From netramet-owner Mon Dec 1 23:09:23 1997 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id XAA25245 for netramet-outgoing; Mon, 1 Dec 1997 23:04:50 +1300 (NZDT) Received: from spin.lzu.edu.cn ([202.201.0.131]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id XAA25187; Mon, 1 Dec 1997 23:03:33 +1300 (NZDT) Received: (from luxd@localhost) by spin.lzu.edu.cn (8.8.5/8.8.5) id SAA24047; Mon, 1 Dec 1997 18:02:12 +0800 (CST) Date: Mon, 1 Dec 1997 18:02:12 +0800 (CST) From: Lu Xiao-Dong Message-Id: <199712011002.SAA24047@spin.lzu.edu.cn> To: n.brownlee@auckland.ac.nz, netramet@auckland.ac.nz Subject: Re: NeTraMet 4.1.0 now available Sender: netramet-owner@auckland.ac.nz Precedence: bulk Dear Mr. Brownlee, I am a student in Network Center of Lanzhou University. I used the NeTraMet3.4 before. I download the NeTraMet 4.1b last month. I want to install it on my Meter(486DX66, OS is Linux 1.2.3, 8M RAM), but have some problems. I followed the step as ../autoconf/INSTALL said. When I ran make, it has some error: cc -o NeMaC nmc.o nmc_pars.o nmc_snmp.o ../snmplib/libsnmp.a -lresolv -lnsl -lsocket -L/usr/local/lib ld:cannot open -lresolv : No such file or directory make:*** [NeMaC] Error/ I donnot know how to solve it. Please help me. Thanks a lot. Yours sincerely, Lu Xiaodong From netramet-owner Wed Dec 3 06:16:17 1997 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id GAA08917 for netramet-outgoing; Wed, 3 Dec 1997 06:12:29 +1300 (NZDT) Received: from artemis.rus.uni-stuttgart.de (artemis.rus.uni-stuttgart.de [129.69.18.28]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id GAA08911 for ; Wed, 3 Dec 1997 06:12:22 +1300 (NZDT) Received: from kssun2.rus.uni-stuttgart.de (kssun2.rus.uni-stuttgart.de [129.69.30.63]) by artemis.rus.uni-stuttgart.de (8.8.7/8.8.7) with ESMTP id SAA05462 for ; Tue, 2 Dec 1997 18:12:19 +0100 (MET) env-from (ingo@kssun2.rus.uni-stuttgart.de) Received: (from ingo@localhost) by kssun2.rus.uni-stuttgart.de (8.8.5/8.8.5) id SAA18678 for netramet@auckland.ac.nz; Tue, 2 Dec 1997 18:09:59 +0100 (MET) From: Ingo Seipp Message-Id: <199712021709.SAA18678@kssun2.rus.uni-stuttgart.de> Subject: netramet problem To: netramet@auckland.ac.nz Date: Tue, 2 Dec 1997 18:09:58 +0100 (MET) X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hello all, I'm currently trying to reimplement a previously working netramet installation on Linux. I've also already tried to newly implement it. But when I start NeTraMet like this: > ./NeTraMet -w hallo NeTraMet: Network Traffic Meter V4.1 Running on ksat23.rus.uni-stuttgart.de, interface eth0 and then try to run NeMaC I get one of these outputs: > ./NeMaC -c30 -rnetramet/ntm41/examples/rules.sample localhost hallo Using MIB file: /home/ingo/netramet/ntm41/mib/mib.txt >>> No SET statement in rule file netramet/ntm41/examples/rules.sample No meters to monitor !!! > > ./NeMaC -c30 -rnetramet/ntm41/examples/rules.sample localhost hallo Using MIB file: /home/ingo/netramet/ntm41/mib/mib.txt reader_util(): Error in packet, reason = inconsistentValue flowMIB.flowControl.flowReaderInfoTable.flowReaderInfoEntry.flowReaderRuleSet.2 Community hallo doesn't have write access to meter localhost! Collections won't trigger recovery of idle flows <<< Any help would be appreciated. cheerio Ingo P.S. After initially encountering similar problems on Solaris, those problems faded and netramet is running there now. From netramet-owner Thu Dec 4 06:05:01 1997 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id GAA05987 for netramet-outgoing; Thu, 4 Dec 1997 06:01:50 +1300 (NZDT) Received: from artemis.rus.uni-stuttgart.de (artemis.rus.uni-stuttgart.de [129.69.18.28]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id GAA05981 for ; Thu, 4 Dec 1997 06:01:45 +1300 (NZDT) Received: from kssun2.rus.uni-stuttgart.de (kssun2.rus.uni-stuttgart.de [129.69.30.63]) by artemis.rus.uni-stuttgart.de (8.8.7/8.8.7) with ESMTP id SAA04647 for ; Wed, 3 Dec 1997 18:01:41 +0100 (MET) env-from (ingo@kssun2.rus.uni-stuttgart.de) Received: (from ingo@localhost) by kssun2.rus.uni-stuttgart.de (8.8.5/8.8.5) id RAA19812 for netramet@auckland.ac.nz; Wed, 3 Dec 1997 17:59:22 +0100 (MET) From: Ingo Seipp Message-Id: <199712031659.RAA19812@kssun2.rus.uni-stuttgart.de> Subject: netramet problem To: netramet@auckland.ac.nz Date: Wed, 3 Dec 1997 17:59:21 +0100 (MET) X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk Forwarded message: >From netramet-owner@mailhost.auckland.ac.nz Tue Dec 2 20:32 MET 1997 From: Ingo Seipp Message-Id: <199712021709.SAA18678@kssun2.rus.uni-stuttgart.de> Subject: netramet problem To: netramet@auckland.ac.nz Date: Tue, 2 Dec 1997 18:09:58 +0100 (MET) X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk Content-Type: text/plain; charset=US-ASCII Content-Length: 1166 Hello all, I'm currently trying to reimplement a previously working netramet installation on Linux. I've also already tried to newly implement it. But when I start NeTraMet like this: > ./NeTraMet -w hallo NeTraMet: Network Traffic Meter V4.1 Running on ksat23.rus.uni-stuttgart.de, interface eth0 and then try to run NeMaC I get one of these outputs: > ./NeMaC -c30 -rnetramet/ntm41/examples/rules.sample localhost hallo Using MIB file: /home/ingo/netramet/ntm41/mib/mib.txt >>> No SET statement in rule file netramet/ntm41/examples/rules.sample No meters to monitor !!! > > ./NeMaC -c30 -rnetramet/ntm41/examples/rules.sample localhost hallo Using MIB file: /home/ingo/netramet/ntm41/mib/mib.txt reader_util(): Error in packet, reason = inconsistentValue flowMIB.flowControl.flowReaderInfoTable.flowReaderInfoEntry.flowReaderRuleSet.2 Community hallo doesn't have write access to meter localhost! Collections won't trigger recovery of idle flows <<< Any help would be appreciated. cheerio Ingo P.S. After initially encountering similar problems on Solaris, those problems faded and netramet is running there now. From netramet-owner Thu Dec 4 10:17:44 1997 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id KAA27092 for netramet-outgoing; Thu, 4 Dec 1997 10:15:38 +1300 (NZDT) Received: from n.browlee5.itss.auckland.ac.nz (n.brownlee5.itss.auckland.ac.nz [130.216.4.79]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id KAA27053 for ; Thu, 4 Dec 1997 10:15:30 +1300 (NZDT) From: Nevil Brownlee To: netramet@auckland.ac.nz Subject: Missed packets V4.1 Linux-2.0.20 Message-ID: Date: Thu, 4 Dec 1997 10:20:14 +1300 (New Zealand Daylight Time) Priority: NORMAL X-Mailer: Simeon for Win32 Version 4.1 Build (3) X-Authentication: none MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk --- Begin Forwarded Message --- >From netramet-owner Tue Dec 2 02:17:43 1997 Received: from nc3a.nato.int (issun3.nc3a.nato.int [192.41.140.225]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id CAA00608 for ; Tue, 2 Dec 1997 02:17:41 +1300 (NZDT) Received: from compc12 (compc12.nc3a.nato.int) by nc3a.nato.int with SMTP id AA23979 (5.67b/IDA-1.5 for ); Mon, 1 Dec 1997 14:15:08 +0100 Message-Id: <2.2.32.19971201142223.0034a0c4@nc3a.nato.int> X-Sender: selm@nc3a.nato.int X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 01 Dec 1997 15:22:23 +0100 To: netramet@auckland.ac.nz From: Marc van Selm Subject: Missed packets V4.1 Linux-2.0.20 Does anyone have experience with the V4.1 meter on Linux yet? I have a kit running with 2 NIC's on Linux-2.0.20 (20Mb ram, ISA 3Com etherlink III) and am missing about 40% of the packets (network-load <500kbps). V3.3 nicely keeps up with our internet-traffic but 4.1 not. I asume my platform is a bit to slow but I like to hear other experiences. So does anyone already try NeTraMet on Linux? Marc --------------------------------------------------------------------- Marc van Selm NATO C3 Agency Communication Systems Division, A-Branch E-Mail: marc.van.selm@nc3a.nato.int --------------------------------------------------------------------- Private: selm@cistron.nl, selm@het.net, http://www.cistron.nl/~selm --- End Forwarded Message --- +---------------------------------------------------------------------+ | Nevil Brownlee Director, Technology Development | | Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland | | FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand | +---------------------------------------------------------------------P From netramet-owner Thu Dec 4 10:17:44 1997 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id KAA26907 for netramet-outgoing; Thu, 4 Dec 1997 10:14:15 +1300 (NZDT) Received: from n.browlee5.itss.auckland.ac.nz (n.brownlee5.itss.auckland.ac.nz [130.216.4.79]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id KAA26900 for ; Thu, 4 Dec 1997 10:14:13 +1300 (NZDT) From: Nevil Brownlee To: netramet@auckland.ac.nz Subject: Re: NeTraMet 4.1.0 now available Message-ID: Date: Thu, 4 Dec 1997 10:18:57 +1300 (New Zealand Daylight Time) Priority: NORMAL X-Mailer: Simeon for Win32 Version 4.1 Build (3) X-Authentication: none MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk --- Begin Forwarded Message --- Received: from nc3a.nato.int (issun3.nc3a.nato.int [192.41.140.225]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id CAA00529 for ; Tue, 2 Dec 1997 02:15:21 +1300 (NZDT) Received: from compc12 (compc12.nc3a.nato.int) by nc3a.nato.int with SMTP id AA23887 (5.67b/IDA-1.5 for ); Mon, 1 Dec 1997 14:08:42 +0100 Message-Id: <2.2.32.19971201141617.00341f88@nc3a.nato.int> X-Sender: selm@nc3a.nato.int X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 01 Dec 1997 15:16:17 +0100 To: Lu Xiao-Dong From: Marc van Selm Subject: Re: NeTraMet 4.1.0 now available Cc: netramet@auckland.ac.nz At 06:02 PM 12/1/97 +0800, you wrote: >Dear Mr. Brownlee, >I am a student in Network Center of Lanzhou University. I used the >NeTraMet3.4 before. I download the NeTraMet 4.1b last month. I want >to install it on my Meter(486DX66, OS is Linux 1.2.3, 8M RAM), but >have some problems. I followed the step as ../autoconf/INSTALL said. >When I ran make, it has some error: > >cc -o NeMaC nmc.o nmc_pars.o nmc_snmp.o ../snmplib/libsnmp.a -lresolv >-lnsl -lsocket -L/usr/local/lib >ld:cannot open -lresolv : No such file or directory >make:*** [NeMaC] Error/ > >I donnot know how to solve it. Please help me. You are missing the libresolv. Try to locate it on your machine and add the directory with -L/resolvdir If you don't have libresolv start looking for bind and get it compiled and installed. Good luck! Marc --------------------------------------------------------------------- Marc van Selm NATO C3 Agency Communication Systems Division, A-Branch E-Mail: marc.van.selm@nc3a.nato.int --------------------------------------------------------------------- Private: selm@cistron.nl, selm@het.net, http://www.cistron.nl/~selm --- End Forwarded Message --- +---------------------------------------------------------------------+ | Nevil Brownlee Director, Technology Development | | Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland | | FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand | +---------------------------------------------------------------------P From netramet-owner Tue Dec 9 16:35:55 1997 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id QAA26721 for netramet-outgoing; Tue, 9 Dec 1997 16:31:24 +1300 (NZDT) Received: from linux1.americasnet.com (linux1.americasnet.com [207.155.121.128]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id QAA26706; Tue, 9 Dec 1997 16:31:16 +1300 (NZDT) Received: from localhost (ricardo@localhost) by linux1.americasnet.com (8.8.7/8.7.3) with SMTP id TAA10351; Mon, 8 Dec 1997 19:38:22 -0800 Date: Mon, 8 Dec 1997 19:38:09 -0800 (PST) From: Ricardo Kleemann To: Nevil Brownlee , netramet@auckland.ac.nz Subject: How to use the flows file? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi! I've been running NeTraMet for some days now, using the rules.ipport example, and I have an 80 megabyte flows file ;) My question now is... What do I do with it? How do I use it or how do I use the filter programs to obtain relevant information? Is there a simple way to process the flows file and obtain a meaningful output file? What kind of reporting and/or output can I obtain? Can I create an output file which might be suitable for using as input to a graphing program? I'm confused as how to analyze the flows file, how to make anything legible out of it. Help! ;) Thanks Ricardo From netramet-owner Tue Dec 9 18:18:21 1997 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id SAA04667 for netramet-outgoing; Tue, 9 Dec 1997 18:17:49 +1300 (NZDT) Received: from nevil.dc.ietf.org (stat3-42.dc.ietf.org [166.49.3.42]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id SAA04635; Tue, 9 Dec 1997 18:17:06 +1300 (NZDT) From: Nevil Brownlee Reply-To: n.brownlee@auckland.ac.nz To: etschang@zsu.edu.cn cc: netramet@auckland.ac.nz, etschang@zsu.edu.cn Subject: re: Linux meter only seeing broadcast packets Message-ID: Date: Tue, 9 Dec 1997 18:10:20 +1300 (New Zealand Daylight Time) Priority: NORMAL X-Mailer: Simeon for Win32 Version 4.1.1 Build (16) X-Authentication: none MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hello Erltsung Schang: > I installed NeTraMet 4.1 on my DECpc axp150 running Digital UNIX 3.2C > (Alpha CPU, 32M RAM, DEC EISA ethernet adapter, enable packagefilter > kernel option and rebuild kernel, NeTraMet can't work if no this > option), and I found that NeMaC can log broadcast messages only. My > rules as following: ... > But the rule can work on Linux 2.0.0 with NeTraMet 3.4. > Does anyone have any comments about my problem? Thanks in advance. > > Erltsung Schang > ------------------------------------------------------------------- > > Erltsung Schang > Network Center of Zhongshan (Sun Yat-sen) University > Guangzhou, GD 510275 > China > Phone: 86-20-84184905 Fax: 86-20-84193772 Do you have root priviliege when running NeTraMet on your Alpha? If you don't, libpcap (which NeTraMet uses to see the packet headers) can only see packets to/from the hst it's running on (which of course includes broadcasts). Cheers, Nevil +---------------------------------------------------------------------+ | Nevil Brownlee Director, Technology Development | | Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland | | FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand | +---------------------------------------------------------------------P From netramet-owner Fri Dec 12 18:34:37 1997 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id SAA26775 for netramet-outgoing; Fri, 12 Dec 1997 18:30:34 +1300 (NZDT) Received: from nevil.dc.ietf.org (stat3-42.dc.ietf.org [166.49.3.42]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id SAA26770 for ; Fri, 12 Dec 1997 18:30:30 +1300 (NZDT) From: Nevil Brownlee Reply-To: n.brownlee@auckland.ac.nz To: netramet@auckland.ac.nz Subject: re: Help! Make error Message-ID: Date: Tue, 2 Jan 1990 18:28:46 +1300 (New Zealand Daylight Time) Priority: NORMAL X-Mailer: Simeon for Win32 Version 4.1.1 Build (16) X-Authentication: none MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hello Richard: > I get the following error when trying to make the manager under > Solaris 2.5. > In file included from ../../src/manager/nmc.c:39: > ../../src/manager/nmc_c64.h:83: #error sizeof(long) not 4 or 8 > <<<<<<<< > *** Error code 1 > make: Fatal error: Command failed for target `nmc.o' > > I'm using gcc. The SNMP and apps make correctly. > > Richard Jacobs (rjacobs@jungle.bt.uk) The message means that SIZEOF_LONG hasn't been defined. This is done in the Makefile, at least in the makefiles generated by autoconfig. Are you using the autoconfig-generated Makefiles? If you are using the Makefiles in the Solaris directories it should all work. If you are using autoconfig (as recommended in the Release Notes), have you deleted the old configure cache data? Cheers, Nevil +---------------------------------------------------------------------+ | Nevil Brownlee Director, Technology Development | | Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland | | FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand | +---------------------------------------------------------------------P From netramet-owner Sat Dec 13 02:09:28 1997 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id CAA09358 for netramet-outgoing; Sat, 13 Dec 1997 02:06:32 +1300 (NZDT) Received: from psasolar.psa.pencom.com (psasolar.psa.pencom.com [204.217.199.14]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id CAA09352 for ; Sat, 13 Dec 1997 02:06:28 +1300 (NZDT) Received: from localhost (casey@localhost) by psasolar.psa.pencom.com (VER/What/1.0) with SMTP id HAA06737 for ; Fri, 12 Dec 1997 07:06:24 -0600 (CST) X-Authentication-Warning: psasolar.private.psa.pencom.com: casey owned process doing -bs Date: Fri, 12 Dec 1997 08:06:24 -0500 (EST) From: Casey Ajalat To: netramet@auckland.ac.nz Subject: re: Help! Make error In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk I had the same problem even after I followed the directions. I believe that this is due to a non-standard environment (which is what I had). The way I fixed the problem was before I went through all the steps that Nevel outlined I defined an environment variable for the compiler i.e: setenv CC gcc (or CC=gcc; export CC) Then at this point I ran the ./configure script and followed the rest of the instructions. It should work for you then. Casey On Tue, 2 Jan 1990, Nevil Brownlee wrote: |Hello Richard: | |> I get the following error when trying to make the manager under |> Solaris 2.5. | |> In file included from ../../src/manager/nmc.c:39: |> ../../src/manager/nmc_c64.h:83: #error sizeof(long) not 4 or 8 |> <<<<<<<< |> *** Error code 1 |> make: Fatal error: Command failed for target `nmc.o' |> |> I'm using gcc. The SNMP and apps make correctly. |> |> Richard Jacobs (rjacobs@jungle.bt.uk) | |The message means that SIZEOF_LONG hasn't been defined. This |is done in the Makefile, at least in the makefiles generated by |autoconfig. | |Are you using the autoconfig-generated Makefiles? If you are |using the Makefiles in the Solaris directories it should all work. |If you are using autoconfig (as recommended in the Release Notes), |have you deleted the old configure cache data? | |Cheers, Nevil | |+---------------------------------------------------------------------+ || Nevil Brownlee Director, Technology Development | || Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland | || FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand | |+---------------------------------------------------------------------P | | -- ___ / _/__ | Casey Ajalat / casey@colltech.com / /_/ /_ | Voice: (617) 873-5629 / /_ __/ | Pager: 1-800-759-8888 # 8799493 \__/o/llective | On Site at GTE Internetworking, Powered by BBN \_\echnologies | --------[ http://www.colltech.com ]--------- From netramet-owner Sat Dec 13 02:26:50 1997 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id CAA09789 for netramet-outgoing; Sat, 13 Dec 1997 02:25:22 +1300 (NZDT) Received: from zsulink.zsu.edu.cn (zsulink.zsu.edu.cn [202.116.64.1]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id CAA09783; Sat, 13 Dec 1997 02:25:00 +1300 (NZDT) Received: from incnt1 (incnt1 [202.116.64.31]) by zsulink.zsu.edu.cn (8.8.5/8.8.5) with ESMTP id VAA24028; Fri, 12 Dec 1997 21:25:09 +0800 (GMT) Message-ID: <34913B45.3DBC20C5@zsu.edu.cn> Date: Fri, 12 Dec 1997 21:25:25 +0800 From: Erltsung Schang X-Mailer: Mozilla 4.01 [en] (WinNT; I) MIME-Version: 1.0 To: n.brownlee@auckland.ac.nz, "netramet@auckland.ac.nz" Subject: Re: meter only seeing broadcast packets X-Priority: 3 (Normal) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi Nevil, > Do you have root priviliege when running NeTraMet on your Alpha? > If you don't, libpcap (which NeTraMet uses to see the packet > headers) can only see packets to/from the hst it's running on (which > of > course includes broadcasts). Sure, I login as root, and run NeTraMet and NeMaC. I installed a new version libpcap 0.4a5 today (I used libpcap-0.2.1 before), and re-compiled NeTraMet and NeMaC, but unfortunately, it logs broadcast only. Do you have any other comments? Thanks in advance. Erltsung Schang ------------------------------------------------------------------- Erltsung Schang Network Center of Zhongshan (Sun Yat-sen) University Guangzhou, GD 510275 China Phone: 86-20-84184905 Fax: 86-20-84193772 ------------------------------------------------------------------- From netramet-owner Thu Dec 18 20:06:12 1997 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id UAA09646 for netramet-outgoing; Thu, 18 Dec 1997 20:02:58 +1300 (NZDT) Received: from linux1.americasnet.com (linux1.americasnet.com [207.155.121.128]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id UAA09637; Thu, 18 Dec 1997 20:02:48 +1300 (NZDT) Received: from localhost (ricardo@localhost) by linux1.americasnet.com (8.8.7/8.7.3) with SMTP id XAA23913; Wed, 17 Dec 1997 23:09:09 -0800 Date: Wed, 17 Dec 1997 23:09:08 -0800 (PST) From: Ricardo Kleemann To: Nevil Brownlee cc: netramet@auckland.ac.nz Subject: using fd_filter and other utilities In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi guys, I'm trying to get some help on how to use the utilities. I have a large flow file which I want to analyze but I'm not sure how to use fd_filter. Can someone provide me with a "format file" for use with fd_filter? What format will fd_filter leave the information in? Thanks Ricardo From netramet-owner Sat Dec 20 03:39:09 1997 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id DAA17581 for netramet-outgoing; Sat, 20 Dec 1997 03:36:02 +1300 (NZDT) Received: from skye.nis.newscorp.com (skye.nis.newscorp.com [206.15.111.99]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id DAA17570 for ; Sat, 20 Dec 1997 03:35:57 +1300 (NZDT) Received: (from dobrich@localhost) by skye.nis.newscorp.com (8.8.6/8.7.2) id JAA25192; Fri, 19 Dec 1997 09:37:23 -0500 (EST) Date: Fri, 19 Dec 1997 09:37:23 -0500 (EST) From: Greg Dobrich Message-Id: <199712191437.JAA25192@skye.nis.newscorp.com> To: netramet@auckland.ac.nz Subject: metering busy fddi Cc: dobrich@newscorp.com X-Sun-Charset: US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi, I'm running netramet on a solaris sparc 20. Both the meter and manager run on this machine. The meter has been running on several fddi rings which vary in utilization. Initially the meter was on a very busy backbone ring (peaking to maybe 80 mbps and averaging around 40 mpbs). My ruleset was devised to measure only outbound packets from 2 ftp servers (this is unusual for netramet I understand but it is how we bill our customers who house servers here). In this configuration when compared against the servers calculations of bytes served (via ftp) netramet was 4 - 8% low, although it was counting 70 - 80 gig per day. After making the collection time more frequent with no effect, I moved the meter to the subsidiary ring one of the servers was on. This ring had much less traffic (peaks to 36, average 14) and I hoped the servers figures and netramets figures would come closer (I believe netramet counts header bytes so it should have shown larger actually). It still appears as if I'm around 8% low on netramet (calculated using a much smaller sample). The sparc 20 is very lightly loaded so I'm not sure where the problem might be and I'm puzzled as to why moving the meter to a network loaded to half the original didnt change the differential at all if in fact it is a performance issue (unless the drop threshold is below the level of traffic on the subsidiary ring and is flat thereafter). Any one have any ideas on how to proceed? Thanks, --Greg ----------------------------------------------------------------------------- Greg Dobrich Senior Network Engineer News Internet Services 978 551 1007 Lowell, MA From netramet-owner Tue Dec 23 16:50:13 1997 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id QAA13173 for netramet-outgoing; Tue, 23 Dec 1997 16:44:26 +1300 (NZDT) Received: from linux1.americasnet.com (linux1.americasnet.com [207.155.121.128]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id QAA13160 for ; Tue, 23 Dec 1997 16:44:20 +1300 (NZDT) Received: from localhost (ricardo@localhost) by linux1.americasnet.com (8.8.7/8.7.3) with SMTP id TAA09070 for ; Mon, 22 Dec 1997 19:50:32 -0800 Date: Mon, 22 Dec 1997 19:50:29 -0800 (PST) From: Ricardo Kleemann To: netramet@auckland.ac.nz Subject: still having probs with fd_filter. Please Help! Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi guys, I'm sorry if I keep going over this but I still haven't made much progress in getting an output that makes sense. I really can't tell if the data output from fd_filter makes sense, and if so, how would I use fd_extract to make sense of it? Can someone help me out?? I've included some sample flow data and a format file for fd_filter. I collected data for all the ports in rules.ipport and set up (at least attempted) the fd_filter to show packtes for nntp. Here's a sample portion of my flows file, which was obtained using the rules.ipport example: ================================================================= 15 180 67592 1 6 23 0 4 315 0 0 15 181 67592 1 17 718 2049 9 1930 9 1034 15 182 67592 1 6 1062 6667 1 60 1 209 15 183 67594 1 6 6667 1217 1 54 1 489 15 184 67594 1 6 119 0 73 29340 0 0 15 185 67595 1 6 1088 6667 1 60 0 0 15 186 67598 1 6 1027 6667 1 60 1 209 15 187 67600 1 6 24705 7002 1 60 1 592 15 188 67602 1 6 12386 7002 2 120 1 592 15 189 67604 1 6 4606 6667 1 60 0 0 15 190 67608 1 6 1271 6667 1 60 1 209 15 191 67612 1 6 1446 6667 1 60 0 0 15 192 67614 1 6 7002 24386 1 60 1 513 15 193 67616 1 6 1369 6667 1 60 0 0 15 194 67621 1 17 137 137 1 110 0 0 15 195 67624 1 6 1073 7070 1 1514 1 54 15 196 67629 1 6 2605 6667 1 60 0 0 15 197 67630 1 6 5000 6667 1 60 0 0 15 198 67632 1 6 6667 1345 1 1351 0 0 15 199 67632 6 0 0 0 2 120 0 0 15 200 67636 1 6 25 0 6 389 0 0 15 201 67636 1 6 1043 6667 1 60 0 0 15 202 67639 1 6 1056 6667 1 60 0 0 15 203 67639 1 6 1080 6667 2 120 0 0 15 204 67640 1 6 1028 6667 3 180 0 0 15 205 67643 1 6 1029 6667 1 60 0 0 15 206 67643 1 6 1052 6667 1 60 0 0 15 207 67644 1 6 1193 6667 1 60 0 0 15 208 67645 1 6 1047 6667 1 60 0 0 15 209 67645 1 6 1310 6667 1 60 0 0 15 210 67648 1 6 1026 6667 2 120 0 0 15 211 67650 1 6 1597 7000 1 60 0 0 15 212 67651 1 17 1031 21461 1 60 0 0 15 213 67651 1 17 1033 52674 1 60 0 0 15 214 67652 1 6 1075 6667 1 60 0 0 15 215 67654 1 6 1235 6667 1 60 1 209 15 216 67655 1 6 1046 6667 1 60 1 110 15 217 67656 1 6 1038 6667 1 60 0 0 ========================================================== and here's my format file for fd_filter: Format: TagNbr SourcePeerType "\t" ToOctetRate FromOctetRate; Tag 1: SourcePeerType=IP; Tag 2: SourceTransType=tcp; Tag 3: DestTransAddress=nntp; =========================================================== And here's what I got as output from fd_filter: Does this data look correct? How would I use it? If, for example, I wanted to have a file that looked like: Unix_Time inOctets outOctets How could I do that? Thanks again, here's the fd_filter output... 1 1 3451 0 1 1 8926 8074 1 1 670 1236 1 1 1946 5410 1 1 697580 0 1 1 1304 2348 1 1 960 8734 1 1 1200 12067 1 1 572 887 1 1 360 960 1 1 277 299 1 1 15048 4814 1 1 430 1080 1 1 3100 0 1 1 21628 1512 1 1 935 1878 1 1 416 714 1 1 8748 690 1 1 114 0 1 1 1299 2939 1 1 362 1021 1 1 259 544 1 1 680 3240 1 1 1686 3910 1 1 692 1775 1 1 681 1402 1 1 360 1264 1 1 593 1020 1 1 1954 4601 1 1 274 478 1 1 900 0 1 1 900 0 1 1 180 1000 1 1 240 592 1 1 0 110 1 1 540 1156 1 1 300 921 1 1 2258 300 1 1 385 1262 1 1 1232 540 1 1 398 0 1 1 215 120 1 1 1073 420 1 1 323 294 1 1 269 198