From netramet-owner  Wed Jul 18 03:36:59 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id DAA29234
       for netramet-outgoing; Wed, 18 Jul 2001 03:33:22 +1200 (NZST)
Received: from virus-out.office-mail.co.uk ([email protected] [217.15.160.67])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id DAA29229;
       Wed, 18 Jul 2001 03:33:19 +1200 (NZST)
Received: from mailsweeper2.office-mail.co.uk (mailsweeper2.office-mail.co.uk [217.15.160.65])
       by virus-out.office-mail.co.uk (Postfix) with ESMTP
       id E2EE45D83; Tue, 17 Jul 2001 16:33:11 +0100 (BST)
Received: from virus-in.office-mail.co.uk (virus-in.office-mail.co.uk) by mailsweeper2.office-mail.co.uk
(Content Technologies SMTPRS 4.1.5) with ESMTP id <[email protected]>;
Tue, 17 Jul 2001 16:39:21 +0100
Received: from sk (firewall.the-web-works.co.uk [217.15.160.2])
       by virus-in.office-mail.co.uk (Postfix) with SMTP
       id 5601036CF; Tue, 17 Jul 2001 16:32:02 +0100 (BST)
Date: Tue, 17 Jul 2001 16:27:14 +0100
To: [email protected], [email protected]
From: Sean Kelly <[email protected]>
Subject: RE: Monitoring and reporting network usage - dropped packets
Organization: the-web-works New Media Ltd
X-Mailer: Opera 5.11 build 904
X-Priority: 3 (Normal)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <[email protected]>
Sender: [email protected]
Precedence: bulk

Hi there,

       Sorry to drag up my old thread *again*, but I have just installed my new 3com 905B card and still seem to get poor capture performance.

       With reference to the following snippet:

> -----Original Message-----
> From: Peter Van Epp
> Subject: Re: Monitoring and reporting network usage - dropped packets
>
>
>       Yep, the bpf buffer (between the kernel and libpcap) is
> overwriting around %50 of the packets offered to it. You
> need to boost the bpf buffer size and/or get a faster machine.
> You will find the counter it is referring to in /sys/net/bpf.c
> in the kernel. When the application (libpcap on behalf
> of tcpdump in this instance) doesn't read the buffer fast
> enough from the user side it will overwrite the buffer with
> the new data and update the lost packets counter.

/sys/net/bpf.c has contains:

#if BSD < 199103
..SNIP SNIP...
#else
#define BPF_BUFSIZE 4096
#define UIOMOVE(cp, len, code, uio) uiomove(cp, len, uio)
#endif

so am I correct in assuming that my BPF buffer size is 4K?  If so, shouldn't I be increasing this?  I remember Peter mentioning that the standard size is 8K and this really should be 32K for packet capture...

       Also, am I referring to the correct buffer?  I seem to remember there is also pcap-bpf.c in the PCAP source - should I increase this too?

       Thanks,

--
Sean Kelly



==========================================
Save up to ONE HUNDRED POUNDS on ADSL!
See http://www.adsl-now.co.uk/ for details
Offers valid during July 2001
==========================================


*************************************************************
This email message has been scanned by MIMEsweeper for the
presence of computer viruses by www.viruscleaningcentre.co.uk
Hosted by the North East Datacentre www.ne-datacentre.co.uk
*************************************************************

From netramet-owner  Sat Jul 21 05:29:42 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id FAA08356
       for netramet-outgoing; Sat, 21 Jul 2001 05:24:14 +1200 (NZST)
Received: from correo2 ([157.238.87.78])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id FAA08349
       for <[email protected]>; Sat, 21 Jul 2001 05:24:12 +1200 (NZST)
From: [email protected]
Received: from qoslabs.com (localhost [127.0.0.1])
by correo2.qoslabs.com (iPlanet Messaging Server 5.0 Patch 2 (built Dec 14
2000)) with ESMTP id <[email protected]> for
[email protected]; Fri, 20 Jul 2001 13:24:01 -0400 (EDT)
Received: from [200.64.170.94] by correo2.qoslabs.com (mshttpd); Fri,
20 Jul 2001 12:24:01 -0500
Date: Fri, 20 Jul 2001 12:24:01 -0500
Subject: NetFlowMet
To: [email protected]
Message-id: <[email protected]>
MIME-version: 1.0
X-Mailer: iPlanet Webmail
Content-type: text/plain; charset=us-ascii
Content-language: en
Content-transfer-encoding: quoted-printable
Content-disposition: inline
X-Accept-Language: en
Sender: [email protected]
Precedence: bulk


Hi=2C

I know that  NetFlowMet takes NetFlow data from a Cisco Router=2C
When I start the NetflowMet I don=B4t have any problem=2E=2E but  When I =
start
the NeMac or nm=5Frc  I have problems=2E

The configuration that I have is =3A
NetflowMet -i 2055  =

( I configured ip flow-export and netflow in my router)=2E

NeMaC -c300 -D -r (rule file) ( router-name) community

or =


nm=5Frc -c300 -r (rule file) (router-name) community=2E

the error is=3A

Warning!! Failed to start meter router-7206 check log for details

the logs file is=3A

13=3A11=3A47 Fri 20 Jul 2001 -- Starting NeMaC=3A NeTraMet Manager =26 =

Controller v4=2E3
13=3A11=3A47 Fri 20 Jul 2001 -- meter=5Ftype()=3A Error in packet=2C reas=
on =3D =

There is no such variable name in this MIB=2E
13=3A11=3A47 Fri 20 Jul 2001 -- =2E=2E=2E flowMIB=2EflowControl=2EflowMax=
Flows=2E0
13=3A11=3A47 Fri 20 Jul 2001 -- Meter router-7206 failed to respond=3A it=
may =

be dead=2C unreachable or the community string may be wrong
13=3A11=3A47 Fri 20 Jul 2001 -- meter=5Ftype()=3A Error in packet=2C reas=
on =3D =

There is no such variable name in this MIB=2E
13=3A11=3A47 Fri 20 Jul 2001 -- =2E=2E=2E flowMIB=2EflowControl=2EflowMax=
Flows=2E0
13=3A11=3A47 Fri 20 Jul 2001 -- Meter router-7206 failed to respond=3A it=
may =

be dead=2C unreachable or the community string may be wrong


I check The community string in my router and is o=2Ek=2E

Do you have any idea  what=B4s wrong=3F

Thanks in advance=2E







From netramet-owner  Fri Jul 27 03:28:21 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id DAA27595
       for netramet-outgoing; Fri, 27 Jul 2001 03:21:39 +1200 (NZST)
Received: from correo2 ([157.238.87.78])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id DAA27589
       for <[email protected]>; Fri, 27 Jul 2001 03:21:37 +1200 (NZST)
From: [email protected]
Received: from qoslabs.com (localhost [127.0.0.1])
by correo2.qoslabs.com (iPlanet Messaging Server 5.0 Patch 2 (built Dec 14
2000)) with ESMTP id <[email protected]> for
[email protected]; Thu, 26 Jul 2001 11:21:23 -0400 (EDT)
Received: from [200.64.169.172] by correo2.qoslabs.com (mshttpd); Thu,
26 Jul 2001 10:21:23 -0500
Date: Thu, 26 Jul 2001 10:21:23 -0500
Subject: Netflow Information( NetFlowMet)
To: [email protected]
Message-id: <[email protected]>
MIME-version: 1.0
X-Mailer: iPlanet Webmail
Content-type: text/plain; charset=us-ascii
Content-language: en
Content-transfer-encoding: quoted-printable
Content-disposition: inline
X-Accept-Language: en
Sender: [email protected]
Precedence: bulk


Hi=2C

I am using NetFLowMet for read netflow data from my Cisco Router=2E
I don=B4t know if is possible that in my flow archive I could have  the =

Source Interface and Destination Interface ( Serial0/0=2C Serial1/0 etc) =

from my Cisco Router=2E or  if there is a way that I can  distinguish =

the  source of traffic ( no IP Source or IP Dest because I am in a VPN =

enviroment)

any idea=3F

Thanks in advance!!

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.