This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NAM ICMP reliability?

AntonioSousa
DynaMight Guru
DynaMight Guru

‎19 Oct 2025 03:31 PM

I was having doubts about the reliability of NAM ICMP measurements.

So I decided to test it with tcpdump measurements.

Below are the values (in milisseconds) that Dynatrace gives for a specific NAM ICMP timings, and the corresponding tcpdump values, for the exact same packets generated/seen by Dynatrace:

AntonioSousa_0-1760884103153.png

Has anyone seen something similar?

Antonio Sousa
Labels:
0 Kudos
Reply
4 REPLIES 4

p_devulapalli
Leader

‎20 Oct 2025 05:42 AM

@AntonioSousa Is this RTT that you are comparing here? How are the TCP dump values calculated?

Phani Devulapalli
0 Kudos
Reply

AntonioSousa
DynaMight Guru
DynaMight Guru
In response to p_devulapalli

‎20 Oct 2025 09:54 AM

@p_devulapalli 

For each of the measurements, I'm grabbing the exact time the ICMP request is leaving the server and the instant the reply comes back. I then get the difference between these two values, in microseconds. 

Antonio Sousa
0 Kudos
Reply

p_devulapalli
Leader
In response to AntonioSousa

‎21 Oct 2025 12:10 AM

@AntonioSousa One main difference I can think of between the two would be where the timestamp is captured . For tcpdump it would be at the network interface layer where the packet enters/leaves the NIC and for NAM ICMP(synthetics)  it would be at the  application layer which adds some additional parameters like the OS level processing (CPU load etc.,) and any other application/system dependencies which might add some delay compared to tcpdump.

As you see from your graph the timing from tcpdump is more consistent as its only looking at the network layer (in/out) compared to the one by NAM which is influenced by various system delays.

Again, this is just my understanding .

Phani Devulapalli
0 Kudos
Reply

AntonioSousa
DynaMight Guru
DynaMight Guru
In response to p_devulapalli

‎21 Oct 2025 12:42 AM

@p_devulapalli ,
When dealing with ICMP pings, we are really trying to measure network latency. So, the more nearer to the network level, the best. Indeed, the best would be to leave out kernel and user level processing, but that is very difficult. When doing it, we really don't want to be affected by system delays. BTW, this is what really triggered this revelation 😀

This being said, it's a good exercise: to compare tcpdump, the "ping" application level, and Dynatrace. Let me see if I can do it 😁

Antonio Sousa
Reply
Ask a question

Featured Posts