From netramet-owner  Tue Jan  2 22:49:30 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id WAA26142
       for netramet-outgoing; Tue, 2 Jan 2001 22:43:51 +1300 (NZDT)
Received: from forthnet.gr (athmta01.forthnet.gr [193.92.150.23])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id WAA26137
       for <[email protected]>; Tue, 2 Jan 2001 22:43:48 +1300 (NZDT)
Received: from vulcan.forthnet.gr (vulcan.rd.forthnet.gr [212.251.99.152])
       by forthnet.gr (8.9.3/8.9.3) with ESMTP id LAA14264
       for <[email protected]>; Tue, 2 Jan 2001 11:43:38 +0200
Message-Id: <5.0.2.1.2.20010102113926.022e97e8@pop-forthnet>
X-Sender: gper@pop-forthnet
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Tue, 02 Jan 2001 11:43:25 +0200
To: [email protected]
From: George Perantinos <[email protected]>
Subject: List archives
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: [email protected]
Precedence: bulk

Hi all.
Is there an archive of the the list somewhere on the web?
As I am new to the list, I wouldn't like to bother you with matters that
might have already been discussed in the past...

Thanks,
George


From netramet-owner  Fri Jan  5 10:36:52 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id KAA21080
       for netramet-outgoing; Fri, 5 Jan 2001 10:33:32 +1300 (NZDT)
Received: from extmail2.c-i-s.com (cistechnical254.erols.com [208.58.155.254])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id KAA21075
       for <[email protected]>; Fri, 5 Jan 2001 10:33:29 +1300 (NZDT)
Received: from intern1.c-i-s.com ([10.0.2.1])
       by extmail2.c-i-s.com (8.11.1/8.11.1) with SMTP id f04LWss24142;
       Thu, 4 Jan 2001 16:32:54 -0500
Message-Id: <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
From: cis <[email protected]>
To: [email protected], [email protected]
Subject: NeTraMet to RRD
X-Mailer: Pronto v2.2.1
Date: 04 Jan 2001 16:32:13 EST
Reply-To: cis <[email protected]>
Sender: [email protected]
Precedence: bulk

Greetings NeTraMet Users and RRD-Users,

NeTraMet - Network Traffic Meter and Network Traffic Meter Monitoring setups
allow network traffic categorization and massing of informational statistics
RRDtool - A tool to manipulate Round Robin Databases which are used to store
fixed time frame data and graph the resulting data.
(For anyone on either side who doesnt know)

I am working on a way to integrate these two programs and I was interested in
asking questions to the people who use these tools. If you have anything to say
about any of the topics please reply.

Is there a prexisting link package or common method to join the two?

What would you like to have in such a package (ie features of it's on and
supported features of either project )?

To people who have already attempted such a fusion is there any advice that can
be offered?

--

Jay McCarthy
CIS Technical Services


From netramet-owner  Wed Jan 10 11:39:37 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id LAA09748
       for netramet-outgoing; Wed, 10 Jan 2001 11:33:59 +1300 (NZDT)
Received: from ratel.ru (IDENT:[email protected] [212.30.151.90])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with SMTP id LAA09742
       for <[email protected]>; Wed, 10 Jan 2001 11:33:56 +1300 (NZDT)
From: [email protected]
Received: (qmail 4105 invoked by uid 71); 9 Jan 2001 22:34:03 -0000
Received: from unknown (HELO 212.30.151.51) (212.30.151.51)
 by jumbo.ccs.ru with SMTP; 9 Jan 2001 22:34:03 -0000
Date: Wed, 10 Jan 2001 01:34:00 +0300
X-Mailer: The Bat! (v1.44)
Reply-To: [email protected]
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: [email protected]
Subject: tracking in/out interface
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

Ehllo everyone. Which attribute contain information about destination interface
_on_router_ ( i.e. cisco ), for flow ? ( Serial1/0, Etherren3 etc ).
In the manual no info about it. Thank you.

--
Best regards,
konsul                          mailto:[email protected]



From netramet-owner  Wed Jan 10 21:43:15 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id VAA15465
       for netramet-outgoing; Wed, 10 Jan 2001 21:42:09 +1300 (NZDT)
Received: from forthnet.gr (athmta01.forthnet.gr [193.92.150.23])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id VAA15458
       for <[email protected]>; Wed, 10 Jan 2001 21:42:07 +1300 (NZDT)
Received: from vulcan.forthnet.gr (vulcan.rd.forthnet.gr [212.251.99.152])
       by forthnet.gr (8.9.3/8.9.3) with ESMTP id KAA08404;
       Wed, 10 Jan 2001 10:41:49 +0200
Message-Id: <5.0.2.1.2.20010110103830.02295d08@pop-forthnet>
X-Sender: gper@pop-forthnet
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Wed, 10 Jan 2001 10:41:48 +0200
To: [email protected]
From: George Perantinos <[email protected]>
Subject: Re: tracking in/out interface
Cc: [email protected]
In-Reply-To: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: [email protected]
Precedence: bulk

Hello.
You can find the information you want at the Netramet 4.3 manual, page 10,
paragraph "3.9 General Attributes".
Just in mind that the attribute DestInterface is an snmp ifIndex number and
not the description of the interface (e.g. Serial0/0 etc).

Regards to all,
George

At 00:34 10-01-01, [email protected] wrote:
>Ehllo everyone. Which attribute contain information about destination
>interface
>_on_router_ ( i.e. cisco ), for flow ? ( Serial1/0, Etherren3 etc ).
>In the manual no info about it. Thank you.
>
>--
>Best regards,
>  konsul                          mailto:[email protected]


From netramet-owner  Wed Jan 10 23:31:09 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id XAA20692
       for netramet-outgoing; Wed, 10 Jan 2001 23:30:35 +1300 (NZDT)
Received: from forthnet.gr (athmta02.forthnet.gr [193.92.150.21])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id XAA20685
       for <[email protected]>; Wed, 10 Jan 2001 23:30:33 +1300 (NZDT)
Received: from vulcan.forthnet.gr (vulcan.rd.forthnet.gr [212.251.99.152])
       by forthnet.gr (8.8.8/8.8.5) with ESMTP id MAA07352;
       Wed, 10 Jan 2001 12:30:23 +0200
Message-Id: <5.0.2.1.2.20010110122203.0234f590@pop-forthnet>
X-Sender: gper@pop-forthnet
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Wed, 10 Jan 2001 12:30:20 +0200
To: [email protected]
From: George Perantinos <[email protected]>
Subject: Re[2]: tracking in/out interface
Cc: George Perantinos <[email protected]>, [email protected]
In-Reply-To: <[email protected]>
References: <5.0.2.1.2.20010110103830.02295d08@pop-forthnet>
<5.0.2.1.2.20010110103830.02295d08@pop-forthnet>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: [email protected]
Precedence: bulk

Konsul, first of all, I assume that you are using netflowmet and not
netramet, right?
If so, then what type is your Cisco? (26xx?)
From the log line that you sent me, it looks like you are having a routing
problem...
You cisco has exported a flow with source IP address 212.30.151.111 and
destination address 212.30.151.3. As you mention, these 2 addresses are on
the same interface  (FastEthernet0/0). This flow shouldn't exist at all,
because packets from 212.30.151.111 shouldn't be routed through your cisco
in order to reach destination 212.30.151.3, they are on the same cable.
I suggest that you check your routing first.

Regards,
George

At 12:11 10-01-01, [email protected] wrote:
>Hello George,
>
>Wednesday, January 10, 2001, 11:41:48 AM, you wrote:
>
>GP> Hello.
>GP> You can find the information you want at the Netramet 4.3 manual, page
>10,
>GP> paragraph "3.9 General Attributes".
>GP> Just in mind that the attribute DestInterface is an snmp ifIndex
>number and
>GP> not the description of the interface (e.g. Serial0/0 etc).
>  Yes, i show it. But this attribute always return `1' value ( if rules
>contain SAVE DestInterface dircetive ) or zero value, if not. i.e.
>sample rules example
>--------------------------
>DEFINE ua  = (212.30.151/24, 212.30.170/24);
>IF SourcePeerType == IP SAVE ;
>ELSE IGNORE;  # Not IP
>SAVE SourcePeerAddress/32;
>SAVE DestPeerAddress/32;
>SAVE SourceInterface;
>SAVE DestInterface;
>COUNT;
>SET 5;
>FORMAT FlowRuleSet FlowIndex FirstTime " "
>    SourcePeerType " "
>    SourcePeerAddress DestPeerAddress "  "
>    ToOctets FromOctets SourceInterface DestInterface;
>STATISTICS ;
>-----------
>  and folowing in log:
>----
>  12 12261 13048142 1 212.30.151.111 212.30.151.3  495 690 1 1
>----
>  '1' - it's our internet link, called Serial1/0
>  but packets with source address 212.30.151.0/24 not in Serial1/0
>  subnet, it's a FastEthernet0/0 ...
>
>--
>Best regards,
>  konsul                            mailto:[email protected]


From netramet-owner  Wed Jan 17 05:47:40 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id FAA03941
       for netramet-outgoing; Wed, 17 Jan 2001 05:43:40 +1300 (NZDT)
Received: from forthnet.gr (athmta01.forthnet.gr [193.92.150.23])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id FAA03936
       for <[email protected]>; Wed, 17 Jan 2001 05:43:37 +1300 (NZDT)
Received: from vulcan.forthnet.gr (vulcan.rd.forthnet.gr [212.251.99.152])
       by forthnet.gr (8.9.3/8.9.3) with ESMTP id TAA12866;
       Tue, 16 Jan 2001 19:46:45 +0200
Message-Id: <5.0.2.1.2.20010116181120.022fea88@pop-forthnet>
X-Sender: gper@pop-forthnet
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Tue, 16 Jan 2001 18:43:28 +0200
To: [email protected]
From: George Perantinos <[email protected]>
Subject: firsttime attribute
Cc: [email protected]
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: [email protected]
Precedence: bulk

Hi all.
I am currently running netflowmet on a redhat6.2 box, collecting flows from
a cisco 2600, IOS 12.0. I am exporting netflow ver5 flows.
Here is what i collect:

##NeTraMet v4.4:  -c60 -r ../rules/general.rules  127.0.0.1 udp-9996  20000
flows  starting at 18:30:35 Mon 15 Jan 2001
#Format:
flowruleset  flowindex  firsttime  |  sourcepeeraddress:sourcetransaddress
-> destpeeraddress:desttransaddress  |  tooctets  fromoctets  |  sourceinterfa
ce  destinterface
#Time: 18:30:35 Mon 15 Jan 2001 127.0.0.1 Flows from 0 to 45771
#Ruleset: 2  2 ../rules/general.rules  NeTraMet
#Stats: aps=377 apb=0 mps=9180 mpb=0 lsp=0 avi=100.0 mni=99.0 fiu=22
frc=523 gci=10 rpp=0.0 tpp=0.0 cpt=1.0 tts=16381 tsu=20
2  3699  2575362950  |  212.251.96.163:80 ->
194.219.219.149:1103  |  34304  0  |  2  3
2  3700  1716350078  |  194.219.219.149:1105 ->
212.251.96.163:80  |  9623  51450  |  3  2
2  3701  15163262  |  194.83.240.32:3772 ->
212.251.96.164:80  |  789  349  |  3  2
2  3702  3442676348  |  212.251.96.163:33327 ->
194.83.240.4:53  |  144  0  |  2  3
2  3703  3442676352  |  194.25.2.130:53 ->
212.251.96.163:33327  |  276  0  |  3  2
2  3704  2575320431  |  194.83.240.34:1024 ->
212.251.96.163:53  |  63  210  |  3  2
2  3705  857399152  |  212.251.96.163:80 ->
208.184.149.246:44253  |  3088  0  |  2  3
2  3706  865742215  |  212.251.96.163:51212 ->
194.63.247.208:80  |  458  0  |  2  3
2  3707  6808183  |  212.251.96.163:51213 ->
216.246.5.7:80  |  509  8324  |  2  3
2  3708  1707952506  |  212.251.96.163:51214 ->
192.215.73.2:80  |  594  14080  |  2  3
2  3709  6780537  |  139.91.200.193:3303 ->
212.251.96.163:53  |  1445  4760  |  3  2
2  3710  1716386935  |  195.14.156.60:1221 ->
212.251.96.162:80  |  630  498  |  3  2
2  3711  857347696  |  151.21.72.163:1614 ->
212.251.96.164:80  |  686  0  |  3  2
2  3712  1707952766  |  212.251.96.164:80 ->
195.14.156.60:1227  |  168  0  |  2  3


Take a look at the FirstTime column. There are flows with even 3 orders of
magnitude difference!!!
Does anybody have a clue about this? What does FirstTime represent in
netflowmet files?

Thanx in advance,
George


From netramet-owner  Wed Jan 17 17:45:11 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id RAA27038
       for netramet-outgoing; Wed, 17 Jan 2001 17:43:40 +1300 (NZDT)
Received: from n.browlee5.itss.auckland.ac.nz (n.brownlee5.itss.auckland.ac.nz [130.216.4.79])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with SMTP id RAA27031;
       Wed, 17 Jan 2001 17:43:34 +1300 (NZDT)
From: Nevil Brownlee <[email protected]>
To: George Perantinos <[email protected]>
Cc: [email protected], [email protected]
Subject: Re: firsttime attribute
In-Reply-To: <5.0.2.1.2.20010116181120.022fea88@pop-forthnet>
Message-ID: <[email protected]>
Date: Wed, 17 Jan 2001 17:44:23 +1300 (New Zealand Daylight Time)
Priority: NORMAL
X-Mailer: Simeon for Win32 Version 4.1.4 Build (40)
X-Authentication: IMSP
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Sender: [email protected]
Precedence: bulk


Hello all:

George Perantinos said ..

> I am currently running netflowmet on a redhat6.2 box, collecting flows from
> a cisco 2600, IOS 12.0. I am exporting netflow ver5 flows.
> Here is what i collect:

> 2  3700  1716350078  |  194.219.219.149:1105 -> 212.251.96.163:80  |
9623  51450  |  3  2
> 2  3701  15163262  |  194.83.240.32:3772 ->  212.251.96.164:80  |
789  349  |  3  2
> 2  3709  6780537  |  139.91.200.193:3303 -> 212.251.96.163:53  |
1445  4760  |  3  2

and asked ..

> Take a look at the FirstTime column. There are flows with even 3 orders of
> magnitude difference!!!
> Does anybody have a clue about this? What does FirstTime represent in
> netflowmet files?

Well, RTFM's FirstTime attribute is the time (in SNMP Timeticks, i.e.
centiseconds) the first packet for the flow was observed, with time
origin being the time the meter began running.

These times came from NetFlow data records, it ought to mean that some
of the flows have been active for a very long time, but 3 orders of
magnitude ???  Has anyone else seen this sort of thing?

Cheers, Nevil

+---------------------------------------------------------------------+
| Nevil Brownlee                     Director, Technology Development |
| Phone: +64 9 373 7599 x8941        ITSS, The University of Auckland |
|   FAX: +64 9 373 7021      Private Bag 92019, Auckland, New Zealand |
+---------------------------------------------------------------------P


From netramet-owner  Wed Jan 17 20:16:58 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id UAA23535
       for netramet-outgoing; Wed, 17 Jan 2001 20:15:01 +1300 (NZDT)
Received: from ratel.ru (IDENT:[email protected] [212.30.151.90])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with SMTP id UAA23525
       for <[email protected]>; Wed, 17 Jan 2001 20:14:59 +1300 (NZDT)
From: [email protected]
Received: (qmail 28339 invoked by uid 71); 17 Jan 2001 07:14:45 -0000
Received: from unknown (HELO 212.30.151.51) (212.30.151.51)
 by jumbo.ccs.ru with SMTP; 17 Jan 2001 07:14:45 -0000
Date: Wed, 17 Jan 2001 10:14:38 +0300
X-Mailer: The Bat! (v1.44)
Reply-To: [email protected]
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: [email protected]
Subject: flood mode ?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

Hello everyone, it's again me :) after first configure, i'm set up the
cron job on the host by next shedule: at 0:00 starting the script,
which kill the NeMaC process, compress and move flow data files, and
restart NeMaC (NetFlowMet running always). But yestarday, after
restart, Nemac did not collect any flow to the file, while log-file
contain next string:
09:00:01 Wed 17 Jan 2001 -- Meter 212.30.151.2 in Flood mode!
09:02:00 Wed 17 Jan 2001 -- Meter 212.30.151.2 in Flood mode!
( 2 minits - is collect interval ). I'm kill and restart Nemac, but
this do not has effect.I restart Netramet, and this restore normal functional.
What is this ?

--
Best regards,
konsul                          mailto:[email protected]



From netramet-owner  Wed Jan 17 22:51:02 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id WAA01007
       for netramet-outgoing; Wed, 17 Jan 2001 22:50:11 +1300 (NZDT)
Received: from virgo.cus.cam.ac.uk ([email protected] [131.111.8.20])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id WAA01002
       for <[email protected]>; Wed, 17 Jan 2001 22:50:10 +1300 (NZDT)
Received: from ajms (helo=virgo.cus.cam.ac.uk)
       by virgo.cus.cam.ac.uk with local-esmtp (Exim 3.21 #1)
       id 14IpEF-0001aO-00
       for [email protected]; Wed, 17 Jan 2001 09:50:07 +0000
To: [email protected]
Subject: Re: firsttime attribute
In-reply-to: Your message of "Wed, 17 Jan 2001 17:44:23 +1300."
            <[email protected]>
From: "Tony Stoneley" <[email protected]>
Date: Wed, 17 Jan 2001 09:50:07 +0000
Message-Id: <[email protected]>
Sender: [email protected]
Precedence: bulk

>These times came from NetFlow data records, it ought to mean that some
>of the flows have been active for a very long time, but 3 orders of
>magnitude ???  Has anyone else seen this sort of thing?

I think so, though it's way back in my memory. I had cause to
poke in this area when beset by an overflow problem long ago.

I believe the NetFlow data fields(*) in question are
ulong SysUptime;        /* Current time in msecs since router booted */
and
ulong First;           /* SysUptime at start of flow */

Note CISCO's use of millisecs rather than SNMP's use of centisecs.
If I've done the sums right and not tripped over overflows in the
process, these fields will overflow (wrap) after about seven weeks,
which is not an impossibly long time for a router to stay up or for
a trickle flow to persist.

(*) See
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm

--
Tony Stoneley            Email:  [email protected]
Computing Service        Phone:  +44 1223 334710
Cambridge University

From netramet-owner  Thu Jan 18 01:51:08 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id BAA08193
       for netramet-outgoing; Thu, 18 Jan 2001 01:50:15 +1300 (NZDT)
Received: from forthnet.gr (athmta01.forthnet.gr [193.92.150.23])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id BAA08187
       for <[email protected]>; Thu, 18 Jan 2001 01:50:12 +1300 (NZDT)
Received: from vulcan.forthnet.gr (vulcan.rd.forthnet.gr [212.251.99.152])
       by forthnet.gr (8.9.3/8.9.3) with ESMTP id PAA13799
       for <[email protected]>; Wed, 17 Jan 2001 15:53:37 +0200
Message-Id: <5.0.2.1.2.20010117142347.0231b358@pop-forthnet>
X-Sender: gper@pop-forthnet
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Wed, 17 Jan 2001 14:40:31 +0200
To: [email protected]
From: George Perantinos <[email protected]>
Subject: Re: firsttime attribute
In-Reply-To: <[email protected]>
References: <Your message of "Wed, 17 Jan 2001 17:44:23 +1300." <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: [email protected]
Precedence: bulk

At 11:50 17-01-01, Tony Stoneley wrote:
> >These times came from NetFlow data records, it ought to mean that some
> >of the flows have been active for a very long time, but 3 orders of
> >magnitude ???  Has anyone else seen this sort of thing?
>
>I think so, though it's way back in my memory. I had cause to
>poke in this area when beset by an overflow problem long ago.
>
>I believe the NetFlow data fields(*) in question are
>ulong SysUptime;        /* Current time in msecs since router booted */
>and
>ulong First;           /* SysUptime at start of flow */
>
>Note CISCO's use of millisecs rather than SNMP's use of centisecs.
>If I've done the sums right and not tripped over overflows in the
>process, these fields will overflow (wrap) after about seven weeks,
>which is not an impossibly long time for a router to stay up or for
>a trickle flow to persist.


Tony, thanx for your answer, but I have already examined these cases.
Moreover, I upgraded my IOS this morning from 12.0.7 to 12.0.15, but the
result is still the same. I mean that although my system uptime is only
some hours (rebooted today to activate new IOS image), the FirstTime
attributes I collect have even 10 digit numbers (which means that I have
flows more than 277 hours old...).
Take a look (FirstTime is the third column, FlowIndex is the second):

11  20  3858713111  |  212.251.96.164:7000 ->
194.219.219.17:1041  |  356  120  |  2  3
11  21  20608  |  212.251.96.164:80 -> 212.205.64.10:3959  |  309  0  |  2  3
11  22  3435928602  |  151.196.0.37:53 ->
212.251.96.163:1024  |  948  0  |  3  2
11  23  867428616  |  212.251.96.163:80 ->
195.97.116.91:1911  |  48  0  |  2  3


I'm begining to suspect either an arithmetic error somewhere (Linux or
Netflowmet) or a cisco bug.

Allow me to state another question to the list:
Is there anybody here collecting flows from a cisco and gets reasonable
FirstTime attributes?


>(*) See
>http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm
>
>--
>Tony Stoneley            Email:  [email protected]
>Computing Service        Phone:  +44 1223 334710
>Cambridge University


From netramet-owner  Sat Jan 27 03:11:42 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id DAA21842
       for netramet-outgoing; Sat, 27 Jan 2001 03:06:05 +1300 (NZDT)
Received: from relay.inside-gmbh.com (fw.big-netz.de [195.126.133.2])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id DAA21834
       for <[email protected]>; Sat, 27 Jan 2001 03:06:03 +1300 (NZDT)
From: [email protected]
Received: from matrix.inside-gmbh.com ([10.100.140.23])
       by relay.inside-gmbh.com with esmtp (Exim 3.15 #4)
       id 14M9Vn-0006O1-00
       for [email protected]; Fri, 26 Jan 2001 15:05:59 +0100
Subject: Bug in NeTraMet package
To: [email protected]
X-Mailer: Lotus Notes Release 5.0.3 (Intl) 21 March 2000
Message-ID: <[email protected]>
Date: Fri, 26 Jan 2001 15:06:00 +0100
X-MIMETrack: Serialize by Router on matrix/insIDe-GmbH(Release 5.0.4 |June 8, 2000) at
26.01.2001 15:06:01
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: quoted-printable
Sender: [email protected]
Precedence: bulk

Hi dear developers,

while i was testing the NeTraMet package, a strage error occoured. If y=
ou
compile the package with the static linked libpcap (0.4.x -> 0.6.1)
NeTraMet doesn=B4t set promisc mode on my ethernet interface. I fixed i=
t by a
script which starts NeTraMet and after this it sets promisc mode on the=

specified interface by using ifconfig ethx promisc.

It seems so that the bug is in the NeTraMet package.

bye .. Sven Ludwig
(and thx for the fix ;)=

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.