From netramet-owner Mon Jan 6 21:36:25 1997

From netramet-owner Mon Jan 6 21:36:25 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id VAA02633 for netramet-outgoing; Mon, 6 Jan 1997 21:13:30 +1300 (NZDT)
Received: from nc3a.nato.int (issun3.nc3a.nato.int [192.41.140.225]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id VAA02627 for <[email protected]>; Mon, 6 Jan 1997 21:13:23 +1300 (NZDT)
Received: from compc12.nc3a.nato.int by nc3a.nato.int with SMTP id AA20164
(5.67b/IDA-1.5 for <[email protected]>); Mon, 6 Jan 1997 09:06:07 +0100
Message-Id: <[email protected]>
X-Sender: [email protected]
X-Mailer: Windows Eudora Pro Version 2.2 (16)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 06 Jan 1997 10:20:43 +0000
To: [email protected]
From: Marc van Selm <[email protected]>
Subject: Re: PC Metering and Collecting
Sender: [email protected]
Precedence: bulk

At 10:18 AM 12/21/96 +0800, you wrote:
>Hello,
>
> this is tim from Hong Kong, I am trying the neTraMet on one PC
>running under Linux. But with Linux, one needs a more powerful machine than
>one running on DOS. I plan to put some 386 across the campus for metering.
>Please let me know if you have any information and further discussion.

Depends on what you mean with more powerful. I'm running NeTraMet (3.4) for
Linux on an i386-40, 8Mb-mem. Linux needs (for a convenient installation
without having to strip in down, so complete with compiler and stuff) 100Mb HD.
I have 2x 3Com etherlink II's. This enables me to run good accounting on our
router segments. (These are segments of our ethernet switch with only a
router connected. We have 250k average internet load during the day and
about 500k inter-segment traffic. I have a rules-file only looking on
external traffic.

This works fine. CPU-load is still minimal. I can't run more than 1 ethernet-
interface at a time. (If I use both at the same time I get nonsense data so
I assume something can't cope here. Maybe 2x ethernet on promiscuous-mode is
a bit to much...)

Reading from your story you want to deploy probes only monitoring 1 ethernet
port at a time on a i386. This should work fine. Read the NeTraMet manual on
packet-load versus CPU-power. I think that Linux is a bit more efficient
than DOS. I get better ethernet performance with the same equipment...

I would run the manager on a more powerful platform. This will also enable
you to run some analysing tools also...

Another reason, for me, to choose Linux for the probe and not DOS is the
possibility to access it remotely (ftp, telnet etc) so I can upgrade,
reconfigure and restart things when needed.

Hope this helps a bit to decide...

Regards, Marc
-------------------------------------------------
Marc van Selm
NATO C3 Agency
Communication Systems Division, A-Branch
E-Mail: [email protected]
-------------------------------------------------
PGP key: http://www.cistron.nl/~selm/keymarc.asc

From netramet-owner Wed Jan 8 14:18:08 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id OAA02475 for netramet-outgoing; Wed, 8 Jan 1997 14:02:50 +1300 (NZDT)
Received: from hindin.co.nz (avon.hindin.co.nz [192.245.36.3]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id OAA02455 for <[email protected]>; Wed, 8 Jan 1997 14:02:31 +1300 (NZDT)
Received: by hindin.co.nz (/\==/\ Smail3.1.28.1 #28.10)
id <[email protected]>; Wed, 8 Jan 97 13:59 NZDT
Message-Id: <[email protected]>
Date: Wed, 8 Jan 97 13:59 NZDT
From: [email protected] (Martin van den Nieuwelaar)
To: [email protected]
Subject: Compiling NeTraMet and NeMaC for SCO UNIX
X-Mailer: MTX (Windows) MTXLink 95 Gateway v2.04b4
Sender: [email protected]
Precedence: bulk

Well, the subject says it all really. We have been running a
Solaris version of these packages for the last few months. A
situation has now arisen where we need the packages put on our
SCO UNIX system.

Do the latest distributions of the software include a SCO binary?

If not, has anybody on this list successfully compiled
NeTraMet/NeMaC for SCO?

If not, does anyone have any useful tips for compiling
NeTraMet/NeMaC? Anything more than the few lines in the
installation section of the documentation would be useful.

I would normally leap right in and try and compile the source I
have, but more recent experience has shown that there usually are
problems if the code isn't of the plain vanilla variety. I'm
guessing there are some low level potentially quite platform
specific calls involved.

All help appreciated.

--
work: [email protected] | home: [email protected]
Systems Analyst/Programmer | www.geocities.com/RodeoDrive/2738
UNIX & data communication | Hi-Fi & Loudspeaker design

From netramet-owner Sun Jan 12 00:00:02 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id XAA29497 for netramet-outgoing; Sat, 11 Jan 1997 23:39:26 +1300 (NZDT)
Received: from ercole.cefriel.it ([email protected] [131.175.5.10]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with ESMTP id XAA29488 for <[email protected]>; Sat, 11 Jan 1997 23:39:03 +1300 (NZDT)
Received: from suzuki (suzuki [131.175.5.78]) by ercole.cefriel.it (8.7.5/8.7.3) with SMTP id LAA00429 for <[email protected]>; Sat, 11 Jan 1997 11:34:06 +0100 (MET)
Message-ID: <[email protected]>
Date: Sat, 11 Jan 1997 11:34:11 +0100
From: Matteo Snidero <[email protected]>
X-Mailer: Mozilla 3.0 (X11; I; HP-UX B.10.20 9000/777)
MIME-Version: 1.0
To: [email protected]
Subject: Nemac for HPUX 10.20
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

Hi list

Just a technical question

I tried to compile NeMaC and Nifty for HP-UX 10.20 with ANSI-C
compiler (I do not yet have gcc) getting the following error message:

cc: "../../src/snmplib/include/asn1.h", line 66: error 1000: Unexpected
symbol: "*".
cc: "../../src/snmplib/include/asn1.h", line 66: error 1000: Unexpected
symbol: "u_char".
cc: "../../src/snmplib/include/asn1.h", line 68: error 1000: Unexpected
symbol: "*".
cc: "../../src/snmplib/include/asn1.h", line 68: error 1000: Unexpected
symbol: "u_char".
cc: "../../src/snmplib/include/asn1.h", line 72: error 1000: Unexpected
symbol: "*".
cc: error 2017: Cannot recover from earlier errors, terminating.
*** Error exit code 1

Stop.

This hopelessly ends my dreams of metering our LAN with NeTraMet and
using NeMaC on my HP.
Does any of you already succesfully coped with such a problem?

--
Matteo Snidero | mailto:[email protected]
c/o CEFRIEL | mailto:[email protected]
via Emanueli 15 |
20126 Milano | Tel.: +39/2/66161-279

From netramet-owner Sat Jan 18 05:46:25 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id FAA10520 for netramet-outgoing; Sat, 18 Jan 1997 05:26:06 +1300 (NZDT)
Received: from omniway.sm (netra.omniway.sm [194.183.64.10]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id FAA10507; Sat, 18 Jan 1997 05:25:53 +1300 (NZDT)
Received: from PcInternet.intelcom.sm by omniway.sm (SMI-8.6/SMI-SVR4)
id RAA14135; Fri, 17 Jan 1997 17:25:07 GMT
Message-Id: <[email protected]>
X-Sender: [email protected]
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Fri, 17 Jan 1997 17:23:31 -0100
To: [email protected]
From: Staff Intelcom <[email protected]>
Subject: Problem with NeMaC
Cc: [email protected]
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: [email protected]
Precedence: bulk

Hi,

I'm starting to use NeTraMet. I encountered this problem: if I send 10
packet with ping to a host (ping -c 10 -s 32 194.183.89.98) NeMaC counts 20
packet. If I download a know size image from the same host, NeMaC counts
the double number of bytes.
I append the cfg file and a piece of report from NeMaC when I use the ping
command above (flowindex 4) and when NeTraMet had just starded.

Can You help me?

Regards,
Andrea Gabellini

PS: Sorry for my English :-)

************ CFG FILE ************

SET 2
#
RULES
DestPeerType & 255 = IP: Pushto, Ip_pkt;
Null & 0 = 0: Ignore, 0;
#
IP_pkt:
SourcePeerAddress & 255.255.255.240 = 194.183.89.96: GotoAct, InTheNet;
DestPeerAddress & 255.255.255.240 = 194.183.89.96: GotoAct, InTheNet;
Null & 0 = 0 : Ignore, 0;
InTheNet:
SourcePeerAddress & 255.255.255.255 = 0: PushPkttoAct, Next;
DestPeerAddress & 255.255.255.255 = 0: PushPkttoAct, count_pkt;
#
count_pkt:
Null & 0 = 0: Count, 0; # Source and Dest Peer Address pushed above
#
STATISTICS
#
FORMAT FlowRuleSet FlowIndex FirstTime " " SourcePeerType
SourcePeerAddress DestPeerAddress " "
ToPDUs FromPDUs ToOctets FromOctets;
#
# end of file

***********************************************

************ Report from NeMaC ****************

##NeTraMet v3.4: -c30 -r ../conf/rules.inthenet localhost elx0 3000
flows starting at 17:16:00 Fri 17 Jan 97
#Format: flowruleset flowindex firsttime sourcepeertype sourcepeeraddress
destpeeraddress topdus frompdus tooctets fromoctets
#Time: 17:16:00 Fri 17 Jan 97 localhost Flows from 1 to 1000
#Stats: aps=172 apb=0 mps=211 mpb=0 lsp=0 avi=100.0 mni=100.0 fiu=2 frc=0
gci=10 rpp=2.1 tpp=1.0 cpt=1.0 tts=4096 tsu=0
1 2 24 2 0.0.0.0 0.0.0.0 1851 0 259921 0
1 3 336 12 00-00 00-00 5 0 404 0
#Time: 17:16:30 Fri 17 Jan 97 localhost Flows from 999 to 4017
#Stats: aps=188 apb=0 mps=364 mpb=0 lsp=0 avi=100.0 mni=99.1 fiu=6 frc=0
gci=10 rpp=4.1 tpp=0.0 cpt=1.0 tts=4096 tsu=4
2 4 1613 2 194.183.64.27 194.183.89.98 20 20 1480 1480
2 5 1978 2 138.100.63.211 194.183.89.98 2 4 120 627
2 6 2238 2 194.183.89.98 194.183.64.10 4 0 348 0
2 7 2740 2 194.183.89.98 194.183.64.11 4 0 348 0

*****************************************************

+-----------------------------+-----------------------------------------+
| Staff Omniway | E-mail : [email protected] |
| Intelcom S.p.A. | Tel. 0549 886111 (Italy) |
| Strada degli Angariari, 3 | Fax 0549 908654 (Italy) |
| 47031 Rovereta | Tel. +378 886111 (international) |
| Republic of San Marino | Fax +378 908654 (international) |
+-----------------------------+-----------------------------------------+

From netramet-owner Mon Jan 20 21:17:30 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id UAA24694 for netramet-outgoing; Mon, 20 Jan 1997 20:54:05 +1300 (NZDT)
Received: from nc3a.nato.int (issun3.nc3a.nato.int [192.41.140.225]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id UAA24680 for <[email protected]>; Mon, 20 Jan 1997 20:53:44 +1300 (NZDT)
Received: from compc12.nc3a.nato.int by nc3a.nato.int with SMTP id AA01556
(5.67b/IDA-1.5 for <[email protected]>); Mon, 20 Jan 1997 08:45:07 +0100
Message-Id: <[email protected]>
X-Sender: [email protected]
X-Mailer: Windows Eudora Pro Version 2.2 (16)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 20 Jan 1997 10:01:25 +0000
To: Staff Intelcom <[email protected]>
From: Marc van Selm <[email protected]>
Subject: Re: Problem with NeMaC
Cc: [email protected]
Sender: [email protected]
Precedence: bulk

At 05:23 PM 1/17/97 -0100, you wrote:
>Hi,
>
>I'm starting to use NeTraMet. I encountered this problem: if I send 10
>packet with ping to a host (ping -c 10 -s 32 194.183.89.98) NeMaC counts 20
>packet. If I download a know size image from the same host, NeMaC counts
>the double number of bytes.
>I append the cfg file and a piece of report from NeMaC when I use the ping
>command above (flowindex 4) and when NeTraMet had just starded.

Asuming you didn't correct for this:

A ping works like this: B sends x packets to A and A sends this x packets
back B. So if you send 10 packets you get 2x 10 packets on the LAN. Unless
you did something speciall NeTraMet counts this is the same flow...

Hope this helps Marc
---------------------------------------------------------------------
Marc van Selm
NATO C3 Agency
Communication Systems Division, A-Branch
E-Mail: [email protected]
---------------------------------------------------------------------
PGP key: http://www.cistron.nl/~selm/keymarc.asc
My Direct-Mail policy: http://www.cistron.nl/~selm/directpolicy.html

From netramet-owner Wed Jan 22 03:34:20 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id DAA06990 for netramet-outgoing; Wed, 22 Jan 1997 03:16:51 +1300 (NZDT)
Received: from saturn.hrz.tu-chemnitz.de (saturn.hrz.tu-chemnitz.de [134.109.132.51]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id DAA06982 for <[email protected]>; Wed, 22 Jan 1997 03:16:30 +1300 (NZDT)
Received: from tweety.freiepresse.de by saturn.hrz.tu-chemnitz.de
with SMTP (PP) id <[email protected]>;
Tue, 21 Jan 1997 15:15:25 +0100
Date: Tue, 21 Jan 1997 15:12:53 +0100 (MET)
From: Torsten Naumann <[email protected]>
X-Sender: [email protected]
To: [email protected]
Subject: error in sample rules ?
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: [email protected]
Precedence: bulk

Hi,
if download the the bin-dist of NeTraMet-pack from
ftp://ftp.auckland.ac.nz/pub/iawg/NeTraMet

and the pack NeTraMet.tar.gz to try out the sample rule-files.

/NeTraC -s -r rules.sample
produces the following output:

NeMaC: NeTraMet Manager & Controller V3.3
/tmp/rules.sample 22: Null & 0 = 0: GotoAct, other;
Label or rule number expected !!!
/tmp/rules.sample 28: Null & 0 = 0: GotoAct, other;
Label or rule number expected !!!
/tmp/rules.sample 34: Null & 0 = 0: GotoAct, other;
Label or rule number expected !!!
/tmp/rules.sample 40: Null & 0 = 0: GotoAct, other;
Label or rule number expected !!!
/tmp/rules.sample 43: SourcePeerAddress & 255.255.255.255 = 0: PushPkttoAct, Next;
Rule action expected !!!
Label or rule number expected !!!
Selector value should be an attribute !!!

7 errors in rule file(s) /tmp/rules.sample
----------

After I changed the label "other" to "oth_pkt" the following errors
came:

NeMaC: NeTraMet Manager & Controller V3.3
Rule 2,1: 7 & 255 = 2: 12, 6
/tmp/rules.sample 12: SourcePeerType & 255 = Novell: Pushto, Novell_pkt;
Must goto action of a PushPkt rule !!!
Rule 2,2: 7 & 255 = 6: 12, 47
Rule 2,3: 7 & 255 = 7: 12, 49
/tmp/rules.sample 14: SourcePeerType & 255 = DECnet: Pushto, DEC_pkt;
Must goto action of a PushPkt rule !!!
-----------

After I changed the "Pushto" into "PushToAct" action the syntax-check
reported no errors.

I think the reason for the first error is that "other" is a reserved
word, isn't it?

mfg Torsten

/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
/ Torsten Naumann [email protected] /
/ TU Chemnitz - Fakultaet Informatik http://www.tu-chemnitz.de/~tna /
/ PGP-public-key available via finger on email-address /
/---------------------------------------------------------------------/
/ Einer guten Tat folgt die Strafe auf dem Fusse ! Erwerbsregel 200+ /
/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

From netramet-owner Fri Jan 24 05:12:03 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id EAA29516 for netramet-outgoing; Fri, 24 Jan 1997 04:54:04 +1300 (NZDT)
Received: from ercole.cefriel.it ([email protected] [131.175.5.10]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id EAA29493 for <[email protected]>; Fri, 24 Jan 1997 04:53:26 +1300 (NZDT)
Received: from suzuki (suzuki [131.175.5.78]) by ercole.cefriel.it (8.7.5/8.7.3) with SMTP id QAA21252 for <[email protected]>; Thu, 23 Jan 1997 16:47:34 +0100 (MET)
Message-ID: <[email protected]>
Date: Thu, 23 Jan 1997 16:47:39 +0100
From: Matteo Snidero <[email protected]>
X-Mailer: Mozilla 3.0 (X11; I; HP-UX B.10.20 9000/777)
MIME-Version: 1.0
To: [email protected]
Subject: RSVP with NeTraMet
References: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

Hi list

here at Cefriel we would like to perform accounting on IP flows
set up after an RSVP reservation procedure. We would like to use
NeTraMet to collect accounting information.
Using NeTraMet we think we can identify RSVP packets from the
"TransType" attribute. Then we should extract from this packet
the RSVP parameters and the peers involved in the communication.
After that we would monitor the IP flow between the two peers
using NeTraMet and finally we could check whether the requested
quality parameters are met.
Our problem is how to read a packet in order to dynamically create
a rule-set to catch the reserved flow.
Do you have any suggestion or you know anyone working on a
similar subject?

Thank you,

Matteo Snidero | mailto:[email protected]
c/o CEFRIEL | mailto:[email protected]
via Emanueli 15 |
20126 Milano | Tel.: +39/2/66161-279

From netramet-owner Sat Jan 25 08:19:03 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id IAA10877 for netramet-outgoing; Sat, 25 Jan 1997 08:00:53 +1300 (NZDT)
Received: from zephyr.isi.edu (zephyr.isi.edu [128.9.160.160]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id IAA10872 for <[email protected]>; Sat, 25 Jan 1997 08:00:50 +1300 (NZDT)
Received: from roo.isi.edu by zephyr.isi.edu (5.65c/5.61+local-23)
id <AA28272>; Fri, 24 Jan 1997 11:00:37 -0800
Message-Id: <[email protected]>
X-Mailer: exmh version 1.6.4 10/10/95
To: [email protected]
Subject: netramet 3.4 for sunos
Reply-To: [email protected]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 24 Jan 97 10:59:56 PST
From: Anne Hutton <[email protected]>
Sender: [email protected]
Precedence: bulk

Hi,

I've had compile problems with netramet 3.4 for sunos - here's the error...

-- AH

-------------------

roo 143% make
/usr/local/bin/gcc -g -I../../src/snmplib/include -I../../src/meter/include
-I../../src/meter/include/tcpdump -DSUNOS -DCLNS -c ../../src/meter/flowhash.c
/usr/local/bin/gcc -g -I../../src/snmplib/include -I../../src/meter/include
-I../../src/meter/include/tcpdump -DSUNOS -DCLNS -c ../../src/meter/met_vars.c
/usr/local/bin/gcc -traditional -g -I../../src/snmplib/include
-I../../src/meter/include -I../../src/meter/include/tcpdump -DSUNOS -DCLNS -c
./../src/meter/meter_ux.c
/usr/local/bin/gcc -o NeTraMet meter_ux.o flowhash.o met_vars.o
./snmplib/libsnmp.a libpcap.a
/usr/local/bin/gcc -g -I../../src/snmplib/include -I../../src/meter/include
-I../../src/meter/include/tcpdump -DSUNOS -DCLNS -c ../../src/meter/test.c
./../src/meter/test.c: In function `main':
./../src/meter/test.c:162: parse error before `int'
*** Error code 1
make: Fatal error: Command failed for target `test.o'

From netramet-owner Tue Jan 28 17:36:36 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id RAA06709 for netramet-outgoing; Tue, 28 Jan 1997 17:19:13 +1300 (NZDT)
Received: from hindin.co.nz (avon.hindin.co.nz [192.245.36.3]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id RAA06704 for <[email protected]>; Tue, 28 Jan 1997 17:19:10 +1300 (NZDT)
Received: by hindin.co.nz (/\==/\ Smail3.1.28.1 #28.10)
id <[email protected]>; Tue, 28 Jan 97 17:15 NZDT
Message-Id: <[email protected]>
Date: Tue, 28 Jan 97 17:15 NZDT
From: [email protected] (Martin van den Nieuwelaar)
To: [email protected]
Subject: Compiling NeTraMet for SCO (libpcap problem)
X-Mailer: MTX (Windows) MTXLink 95 Gateway v2.04b4
Sender: [email protected]
Precedence: bulk

Hi All,

I have been investigating compiling NeTraMet on our SCO SYSV R3.2
machine. I have come to a brick wall with regard to the libpcap
package. I cannot get it to compile. Actually, it fails at the
/configure stage. I ran a few searches on Deja News, Alta Vista
etc, and found other people also having problems getting libpcap
working under SCO. Unfortunately there were no related
suggestions or help for these problems. The documentation that
comes with libpcap itself says they have had no successful
reports of anyone building it under SCO. :(

If anyone on this list has had any positive experience with
libpcap under SCO, please (pretty please) drop me some E-Mail.

I had a go at compiling NeTraMet even though libpcap was not
available. It stopped with an error after not finding libsnmp.a.

Any help much appreciated.

--
work: [email protected] | home: [email protected]
Systems Analyst/Programmer | www.geocities.com/RodeoDrive/2738
UNIX & data communication | Hi-Fi & Loudspeaker design