From netramet-owner Tue Oct 1 18:13:51 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id SAA01738 for netramet-outgoing; Tue, 1 Oct 1996 18:06:39 +1200 (NZST)
Received: from hkpu04.polyu.edu.hk (hkpu04.polyu.edu.hk [158.132.18.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id SAA01733 for <
[email protected]>; Tue, 1 Oct 1996 18:06:34 +1200 (NZST)
Received: from 158.132.14.1.polyu.edu.hk by hkpu04.polyu.edu.hk (SMI-8.6/SMI-4.1)
id OAA21458; Tue, 1 Oct 1996 14:08:22 +0800
Message-Id: <
[email protected]>
X-Sender:
[email protected]
X-Mailer: Windows Eudora Version 1.4.4
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 01 Oct 1996 14:26:37 +0800
To:
[email protected]
From:
[email protected] (Wong Kit Fu)
Subject: How to install libpcap
Sender:
[email protected]
Precedence: bulk
Hello,
I am a HK Polytechnic electronic student. My final year project is a
lan meter program in linux. I find that NeTraMet is quit related to my final
year project and try to install it. However I encounter a problem of
installation libpcap. May you give me a helping hand to install libpcap and
other information about NeTraMet other than NeTraMet.man.tar.gz.
Thank You very much.
Eric, Wong Kit Fu.
From netramet-owner Tue Oct 1 20:47:19 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id UAA08258 for netramet-outgoing; Tue, 1 Oct 1996 20:44:38 +1200 (NZST)
Received: from solarnum.itd.uts.edu.au (solarnum.itd.uts.edu.au [138.25.16.3]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id UAA08248 for <
[email protected]>; Tue, 1 Oct 1996 20:44:25 +1200 (NZST)
Received: from [138.25.16.25] (bacchus.itd.uts.edu.au [138.25.16.25]) by solarnum.itd.uts.edu.au (8.7.3/8.7.1/uts) with ESMTP id SAA00542; Tue, 1 Oct 1996 18:43:03 +1000 (EAST)
X-Sender:
[email protected]
Message-Id: <v03007802ae7686ce94df@[138.25.16.25]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 1 Oct 1996 18:47:25 +1000
To:
[email protected],
[email protected]
From: Matthew Flanagan <
[email protected]>
Subject: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86)
Cc:
[email protected],
[email protected]
Sender:
[email protected]
Precedence: bulk
This is the scenario:
Compaq 486 PC Running Solaris 2.4 (x86) with latest Recommended patches and
driver updates
3c509B ethernet card
libpcap 0.2.1
NeTraMet 3.3
libpcap and NeTraMet compile fine, but when I run NeTraMet like so:
/NeTraMet -r read -w write
I get this error:
pcap_open_live(elx0): recv_ack: bind error 0x7
I can't find the error number anywhere in /usr/include/sys/dlpi.h.
Has anyone experienced this before and got it working?
Is anyone else running NeTraMet on a Solaris (2.x) x86 platform?
--
Matthew Flanagan
[email protected]
Network Administrator - Information Technology Division
University of Technology, Sydney.
Voice: +61 2 9514 2141 Fax: +61 2 9514 1994
From netramet-owner Tue Oct 1 21:19:13 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id VAA09458 for netramet-outgoing; Tue, 1 Oct 1996 21:17:34 +1200 (NZST)
Received: from hot.ee.lbl.gov (hot.ee.lbl.gov [131.243.1.42]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id VAA09452 for <
[email protected]>; Tue, 1 Oct 1996 21:17:29 +1200 (NZST)
Received: by hot.ee.lbl.gov (8.7.5/1.43r)
id CAA08388; Tue, 1 Oct 1996 02:17:14 -0700 (PDT)
Message-Id: <
[email protected]>
To: Matthew Flanagan <
[email protected]>
Reply-to:
[email protected]
Cc:
[email protected],
[email protected],
[email protected],
[email protected]
Subject: Re: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86)
In-reply-to: Your message of Tue, 01 Oct 1996 18:47:25 PDT.
Date: Tue, 01 Oct 1996 02:17:14 PDT
From: Craig Leres <
[email protected]>
Sender:
[email protected]
Precedence: bulk
> Compaq 486 PC Running Solaris 2.4 (x86) with latest Recommended patches and
> driver updates
[...]
> pcap_open_live(elx0): recv_ack: bind error 0x7
>
> I can't find the error number anywhere in /usr/include/sys/dlpi.h.
I think it's DL_UNSUPPORTED (Requested serv. not supplied by provider).
Please try the appended patch. It will be in the next release.
Craig
------- Forwarded Message
Date: Mon, 16 Sep 1996 16:26:46 +0200 (MET DST)
From: Tim Rylance <
[email protected]>
Subject: fix for tcpdump-3.2.1 on Solaris x86
To:
[email protected]
Cc:
[email protected],
[email protected]
I just posted the following trivial fix to comp.unix.solaris...
From:
[email protected] (Tim Rylance)
Newsgroups: comp.unix.solaris
Subject: Re: [Q] tcpdump-3.2.1 on Solris2.4 for X86?
Date: 16 Sep 1996 14:19:57 GMT
Organization: Elsevier Science BV, Amsterdam, The Netherlands
Message-ID: <
[email protected]>
References: <
[email protected]> <1996Aug31.2051
[email protected]> <
[email protected]>
Reply-To:
[email protected]
[email protected] and
[email protected] wonder why
tcpdump doesn't work on Solaris x86 (it says "recv_ack: bind error 0x7").
Here is a fix (works on 2.5 x86 and SPARC, I don't have 2.4 to try it on):
--- libpcap-0.2.1/pcap-dlpi.c- Tue Jul 23 23:21:16 1996
+++ libpcap-0.2.1/pcap-dlpi.c Sun Sep 15 19:04:14 1996
@@ -593,6 +593,7 @@
req.dl_service_mode = DL_HP_RAWDLS;
#else
req.dl_sap = sap;
+ req.dl_service_mode = DL_CLDLS;
#endif
return (send_request(fd, (char *)&req, sizeof(req), "bind", ebuf));
This was quite easily found by running truss on both snoop and tcpdump.
--
Tim Rylance <
[email protected]>
------- End of Forwarded Message
From netramet-owner Tue Oct 1 22:10:30 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id WAA10991 for netramet-outgoing; Tue, 1 Oct 1996 22:08:10 +1200 (NZST)
Received: from solarnum.itd.uts.edu.au (solarnum.itd.uts.edu.au [138.25.16.3]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id WAA10979 for <
[email protected]>; Tue, 1 Oct 1996 22:07:59 +1200 (NZST)
Received: from [138.25.16.25] (bacchus.itd.uts.edu.au [138.25.16.25]) by solarnum.itd.uts.edu.au (8.7.3/8.7.1/uts) with ESMTP id UAA02251; Tue, 1 Oct 1996 20:06:33 +1000 (EAST)
X-Sender:
[email protected]
Message-Id: <v03007802ae769da4e745@[138.25.16.25]>
In-Reply-To: <
[email protected]>
References: Your message of Tue, 01 Oct 1996 18:47:25 PDT.
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 1 Oct 1996 20:10:56 +1000
To:
[email protected]
From: Matthew Flanagan <
[email protected]>
Subject: Re: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86)
Cc:
[email protected],
[email protected],
[email protected]
Sender:
[email protected]
Precedence: bulk
Great! Fantastic! This works!
Thanks very much.
> > Compaq 486 PC Running Solaris 2.4 (x86) with latest Recommended patches and
> > driver updates
> [...]
> > pcap_open_live(elx0): recv_ack: bind error 0x7
> >
> > I can't find the error number anywhere in /usr/include/sys/dlpi.h.
>
> I think it's DL_UNSUPPORTED (Requested serv. not supplied by provider).
>
> Please try the appended patch. It will be in the next release.
>
> Craig
>
> ------- Forwarded Message
>
> Date: Mon, 16 Sep 1996 16:26:46 +0200 (MET DST)
> From: Tim Rylance <
[email protected]>
> Subject: fix for tcpdump-3.2.1 on Solaris x86
> To:
[email protected]
> Cc:
[email protected],
[email protected]
>
> I just posted the following trivial fix to comp.unix.solaris...
>
> From:
[email protected] (Tim Rylance)
> Newsgroups: comp.unix.solaris
> Subject: Re: [Q] tcpdump-3.2.1 on Solris2.4 for X86?
> Date: 16 Sep 1996 14:19:57 GMT
> Organization: Elsevier Science BV, Amsterdam, The Netherlands
> Message-ID: <
[email protected]>
> References: <
[email protected]>
> <1996Aug31.2051
>
[email protected]> <
[email protected]>
> Reply-To:
[email protected]
>
>
[email protected] and
[email protected] wonder why
> tcpdump doesn't work on Solaris x86 (it says "recv_ack: bind error 0x7").
>
> Here is a fix (works on 2.5 x86 and SPARC, I don't have 2.4 to try it on):
>
> --- libpcap-0.2.1/pcap-dlpi.c- Tue Jul 23 23:21:16 1996
> +++ libpcap-0.2.1/pcap-dlpi.c Sun Sep 15 19:04:14 1996
> @@ -593,6 +593,7 @@
> req.dl_service_mode = DL_HP_RAWDLS;
> #else
> req.dl_sap = sap;
> + req.dl_service_mode = DL_CLDLS;
> #endif
>
> return (send_request(fd, (char *)&req, sizeof(req), "bind", ebuf));
>
> This was quite easily found by running truss on both snoop and tcpdump.
> --
> Tim Rylance <
[email protected]>
>
> ------- End of Forwarded Message
--
Matthew Flanagan
[email protected]
Network Administrator - Information Technology Division
University of Technology, Sydney.
Voice: +61 2 9514 2141 Fax: +61 2 9514 1994
From netramet-owner Wed Oct 2 02:54:41 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id CAA18744 for netramet-outgoing; Wed, 2 Oct 1996 02:51:48 +1200 (NZST)
Received: from cosmail1.ctd.ornl.gov (cosmail1.ctd.ornl.gov [128.219.128.54]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id CAA18737 for <
[email protected]>; Wed, 2 Oct 1996 02:51:45 +1200 (NZST)
Received: from [128.219.154.21] (pucpmac.ctd.ornl.gov [128.219.154.21]) by cosmail1.ctd.ornl.gov (8.7.4/8.7.3) with ESMTP id KAA14004; Tue, 1 Oct 1996 10:51:41 -0400 (EDT)
X-Sender:
[email protected]
Message-Id: <v0300782eae76daf72b05@[128.219.154.21]>
In-Reply-To: <
[email protected]>
References: Your message of Tue, 01 Oct 1996 18:47:25 PDT.
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 1 Oct 1996 10:51:39 -0400
To:
[email protected]
From: Gary Haney <
[email protected]>
Subject: Re: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86)
Cc:
[email protected]
Sender:
[email protected]
Precedence: bulk
Hi,
I am having some problem getting NeTraMet to work on SunOS 4.1.4 and Irix 5.2
On both systems, when I execute the NeTraMet meter I get the following:
NeTraMet: Network Traffic Meter V3.2
Running on x1234, interface et0
Segmentation fault (core dumped)
When I do a dbx on NeTraMet, the following is returned:
x1234# dbx NeTraMet
Process died at pc 0x403a34 of signal: Segmentation Fault
[using memory image in core]
(dbx) where
0 ether_callback(user = (nil), h = (nil), p = (nil))
["../../src/meter/meter_ux.c":292, 0x403a30]
1 pcap_read(0x0, 0x0, 0x0, 0x1000644d, 0x0) [0x411148]
I suspect that this has something to do with libpcap. I got libpcap from
ftp.ee.lbl.gov and compiled it, and installed it in /usr/lib. Is NeTraMet
looking for libpcap elsewhere?
Thanks,
Gwh
#include <standard-disclaimers>
--------------------------------------------------------------------------------
--------
"Do as much as you can, for as many as you can, for as long as you can."
- James Elcany Harr (1881-1972)
--------------------------------------------------------------------------------
--------
U.S. Mail:
Gary Haney
Lockheed Martin
Oak Ridge National Laboratory
701 Scarboro Rd.
MS8227, Rm 328
Oak Ridge, Tn 37831
Phone: 423.574.4629 (Voice) 423.576.0099(Fax)
Email:
[email protected] (Internet)
URL: <
http://www.ornl.gov/~hny/GHaney.html>
--------------------------------------------------------------------------------
--------
From netramet-owner Wed Oct 2 06:06:40 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id GAA24291 for netramet-outgoing; Wed, 2 Oct 1996 06:04:13 +1200 (NZST)
Received: from corp-rtr.mauswerks.com (corp-rtr.mauswerks.com [204.152.96.8]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id GAA24286 for <
[email protected]>; Wed, 2 Oct 1996 06:04:10 +1200 (NZST)
Received: from ratfink (
[email protected] [204.152.96.34]) by corp-rtr.mauswerks.com (8.6.12/8.6.9) with SMTP id LAA28091; Tue, 1 Oct 1996 11:07:55 -0700
Message-ID: <
[email protected]>
Date: Wed, 02 Oct 1996 02:07:57 -0700
From: Brian Topping <
[email protected]>
Organization: Mauswerks, Inc.
X-Mailer: Mozilla 3.0b6Gold (X11; I; Linux 2.0.0 i586)
MIME-Version: 1.0
To:
[email protected],
[email protected]
Subject: Re: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86)
References: Your message of Tue, 01 Oct 1996 18:47:25 PDT. <v03007802ae769da4e745@[138.25.16.25]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender:
[email protected]
Precedence: bulk
Hi all!
Has the later libpcaps been ported to Linux yet? The most recent one
that I have been able to find that works with Linux was a binary
distribution and _really_ old.
Just wondering, because I really want to upgrade some other tools too!
-B
Matthew Flanagan wrote:
>
> Great! Fantastic! This works!
>
> Thanks very much.
>
> > > Compaq 486 PC Running Solaris 2.4 (x86) with latest Recommended patches and
> > > driver updates
> > [...]
> > > pcap_open_live(elx0): recv_ack: bind error 0x7
> > >
> > > I can't find the error number anywhere in /usr/include/sys/dlpi.h.
> >
> > I think it's DL_UNSUPPORTED (Requested serv. not supplied by provider).
> >
> > Please try the appended patch. It will be in the next release.
> >
> > Craig
> >
> > ------- Forwarded Message
> >
> > Date: Mon, 16 Sep 1996 16:26:46 +0200 (MET DST)
> > From: Tim Rylance <
[email protected]>
> > Subject: fix for tcpdump-3.2.1 on Solaris x86
> > To:
[email protected]
> > Cc:
[email protected],
[email protected]
> >
> > I just posted the following trivial fix to comp.unix.solaris...
> >
> > From:
[email protected] (Tim Rylance)
> > Newsgroups: comp.unix.solaris
> > Subject: Re: [Q] tcpdump-3.2.1 on Solris2.4 for X86?
> > Date: 16 Sep 1996 14:19:57 GMT
> > Organization: Elsevier Science BV, Amsterdam, The Netherlands
> > Message-ID: <
[email protected]>
> > References: <
[email protected]>
> > <1996Aug31.2051
> >
[email protected]> <
[email protected]>
> > Reply-To:
[email protected]
> >
> >
[email protected] and
[email protected] wonder why
> > tcpdump doesn't work on Solaris x86 (it says "recv_ack: bind error 0x7").
> >
> > Here is a fix (works on 2.5 x86 and SPARC, I don't have 2.4 to try it on):
> >
> > --- libpcap-0.2.1/pcap-dlpi.c- Tue Jul 23 23:21:16 1996
> > +++ libpcap-0.2.1/pcap-dlpi.c Sun Sep 15 19:04:14 1996
> > @@ -593,6 +593,7 @@
> > req.dl_service_mode = DL_HP_RAWDLS;
> > #else
> > req.dl_sap = sap;
> > + req.dl_service_mode = DL_CLDLS;
> > #endif
> >
> > return (send_request(fd, (char *)&req, sizeof(req), "bind", ebuf));
> >
> > This was quite easily found by running truss on both snoop and tcpdump.
> > --
> > Tim Rylance <
[email protected]>
> >
> > ------- End of Forwarded Message
>
> --
> Matthew Flanagan
[email protected]
>
> Network Administrator - Information Technology Division
> University of Technology, Sydney.
> Voice: +61 2 9514 2141 Fax: +61 2 9514 1994
From netramet-owner Wed Oct 2 09:02:29 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id IAA02138 for netramet-outgoing; Wed, 2 Oct 1996 08:59:48 +1200 (NZST)
Received: from hot.ee.lbl.gov (hot.ee.lbl.gov [131.243.1.42]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id IAA02127 for <
[email protected]>; Wed, 2 Oct 1996 08:59:42 +1200 (NZST)
Received: by hot.ee.lbl.gov (8.7.5/1.43r)
id NAA09099; Tue, 1 Oct 1996 13:59:34 -0700 (PDT)
Message-Id: <
[email protected]>
To: Brian Topping <
[email protected]>
Cc:
[email protected]
Cc:
[email protected],
[email protected]
Subject: Re: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86)
In-reply-to: Your message of Wed, 02 Oct 1996 02:07:57 PDT.
Date: Tue, 01 Oct 1996 13:59:34 PDT
From: Craig Leres <
[email protected]>
Sender:
[email protected]
Precedence: bulk
> Has the later libpcaps been ported to Linux yet? The most recent one
> that I have been able to find that works with Linux was a binary
> distribution and _really_ old.
Not yet. Our linux system is too far out of date (and broken too).
We have a ton of submitted patches and it is high on the list though.
Craig
From netramet-owner Wed Oct 2 14:23:21 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id OAA28159 for netramet-outgoing; Wed, 2 Oct 1996 14:20:37 +1200 (NZST)
Received: from hkpu04.polyu.edu.hk (hkpu04.polyu.edu.hk [158.132.18.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id OAA28154 for <
[email protected]>; Wed, 2 Oct 1996 14:20:33 +1200 (NZST)
Received: from 158.132.14.1.polyu.edu.hk by hkpu04.polyu.edu.hk (SMI-8.6/SMI-4.1)
id KAA23256; Wed, 2 Oct 1996 10:22:30 +0800
Message-Id: <
[email protected]>
X-Sender:
[email protected]
X-Mailer: Windows Eudora Version 1.4.4
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 02 Oct 1996 10:40:44 +0800
To:
[email protected]
From:
[email protected] (Eric, Wong Kit Fu)
Subject: How to install libpcap
Sender:
[email protected]
Precedence: bulk
Hello,
I am a HK Polytechnic electronic student. My final year project is a
lan meter program in linux. I find that NeTraMet is quit related to my final
year project and try to install it. However I encounter a problem of
installation libpcap. May you give me a helping hand to install libpcap and
other information about NeTraMet other than NeTraMet.man.tar.gz.
Thank You very much.
Eric, Wong Kit Fu.
From netramet-owner Thu Oct 3 04:36:09 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id EAA07587 for netramet-outgoing; Thu, 3 Oct 1996 04:30:17 +1200 (NZST)
Received: from xpert.com (
[email protected] [199.203.132.1]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id EAA07572 for <
[email protected]>; Thu, 3 Oct 1996 04:30:11 +1200 (NZST)
Received: (from limor@localhost) by xpert.com (8.7.5/8.7.3) id SAA13524 for
[email protected]; Wed, 2 Oct 1996 18:30:19 +0200
Date: Wed, 2 Oct 1996 18:30:19 +0200
From: Limor Schweitzer <
[email protected]>
Message-Id: <
[email protected]>
To:
[email protected]
Subject: New XACCT-2 Documentation
Sender:
[email protected]
Precedence: bulk
XACCT-2 Documentation
=====================
A fully featured 154 page document is now available for XACCT-2.
XACCT is the add-on to Checkpoint FireWall-1, that provides accounting
and reporting capabilities. The document is available in either MS/Word-7
or PostScript formats.
You may download it from our site:
http://www.xpert.com/xacct.html
Regards,
Limor Schweitzer
_____________________________________________________________
| \\ Limor Schweitzer <
[email protected]> (972)-3-6181118 |
| \\ // | Net Security |
| \\// __ ___ ___|__ Internet |
| //\ | \\// __/ | | S/W Development |
| // \\ | __//\\____ | \__ Network Integration |
|__//___\\| _______UNIX Systems LTD____System Administration__|
|
From netramet-owner Tue Oct 8 21:24:11 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id VAA22846 for netramet-outgoing; Tue, 8 Oct 1996 21:19:11 +1300 (NZDT)
Received: from solarnum.itd.uts.edu.au (solarnum.itd.uts.edu.au [138.25.16.3]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id VAA22827 for <
[email protected]>; Tue, 8 Oct 1996 21:18:48 +1300 (NZDT)
Received: from [138.25.16.25] (bacchus.itd.uts.edu.au [138.25.16.25]) by solarnum.itd.uts.edu.au (8.8.0/8.8.0/1.3) with SMTP id SAA01258 for <
[email protected]>; Tue, 8 Oct 1996 18:17:10 +1000 (EAST)
X-Sender:
[email protected]
Message-Id: <v02140b07ae7fbd2ea97d@[138.25.16.25]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 8 Oct 1996 18:17:47 +1000
To:
[email protected]
From:
[email protected] (Matthew Flanagan)
Subject: rules for subnet and ip port
Sender:
[email protected]
Precedence: bulk
Here at UTS we have a class B network (138.25.0.0). I would like to have a
set of rules that allows me to monitor traffic by subnet (255.255.255.0
mask) and ip port.
What is the simplest way I can do this?
Note that the ethernet segment I have the meter on has other traffic
besides UTS traffic going over it and I only want to meter the UTS traffic.
--
Matthew Flanagan
[email protected]
Network Administrator - Information Technology Division
University of Technology, Sydney.
Voice: +61 2 9514 2141 Fax: +61 2 9514 1994
From netramet-owner Fri Oct 11 13:52:39 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id NAA14203 for netramet-outgoing; Fri, 11 Oct 1996 13:47:35 +1300 (NZDT)
Received: from scorpions.ifqsc.sc.usp.br (scorpions.ifqsc.sc.usp.br [143.107.228.70]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id NAA14178 for <
[email protected]>; Fri, 11 Oct 1996 13:47:25 +1300 (NZDT)
Received: (from sergio@localhost) by scorpions.ifqsc.sc.usp.br (8.6.12/8.6.12) id VAA18641; Thu, 10 Oct 1996 21:48:33 GMT
Date: Thu, 10 Oct 1996 21:48:33 +0000 ()
From: Sergio Henrique Oliveira Pereira <
[email protected]>
X-Sender:
[email protected]
To: Lista Netramet <
[email protected]>
Subject: test
Message-ID: <Pine.BSF.3.91.961010214814.18636A-100000@scorpions.ifqsc.sc.usp.br>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
Ignore , test.
__
+|oo|+
+|oo|+ Instituto de Fisica de Sao Carlos - USP
|| Departamento de Fisica e Informatica
|| Grupo de Instrumentacao e Eletronica
||
||
|| E-mail :
[email protected]
_ || _
[email protected]
\\_||_//
| [] |
| || |
http://www.ifqsc.sc.usp.br/hpp/sergio/sergio.html
/ [] \
\______/
From netramet-owner Fri Oct 18 03:07:06 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id DAA03345 for netramet-outgoing; Fri, 18 Oct 1996 03:02:14 +1300 (NZDT)
Received: from gateway.bfg.com (gateway.bfg.com [131.187.253.2]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id DAA03338 for <
[email protected]>; Fri, 18 Oct 1996 03:02:09 +1300 (NZDT)
Received: (from uucp@localhost) by gateway.bfg.com (8.7.6/8.7.3) id KAA17212 for <
[email protected]>; Thu, 17 Oct 1996 10:03:40 -0400 (EDT)
Received: from ns1.bfg.com(192.73.67.20) by gw1.bfg.com via smap (V1.3)
id sma017201; Thu Oct 17 10:03:31 1996
Received: from trysg4 ([170.126.4.122]) by ns1.bfg.com (8.7.6/8.7.3) with SMTP id JAA21301 for <
[email protected]>; Thu, 17 Oct 1996 09:54:38 -0400 (EDT)
Message-ID: <
[email protected]>
Date: Thu, 17 Oct 1996 09:56:30 -0400
From: Raja T <
[email protected]>
Organization: BFGoodrich
X-Mailer: Mozilla 3.0 (X11; I; IRIX 5.3 IP22)
MIME-Version: 1.0
To:
[email protected]
Subject: Newbie: NeTraMet startup trouble on SGI
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender:
[email protected]
Precedence: bulk
Hi,
I'm trying to run the NeTraMet meter on an SGI (Indigo2 Irix 5.3) and
the program exits with the following message:
NeTraMet: Network Traffic Meter V3.4
bind: Address already in use
Any ideas why? Thanks in advance..
--
Raja Thiyagaraja
[email protected]
From netramet-owner Fri Oct 18 04:39:23 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id EAA06177 for netramet-outgoing; Fri, 18 Oct 1996 04:38:22 +1300 (NZDT)
Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id EAA06165 for <
[email protected]>; Fri, 18 Oct 1996 04:38:19 +1300 (NZDT)
Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP);
Thu, 17 Oct 1996 16:28:41 +0100
Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA02825; Thu, 17 Oct 1996 15:24:27 GMT
Date: Thu, 17 Oct 1996 15:24:27 +0000 (GMT)
From: George Tsirtsis <
[email protected]>
To: Raja T <
[email protected]>
Cc:
[email protected]
Subject: Re: Newbie: NeTraMet startup trouble on SGI
In-Reply-To: <
[email protected]>
Message-Id: <Pine.SOL.3.95.961017152248.2666D-100000@gideon>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
On Thu, 17 Oct 1996, Raja T wrote:
> Hi,
>
> I'm trying to run the NeTraMet meter on an SGI (Indigo2 Irix 5.3) and
> the program exits with the following message:
>
> NeTraMet: Network Traffic Meter V3.4
> bind: Address already in use
>
> Any ideas why? Thanks in advance..
>
>
> --
> Raja Thiyagaraja
>
[email protected]
>
I have exactly the same problem on a SPARCstation 20 running Solaris2.5.
If anyone what is going on It would be helpfull for me too
George Tsirtsis
--------------------------------------------------------------------------
Network Research Tel : 0044-1473-640756
BT Labs Fax : 0044-1473-640709
Ipswich e-mail:
[email protected]
--------------------------------------------------------------------------
From netramet-owner Fri Oct 18 19:59:38 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id TAA12792 for netramet-outgoing; Fri, 18 Oct 1996 19:57:11 +1300 (NZDT)
Received: from solarnum.itd.uts.edu.au (solarnum.itd.uts.edu.au [138.25.16.3]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id TAA12787 for <
[email protected]>; Fri, 18 Oct 1996 19:57:06 +1300 (NZDT)
Received: from [138.25.16.25] (bacchus.itd.uts.edu.au [138.25.16.25]) by solarnum.itd.uts.edu.au (8.8.0/8.8.0/1.3) with SMTP id QAA07303; Fri, 18 Oct 1996 16:55:39 +1000 (EAST)
X-Sender:
[email protected]
Message-Id: <v02140b04ae8cda7bf767@[138.25.16.25]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 18 Oct 1996 16:56:44 +1000
To: George Tsirtsis <
[email protected]>
From:
[email protected] (Matthew Flanagan)
Subject: Re: Newbie: NeTraMet startup trouble on SGI
Cc:
[email protected]
Sender:
[email protected]
Precedence: bulk
Are you running an snmp daemon?
> On Thu, 17 Oct 1996, Raja T wrote:
>
> > Hi,
> >
> > I'm trying to run the NeTraMet meter on an SGI (Indigo2 Irix 5.3) and
> > the program exits with the following message:
> >
> > NeTraMet: Network Traffic Meter V3.4
> > bind: Address already in use
> >
> > Any ideas why? Thanks in advance..
> >
> >
> > --
> > Raja Thiyagaraja
> >
[email protected]
> >
>
> I have exactly the same problem on a SPARCstation 20 running Solaris2.5.
>
> If anyone what is going on It would be helpfull for me too
>
> George Tsirtsis
> --------------------------------------------------------------------------
> Network Research Tel : 0044-1473-640756
> BT Labs Fax : 0044-1473-640709
> Ipswich e-mail:
[email protected]
> --------------------------------------------------------------------------
--
Matthew Flanagan
[email protected]
Network Administrator - Information Technology Division
University of Technology, Sydney.
Voice: +61 2 9514 2141 Fax: +61 2 9514 1994
From netramet-owner Fri Oct 18 21:36:33 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id VAA15252 for netramet-outgoing; Fri, 18 Oct 1996 21:34:22 +1300 (NZDT)
Received: from korin.warman.org.pl (korin.warman.org.pl [148.81.160.10]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id VAA15246 for <
[email protected]>; Fri, 18 Oct 1996 21:34:16 +1300 (NZDT)
Received: (from abial@localhost) by korin.warman.org.pl (8.7.5/8.7.3) id KAA26383; Fri, 18 Oct 1996 10:33:28 +0200 (MET DST)
Date: Fri, 18 Oct 1996 10:33:27 +0200 (MET DST)
From: Andrzej Bialecki <
[email protected]>
To: Matthew Flanagan <
[email protected]>
cc: George Tsirtsis <
[email protected]>,
[email protected]
Subject: Re: Newbie: NeTraMet startup trouble on SGI
In-Reply-To: <v02140b04ae8cda7bf767@[138.25.16.25]>
Message-ID: <
[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
On Fri, 18 Oct 1996, Matthew Flanagan wrote:
> Are you running an snmp daemon?
>
> > On Thu, 17 Oct 1996, Raja T wrote:
> >
> > > NeTraMet: Network Traffic Meter V3.4
> > > bind: Address already in use
> > >
> > > Any ideas why? Thanks in advance..
> > > --
> > > Raja Thiyagaraja
> > >
[email protected]
> > >
> >
> > I have exactly the same problem on a SPARCstation 20 running Solaris2.5.
> > George Tsirtsis
This message means that some process uses this port being a server. So it
can be above-mentioned snmp daemon. I encountered this problem when I was
trying to run two NeTraMets on one machine with two eth. cards. And I
have a simple workaround:
If you have to run the snmp daemon, simply change the #define SNMP_PORT
in (I think) snmplib/snmp.h to other value. As long as NeTraMet _and_
NeMaC use the same port, it really doesn't matter which specific port
number you use (of course, you should choose one that is unused and one you
least likely need in the future). Then recompile everything and enjoy :-)
I hope this helps.
Andy.
+-------------------------------------------------------------------------+
Andrzej Bialecki <
[email protected]> _) _) _)_) _)_)_) _) _)
--------------------------------------- _)_) _) _) _) _)_) _)_)
Research and Academic Network in Poland _) _)_) _)_)_)_) _) _) _)
Bartycka 18, 00-716 Warsaw, Poland _) _) _) _) _)_)_) _) _)
+-------------------------------------------------------------------------+
From netramet-owner Fri Oct 18 21:48:17 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id VAA15511 for netramet-outgoing; Fri, 18 Oct 1996 21:46:21 +1300 (NZDT)
Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id VAA15505 for <
[email protected]>; Fri, 18 Oct 1996 21:46:16 +1300 (NZDT)
Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP);
Fri, 18 Oct 1996 09:44:20 +0100
Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA03926; Fri, 18 Oct 1996 08:39:42 GMT
Date: Fri, 18 Oct 1996 08:39:41 +0000 (GMT)
From: George Tsirtsis <
[email protected]>
To: Andrzej Bialecki <
[email protected]>
Cc: Matthew Flanagan <
[email protected]>,
George Tsirtsis <
[email protected]>,
[email protected]
Subject: Re: Newbie: NeTraMet startup trouble on SGI
In-Reply-To: <
[email protected]>
Message-Id: <Pine.SOL.3.95.961018083743.3703C-100000@gideon>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
On Fri, 18 Oct 1996, Andrzej Bialecki wrote:
>
> This message means that some process uses this port being a server. So it
> can be above-mentioned snmp daemon. I encountered this problem when I was
> trying to run two NeTraMets on one machine with two eth. cards. And I
> have a simple workaround:
> If you have to run the snmp daemon, simply change the #define SNMP_PORT
> in (I think) snmplib/snmp.h to other value. As long as NeTraMet _and_
> NeMaC use the same port, it really doesn't matter which specific port
> number you use (of course, you should choose one that is unused and one you
> least likely need in the future). Then recompile everything and enjoy :-)
>
> I hope this helps.
>
> Andy.
In fact you can use the options of snmpd to make it use a different post
number instead of recompiling the whole thing.
try
'snmpd -p port'
George Tsirtsis
--------------------------------------------------------------------------
Network Research Tel : 0044-1473-640756
BT Labs Fax : 0044-1473-640709
Ipswich e-mail:
[email protected]
--------------------------------------------------------------------------
From netramet-owner Fri Oct 18 22:36:26 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id WAA16686 for netramet-outgoing; Fri, 18 Oct 1996 22:34:33 +1300 (NZDT)
Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id WAA16681 for <
[email protected]>; Fri, 18 Oct 1996 22:34:30 +1300 (NZDT)
Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP);
Fri, 18 Oct 1996 10:31:47 +0100
Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA04293; Fri, 18 Oct 1996 09:27:32 GMT
Date: Fri, 18 Oct 1996 09:27:31 +0000 (GMT)
From: George Tsirtsis <
[email protected]>
To: Matthew Flanagan <
[email protected]>
Cc: George Tsirtsis <
[email protected]>,
[email protected]
Subject: Re: Newbie: NeTraMet startup trouble on SGI
In-Reply-To: <v02140b04ae8cda7bf767@[138.25.16.25]>
Message-Id: <Pine.SOL.3.95.961018091007.3703D-100000@gideon>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
On Fri, 18 Oct 1996, Matthew Flanagan wrote:
> Are you running an snmp daemon?
>
So, that was the problem.... Thanks for the tip, but I am afraid thats was
the easy part.
If I understand correctly NeTraMet is just a meter. So, when I run it it
goes and set it self up on my network card and looks at the packets going
back and forth. Then you have NeMac which is responsible of many things.
First through a rule.file it has to configure the 'meter' to measure
specific things rather what the default rules instract. Then NeMaC
collects the staff every some time interval that we can change. Finally
formats the data in a presentable way (short of anyway) and creates the
output file.
Now I dont understand how the meter takes its name. In some examples in
the manual NeMaC uses the following structure :
NeMaC -c120 -r rules.sample 130.216.234.237 test
Is the doted number the name of the meter? If yes, where do we specify
that and how can we change it? "test" obviusly is the SNMP community name,
but where do we specify its name?
I run NeTraMet as follows:
NeTraMet -k& (since I run meter and manager on Unix)
and then NeMaC as above. I get the following error message:
NeMaC: NeTraMet Manager & Controller V3.3
Using MIB file: /usr/local/NeTraMet/mib/mib.txt
Couldn't get meter info from 130.216.234.237!
Does community test have read or write access to the meter?
Can anybudy help?
Thanks in advance
George Tsirtsis
e-mail:
[email protected]
From netramet-owner Sat Oct 19 04:35:38 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id EAA25033 for netramet-outgoing; Sat, 19 Oct 1996 04:30:19 +1300 (NZDT)
Received: from erinet.com (eri-shell.erinet.com [207.0.229.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id EAA25026 for <
[email protected]>; Sat, 19 Oct 1996 04:30:15 +1300 (NZDT)
Received: from 207.90.116.186 (dlp154.dayton.eri.net [207.90.116.186]) by erinet.com (8.8.0/8.8.0) with SMTP id LAA03975; Fri, 18 Oct 1996 11:27:00 -0400 (EDT)
Message-ID: <
[email protected]>
Date: Fri, 18 Oct 1996 11:51:26 +0000
From: Raja <
[email protected]>
Reply-To:
[email protected]
Organization: Home
X-Mailer: Mozilla 3.0 (Macintosh; I; 68K)
MIME-Version: 1.0
To: George Tsirtsis <
[email protected]>
CC:
[email protected]
Subject: Re: Newbie: NeTraMet startup trouble on SGI
References: <Pine.SOL.3.95.961018091007.3703D-100000@gideon>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender:
[email protected]
Precedence: bulk
George Tsirtsis wrote:
>
> So, that was the problem.... Thanks for the tip, but I am afraid thats was
> the easy part.
>
> etc..
> I run NeTraMet as follows:
> NeTraMet -k& (since I run meter and manager on Unix)
>
> and then NeMaC as above. I get the following error message:
>
> NeMaC: NeTraMet Manager & Controller V3.3
> Using MIB file: /usr/local/NeTraMet/mib/mib.txt
> Couldn't get meter info from 130.216.234.237!
> Does community test have read or write access to the meter?
>
> George Tsirtsis
> e-mail:
[email protected]
Thanks to all for help regarding snmpd port number... I recompiled and
am trying to run the meter and manager..
I'm exactly where George is !! Same messages as above...
Raja Thiyagaraja
[email protected]
From netramet-owner Sat Oct 19 04:47:00 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id EAA25406 for netramet-outgoing; Sat, 19 Oct 1996 04:43:59 +1300 (NZDT)
Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id EAA25401 for <
[email protected]>; Sat, 19 Oct 1996 04:43:56 +1300 (NZDT)
Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP);
Fri, 18 Oct 1996 16:43:13 +0100
Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA06060; Fri, 18 Oct 1996 15:38:54 GMT
Date: Fri, 18 Oct 1996 15:38:54 +0000 (GMT)
From: George Tsirtsis <
[email protected]>
To: Raja <
[email protected]>
Cc:
[email protected]
Subject: Re: Newbie: NeTraMet startup trouble on SGI
In-Reply-To: <
[email protected]>
Message-Id: <Pine.SOL.3.95.961018152825.5645A-100000@gideon>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
> >
> > and then NeMaC as above. I get the following error message:
> >
> > NeMaC: NeTraMet Manager & Controller V3.3
> > Using MIB file: /usr/local/NeTraMet/mib/mib.txt
> > Couldn't get meter info from 130.216.234.237!
> > Does community test have read or write access to the meter?
> >
> > George Tsirtsis
> > e-mail:
[email protected]
>
> Thanks to all for help regarding snmpd port number... I recompiled and
> am trying to run the meter and manager..
>
> I'm exactly where George is !! Same messages as above...
>
> Raja Thiyagaraja
>
[email protected]
>
Raja I managed to find a way out...
Do the following:
1)Run NeTraMet with no arguments and not in the bg, this way you can use
some online compands type ? to see...
2)Then in another xterm run NeMaC as follows:
NeMaC -r rules.<file> <your IPaddress> private
rules.<file> is one of the files in the NeTraMet/examples directory, I put
the NeTraMet and NeMaC exec files in there to make things easier.
3)Do not use 'rules.sample' because it has syntax error. You can try
NeMaC -s -l -r rules.<file> > errors
to search for syntax errors.
In (2) I put at the end of the command the community 'private' and not
'test' as the example intracts. That is because by default NeTraMet has
write privilige on private and you have to use the same SNMP community for
NeMaC. (It is something like a password betwwen meter and manager that
allows them to "talk" to eachother.
So, that should work...
I now try to find out what the output files mean and what you can do with
them...
Keep in touch!!
George Tsirtsis
--------------------------------------------------------------------------
Network Research Tel : 0044-1473-640756
BT Labs Fax : 0044-1473-640709
Ipswich e-mail:
[email protected]
--------------------------------------------------------------------------
From netramet-owner Sat Oct 19 17:08:10 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id RAA15782 for netramet-outgoing; Sat, 19 Oct 1996 17:05:32 +1300 (NZDT)
Received: from maggie.clear.co.nz (
[email protected] [203.97.4.1]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id RAA15777 for <
[email protected]>; Sat, 19 Oct 1996 17:05:30 +1300 (NZDT)
Received: from exchange1.clear.co.nz by maggie.clear.co.nz (8.7.3/8.7) with SMTP id RAA19094 for <
[email protected]>; Sat, 19 Oct 1996 17:05:27 +1300 (NZDT)
Received: by exchange1.clear.co.nz with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5)
id <
[email protected]>; Sat, 19 Oct 1996 17:06:12 +1300
Message-ID: <c=NZ%a=_%p=CLEAR%
[email protected]>
From: Giles Heron <
[email protected]>
To: "'George Tsirtsis'" <
[email protected]>
Cc: "'Giles Heron'" <
[email protected]>,
"'
[email protected]'"
<
[email protected]>
Subject: RE: Newbie: NeTraMet startup trouble on SGI
Date: Sat, 19 Oct 1996 17:06:49 +1300
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender:
[email protected]
Precedence: bulk
George,
>
>> Now I dont understand how the meter takes its name. In some examples in
>> the manual NeMaC uses the following structure :
>>
>> NeMaC -c120 -r rules.sample 130.216.234.237 test
>>
>> Is the doted number the name of the meter? If yes, where do we specify
>> that and how can we change it? "test" obviusly is the SNMP community name,
>> but where do we specify its name?
The dotted number is the IP address of the meter.
On Unix the IP address is configured in the /etc/hosts file.
In general you should get IP addresses from your network admin.
Running the meter on DOS I start it with a parameter of the form
-wCommunityName, to configure the SNMP write community name on
the meter. I expect the Unix parameters are the same.
>> Can anybudy help?
Hope I did...
Giles
=================================================================
Giles Heron CLEAR Communications, Auckland, New Zealand
[email protected] ph +64 9 912 4462 fax +64 9 912 4442
=================================================================
From netramet-owner Mon Oct 21 15:50:50 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id PAA28340 for netramet-outgoing; Mon, 21 Oct 1996 15:44:37 +1300 (NZDT)
Received: from kuji.off.connect.com.au (kuji.off.connect.com.au [203.63.69.33]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id PAA28332 for <
[email protected]>; Mon, 21 Oct 1996 15:44:31 +1300 (NZDT)
Received: from connect.com.au (mrp@localhost) by kuji.off.connect.com.au with ESMTP id MAA24334
(8.7.5/IDA-1.6 for <
[email protected]>); Mon, 21 Oct 1996 12:13:50 +0930 (CST)
Message-ID: <
[email protected]>
X-Authentication-Warning: kuji.off.connect.com.au: mrp owned process doing -bs
To:
[email protected]
Subject: How useful in the PC version?
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <
[email protected]>
Date: Mon, 21 Oct 1996 12:13:50 +0930
From: Mark Prior <
[email protected]>
Sender:
[email protected]
Precedence: bulk
We are looking at deploying NeTraMet on our border Ethernets and I am
trying to determine whether a PC will be adequate (RSN it will be a
Fast Ethernet border) to measure the flows. My initial plan is to just
monitor the protocols in use but after coming to grips with NeTraMet I
will want to construct a matrix of networkk traffic out to the networks
we peer with, this will involve a large number of "internal" networks
indiviually accounted for (since we are a national ISP).
Any thoughts? Should I just stuff a SPARCstation out there instead?
Thanks,
Mark.
From netramet-owner Tue Oct 22 06:00:31 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id FAA28795 for netramet-outgoing; Tue, 22 Oct 1996 05:57:42 +1300 (NZDT)
Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id FAA28790 for <
[email protected]>; Tue, 22 Oct 1996 05:57:39 +1300 (NZDT)
Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP);
Mon, 21 Oct 1996 17:57:02 +0100
Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA10731; Mon, 21 Oct 1996 16:52:49 GMT
Date: Mon, 21 Oct 1996 16:52:48 +0000 (GMT)
From: George Tsirtsis <
[email protected]>
To: Giles Heron <
[email protected]>
Cc: "'
[email protected]'" <
[email protected]>
Subject: RE: Newbie: NeTraMet startup trouble on SGI
In-Reply-To: <c=NZ%a=_%p=CLEAR%
[email protected]>
Message-Id: <Pine.SOL.3.95.961021164047.10657A-100000@gideon>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
On Sat, 19 Oct 1996, Giles Heron wrote:
>
> Hope I did...
>
> Giles
>
> =================================================================
> Giles Heron CLEAR Communications, Auckland, New Zealand
>
[email protected] ph +64 9 912 4462 fax +64 9 912 4442
> =================================================================
You did indeed!!!!
Now I have the thing working and I am also vary happy to use 'nm_rc'. The
configuration of rule files however is not straightforward.
First of all I am not confortable with some of the 'actions'.
For example I dont understand the difference between the PushRuleto and
PushPktto.
Also in some of the example rules there is an action which is not
described in the manual. (Pushto : eg:see rules.rc.ip.new)
Finally, in IP attributes "when TransType is TCP or UDP, TransAddress
contain the flow's source and destination port numbers" says the manual.
My problem is apart of the standard 'telnet' , 'ftp' etc. staff I get
'port numbers' that are very big (more than 30000). Any ideas what those
are or a way to recognise them?
Thanks everybudy
George Tsirtsis
--------------------------------------------------------------------------
Network Research Tel : 0044-1473-640756
BT Labs Fax : 0044-1473-640709
Ipswich e-mail:
[email protected]
--------------------------------------------------------------------------
From netramet-owner Tue Oct 22 09:51:36 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id JAA10779 for netramet-outgoing; Tue, 22 Oct 1996 09:49:21 +1300 (NZDT)
Received: from igw3.watson.ibm.com (igw3.watson.ibm.com.139.34.129.in-addr.arpa [129.34.139.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id JAA10770 for <
[email protected]>; Tue, 22 Oct 1996 09:49:16 +1300 (NZDT)
From:
[email protected]
Received: from mailhub1.watson.ibm.com (mailhub1.watson.ibm.com [9.2.249.31]) by igw3.watson.ibm.com (8.7.6/8.7.1) with ESMTP id QAA11590 for <
[email protected]>; Mon, 21 Oct 1996 16:49:09 -0400
Received: from yktvmv.watson.ibm.com (yktvmv.watson.ibm.com [9.117.33.29]) by mailhub1.watson.ibm.com (8.7.1/10-19-96) with SMTP id QAA689960 for <netramet%
[email protected]>; Mon, 21 Oct 1996 16:49:00 -0400
Message-Id: <
[email protected]>
Received: from YKTVMV by yktvmv.watson.ibm.com (IBM VM SMTP V2R3)
with BSMTP id 2994; Mon, 21 Oct 96 16:48:58 EDT
Date: Mon, 21 Oct 96 16:48:36 EDT
To:
[email protected]
Subject: RE: Newbie: NeTraMet startup trouble on SGI
Sender:
[email protected]
Precedence: bulk
Reference: Note from
[email protected]
>
> First of all I am not confortable with some of the 'actions'.
> For example I dont understand the difference between the PushRuleto and
> PushPktto.
>
Briefly, "PushRuleTo" looks at the contents of the Rule for the items
to push, while PushPktto pushes the data extracted from the packet
header. In many cases the same data can be obtained from both places,
but for any "derived" attributes, it can only be obtained from the
rule.
>
> Also in some of the example rules there is an action which is not
> described in the manual. (Pushto : eg:see rules.rc.ip.new)
>
Good catch! I believe that this is short for "PushRuleto". Notice
how this rule set explicitly spells out "PushPktto", but has no
"PushRuleto" actions. It would be better to spell out both PushRuleto
and PushPktto.
*** This rule file should probably be updated before the next ***
*** release... ***
>
> Finally, in IP attributes "when TransType is TCP or UDP, TransAddress
> contain the flow's source and destination port numbers" says the manual.
> My problem is apart of the standard 'telnet' , 'ftp' etc. staff I get
> 'port numbers' that are very big (more than 30000). Any ideas what those
> are or a way to recognise them?
>
The best source for information decoding these things is the "Assigned
Numbers" RFC - currently RFC 1700. You should track down a copy of this.
(I would give you a URL, but I can't reach the page right now to verify
the info - you might try:
http://info.internet.isi.edu/1/in-notes/rfc)
Numbers from 0 -> 1023 are considered "well-known" port numbers.
Numbers >= 1024 may be "Registered". The problem is that many of the
numbers you are seeing in this range are "ephemeral". The client just
grabs a handy (available) number and uses it as part of the return
address when talking to the server. The trick is trying to differentiate
between the registered and the ephemeral port numbers. (Will involve
looking at both the sorce and destination port numbers, to see if you
recognize either one, and then ignoring the other - some of the other
examples (and/or documentation) address this.
>
Stephen Stibler
From netramet-owner Wed Oct 23 02:53:32 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id CAA04067 for netramet-outgoing; Wed, 23 Oct 1996 02:49:18 +1300 (NZDT)
Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id CAA04055 for <
[email protected]>; Wed, 23 Oct 1996 02:49:14 +1300 (NZDT)
Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP);
Tue, 22 Oct 1996 14:43:13 +0100
Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA01838; Tue, 22 Oct 1996 13:38:54 GMT
Date: Tue, 22 Oct 1996 13:38:54 +0000 (GMT)
From: George Tsirtsis <
[email protected]>
To:
[email protected]
Subject: rules.rc.ip.new
Message-Id: <Pine.SOL.3.95.961022133559.1781E-100000@gideon>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
What I dont understand about this rule file (rules.rc.ip.new) is the
effect that the
'tcp_udp' set of rules has. I put # in front of every SourceTranseAddress
and DestTransAddress and nothing changes at the output. Furthermore I do
not understand what any of the 'DestTransAddress & 255.255 = domain:
Retry, 0;' is used for. Why retry?
Finally, on 'SourceTransAddress & 255.255 = www: PushtoAct,
c_trans_source;' the packet goes to c_trans_source which does not contane
any rules. So, the data are lost, is that correct?
Any ideas folks?
George Tsirtsis
--------------------------------------------------------------------------
Network Research Tel : 0044-1473-640756
BT Labs Fax : 0044-1473-640709
Ipswich e-mail:
[email protected]
--------------------------------------------------------------------------
From netramet-owner Wed Oct 23 03:29:38 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id DAA05395 for netramet-outgoing; Wed, 23 Oct 1996 03:27:47 +1300 (NZDT)
Received: from igw3.watson.ibm.com (igw3.watson.ibm.com [129.34.139.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id DAA05388 for <
[email protected]>; Wed, 23 Oct 1996 03:27:44 +1300 (NZDT)
From:
[email protected]
Received: from mailhub1.watson.ibm.com (mailhub1.watson.ibm.com [9.2.249.31]) by igw3.watson.ibm.com (8.7.6/8.7.1) with ESMTP id KAA17624; Tue, 22 Oct 1996 10:27:49 -0400
Received: from yktvmv.watson.ibm.com (yktvmv.watson.ibm.com [9.117.33.29]) by mailhub1.watson.ibm.com (8.7.1/10-19-96) with SMTP id KAA120878; Tue, 22 Oct 1996 10:26:45 -0400
Message-Id: <
[email protected]>
Received: from YKTVMV by yktvmv.watson.ibm.com (IBM VM SMTP V2R3)
with BSMTP id 2512; Tue, 22 Oct 96 10:26:42 EDT
Date: Tue, 22 Oct 96 10:19:58 EDT
To:
[email protected]
cc:
[email protected]
Subject: X/Motif Flow Analyser
Sender:
[email protected]
Precedence: bulk
>
> From: George Tsirtsis <
[email protected]>
> To:
[email protected]
>
> I have heard that there is a graphic representation program for NeTraMet.
> Is that true?
>
>
Hi,
I have seen some info about it, but have not actually used it. Have you
read the rtfm "Experiences" Document? There is some discussion of the
X-Windows display program there.
It can be found at:
http://www.auckland.ac.nz/net/Internet/rtfm/rtfm-exp.txt
Actually, not much info there - just the mention of the program and its
name - "Nifty". (By the way, I think the name may have changed - Nevil is
there a new name?.) But, you may still find the experiences document useful
with your other questions - it is well worth a read!
Okay, look here:
http://www.auckland.ac.nz/net/Accounting/ntm.Release.note.html
This URL states that "nifty" is available with version 3.4 of Netramet. If
you don't have 3.4 you might want to grab a copy. (Links available from the
same page.)
Stephen
From netramet-owner Wed Oct 23 06:22:35 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id GAA00510 for netramet-outgoing; Wed, 23 Oct 1996 06:21:32 +1300 (NZDT)
Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id GAA00501 for <
[email protected]>; Wed, 23 Oct 1996 06:21:28 +1300 (NZDT)
Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP);
Tue, 22 Oct 1996 18:05:18 +0100
Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA00822; Tue, 22 Oct 1996 17:00:19 GMT
Date: Tue, 22 Oct 1996 17:00:18 +0000 (GMT)
From: George Tsirtsis <
[email protected]>
To:
[email protected]
Cc:
[email protected]
Subject: Re: X/Motif Flow Analyser
In-Reply-To: <
[email protected]>
Message-Id: <Pine.SOL.3.95.961022164839.603A-100000@gideon>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
>
> Hi,
>
> I have seen some info about it, but have not actually used it. Have you
> read the rtfm "Experiences" Document? There is some discussion of the
> X-Windows display program there.
>
> It can be found at:
>
>
http://www.auckland.ac.nz/net/Internet/rtfm/rtfm-exp.txt
>
> Actually, not much info there - just the mention of the program and its
> name - "Nifty". (By the way, I think the name may have changed - Nevil is
> there a new name?.) But, you may still find the experiences document useful
> with your other questions - it is well worth a read!
>
> Okay, look here:
>
>
http://www.auckland.ac.nz/net/Accounting/ntm.Release.note.html
>
> This URL states that "nifty" is available with version 3.4 of Netramet. If
> you don't have 3.4 you might want to grab a copy. (Links available from the
> same page.)
>
>
> Stephen
I suspect that you talk about NetFlow. That is the new program that I
found in the 3.4 version and thank you very much.
I had some problems however...
First of all I did not have the motif libraries and as such when I was
doing make in the manager dir I was getting the message that the Xm/Xm.h
file is missing.
I installed CDE in my Solaris 2.5 which usualy runs openwin and I hoped
for the best.
The library was now in but the path was wrong. I did not find where in the
programs says about where the Xm staff should be. Thus I copied the Xm dir
from where it was, to /usr/include. The make now succeded.
I copy my files to the examples/ dir for convinience and I run Netramet.
Now, I can not find any documend about NetFlow!!
When I run:
NetFlow
I get
ld.so.1: NetFlow: fatal: libucb.so.1: can'open file: errno=2
killed
This file (libucb.so.1) however is in the dir:
/usr/ucblib/libucb.so.1
What is wrong then?????
Thanks again in advance
George Tsirtsis
--------------------------------------------------------------------------
Network Research Tel : 0044-1473-640756
BT Labs Fax : 0044-1473-640709
Ipswich e-mail:
[email protected]
--------------------------------------------------------------------------
From netramet-owner Wed Oct 23 06:22:36 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id GAA00512 for netramet-outgoing; Wed, 23 Oct 1996 06:21:33 +1300 (NZDT)
Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id GAA00503 for <
[email protected]>; Wed, 23 Oct 1996 06:21:30 +1300 (NZDT)
Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP);
Tue, 22 Oct 1996 18:13:08 +0100
Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA00968; Tue, 22 Oct 1996 17:08:56 GMT
Date: Tue, 22 Oct 1996 17:08:55 +0000 (GMT)
From: George Tsirtsis <
[email protected]>
To:
[email protected]
Cc:
[email protected]
Subject: Re: X/Motif Flow Analyser
In-Reply-To: <
[email protected]>
Message-Id: <Pine.SOL.3.95.961022170720.965A-100000@gideon>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
Correction!!!
Not only the NetFlow gives me the error message about the libucb.so.1 but
also the NeMaC and the nm_rc. So, something is wrong with the Manager
compilation all together!!!
George Tsirtsis
--------------------------------------------------------------------------
Network Research Tel : 0044-1473-640756
BT Labs Fax : 0044-1473-640709
Ipswich e-mail:
[email protected]
--------------------------------------------------------------------------
From netramet-owner Wed Oct 23 16:40:27 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id QAA13986 for netramet-outgoing; Wed, 23 Oct 1996 16:38:31 +1300 (NZDT)
Received: from ccu1.auckland.ac.nz (ccu1.auckland.ac.nz [130.216.3.1]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id QAA13978; Wed, 23 Oct 1996 16:38:29 +1300 (NZDT)
Received: (from nevil@localhost) by ccu1.auckland.ac.nz (8.7.3/8.7.3) id QAA23714; Wed, 23 Oct 1996 16:38:28 +1300 (NDT)
From: J Nevil Brownlee <
[email protected]>
Message-Id: <
[email protected]>
Subject: Re: X/Motif Flow Analyser
To:
[email protected] (George Tsirtsis)
Date: Wed, 23 Oct 1996 16:38:27 +1300 (NDT)
Cc:
[email protected]
In-Reply-To: <Pine.SOL.3.95.961022170720.965A-100000@gideon> from "George Tsirtsis" at Oct 22, 96 05:08:55 pm
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender:
[email protected]
Precedence: bulk
Hello George:
> Not only the NetFlow gives me the error message about the libucb.so.1 but
> also the NeMaC and the nm_rc. So, something is wrong with the Manager
> compilation all together!!!
>
> George Tsirtsis
1) The X/Motif flow analyser was originally called 'NetFlow.' I changed
the name to 'nifty' to avoid confusion with 'net flow switching' as
used by Cisco.
2) The sources and make files are included with the neTraMet 3.4
distribution. I have built and run it on Irix, Solaris and AIX.
You'll need to look carefully at the Makefile in xxx/manager (where
xxx is the operating system you're building for) so as to make sure
the libraries (run-time and/or compile-time) are correct for your
system.
3) There is a complete manual for nifty in the doc/NeTraMet directory,
it's called nifty34.ps. If you'd rather use the original document,
file ntm-word.zip (in the distribution directory) contains all the
NeTraMet documents in Microsoft Word 2.0 format.
Cheers, Nevil
+-----------------------------------------------------------------------+
| Nevil Brownlee Director, Technology Development |
| Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland |
| FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand |
+-----------------------------------------------------------------------C
From netramet-owner Thu Oct 24 02:50:13 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id CAA04295 for netramet-outgoing; Thu, 24 Oct 1996 02:47:39 +1300 (NZDT)
Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id CAA04285; Thu, 24 Oct 1996 02:47:33 +1300 (NZDT)
Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP);
Wed, 23 Oct 1996 12:55:40 +0100
Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA04425; Wed, 23 Oct 1996 11:51:26 GMT
Date: Wed, 23 Oct 1996 11:51:26 +0000 (GMT)
From: George Tsirtsis <
[email protected]>
To: J Nevil Brownlee <
[email protected]>
Cc:
[email protected]
Subject: Re: X/Motif Flow Analyser
In-Reply-To: <
[email protected]>
Message-Id: <Pine.SOL.3.95.961023114114.4367B-100000@gideon>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
Thanks to Nevil and Stephen I managed to overcome the problems with nifty.
Just for everybudy else to know the 3.4 version of Netramet does not
include nifty in all tyhe sites that is available. So if it is not on the
packet that you just unziped-untared look in another site.
Nifty however is a very nice application and I suggest to every one how
has not downloaded yet to do it. It makes your life so much easier...
One question about nifty. I get squares, W, M etc. outside the axis that
is on the LEFT of Y-axis and UNDER the X-axis. What is the meaning of
this?
Also after some time that the nifty runs and when I click on one of the
points waiting to see info about the flow one the bottom of the screen I
only see the coordinates of the point (eg 4.14 s, 1.69 pps) and on the
xterm that nifty runs something like:
This
name does not exist:
iso.org.dod.internet.mgmt.mib.acctMIB.acctFlowdata.acctFlowTable.acctFlowEntry.acctFlowSourceInterface.2579
Failed to get info for flow 2579 !!!
Does that mean that the flow does not exist anymore?
George Tsirtsis
--------------------------------------------------------------------------
Network Research Tel : 0044-1473-640756
BT Labs Fax : 0044-1473-640709
Ipswich e-mail:
[email protected]
--------------------------------------------------------------------------
From netramet-owner Fri Oct 25 05:49:55 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id FAA22037 for netramet-outgoing; Fri, 25 Oct 1996 05:45:41 +1300 (NZDT)
Received: from pdx1.world.net (pdx1.world.net [192.243.32.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id FAA22031 for <
[email protected]>; Fri, 25 Oct 1996 05:45:38 +1300 (NZDT)
Received: from simonpc.world.net (simonpc.world.net [192.243.32.155]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id JAA21601 for <
[email protected]>; Thu, 24 Oct 1996 09:46:23 -0700 (PDT)
Message-Id: <
[email protected]>
X-Sender:
[email protected]
X-Mailer: Windows Eudora Pro Version 3.0b36 (32)
Date: Thu, 24 Oct 1996 09:48:07 -0700
To:
[email protected]
From: Simon Ferrett <
[email protected]>
Subject: Rules and flows
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender:
[email protected]
Precedence: bulk
Hi,
I've recently set up netramet to monitor customer based
traffic on a common ethernet segment and I have a couple of
questions regarding how the counters are updated if a packet
is gathered that might apply to more than one rule:
I have a ruleset that looks something like this:
#
RULES
SourcePeerType & 255 = IP: pushto, whoisit;
Null & 0 = 0: Ignore, 0;
#
whoisit:
#
SourcePeerAddress & 255.255.255.0 = x.y.69.0: countpkt, 0;
SourcePeerAddress & 255.255.255.0 = x.y.64.0: countpkt, 0;
.similar formed rules omitted..
SourcePeerAddress & 255.255.255.0 = a.b.c.0: countpkt, 0;
SourcePeerAddress & 255.255.0.0 = x.y.0.0: gotoact, def;
#
Null & 0 = 0: retry, 0;
#
def:
SourcePeerAddress & 255.255.255.0 = 0: pushpkttoact, Next;
Null & 0 = 0: count, 0;
#
FORMAT FlowRuleSet FlowIndex FirstTime " "
SourcePeerType " " SourcePeerAddress DestPeerAddress " "
ToOctets FromOctets;
#
STATISTICS
I realise that this probably isn't the best way to have the
ruleset to gather stats about usages for each class-c address
but at the time of creation I was having a slight problem getting
my head around the ruleset nuances.
With the above rules I was hoping to achieve:
*) statistics gathering for traffic to and from the x.y.69.0 net
*) " " x.y.64.0 net
*) " " a.b.c.0 net
*) statistics gathering for individual x.y.n.0 addresses that didnt
fall into any of the more explicitly specified x.y.z.0 rules.
The rules appear to be doing what I intended, however there are still
some questions I have that I would be most grateful if someone out
there knows the answer to:
-) If the meter gathers a packet with src: a.b.c.d and dest: x.y.69.e
will it be counted in the a.b.c.0 rule only?
Meaning that the stats gathered for x.y.69.0 are a measure of the
traffic FROM that source or TO that source EXCEPT from any
source mentioned in any other rules (since that packet would
already have counted as a from-that-source already)
Is this a correct "deciphering" of the way the rules will behave?
Any advice/comments are appreciated.
Cheers,
---
Simon Ferrett -
[email protected]
From netramet-owner Fri Oct 25 17:05:00 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id RAA21340 for netramet-outgoing; Fri, 25 Oct 1996 17:02:22 +1300 (NZDT)
Received: from igw3.watson.ibm.com (igw3.watson.ibm.com [129.34.139.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id RAA21332 for <
[email protected]>; Fri, 25 Oct 1996 17:02:18 +1300 (NZDT)
From:
[email protected]
Received: from mailhub1.watson.ibm.com (mailhub1.watson.ibm.com [9.2.249.31]) by igw3.watson.ibm.com (8.7.6/8.7.1) with ESMTP id AAA09896 for <
[email protected]>; Fri, 25 Oct 1996 00:02:24 -0400
Received: from yktvmv.watson.ibm.com (yktvmv.watson.ibm.com [9.117.33.29]) by mailhub1.watson.ibm.com (8.8.0/10-23-96) with SMTP id PAA742176 for <netramet%
[email protected]>; Thu, 24 Oct 1996 15:50:07 -0400
Message-Id: <
[email protected]>
Received: from YKTVMV by yktvmv.watson.ibm.com (IBM VM SMTP V2R3)
with BSMTP id 2725; Thu, 24 Oct 96 15:50:05 EDT
Date: Thu, 24 Oct 96 13:21:09 EDT
To:
[email protected]
Subject: Rules and flows
Sender:
[email protected]
Precedence: bulk
Reference: Post from
[email protected]
>
> -) If the meter gathers a packet with src: a.b.c.d and dest: x.y.69.e
> will it be counted in the a.b.c.0 rule only?
> Meaning that the stats gathered for x.y.69.0 are a measure of the
> traffic FROM that source or TO that source EXCEPT from any
> source mentioned in any other rules (since that packet would
> already have counted as a from-that-source already)
>
> Is this a correct "deciphering" of the way the rules will behave?
>
That sounds correct to me - at least in principle. The exact wording
of the second sentence would need a bit of work to be 100% correct.
The MOST IMPORTANT thing to remember about Rule Matching is: Each
packet will be counted at most one time. So the same packet will not
be counted in multiple flows.
To accurately count what you want here, you would need to add
rules to tell the meter to count all packets with SRC a.b.c.0 and
DST x.y.69.0 before your existing rules. In post-processing you would
then need to add this traffic between these to endpoints to the totals
obtained for each endpoint. You might want to take a look at the RTFM
experiences document:
http://www.auckland.ac.nz/net/Internet/rtfm/rtfm-exp.txt
There is a section on "Subroutines" in rule sets, starting around page 20
that might be helfpul to you.
Stephen Stibler
From netramet-owner Sat Oct 26 04:02:41 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id DAA10042 for netramet-outgoing; Sat, 26 Oct 1996 03:59:34 +1300 (NZDT)
Received: from scorpions.ifqsc.sc.usp.br (scorpions.ifqsc.sc.usp.br [143.107.228.70]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id DAA10037 for <
[email protected]>; Sat, 26 Oct 1996 03:59:30 +1300 (NZDT)
Received: (from sergio@localhost) by scorpions.ifqsc.sc.usp.br (8.6.12/8.6.12) id MAA23326; Fri, 25 Oct 1996 12:59:19 GMT
Date: Fri, 25 Oct 1996 12:59:18 +0000 ()
From: Sergio Henrique Oliveira Pereira <
[email protected]>
X-Sender:
[email protected]
To: Lista Netramet <
[email protected]>
Subject: libpcap.a
Message-ID: <Pine.BSF.3.91.961025125609.23320A-100000@scorpions.ifqsc.sc.usp.br>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
Hello,
I'm trying compile libpcab0-2.1.tar.Z but I have problem:
gencode.c:795: `ETHERTYPE_IP' undeclared (first use this function)
can body help me ??
ps-> sorry my bad english.
__
+|oo|+
+|oo|+ Instituto de Fisica de Sao Carlos - USP
|| Departamento de Fisica e Informatica
|| Grupo de Instrumentacao e Eletronica
||
||
|| E-mail :
[email protected]
_ || _
[email protected]
\\_||_//
| [] |
| || |
http://www.ifqsc.sc.usp.br/hpp/sergio/sergio.html
/ [] \
\______/
From netramet-owner Tue Oct 29 03:43:04 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id DAA08156 for netramet-outgoing; Tue, 29 Oct 1996 03:37:25 +1300 (NZDT)
Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id DAA08145 for <
[email protected]>; Tue, 29 Oct 1996 03:37:18 +1300 (NZDT)
Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP);
Mon, 28 Oct 1996 14:35:46 +0000
Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA11486; Mon, 28 Oct 1996 14:31:06 GMT
Date: Mon, 28 Oct 1996 14:31:06 +0000 (GMT)
From: George Tsirtsis <
[email protected]>
To:
[email protected]
Subject: IP-IP
In-Reply-To: <
[email protected]>
Message-Id: <Pine.SOL.3.95.961028135248.11054B-100000@gideon>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
Some question / thoughts
---- 1 ----
In the case that you have a TCP packet running over IP, the meter can see
the packet type on the IP header and find out that the next header is an
IP header and act accordingly. Then if you are running Telnet over TCP the
the meter will find that out by looking at the port number of TCP.
I wonder if the meter will be able to see that if the whole IP packet is
encaptulated in another IP packet. In general I am not sure about how
NeTraMet reacts to tunneled trafic. Does it still analises the packet to
the port number level? In the same area, how Netramet reacts to Tag
switching, where the 'tag' goes between the IP and the TCP header? Is it
able to analyse the TCP which is now shifted 32 bits?
---- 2 ----
Furthermore, I am trying to monitor some multicast traffic on my network.
The multicast packets use RTP which does not have an 'assinged NO.' so I
only see UDP packets. Up to now the only way I can thing of in order to
isolate multicast traffic is to measure the traffic that uses multicast
addresses. That needs a rule file to compare each packet to all the
multicast addresses, maybe something like:
SourcePeerAddress & 255.255.255.255 = 224.x.y.z: goto multi;
" " " " 225.x.y.z: "
" " " " 226 "
"
"
" " " " 139.x.y.z: "
The above way is not to bad but in my opinion, is not elegant. Is there
any other way?
---- 3 ----
Another question is about NeTraMet and IPv6. Is there any work done to
adapt Netramet to IPv6 packet format and features? In the case of IPv6 a
lot of things whould probably be easier since the IP header for most of
the packets will be of known length. I do not know, however, how Netramet
will cope with the header extensions (options) which are not part of the
header anymore but of the payload.
---- 4 ----
Finally, it would be very interesting to be able to put a meter on a
router rather than a PC or Unix computer. I some cases is indeed the only
sensible thing to do. e.g. I am trying to monitor and descover the
multicast tree of a multicast application. In order to monitor everyone
that subscribes on a multicast session I need to put meters to all the
possible recipiance. Instead I could put the meter on the few routers that
all the possible recipients are hooked on. Is there any way of doing that?
I am sorry that I put a lot of different questions on the same message. I
hope you find the above thoughts interesting.
Thanks in advance
George Tsirtsis
--------------------------------------------------------------------------
Network Research Tel : 0044-1473-640756
BT Labs Fax : 0044-1473-640709
Ipswich e-mail:
[email protected]
--------------------------------------------------------------------------
From netramet-owner Tue Oct 29 05:05:36 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id FAA10469 for netramet-outgoing; Tue, 29 Oct 1996 05:02:35 +1300 (NZDT)
Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id FAA10461 for <
[email protected]>; Tue, 29 Oct 1996 05:02:27 +1300 (NZDT)
Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP);
Mon, 28 Oct 1996 15:50:30 +0000
Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA11576; Mon, 28 Oct 1996 15:46:01 GMT
Date: Mon, 28 Oct 1996 15:46:01 +0000 (GMT)
From: George Tsirtsis <
[email protected]>
To: NeTraMet <
[email protected]>
Subject: IP-IP
Message-Id: <Pine.SOL.3.95.961028154541.11496C-100000@gideon>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
Some question / thoughts
---- 1 ----
In the case that you have a TCP packet running over IP, the meter can see
the packet type on the IP header and find out that the next header is an
IP header and act accordingly. Then if you are running Telnet over TCP the
the meter will find that out by looking at the port number of TCP.
I wonder if the meter will be able to see that if the whole IP packet is
encaptulated in another IP packet. In general I am not sure about how
NeTraMet reacts to tunneled trafic. Does it still analises the packet to
the port number level? In the same area, how Netramet reacts to Tag
switching, where the 'tag' goes between the IP and the TCP header? Is it
able to analyse the TCP which is now shifted 32 bits?
---- 2 ----
Furthermore, I am trying to monitor some multicast traffic on my network.
The multicast packets use RTP which does not have an 'assinged NO.' so I
only see UDP packets. Up to now the only way I can thing of in order to
isolate multicast traffic is to measure the traffic that uses multicast
addresses. That needs a rule file to compare each packet to all the
multicast addresses, maybe something like:
SourcePeerAddress & 255.255.255.255 = 224.x.y.z: goto multi;
" " " " 225.x.y.z: "
" " " " 226 "
"
"
" " " " 139.x.y.z: "
The above way is not to bad but in my opinion, is not elegant. Is there
any other way?
---- 3 ----
Another question is about NeTraMet and IPv6. Is there any work done to
adapt Netramet to IPv6 packet format and features? In the case of IPv6 a
lot of things whould probably be easier since the IP header for most of
the packets will be of known length. I do not know, however, how Netramet
will cope with the header extensions (options) which are not part of the
header anymore but of the payload.
---- 4 ----
Finally, it would be very interesting to be able to put a meter on a
router rather than a PC or Unix computer. I some cases is indeed the only
sensible thing to do. e.g. I am trying to monitor and descover the
multicast tree of a multicast application. In order to monitor everyone
that subscribes on a multicast session I need to put meters to all the
possible recipiance. Instead I could put the meter on the few routers that
all the possible recipients are hooked on. Is there any way of doing that?
I am sorry that I put a lot of different questions on the same message. I
hope you find the above thoughts interesting.
Thanks in advance
George Tsirtsis
--------------------------------------------------------------------------
Network Research Tel : 0044-1473-640756
BT Labs Fax : 0044-1473-640709
Ipswich e-mail:
[email protected]
--------------------------------------------------------------------------
From netramet-owner Wed Oct 30 12:18:49 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id MAA15599 for netramet-outgoing; Wed, 30 Oct 1996 12:14:54 +1300 (NZDT)
Received: from igw3.watson.ibm.com (igw3.watson.ibm.com [129.34.139.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id MAA15588 for <
[email protected]>; Wed, 30 Oct 1996 12:14:50 +1300 (NZDT)
From:
[email protected]
Received: from mailhub1.watson.ibm.com (mailhub1.watson.ibm.com [9.2.249.31]) by igw3.watson.ibm.com (8.7.6/8.7.1) with ESMTP id SAA08356 for <
[email protected]>; Tue, 29 Oct 1996 18:14:59 -0500
Received: from yktvmv.watson.ibm.com (yktvmv.watson.ibm.com [9.117.33.29]) by mailhub1.watson.ibm.com (8.7.1/10-26-96) with SMTP id SAA694436 for <netramet%
[email protected]>; Tue, 29 Oct 1996 18:14:47 -0500
Message-Id: <
[email protected]>
Received: from YKTVMV by yktvmv.watson.ibm.com (IBM VM SMTP V2R3)
with BSMTP id 4039; Tue, 29 Oct 96 18:14:44 EST
Date: Tue, 29 Oct 96 17:59:56 EST
To:
[email protected]
Subject: IP-IP
Sender:
[email protected]
Precedence: bulk
Reference: Attached note from
[email protected]
>
> ---- 1 ----
> In the case that you have a TCP packet running over IP, the meter can see
> the packet type on the IP header and find out that the next header is an
> IP header and act accordingly. Then if you are running Telnet over TCP the
> the meter will find that out by looking at the port number of TCP.
>
> I wonder if the meter will be able to see that if the whole IP packet is
> encaptulated in another IP packet. In general I am not sure about how
> NeTraMet reacts to tunneled trafic. Does it still analises the packet to
> the port number level? In the same area, how Netramet reacts to Tag
> switching, where the 'tag' goes between the IP and the TCP header? Is it
> able to analyse the TCP which is now shifted 32 bits?
>
NeTraMet will not see the tunneled traffic. It looks only at the
outer packet headers. Going any further down would require accessing
the transmitted data. This would be bad for two reasons:
1) Security - NeTraMet has no business looking at user data.
2) Going further down would require copying more data from the
packet and then parsing this data - a performance hit.
If you really care about the encapsulated traffic, you would need to
try to monitor before the encapsulation.
I do not know what NeTraMet does about tag switching.
> ---- 2 ----
>
Anyone else want to address the issue of multi-casting? The only thing
that I will say here is that although RTP does not have use a "Well Known
Port Number", I suspect that it is using the same one (or some subset) each
time. You might want to try to figure out what port number that is, and
monitoring for that port number.
>
> ---- 3 ----
>
IPV6: Addressed (lightly) in rtfm mailing list.
>
> ---- 4 ----
> Finally, it would be very interesting to be able to put a meter on a
> router rather than a PC or Unix computer. I some cases is indeed the only
> sensible thing to do. e.g. I am trying to monitor and descover the
> multicast tree of a multicast application. In order to monitor everyone
> that subscribes on a multicast session I need to put meters to all the
> possible recipiance. Instead I could put the meter on the few routers that
> all the possible recipients are hooked on. Is there any way of doing that?
>
Yes, it would be VERY nice to be able to run the meter on a router.
The problem here is that router vendors don't like doing ANYTHING to
reduce the performance of their router. Once our work becomes a
standard, the users could start asking the router vendors to provide
the desired data.
In the meantime, have you considered placing a meter "close to" the
router. You should be able to set things up so that the meter can
monitor all traffic to/from the router.
Stephen Stibler
IBM - Watson Research
From netramet-owner Wed Oct 30 13:33:24 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id NAA21301 for netramet-outgoing; Wed, 30 Oct 1996 13:31:04 +1300 (NZDT)
Received: from igw3.watson.ibm.com (igw3.watson.ibm.com [129.34.139.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id NAA21287 for <
[email protected]>; Wed, 30 Oct 1996 13:30:58 +1300 (NZDT)
From:
[email protected]
Received: from mailhub1.watson.ibm.com (mailhub1.watson.ibm.com [9.2.249.31]) by igw3.watson.ibm.com (8.7.6/8.7.1) with ESMTP id TAA03988 for <
[email protected]>; Tue, 29 Oct 1996 19:31:08 -0500
Received: from yktvmv.watson.ibm.com (yktvmv.watson.ibm.com [9.117.33.29]) by mailhub1.watson.ibm.com (8.7.1/10-26-96) with SMTP id TAA151402 for <netramet%
[email protected]>; Tue, 29 Oct 1996 19:30:55 -0500
Message-Id: <
[email protected]>
Received: from YKTVMV by yktvmv.watson.ibm.com (IBM VM SMTP V2R3)
with BSMTP id 4932; Tue, 29 Oct 96 19:30:52 EST
Date: Tue, 29 Oct 96 19:11:16 EST
To:
[email protected]
Subject: Best FTP Site For NeTraMet?
Sender:
[email protected]
Precedence: bulk
http://www.auckland.ac.nz/net/Accounting/ntm.Release.note.html
lists 4 sites from which NeTraMet can be downloaded, but it looks like
the versions may be different on the different sites. Which one has the
most up-to-date version? I might guess that it is the auckland site, but
I would rather use one closer to home.
ftp://ftp.aarnet.edu.au/pub/tools/NeTraMet/
has some files dated August 7, 1996
ftp://ftp.delmarva.com/pub/nms/NeTraMet/
The most recent date on any files here is June 25, 1995 (VERY OLD)!
ftp://wuarchive.wustl.edu/doc/mailing-lists/accounting-wg/NeTraMet/
The most recent date here is July 23, 1996, but this is identified
as "34beta" - oops no, there are some files which are dated August 8, 1996.
It looks like this is the "real" 3.4 release. There are also lots of "old"
releases here - e.g. 3.1, 3.2, and 3.3. Would it be possible for us to
remove the "old" releases from this system? (Would we want to do this?)
ftp://ftp.auckland.ac.nz/pub/iawg/NeTraMet
Couldn't check this one right now - it is prime time in NZ - no ftp
access from overseas.
Summary:
1) We should try to make sure that the same files are available on all
ftp sites. If we can't bring delmarva up to date, we should look into
removing the existing files from this system and deleting all references
to it.
2) Unless we really want to archive old versions of NeTraMet, we should
delete old distribution files from the ftp sites. (Perhaps we want to
keep just the previous version available?)
Nevil, do you want me to try hunting down contact info for the ftp sites,
or do you already have it?
Stephen Stibler
IBM - Watson Research
From netramet-owner Wed Oct 30 13:35:05 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id NAA21552 for netramet-outgoing; Wed, 30 Oct 1996 13:33:18 +1300 (NZDT)
Received: from bbnplanet.com (poblano.near.net [198.114.157.116]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id NAA21535 for <
[email protected]>; Wed, 30 Oct 1996 13:33:10 +1300 (NZDT)
Subject: Re: IP-IP
To:
[email protected]
Date: Tue, 29 Oct 1996 19:32:37 -0500 (EST)
From: John Hawkinson <
[email protected]>
Cc:
[email protected]
In-Reply-To: <
[email protected]> from "
[email protected]" at Oct 29, 96 05:59:56 pm
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID: <
[email protected]>
Sender:
[email protected]
Precedence: bulk
> NeTraMet will not see the tunneled traffic. It looks only at the
> outer packet headers. Going any further down would require accessing
> the transmitted data. This would be bad for two reasons:
>
> 1) Security - NeTraMet has no business looking at user data.
Security is a rather silly argument for those folks in the business
of writing tools. Relying upon this is a "security through obscurity"
argument we don't need to have.
There is nothing wrong with pulling apart encapsulated traffic
to look at the contents, it merely requires more work.
Whether you're willing to do this depends. Certainly tools like
"tcpdump" have support for multiple kinds of encapsulation (like IPIP
tunnels). There's no reason tools like nnstat or netramet can't have
them as well.
> 2) Going further down would require copying more data from the
> packet and then parsing this data - a performance hit.
Right. So you start capturing 80 bytes instead of 40, or suchlike.
> If you really care about the encapsulated traffic, you would need to
> try to monitor before the encapsulation.
This is hardly a requirement. If you try and use netramet or nnstat
to do this today, yes, that's what you have to do, but the necessary
modifications are pretty straightforward. More computes and more developer time.
> I do not know what NeTraMet does about tag switching.
Given that the encapsulations for tag switching are not yet defined,
it owuld be a little hard to support it :-).
> Yes, it would be VERY nice to be able to run the meter on a router.
> The problem here is that router vendors don't like doing ANYTHING to
> reduce the performance of their router. Once our work becomes a
> standard, the users could start asking the router vendors to provide
> the desired data.
It does in fact depend -- cisco has implemented flow switching plus
data export which allows you to come quite similar. Some vendors have
implemented RMON II, which is very heavyweight but might help you.
Certainly more router vendors can implement sampling of various sorts
-- if you think this is important you should communicate it to your
vendor. You might be surprised what could happen.
--jhawk
From netramet-owner Wed Oct 30 16:00:34 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id PAA02972 for netramet-outgoing; Wed, 30 Oct 1996 15:58:25 +1300 (NZDT)
Received: from igw3.watson.ibm.com (igw3.watson.ibm.com [129.34.139.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id PAA02963 for <
[email protected]>; Wed, 30 Oct 1996 15:58:20 +1300 (NZDT)
From:
[email protected]
Received: from mailhub1.watson.ibm.com (mailhub1.watson.ibm.com [9.2.249.31]) by igw3.watson.ibm.com (8.7.6/8.7.1) with ESMTP id VAA10636 for <
[email protected]>; Tue, 29 Oct 1996 21:58:29 -0500
Received: from yktvmv.watson.ibm.com (yktvmv.watson.ibm.com [9.117.33.29]) by mailhub1.watson.ibm.com (8.7.1/10-26-96) with SMTP id VAA671645 for <netramet%
[email protected]>; Tue, 29 Oct 1996 21:58:16 -0500
Message-Id: <
[email protected]>
Received: from YKTVMV by yktvmv.watson.ibm.com (IBM VM SMTP V2R3)
with BSMTP id 5736; Tue, 29 Oct 96 21:58:14 EST
Date: Tue, 29 Oct 96 20:15:25 EST
To:
[email protected]
Subject: IP-IP Tunneling
Sender:
[email protected]
Precedence: bulk
Okay, yes - it should be possible to extract the addresses from the
inner IP packet. Tne next question becomes: Which pair of IP addresses
would we want to count? Do we want the "outer" layer addresses or the
"inner" layer addresses? Would we want both??? It is possible that the
architecture might support any of these options, but I don't think that the
MIB would. Is this something that would really be useful?
Stephen Stibler
IBM - Watson Research
From netramet-owner Wed Oct 30 17:35:57 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id RAA09854 for netramet-outgoing; Wed, 30 Oct 1996 17:33:42 +1300 (NZDT)
Received: from bbnplanet.com (poblano.near.net [198.114.157.116]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id RAA09849 for <
[email protected]>; Wed, 30 Oct 1996 17:33:39 +1300 (NZDT)
Subject: Re: IP-IP Tunneling
To:
[email protected]
Date: Tue, 29 Oct 1996 23:33:06 -0500 (EST)
From: John Hawkinson <
[email protected]>
Cc:
[email protected]
In-Reply-To: <
[email protected]> from "
[email protected]" at Oct 29, 96 08:15:25 pm
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID: <
[email protected]>
Sender:
[email protected]
Precedence: bulk
> Okay, yes - it should be possible to extract the addresses from the
> inner IP packet. Tne next question becomes: Which pair of IP addresses
> would we want to count? Do we want the "outer" layer addresses or the
> "inner" layer addresses? Would we want both??? It is possible that the
> architecture might support any of these options, but I don't think that the
> MIB would. Is this something that would really be useful?
In general I think that you would want to either:
Count the outer addresses of all packets
Count the inner addresses of all packets of a specific
type of encapsulation and NOT count the outer addresses
of other packets.
This all depends so much on why you're wanting to do this that
it's really hard to say too much more.
--jhawk
From netramet-owner Wed Oct 30 23:07:15 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id XAA21608 for netramet-outgoing; Wed, 30 Oct 1996 23:04:42 +1300 (NZDT)
Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id XAA21602 for <
[email protected]>; Wed, 30 Oct 1996 23:04:38 +1300 (NZDT)
Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP);
Wed, 30 Oct 1996 10:01:42 +0000
Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA14212; Wed, 30 Oct 1996 09:57:03 GMT
Date: Wed, 30 Oct 1996 09:57:03 +0000 (GMT)
From: George Tsirtsis <
[email protected]>
To: NeTraMet <
[email protected]>
Subject: Re: IP-IP Tunneling
Message-Id: <Pine.SOL.3.95.961030095224.14110B-100000@gideon>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
On Tue, 29 Oct 1996
[email protected] wrote:
> Okay, yes - it should be possible to extract the addresses from the
> inner IP packet. Tne next question becomes: Which pair of IP addresses
> would we want to count? Do we want the "outer" layer addresses or the
> "inner" layer addresses? Would we want both???
I think we need to count the packet once with the indication that this
packet is IP in IP. Idealy the user should deside.
>It is possible that the
> architecture might support any of these options, but I don't think that the
> MIB would. Is this something that would really be useful?
It is importand in the sence that one of the main advantages of netramet
is that it can be very detailed in whatr it measures and also portable not
only on different systems but also in different measuring requirements. If
netramet starts excluding header types then it start loosing that
advantage.
In respect of security most of people would like people like as :) to know
when and with whome do they communicate let alone the idea of being able
to read their data which realy goes to far anyway.
George Tsirtsis
--------------------------------------------------------------------------
Network Research Tel : 0044-1473-640756
BT Labs Fax : 0044-1473-640709
Ipswich e-mail:
[email protected]
--------------------------------------------------------------------------
