From netramet-owner  Thu Jun 15 01:13:26 1995
Received: (from majordom@localhost) by net.auckland.ac.nz (8.6.12/8.6.12) id AAA02392 for netramet-outgoing; Thu, 15 Jun 1995 00:57:08 +1200
Received: from ccvcom.auckland.ac.nz (ccvcom.auckland.ac.nz [130.216.1.2]) by net.auckland.ac.nz (8.6.12/8.6.12) with ESMTP id AAA02366 for <[email protected]>; Thu, 15 Jun 1995 00:55:08 +1200
Received: from nrnsinc.on.ca (rads.dnd.ca)
by ccvcom.auckland.ac.nz (PMDF V4.3-7 #2864)
id <[email protected]>; Thu,
15 Jun 1995 00:55:03 GMT+1200
Received: from nrnsinc.on.ca by nrnsinc.on.ca id <[email protected]>; Wed,
14 Jun 1995 08:54:41 -0400
Date: Wed, 14 Jun 1995 08:54:39 -0400 (EDT)
From: Ken Robinson <[email protected]>
Subject: Re: A few questions
In-reply-to: <[email protected]> from "Kevin Clark" at Jun
14, 95 12:11:43 pm
To: [email protected] (Kevin Clark)
Cc: [email protected]
Reply-to: [email protected]
Message-id: <[email protected]>
Organization: DREnet Network Coordination Centre, 1-613-599-7860, 1-613-990-9302
MIME-version: 1.0
X-Mailer: ELM [version 2.4 PL21]
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7bit
Content-length: 2491
Sender: [email protected]
Precedence: bulk

Hello,

> I have just started to have a look at NeTraMet in order analyse traffic
> for one of our main servers.  I have the following questions (sorry if
> these are in an FAQ, but I have check the mail archives)...

Is there a FAQ?  I don't think so.

> I have found answers to some of the following in the manual, but would
> still like these verified by someone before I put my foot in it!

Don't worry, you'll be back here with questions again.  ;-)

> 1/  Can I monitor all traffic going to a particular IP address and group
>     it by the source IP address (subgrouped by IP type,eg WWW, FTP).

Yes, but it generates a LOT of flows and logs if not done carefully.  I
was doing something like that myself, using a PC meter until I found out
that I couldn't fit enough flows in the PC.  I've since simplified my
needs (you likely saw my postings over the last couple of weeks).   I've
dropped looking for the source addresses, there are just to many.   I'm
down to checking which of three destinations the traffic goes to/from and
what service type it is.

>     Also if someone has a rules file that does the above then I will be
>     very, very, greatful.  From what I have seen so far these can get
>     a little complex :)

Just a little.

If you use Nevil's Rule Set 5 example, you will be well on your way to
getting what you want.  I'll pass mine on once I have it working right.


> 2/  Can a meter be run on one machine to monitor traffic going to another.
>     (assuming that they are on the same segment and have access to each
>     others packets, etc).

Sure, so long as the traffic passes by it's ethernet port your're fine.

> 3/  Has anyone been able to port libpcap to a DG box?

Not that I've heard of.  I'm using the PC meter though myself.

> Any help/verification on the above questions would be greatly appreciated,
> I will be spending a fair bit of time setting up all of the above within
> the next few weeks.

Yup, you will.   NeTraMet looks like it will do what I want, but trying
to get it to do so has been a pain. (Sorry Nevil, but this rules based
coding just doesn't work the same way my mind does.)

This list is very quiet, but I've had Nevil and a couple of others help
me out, so post away and hopefully you will get the answers you need.

--
Ken Robinson
DREnet Network Coordination Centre (NCC)
NRNS Incorporated
Phone: 613.599.7860  Fax: 613.599.7739
135 Michael Cowpland Dr., Suite 302
Kanata, Ontario K2M-2E9

From netramet-owner  Fri Jun 16 14:16:05 1995
Received: (from majordom@localhost) by net.auckland.ac.nz (8.6.12/8.6.12) id OAA00264 for netramet-outgoing; Fri, 16 Jun 1995 14:00:49 +1200
Received: from ccvcom.auckland.ac.nz (ccvcom.auckland.ac.nz [130.216.1.2]) by net.auckland.ac.nz (8.6.12/8.6.12) with ESMTP id NAA29415 for <[email protected]>; Fri, 16 Jun 1995 13:49:58 +1200
Received: from zeus (zeus.usq.edu.au)
by ccvcom.auckland.ac.nz (PMDF V4.3-7 #2864)
id <[email protected]>; Fri,
16 Jun 1995 13:48:44 GMT+1300
Received: from pcnet (pcnet.usq.edu.au) by zeus with SMTP id AA19813
(5.65c/IDA-1.4.4 for <[email protected]>); Fri,
16 Jun 1995 11:42:13 -1000
Received: by pcnet with Microsoft Mail id <2FE1CF6A@pcnet>; Fri,
16 Jun 95 11:37:30 PDT
Date: Fri, 16 Jun 1995 11:39:00 -0700 (PDT)
From: Matthew Mengel <[email protected]>
Subject: Filtering
To: NeTraMet Listserver <[email protected]>
Message-id: <2FE1CF6A@pcnet>
X-Mailer: Microsoft Mail V3.0
Content-transfer-encoding: 7BIT
Encoding: 10 TEXT
Sender: [email protected]
Precedence: bulk

I have just started using Netramet.  Does anyone have some filters for the
log files so that the data can be sorted, collated and recorded by date/time
and/or IP?

Regards
Matthew Mengel
[email protected]
Information Technology Services
University of Southern Queensland
TOOWOOMBA  QUEENSLAND  AUSTRALIA

From netramet-owner  Sat Jun 17 06:00:57 1995
Received: (from majordom@localhost) by net.auckland.ac.nz (8.6.12/8.6.12) id FAA16428 for netramet-outgoing; Sat, 17 Jun 1995 05:46:01 +1200
Received: from ccvcom.auckland.ac.nz (ccvcom.auckland.ac.nz [130.216.1.2]) by net.auckland.ac.nz (8.6.12/8.6.12) with ESMTP id FAA16368 for <[email protected]>; Sat, 17 Jun 1995 05:42:29 +1200
Received: from Sun.COM by ccvcom.auckland.ac.nz (PMDF V4.3-7 #2864)
id <[email protected]>; Sat,
17 Jun 1995 05:42:17 GMT+1300
Received: from Corp.Sun.COM ([129.145.35.78]) by Sun.COM (sun-barr.Sun.COM)
id AA27836; Fri, 16 Jun 95 10:42:08 PDT
Received: from sea-dt-1.Corp.Sun.COM by Corp.Sun.COM (5.x/SMI-5.3)
id AA11794; Fri, 16 Jun 1995 10:41:07 -0700
Received: by sea-dt-1.Corp.Sun.COM (5.0/SMI-SVR4) id AA00972; Fri,
16 Jun 1995 10:42:50 +0800
Date: Fri, 16 Jun 1995 10:42:50 +0800
From: [email protected] (Sam Varghese)
Subject: Re: Filtering
To: [email protected], [email protected]
Message-id: <[email protected]>
Content-transfer-encoding: 7BIT
X-Sun-Charset: US-ASCII
Sender: [email protected]
Precedence: bulk

Here is something I used to create a billing report.  It was written in
perl, but does not store date/time. Perhaps some of this code can be
used to create the output you want.  Hope it helps.


                                               s. varghese, Stanford
                                               [email protected]
                                               415-336-0562, x60562
                                               STUDENT INTERN

P.S.  I ran my filter only after running fdFilter on the original data.

#!/home2/PUBperl/bin/perl
# Samuel Varghese - 6/6/95
# This script processes a NeTraMet data file which
# has been filtered by fdFilter.  It creates an
# itemized list of flows with the sum of the packets
# and bytes sent between each machine.  The ip addresses
# are replaced by the actual hostnames and the protocol
# numbers are replaced by their common name, e.g. 6 is
# replaced by UDP.  The data is also sorted before being
# output.
#
#       INPUT: data file
#       OUTPUT: billing report

$INPUT_FILE = "./output";

open(INPUT, "<$INPUT_FILE") || do{
       print STDOUT "Can not open output for reading\n";
       exit(-1);
       };

while(<INPUT>){
 chop $_;
 next if($_ =~ /^#/); # Skip comments
 ($tag, $src_ip, $src_port, $src_prot, $dest_ip, $dest_port, $dest_prot, $src_pkts, $dest_pkts, $src_bytes, $dest_bytes)=split;

 $token="$src_ip$src_port$dest_ip$dest_port";

 if($table{"$token"} =~ /.+/ ){ # Is there an entry for this token?
   ($p_src_ip, $p_src_port, $p_src_prot, $p_dest_ip, $p_dest_port, $p_dest_prot, $p_src_pkts,$p_dest_pkts,$p_src_bytes,$p_dest_bytes)=split(/:/,$table{"$token"});
   $src_pkts+=$p_src_pkts;
   $dest_pkts+=$p_dest_pkts;
   $src_bytes+=$p_src_bytes;
   $dest_bytes+=$p_dest_bytes;
   $table{"$token"}="$p_src_ip:$p_src_port:$p_src_prot:$p_dest_ip:$p_dest_port:$p_dest_prot:$src_pkts:$dest_pkts:$src_bytes:$dest_bytes";
   }
 else{
   $table{"$token"}="$src_ip:$src_port:$src_prot:$dest_ip:$dest_port:$dest_prot:$src_pkts:$dest_pkts:$src_bytes:$dest_bytes";
  }
 }

foreach $array_key ( sort keys %table ){
 ($src_ip, $src_port, $src_prot, $dest_ip, $dest_port, $dest_prot, $src_pkts, $dest_pkts, $src_bytes, $dest_bytes)=split(/:/, $table{$array_key});

# Get src hostname
 open(HOSTNAME, "ypcat hosts | grep $src_ip |");
 while(<HOSTNAME>){
   ($ip, $host)=split;
   $src_ip=$host;
   }

# Get dest hostname
 open(HOSTNAME, "ypcat hosts | grep $dest_ip |");
 while(<HOSTNAME>){
   ($ip, $host)=split;
   $dest_ip=$host;
   }
 close(HOSTNAME);

# Which Protocol
 if ($src_prot == 17){
   $src_prot = "UDP";}
 if ($src_prot == 6){
   $src_prot = "TCP";}

 write;
#  print "$src_ip $src_port \t$src_prot\t$dest_ip $dest_port \t$src_pkts $dest_pkts $src_bytes $dest_bytes\n";
 }

close(INPUT);

# Header for every page
format STDOUT_TOP =
 Src Ip Address      Src  Protocol  Dest Ip Address    Dest  Src Pkts Dest Pkts    Src      Dest
                     Port                              Port                        Bytes    Bytes
----------------   ------- -------- ---------------- ------- --------- --------- -------- --------

From netramet-owner  Thu Jun 22 09:06:40 1995
Received: (from majordom@localhost) by net.auckland.ac.nz (8.6.12/8.6.12) id JAA17603 for netramet-outgoing; Thu, 22 Jun 1995 09:01:51 +1200
Received: from ccvcom.auckland.ac.nz (ccvcom.auckland.ac.nz [130.216.1.2]) by net.auckland.ac.nz (8.6.12/8.6.12) with ESMTP id IAA16486 for <[email protected]>; Thu, 22 Jun 1995 08:48:29 +1200
Received: from nrnsinc.on.ca (rads.dnd.ca)
by ccvcom.auckland.ac.nz (PMDF V4.3-7 #2864)
id <[email protected]>; Thu,
22 Jun 1995 08:47:47 GMT+1300
Received: from nrnsinc.on.ca by nrnsinc.on.ca id <[email protected]>; Wed,
21 Jun 1995 16:47:13 -0400
Date: Wed, 21 Jun 1995 16:47:10 -0400 (EDT)
From: Ken Robinson <[email protected]>
Subject: Why doesn't this rule file do what I want??
To: [email protected], [email protected]
Reply-to: [email protected]
Message-id: <[email protected]>
Organization: DREnet Network Coordination Centre, 1-613-599-7860, 1-613-990-9302
MIME-version: 1.0
X-Mailer: ELM [version 2.4 PL21]
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7bit
Content-length: 9097
Sender: [email protected]
Precedence: bulk

Hello,

I'd appreciate somebody having a look-see at this rule file and let me
know why it doesn't work.  I've added comments pointing to where it
doesn't seem to work, and I've included a sample bit of output at the bottom.

I've been working at this for some time, and I can't get it to do what I
want, yet what I want seems simple enough.

---

#  1240, Thu 9 Feb 95
#
#  Rule specification file to tally IP packets by port nbr
#
#  Ken Robinson, DREnet Coordination Center (NRNS Incorporated)
#  Based on the work of Nevil Brownlee, Computer Centre, University of Auckland
#
SET 5
#
RULES
 SourcePeerType & 255 = IP:      PushtoAct, ip_pkt;
 SourcePeerType & 255 = dummy:   Ignore, 0;  # Ignore meter's dummy pkts
 Null & 0 = 0:                   GotoAct, Next;
 SourcePeerType & 255 = 0:       CountPkt, 0;    # Count packet types

# Check if adjacent address is one of the two gateways, checking both source
# and destination.
# I seem to loose the second set of tests, I only see entries for the first
# gateway for some reason.  WHY??
#

ip_pkt:
Docgw:
 SourceAdjacentAddress & FF-FF-FF-FF-FF-FF = 00-00-C0-91-2F-87 : Pushto, c_pkt; #docgw
 DestAdjacentAddress & FF-FF-FF-FF-FF-FF = 00-00-C0-91-2F-87 : GotoAct, Docgw; #docgw
Suragw:
 SourceAdjacentAddress & FF-FF-FF-FF-FF-FF = 00-00-C0-92-2E-69 : Pushto, c_pkt; #Suragw
 DestAdjacentAddress & FF-FF-FF-FF-FF-FF = 00-00-C0-92-2E-69 : GotoAct, Suragw; #Suragw

# Doesn't go through a gateway, kept internal.

 Null & 0 = 0:  PushTo, c_pkt;  #  Internal to DREnet

c_pkt:
 SourceTransType & 255 = tcp:    Pushto, tcp_udp;
 SourceTransType & 255 = udp:    Pushto, tcp_udp;
 SourceTransType & 255 = icmp:   Pushto, c_trans_only;
 SourceTransType & 255 = ospf:   Pushto, c_trans_only;
 Null & 0 = 0:  GotoAct, t_bad;  #  Unknown transport type
#
# Sort out the known services, this works.
#
tcp_udp:
s_gopher:
 SourceTransAddress & 255.255 = gopher:  PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = gopher:    GotoAct, s_gopher;
s_www:
 SourceTransAddress & 255.255 = www:     PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = www:       GotoAct, s_www;
s_smtp:
 SourceTransAddress & 255.255 = smtp:    PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = smtp:      GotoAct, s_smtp;
s_domain:
 SourceTransAddress & 255.255 = domain:  PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = domain:    GotoAct, s_domain;
s_telnet:
 SourceTransAddress & 255.255 = telnet:  PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = telnet:    GotoAct, s_telnet;
s_login:
 SourceTransAddress & 255.255 = 513:  PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = 513:    GotoAct, s_login;
s_ftp_ctrl:
 SourceTransAddress & 255.255 = ftp:    PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = ftp:      GotoAct, s_ftp_ctrl;
s_ftp_data:
 SourceTransAddress & 255.255 = ftpdata: PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = ftpdata:   GotoAct, s_ftp_data;
s_news:
 SourceTransAddress & 255.255 = nntp:   PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = nntp:     GotoAct, s_news;
s_imap:
 SourceTransAddress & 255.255 = 113:    PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = 113:      GotoAct, s_imap;
s_pop:
 SourceTransAddress & 255.255 = 110:    PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = 110:      GotoAct, s_pop;
s_ntp:
 SourceTransAddress & 255.255 = 123:    PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = 123:      GotoAct, s_ntp;
s_printer:
 SourceTransAddress & 255.255 = 515:    PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = 515:      GotoAct, s_printer;
s_finger:
 SourceTransAddress & 255.255 = 79:     PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = 79:       GotoAct, s_finger;
s_nfs
 SourceTransAddress & 255.255 = 2049:    PushtoAct, c_trans_source;
 DestTransAddress & 255.255 = 2049:      GotoAct, s_nfs;

# It's not a known port

 Null & 0 = 0: GotoAct, t_bad;  #  'Unusual' port
#
# Wipe out the source and destination Trans addresses so that we can count all
# of these as one flow.
# This doesn't seem to work.
#
t_bad:          #  End of packet testing
 SourceTransAddress & 255.255 = 0: PushPkttoAct, Next;
 DestTransAddress   & 255.255 = 0: PushPkttoAct, Next;
 SourceTransType & 255 = 0:    CountPkt, 0;

# This seems to work
c_trans_source:  #  SourceTransAddress already pushed
 SourceTransAddress & 255.255 = 0: PushPkttoAct, Next;
 SourceTransType & 255 = 0:    CountPkt, 0;

# This seems to work
c_trans_only:
 SourceTransAddress & 255.255 = 0: PushPkttoAct, Next;
 SourceTransType & 255 = 0:    CountPkt, 0;
#
# Keep the data down that we save to disk.
#
FORMAT FlowRuleSet FlowIndex FirstTime " "
  SourceAdjacentAddress " "
  SourceDetailType " " SourceDetailAddress "  " DestDetailAddress "  "
  ToOctets "  " FromOctets;
#
STATISTICS
#
# end of file


--

Sample output

---

#Time: 16:45:00 Wed 21 Jun 95 128.43.254.254 Flows from 106112187 to 106142229
#Stats: aps=244 apb=3 mps=657 mpb=36 lsp=0 avi=90.3 mni=48.8 fiu=66 frc=161 gci=2 rpp=25.3 tpp=1.4 cpt=1.0 tts=2048 tsu=4294947951
#monitor(): frst_row=1, nrows=62, nxt_row=2995, end_mark=1
5 2929 106111057 00-00-C0-91-2F-87 6 1022  0  4480  6421
5 2930 106111057 00-00-C0-91-2F-87 17 53  0  1503508  3592
5 2931 106111057 00-00-C0-91-2F-87 6 119  0  816396  8379115
5 2932 106111057 00-00-C0-91-2F-87 17 161  2963  18154  5780
5 2933 106111057 00-00-C0-91-2F-87 6 1268  4173  74368  1051590
5 2934 106111057 00-00-C0-91-2F-87 6 1645  0  5760  0
5 2935 106111057 00-00-C0-91-2F-87 6 20  0  2236230  172566
5 2937 106111057 00-00-C0-91-2F-87 6 38048  2528  63232  554016
5 2938 106111161 00-00-C0-91-2F-87 6 1336  0  2892  1132
5 2941 106111161 00-00-C0-91-2F-87 6 25  0  47384  107973
5 2942 106111161 00-00-C0-91-2F-87 6 80  0  1881793  287735
5 2943 106111161 00-00-C0-91-2F-87 6 8988  1338  11315  2878
5 2944 106111265 00-00-C0-91-2F-87 2 4865  10264  1984  0
5 2945 106111265 00-00-C0-91-2F-87 6 1929  0  1036  1124
5 2947 106111265 00-00-C0-91-2F-87 6 1294  1418  24840  247908
5 2948 106111265 00-00-C0-91-2F-87 6 2014  0  3339  1957
5 2949 106111265 00-00-C0-91-2F-87 6 1138  0  37184  134503
5 2951 106111265 00-00-C0-91-2F-87 6 1349  0  2094  5466
5 2952 106111370 00-00-C0-91-2F-87 17 138  138  19766  0
5 2953 106111578 00-00-C0-91-2F-87 17 68  67  5814  0
5 2954 106111682 00-00-C0-91-2F-87 17 123  0  10710  0
5 2955 106111787 00-00-00-00-00-00 0 0  0  892  0
5 2956 106111995 00-00-C0-91-2F-87 17 514  514  2562  0
5 2957 106112100 00-00-C0-91-2F-87 1 0  0  26852  33908
5 2958 106112308 00-00-C0-91-2F-87 6 1272  0  3776  12012
5 2959 106113351 00-00-C0-91-2F-87 6 30984  18403  320  0
5 2960 106113456 00-00-C0-91-2F-87 6 1086  0  5355  3832
5 2961 106113664 00-00-C0-91-2F-87 17 137  137  880  0
5 2962 106113873 00-00-C0-91-2F-87 6 2053  0  3969  10260
5 2963 106114707 00-00-C0-91-2F-87 6 1050  8080  192  0
5 2964 106115333 00-00-C0-91-2F-87 6 1054  0  302  450
5 2965 106115646 00-00-C0-91-2F-87 6 3265  17003  275  335
5 2966 106116376 00-00-C0-91-2F-87 6 5410  0  64  64
5 2967 106118254 00-00-C0-91-2F-87 17 525  525  472  0
5 2968 106119193 00-00-C0-91-2F-87 17 513  0  2448  0
5 2969 106120653 00-00-C0-91-2F-87 6 1069  0  3397  5009
5 2970 106121279 00-00-C0-91-2F-87 2 4380  61155  128  0
5 2971 106121279 00-00-C0-91-2F-87 2 4608  3581  128  0
5 2972 106121488 00-00-C0-91-2F-87 2 4608  3578  128  0
5 2973 106121696 00-00-C0-91-2F-87 6 1421  0  384  406
5 2974 106121696 00-00-C0-91-2F-87 2 4608  3577  128  0
5 2975 106121801 00-00-C0-91-2F-87 6 1051  8080  192  0
5 2976 106122426 00-00-C0-91-2F-87 6 0  0  358  0
5 2977 106122635 00-00-C0-91-2F-87 6 21  0  12746  6270
5 2978 106126182 00-00-C0-91-2F-87 6 2748  0  7116  10397
5 2979 106126286 00-00-C0-91-2F-87 6 1020  0  38863  62463
5 2980 106126807 00-00-C0-91-2F-87 6 4058  0  320  344
5 2981 106127329 00-00-C0-91-2F-87 2 4869  60407  64  0
5 2982 106127329 00-00-C0-91-2F-87 2 4870  46735  78  0
5 2983 106129953 00-00-C0-91-2F-87 6 1052  8080  192  0
5 2984 106133571 00-00-C0-91-2F-87 6 1298  0  450  1671
5 2985 106135558 00-00-C0-91-2F-87 6 1301  0  1816  13455
5 2986 106135558 00-00-C0-91-2F-87 6 1766  0  869  722
5 2987 106135767 00-00-C0-91-2F-87 6 38050  3082  11200  96063
5 2988 106135767 00-00-C0-91-2F-87 6 39935  0  128  248
5 2989 106136602 00-00-C0-91-2F-87 6 2810  0  192  0
5 2990 106137123 00-00-C0-91-2F-87 17 44344  1525  178  0
5 2991 106138375 00-00-C0-91-2F-87 6 4323  0  64  64
5 2992 106140983 00-00-C0-91-2F-87 17 35764  33468  64  0
5 2993 106140983 00-00-C0-91-2F-87 17 35764  33469  64  0
5 2994 106141087 00-00-C0-91-2F-87 17 35764  33470  64  0
5 2995 106141087 00-00-C0-91-2F-87 17 35764  33471  64  0
#monitor(): frst_row=2995, nrows=2, nxt_row=2997, end_mark=0
5 2996 106141087 00-00-C0-91-2F-87 17 35764  33472  64  0
5 2997 106141191 00-00-C0-91-2F-87 17 35764  33473  64  0



--
Ken Robinson
DREnet Network Coordination Centre (NCC)
NRNS Incorporated
Phone: 613.599.7860  Fax: 613.599.7739
135 Michael Cowpland Dr., Suite 302
Kanata, Ontario K2M-2E9

From netramet-owner  Mon Jun 26 21:48:08 1995
Received: (from majordom@localhost) by net.auckland.ac.nz (8.6.12/8.6.12) id VAA15600 for netramet-outgoing; Mon, 26 Jun 1995 21:33:08 +1200
Received: from ccvcom.auckland.ac.nz (ccvcom.auckland.ac.nz [130.216.1.2]) by net.auckland.ac.nz (8.6.12/8.6.12) with ESMTP id VAA15572 for <[email protected]>; Mon, 26 Jun 1995 21:31:55 +1200
Received: from ccu1.auckland.ac.nz by ccvcom.auckland.ac.nz (PMDF V4.3-7 #2864)
id <[email protected]>; Mon,
26 Jun 1995 21:31:45 GMT+1300
Received: (from nevil@localhost) by ccu1.auckland.ac.nz (8.6.12/8.6.12)
id VAA27083; Mon, 26 Jun 1995 21:31:32 +1200
Date: Mon, 26 Jun 1995 21:31:32 +1200 (NZT)
From: J Nevil Brownlee <[email protected]>
Subject: NeTraMet User Survey
To: [email protected] (NeTraMet mailing list),
       [email protected] (iawg mailing list)
Message-id: <[email protected]>
MIME-version: 1.0
X-Mailer: ELM [version 2.4 PL23]
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7bit
Content-length: 3041
Sender: [email protected]
Precedence: bulk

                          NeTraMet Survey
                          ===============

NeTraMet - the first traffic measurement system based on the Internet
Accounting Architecture - has now been publicly available for nearly two
years, and is in widespread use world-wide.  I am carrying out this
survey so as to

  * Determine how best to continue NeTraMet's development

  * Seek support within the Internet community for a Working Group in
    the area of Real-time Traffic Flow Measurement.  As part of its
    charter this group would progress the Accounting Architecture and
    the Meter MIB along the Internet Standards track.

Please take a moment to complete the following questionnaire and e-mail
it to [email protected].  All replies will be kept confidential,
and I will publish a summary of the survey results.

Thanks very much, Nevil

+-----------------------------------------------------------------------+
| Nevil Brownlee       [email protected]        Deputy Director |
|   FAX: 64 9 373 7425      Computer Centre, The University of Auckland |
| Phone: 64 9 373 7599 x8941   Private Bag 92019, Auckland, New Zealand |
+-----------------------------------------------------------------------C

1) Which of the following best describes your network?

     ___ single-site network         ___ end-user

     ___ multi-site network          ___ Internet service provider

2) Are you using NeTraMet?

     ___ No

     ___ Yes, using a single meter

     ___ Yes, using more than one meter

3) In which of the following ways would you like to see NeTraMet
  developed?

     ___ Ported to platforms other than DOS, Irix, Linux, Solaris, SunOS
            (please indicate which: ______________________)

     ___ Metering for media other than Ethernet and FDDI
            (please indicate which: ______________________)

     ___ Better ways to specify which flows are to be meterd
            (e.g. better checking in NeMaC, a better language to
            describe rule files, ... _____________________)

     ___ Extension of the Internet Accounting Achitecture to include
            higher-level flow attributes, e.g. session-layer attributes

     ___ More sample rule files, programs for processing flow data files?

     ___ Other (Please specify: __________________________)

4) Would you like to see the Accounting Meter MIB (on which NeTraMet is
  based) implemented in:

     ___ Routers (yes/no)       ___ Special-purpose hardware (yes/no)

5) Would you like to see the Accounting Meter MIB placed on the Internet
  standards track (this would help vendors to produce metering systems
  and software to collect the traffic flow data)?

     ___ yes/no

6) Are you interested in implementing the Accounting Meter MIB?

     ___ yes/no

+-------------------------------------------------------------------------+
| Please e-mail your completed questionnaire to [email protected] |
+-------------------------------------------------------------------------+

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.