README for the cygwin (MS Windows) version of NeTraMet

v4.4, Mon 25 Feb 02 (PST)


1) INTRODUCTION, COPYRIGHT

MS Windows NeTraMet uses cygwin to provide a Unix-style environment
within Windows, WinPcap to provide access to raw packet headers, and
libpcap to interface between WinPcap and cygwin.

 NeTraMet is free software, distributed under the terms of the
       GNU Public License (GPL).
    http://www.auckland.ac.nz/net/NeTraMet

 cygwin is free software, distributed under the terms of the
       GNU Public License (GPL).
    http://cygwin.com

 WinPcap uses a BSD-style license, "NeTraMet includes software
       developed by the Politecnico di Torino, and its contributors."
    http://netgroup-serv.polito.it/winpcap

 libpcap came originally from LBL, the tcpdump/libpcap page provides
       more recent updates to it.
    http://tcpdump.org

I have produced libpcap-0.7n, a cygwin port of libpcap-0.7, rather than
attempt to use WinPcap.  That's because WinPcap provides a Win32-specific
API; it doesn't work with cygwin.


If you want to just download and run the windows binary version of
NeTraMet, you should
 - install cygwin, with a minimal set of its components
   (following the instructions given below)
 - download NTM44_CYGWIN.ZIP to your cygwin HOME directory,
   and unzip it

If you want to build NeTraMet, you'll need to
- install cygwin as above, but also install gcc, bison and flex
- download, configure and build libpcap for cygwin
- download, configure and build NeTraMet


2) CONTETS OF NETRAMET BINARY DISTRIBUTION

The binary distribution of Windows NeTraMet contains the following
files:

 README          This file (includes INSTALL instructions)

 if_list.exe     Lists interfaces visible to WinPcap
 look_tst.exe    Tests that NeTraMet can determine your
                   hosts's IP address

 NeTraMet.exe    NeTraMet traffic meter program
 NeTraMet.sh     Shell script to specify NeTraMet command-line options

 NeFlowMet.exe   NeTraMet, using NetFlow as packet data source
 LfapMet.exe     NeTraMet, using LFAP as packet data source

 srl.exe         SRL compiler.  Makes .rules files from .srl programs
 ip.srl          Sample srl program to collect "all IP flows"

 mib.txt         SNMP MIB.  Describes the meter.  Needed by NeMaC

 nm_st.exe       Status test program, for verifying meter is running
 nm_rc.exe       'On-screen' manager program, for testing rulesets

 NeMaC.exe       'Batch' manager/meter reader program.
                   For collecting flow data from NeTraMet meter.
                   See NeTraMet manual for detailed information
 NeMaC.sh        Shell script to specify NeMaC command-line options

 fd_filter       Computes differences between meter readings in
                   NeMaC's flow data files


3) INSTALLING A MINIMAL CONFIGURATION OF CYGWIN

a) Make c:\cygwin and c:\cygwin\packages directories
    Point browser to http://cygwin.com,
    use "Install now!" button to download setup.exe into c:\cygwin

b) Double-click c:\cygwin\setup.exe, follow prompts to
    'Select packages to install' screen.
  Click on 'Category' to see packages in that category,
      'New' to pick a version number to download.
    Caution, don't tick the 'Src' box, you don't want to
    download source versions as well as binaries!

    Minimal set of packages:
      Archive: unzip
      Base:    ash, bash, cygwin, diff, fileutils, grep,
               gzip, readline, tar, textutils
      Text:    less
  Click 'next' to download and install your specified packages.
  This should produce a complete Unix-style directory tree,
  and a desktop icon for cygwin.

c) Start cygwin by double-clicking icon on desktop.
    cd /; mkdir home; cd home; mkdir nevil
  Exit cygwin (^D)

d) Edit c:\cygwin\cygwin.bat:
    Add a command to set the (DOS) HOME environment variable,
    after the @echo off;  line
      set HOME=\cygwin\home\nevil

e) Now when you double-click the cygwin icon, it starts in your
  home directory.  You can copy files there, unzip or untar them,
  etc.  Binary files built under cygwin (names ending in .exe)
  should run when you invoke them.


4) GETTING STARTED WITH NETRAMET

a) Make a directory for NeTraMet in your cygwin home directory,
  download cyg_NeTraMet44.tar.gz into that directory.

b) Start cygwin, cd into your NeTraMet directory, untar the
  distribution file, i.e.
    tar zxf cyg_NeTraMet44.tar.gz

c) Test the system as follows:
    i)   ./srl ip.srl
       This will create ip.rules, a simple test ruleset.

   ii)   ./if_list
       This will display a list of your PC's interfaces on
       which NeTraMet can see packet headers.
       By default NeTraMet will choose the first non-PPP
       interface.

  iii) Start NeTraMet via the shell script NeTraMet.sh
         ./NeTraMet.sh
       This starts NeTraMet (the meter) running in cygwin's
       console window.

   iv) Double-click the cygwin icon to start a second cygwin
       console window.  Start NeMaC via its shell scrips
         ./NeMaC/sh

    v) On the NeTraMet window's display you should see messages
       showing you that NeMaC is collecting data from NeTraMet
       once every minute.  It writes this data to a file called
       localhost.flows.001.

   vi) Shut down NeMaC by making its window active then typing
       control-C.

  vii) Shut down NeTraMet by making its window active then typing
       ESC ESC Enter.

 viii) Have a look at the flow data file to check that it contains
       data with IP addresses which are sensible for your network.

d) You are now ready to write SRL programs to collect flows for
  your own network.  There are some sample SRL programs in the
  main NeTraMet distribution file (in the examples/ directory
  SRL is documented in RFC 2723 and in the SRL Manual.

e) Please report any bugs you encounter to
  Nevil Brownlee <[email protected]>

  /* v4.4b6, Fri 25 Feb 00 */