Skip to content


Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

pping (pollere passive ping)

pping is a linux/macOS/BSD command line tool to measure network latency via passive monitoring of active connections. Unlike ping, pping doesn't inject traffic to determine RTT (Round-Trip Time) -- it reports the per-packet RTT experienced by normal application traffic. Unlike transport state monitoring tools like ss which can only measure RTT at the sending endpoint, pping can measure RTT at the sender, receiver or anywhere on a connection's path (for example, an OpenWrt home border router could easily monitor the RTT of all traffic to and from the Internet).

For more information on pping, please visit



pping depends on the libtins packet parsing library which should be downloaded and built or installed first.

pping uses only the core functions of libtins so, if there are no other users, a static version of the library with fewer dependencies (only cmake and libpcap) can be built and 'installed' in its own source directory:

# (assuming sources are put in ~/src)
cd ~/src
git clone
cd libtins
mkdir build
cd build
make install

(The static libtins library makes the pping binary more self-contained so it will run on systems that don't have libtins installed.)


The pping makefile assumes libtins has been built and installed in directory ~/src/libtins as described above. If that isn't the case, edit the third line of the makefile to be the libtins install location. For example, if the libtins precompiled binary is installed, change the third line to:

LIBTINS = /usr/local

Nothing else in Makefile should require changing and just typing make should build pping.

There's currently no install target in the makefile because pping for live traffic (as opposed to running it on a pcap file) requires packet sniffing capabilities and there's no standard way to set that up (see the notes on "Reading packets from a network interface" in man pcap). It can always be run as root via sudo.


pping -i interface monitors tcp traffic on interface and reports each packet's RTT to stdout. For example pping -i en0 (Mac OS) pping -i wlp2s0 (Ubuntu 17.04)

pping -r pcapfile prints the RTT of tcp packets captured with tcpdump or wireshark to pcapfile.

There are a few flags that control how long pping will capture and/or how many packets it will capture, the output format, and a bpf filter for what packets to capture. For example, to see the RTT of next 100 tcp packets from netflix or youtube:

   pping -i en0 -c 100 -f 'net 45.57 or 74.125'

pping -h, pping --help, or just pping describes the flags.

Since pping outputs one line per packet, if it's being run on a busy interface its output should be redirected to a file or piped to a summarization or plotting utility. In the latter case, the -m (machine-friendly output format) might be useful.

Output to Mongo database

pping can be set up to output to a Mongo database. The compile flag USE_DB must be set and the mongo c++ library installed ( Once a mongo database instance is running, pping is invoked with the -d flag and given the uri. If this is not of interest, don't compile with the USE_DB flag.


Passive ping network monitoring utility (C++)








No releases published


No packages published