I want to make a lab experiment to measure the firewall (a hardware) latency. This firewall can do Deep Packet Inspection (DPI) on some industrial protocols (you can consider as TCP payload inspection). Hence, I want to measure the firewall's latency when inspecting the payload.
Assume I have a sender PC and a receiver PC. The firewall is connected in between. I can build a packet generator on the sender, and use wireshark installed on each PC to confirm whether the packet pass the firewall or not.
Hence, what is the effective way to measure the latency (e.g. xxx ms delay on average by comparing without firewall) that the firewall inspects the packets? (such as existing software)
Best Answer
I don't know your full circumstances, but if an accurate figure for device latency really mattered to me then I would hire specialised equipment for this task. I'm in the UK and there are specialist suppliers who hire out network analysis equipment like this. You will need a device that can take your payload and generate TCP sessions. I haven't done this for a while so I don't know who sells what any more. I used to use Wandel and Goltermann and Smartbits but it was a long time ago. I also never needed to use real payload myself, but you obviously do.
An alternative would be to use a couple of network taps and a packet broker that can apply hardware time-stamps before handing to a simple Wireshark PC. If the required accuracy is no better than about 100 microseconds, you could even just use two taps and a properly-configured PC with Wireshark. You will have to ensure that NIC interrupts are not coalesced and there may be other settings to optimise. Using Wireshark you just match packets across the two captures, and take the time difference. You can export the capture files to a spreadsheet to match them. You will need to try to assess what the precision you acheive.