   153 = -142120 + 14227311      157.1   157 = -142115 + 14227212      158.3   158 = -142114 + 14227213      148.6   149 = -142123 + 14227214      144.3   144 = -142127 + 14227115      145.3   145 = -142125 + 14227016      141.9   142 = -142128 + 142270