Using GNUPlot with icmp/tcpping/hping3

Recently I’ve started playing with hping and tcpping to allow for tcp/udp packet testing.

One neat little tool called GNUPlot allows for you to take statistics and then plot them on a diagram. In this tutorial I’ll show you how easy it is.

Step 1: Gather the data and extract out to a .dat file

Via TCPPing

shell> tcpping -x 600 80 | awk 'NF > 1 { print $(NF - 1); }' | grep -E "[0-9]" > pingprostcpdata.dat

Via hping3

shell> hping3 -S -p 80 -c 600 | awk 'NF > 1 { print $(NF - 1); }' | grep -E "[0-9]" | sed -e 's/rtt=//g' > pingproshpingdata.dat


shell> ping -c 600 | awk -F [=\ ] 'NF > 1 { print $(NF - 1); }' | grep -E "[0-9]" > pingprosicmpdata.dat

If you can cat the files you’ll notice the data is the same. It’s up to you which program you want to run on! They both work and provide the same data. My preference is tcpping but if you are an hping type of person go ahead and play around with the script as you like.

TCPPING Results:


HPING Results


With GNUPlot installed type in:

shell> gnuplot

In the GNUPlot terminal add:

set terminal pngcairo size 1024,768 enhanced font 'Verdana,10'
set output "vrrp-vs-nonvrrp.png"
set ylabel "Time in miliseconds"
set xlabel "Number of Pings"

set autoscale

set style line 1  lc rgb ‘#0025ad’ lt 1 lw 1.5
set style line 2  lc rgb ‘#09ad00’ lt 1 lw 1.5

plot “pingprostcpping.dat” title “some title” w lp, \
“pingproshping.dat” title “some other title” w lp


You can also awk you files to find the average:

awk ' FNR==1 {average1 += $1} END {print average1;}' pingprostcpdata.dat
awk -v N=1 '{ sum += $N } END { if (NR > 0) print sum / NR }' pingprostcpdata.dat

You can also make bar graphs to compare the data

set terminal pngcairo enhanced font 'Verdana,10'
set output "vrrp-vs-nonvrrp-bargraph.png"

set style fill solid

set autoscale

plot [0.5:][0:10] ‘pingproshping.dat’ with histogram, ‘sw1-core-vlan134.dat’ with histogram

Installing TCPPing and HPing on CentOS 7.x

Install TCPPing

1: Install tcptraceroute

shell> sudo yum install tcptraceroute

2: Download TCPPing and set permissions

shell> sudo cd /usr/bin/
shell> sudo wget
shell> sudo chmod 755 tcpping

Install HPing

1: Install EPEL Repository

shell> sudo yum install epel-release

2: Install HPing3

shell> sudo yum install hping3



Installing TCPPing and HPing on Debian / Ubuntu

Install TCPPing

1: Install tcptraceroute

shell> sudo apt-get install tcptraceroute

2: Download TCPPing and set permissions

shell> cd /usr/bin/
shell> wget
shell> chmod 755 tcpping

Install HPing

shell> sudo apt-get install hping3



House Keeping

I have been working on articles in the backend as of lately but a few upcoming changes…


  1. I have updated the blog theme to a newer design. This design will allow for me to have a better page tree breakdown between the Linux and Network Articles.
  2. I am deleting all of the blog entries as I convert them to pages. Blog entries will mostly be linked to the newest pages created.
  3. Better breakdown of Linux/Network articles (based on OS Type/Vendor Type).

Stay Tuned…

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Further Learning


  • IOS – GNS3 – (free). Works best on MAC (windows/Linux supported)
    • Good for doing routing testing (we built an entire global ospf/bgp lab at IMC and tested changes there before deploying)
  • vEOS (free) Using Virtualbox you can build your own Arista mini lab to test functionality.
  • JunOS – GNS3/Virtualbox (free). Works best on MAC (windows/Linux supported)
  • NX-OS – Cisco VIRL ($150/yr). Works best on MAC (windows/Linux supported)
  • F5 Virtual Lab






rsyslog Configuration with multiple hosts on CentOS 7.x

yum install rsyslog

chkconfig rsyslog on


vim /etc/rsyslog.conf


Uncomment the UDP and TCP syslog reception items to match below:

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

Add Template before GLOBAL DIRECTIVES

$template RemoteLogs,”/apps/syslog/%HOSTNAME%/%$now%.log” *
*.* ?RemoteLogs
& ~

Configure Debian 7.x/8.x and Ubuntu 14.04 LTS Boxes with Smokeping

  • Login and then update the OS

shell> sudo apt-get update
shell> sudo apt-get upgrade

  • Configure Hostname (in our example we will use turtle):

shell> sudo hostname turtle
shell> sudo vim /etc/hostname

    • Add

    • Change Hosts File

shell> sudo vim /etc/hosts

      • From        debian

      • To

  • Restart hostname

shell> sudo /etc/init.d/

  • Install Postfix, cacti, smokeping

shell> sudo apt-get install postfix
shell> sudo apt-get install sendmail
shell> sudo apt-get install smokeping

  • Install TCPPing

shell> apt-get install tcptraceroute
shell> cd /usr/bin/
shell> wget
shell> chmod 755 tcpping

  • Configured Apache for Smokeping support

shell> cd /etc/apache2/conf-available
shell> sudo ln -s ../../smokeping/apache2.conf smokeping.conf
shell> sudo a2enconf smokeping
shell> sudo a2enmod cgid
shell> service apache2 reload

  • Configure Smokeping

shell> sudo vim /etc/smokeping/config.d/General

cgiurl   =


Monitoring in the Cloud as a Network Admin

I’ve been perplexed with a problem lately as a network engineer. Obviously the use of Public/Hybrid clouds from third party providers causes a lack of any sort of visibility for a network engineers.

The question is…how do we…as network engineers gain the visibility necessary to see the health of the cloud and performance within the network.

Here are a few ideas that one can utilize to start gaining more visibility for an engineer to help with performance metrics and troubleshooting:

  1. Monitor all server equipment nic cards.
  2. Smokeping between different servers
  3. Monitor local bandwidth going out to the cloud
  4. Trending reports will tell you if the cloud has issues
  5. Have a Network Host in the cloud that is dedicated to running latency, jitter numbers utilizing smokeping
Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather