sethhall/icmp-latency.bro

## icmp-latency.bro
global watching_icmp: table[conn_id, count] of time &create_expire=3secs;

event icmp_echo_request(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string)
	{
	watching_icmp[c$id, seq] = network_time();
	}

event icmp_echo_reply(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string)
	{
	if ( [c$id, seq] !in watching_icmp )
		return;

	print fmt("%s: %d bytes from %s: icmp_seq=%d ttl=%d time=%.3f ms",
	          c$id$orig_h,
	          |payload|,
	          c$id$resp_h,
	          seq,
	          icmp$hlim,
	          1000 * (network_time() - watching_icmp[c$id, seq]));
	}
	global watching_icmp: table[conn_id, count] of time &create_expire=3secs;

	event icmp_echo_request(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string)
	{
	watching_icmp[c$id, seq] = network_time();
	}

	event icmp_echo_reply(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string)
	{
	if ( [c$id, seq] !in watching_icmp )
	return;

	print fmt("%s: %d bytes from %s: icmp_seq=%d ttl=%d time=%.3f ms",
	c$id$orig_h,
	\|payload\|,
	c$id$resp_h,
	seq,
	icmp$hlim,
	1000 * (network_time() - watching_icmp[c$id, seq]));
	}