From netramet-owner  Mon Apr 10 21:48:56 2000
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id VAA14819
       for netramet-outgoing; Mon, 10 Apr 2000 21:41:45 +1200 (NZST)
Received: from relay.stc-energy.net (relay.ukrhub.net [212.90.160.3])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id VAA14810
       for <[email protected]>; Mon, 10 Apr 2000 21:41:39 +1200 (NZST)
Received: from premium (premium.itprojects.net [212.90.160.53])
       by relay.stc-energy.net (8.9.3/8.9.3) with SMTP id MAA61135
       for <[email protected]>; Mon, 10 Apr 2000 12:41:36 +0300 (EEST)
       (envelope-from [email protected])
Message-ID: <001b01bfa2d0$f901b840$35a05ad4@premium>
Reply-To: "Egor Korzh" <[email protected]>
From: "Egor Korzh" <[email protected]>
To: <[email protected]>
Subject: NeMaC
Date: Mon, 10 Apr 2000 12:41:40 +0300
MIME-Version: 1.0
Content-Type: text/plain;
       charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.3825.400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.3825.400
Sender: [email protected]
Precedence: bulk

Hi!

I'm trying to get statistics about inter-AS traffic via my router Cisco
7206VXR (IOS 12.0(4)T) with NeMaC rules:

---cut---
IF SourcePeerType == IP SAVE ;
ELSE IGNORE;

SAVE SourceASN;
SAVE DestASN;
COUNT;

SET 5;
FORMAT FlowIndex SourceASN DestASN ToOctets FromOctets;
STATISTICS ;
---cut---

but in result I receive statistics with incorrect AS numbers (2-nd and 3-d
columns):

---cut---
2369 0 63258 13776 191708
           ^^^^^
2371 0 22573 5470 15737
2373 42784 0 53004 20595
2374 0 46860 4038 4151
2378 0 63500 6927 44944
2380 0 25880 1965 4671
2383 34317 0 15738 61751
2386 0 12058 14574 2318
2388 11311 0 13368 2842
2400 5406 0 159438 5173
2408 0 30507 6669 9446
2413 0 57856 295 0
2414 48396 0 908 644
2416 0 5131 713 480
2435 0 64260 6094 21629
2440 0 38688 58 386
2441 0 16928 1619 2615
---cut---

Here my Cisco flow-export config:

---cut---
ip flow-export source FastEthernet0/0
ip flow-export version 5 origin-as
ip flow-export destination x.x.x.x 9996
---cut---

Please, help ...

__
  WBR, Egor Korzh,
       system engineer/administrator of STC Energy network
       +380 (44) 229 6074


From netramet-owner  Thu Apr 13 05:44:51 2000
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id FAA23017
       for netramet-outgoing; Thu, 13 Apr 2000 05:40:34 +1200 (NZST)
Received: from caida.org (ipn.caida.org [192.172.226.30])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id FAA23011
       for <[email protected]>; Thu, 13 Apr 2000 05:40:29 +1200 (NZST)
Received: from localhost (nevil@localhost) by caida.org (8.8.8/8.7.3) with ESMTP id KAA19152 for <[email protected]>; Wed, 12 Apr 2000 10:40:27 -0700 (PDT)
Date: Wed, 12 Apr 2000 10:40:27 -0700 (PDT)
From: Nevil Brownlee <[email protected]>
To: [email protected]
Subject: Re: NeMaC 4.3 ASN problem report
In-Reply-To: <001b01bfa2d0$f901b840$35a05ad4@premium>
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: [email protected]
Precedence: bulk


Hello all:

On Mon, 10 Apr 2000, Egor Korzh wrote:

> I'm trying to get statistics about inter-AS traffic via my router Cisco
> 7206VXR (IOS 12.0(4)T)
 ...
> but in result I receive statistics with incorrect AS numbers
 ...

Egor is using FreeBSF on a PC.  His bad ASNs came from byte-order bugs
in NetFlowMet, they were corrected in release 4.4b4 (which has a lot
of patches for FreeBSD).

The current beta version is 4.4b6, in the beta-versions directory.

Cheers, Nevil

-------------------------------------------------------------
  Nevil Brownlee                     Visiting Researcher
  Phone: (858) 822 0893                 CAIDA, San Diego


From netramet-owner  Sun Apr 30 03:06:36 2000
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id DAA19431
       for netramet-outgoing; Sun, 30 Apr 2000 03:02:45 +1200 (NZST)
Received: from va.com.au (va.com.au [203.15.106.1])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id DAA19424
       for <[email protected]>; Sun, 30 Apr 2000 03:02:43 +1200 (NZST)
Received: from [1.1.1.3] (203.108.214.107) by va.com.au with ESMTP (Eudora
Internet Mail Server 2.2); Sun, 30 Apr 2000 00:32:39 +0930
Mime-Version: 1.0
X-Sender: [email protected]
Message-Id: <v0420550ab530a85308a0@[1.1.1.3]>
In-Reply-To: <[email protected]>
References: <[email protected]>
Date: Sun, 30 Apr 2000 00:58:48 +1000
To: [email protected]
From: Jesse Reynolds <[email protected]>
Subject: NeTraMet with IPFilter on OpenBSD... ???
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: [email protected]
Precedence: bulk

Hi Folx

I'm wondering if it's recommended to run NeTraMet on the same box as
IPFilter, with IPFilter being a choke router (two or three ethernet
interfaces, routing for a web hosting ISP).

I currently have IPFilter running on OpenBSD on a celeron 433 box as
our main border gateway. I'd love to run NeTraMet on this box as
well, to analyse our bandwidth for purposes of working out which
services are costing us the most bandwidth etc....

Has anyone done this, or sililar? Are these two things likely to work
well together?

cheers

jesse


--
      Jesse Reynolds - Virtual Artists Pty Ltd - http://www.va.com.au
            Email: jesse (at) va.com.au        - http://virtual.artists

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.