From netramet-owner Mon Dec 1 23:09:23 1997

From netramet-owner Mon Dec 1 23:09:23 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id XAA25245 for netramet-outgoing; Mon, 1 Dec 1997 23:04:50 +1300 (NZDT)
Received: from spin.lzu.edu.cn ([202.201.0.131]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id XAA25187; Mon, 1 Dec 1997 23:03:33 +1300 (NZDT)
Received: (from luxd@localhost)
by spin.lzu.edu.cn (8.8.5/8.8.5) id SAA24047;
Mon, 1 Dec 1997 18:02:12 +0800 (CST)
Date: Mon, 1 Dec 1997 18:02:12 +0800 (CST)
From: Lu Xiao-Dong <[email protected]>
Message-Id: <[email protected]>
To: [email protected], [email protected]
Subject: Re: NeTraMet 4.1.0 now available
Sender: [email protected]
Precedence: bulk

Dear Mr. Brownlee,
I am a student in Network Center of Lanzhou University. I used the
NeTraMet3.4 before. I download the NeTraMet 4.1b last month. I want
to install it on my Meter(486DX66, OS is Linux 1.2.3, 8M RAM), but
have some problems. I followed the step as ../autoconf/INSTALL said.
When I ran make, it has some error:

cc -o NeMaC nmc.o nmc_pars.o nmc_snmp.o ../snmplib/libsnmp.a -lresolv
-lnsl -lsocket -L/usr/local/lib
ld:cannot open -lresolv : No such file or directory
make:*** [NeMaC] Error/

I donnot know how to solve it. Please help me.

Thanks a lot.

Yours sincerely,
Lu Xiaodong

From netramet-owner Wed Dec 3 06:16:17 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id GAA08917 for netramet-outgoing; Wed, 3 Dec 1997 06:12:29 +1300 (NZDT)
Received: from artemis.rus.uni-stuttgart.de (artemis.rus.uni-stuttgart.de [129.69.18.28]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id GAA08911 for <[email protected]>; Wed, 3 Dec 1997 06:12:22 +1300 (NZDT)
Received: from kssun2.rus.uni-stuttgart.de (kssun2.rus.uni-stuttgart.de [129.69.30.63])
by artemis.rus.uni-stuttgart.de (8.8.7/8.8.7) with ESMTP id SAA05462
for <[email protected]>; Tue, 2 Dec 1997 18:12:19 +0100 (MET)
env-from ([email protected])
Received: (from ingo@localhost)
by kssun2.rus.uni-stuttgart.de (8.8.5/8.8.5) id SAA18678
for [email protected]; Tue, 2 Dec 1997 18:09:59 +0100 (MET)
From: Ingo Seipp <[email protected]>
Message-Id: <[email protected]>
Subject: netramet problem
To: [email protected]
Date: Tue, 2 Dec 1997 18:09:58 +0100 (MET)
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

Hello all,

I'm currently trying to reimplement a previously working
netramet installation on Linux. I've also already tried to newly
implement it.

But when I start NeTraMet like this:

> ./NeTraMet -w hallo
NeTraMet: Network Traffic Meter V4.1
Running on ksat23.rus.uni-stuttgart.de, interface eth0

and then try to run NeMaC I get one of these outputs:

> ./NeMaC -c30 -rnetramet/ntm41/examples/rules.sample localhost hallo
Using MIB file: /home/ingo/netramet/ntm41/mib/mib.txt
>>> No SET statement in rule file netramet/ntm41/examples/rules.sample
No meters to monitor !!!
>

> ./NeMaC -c30 -rnetramet/ntm41/examples/rules.sample localhost hallo
Using MIB file: /home/ingo/netramet/ntm41/mib/mib.txt
reader_util(): Error in packet, reason = inconsistentValue
flowMIB.flowControl.flowReaderInfoTable.flowReaderInfoEntry.flowReaderRuleSet.2

Community hallo doesn't have write access to meter localhost!
Collections won't trigger recovery of idle flows <<<

Any help would be appreciated.

cheerio
Ingo

P.S. After initially encountering similar problems on Solaris, those problems
faded and netramet is running there now.

From netramet-owner Thu Dec 4 06:05:01 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id GAA05987 for netramet-outgoing; Thu, 4 Dec 1997 06:01:50 +1300 (NZDT)
Received: from artemis.rus.uni-stuttgart.de (artemis.rus.uni-stuttgart.de [129.69.18.28]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id GAA05981 for <[email protected]>; Thu, 4 Dec 1997 06:01:45 +1300 (NZDT)
Received: from kssun2.rus.uni-stuttgart.de (kssun2.rus.uni-stuttgart.de [129.69.30.63])
by artemis.rus.uni-stuttgart.de (8.8.7/8.8.7) with ESMTP id SAA04647
for <[email protected]>; Wed, 3 Dec 1997 18:01:41 +0100 (MET)
env-from ([email protected])
Received: (from ingo@localhost)
by kssun2.rus.uni-stuttgart.de (8.8.5/8.8.5) id RAA19812
for [email protected]; Wed, 3 Dec 1997 17:59:22 +0100 (MET)
From: Ingo Seipp <[email protected]>
Message-Id: <[email protected]>
Subject: netramet problem
To: [email protected]
Date: Wed, 3 Dec 1997 17:59:21 +0100 (MET)
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

Forwarded message:
>From [email protected] Tue Dec 2 20:32 MET 1997
From: Ingo Seipp <[email protected]>
Message-Id: <[email protected]>
Subject: netramet problem
To: [email protected]
Date: Tue, 2 Dec 1997 18:09:58 +0100 (MET)
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk
Content-Type: text/plain; charset=US-ASCII
Content-Length: 1166

Hello all,

I'm currently trying to reimplement a previously working
netramet installation on Linux. I've also already tried to newly
implement it.

But when I start NeTraMet like this:

> ./NeTraMet -w hallo
NeTraMet: Network Traffic Meter V4.1
Running on ksat23.rus.uni-stuttgart.de, interface eth0

and then try to run NeMaC I get one of these outputs:

> ./NeMaC -c30 -rnetramet/ntm41/examples/rules.sample localhost hallo
Using MIB file: /home/ingo/netramet/ntm41/mib/mib.txt
>>> No SET statement in rule file netramet/ntm41/examples/rules.sample
No meters to monitor !!!
>

> ./NeMaC -c30 -rnetramet/ntm41/examples/rules.sample localhost hallo
Using MIB file: /home/ingo/netramet/ntm41/mib/mib.txt
reader_util(): Error in packet, reason = inconsistentValue
flowMIB.flowControl.flowReaderInfoTable.flowReaderInfoEntry.flowReaderRuleSet.2

Community hallo doesn't have write access to meter localhost!
Collections won't trigger recovery of idle flows <<<

Any help would be appreciated.

cheerio
Ingo

P.S. After initially encountering similar problems on Solaris, those problems
faded and netramet is running there now.

From netramet-owner Thu Dec 4 10:17:44 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id KAA27092 for netramet-outgoing; Thu, 4 Dec 1997 10:15:38 +1300 (NZDT)
Received: from n.browlee5.itss.auckland.ac.nz (n.brownlee5.itss.auckland.ac.nz [130.216.4.79]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id KAA27053 for <netramet@auckland>; Thu, 4 Dec 1997 10:15:30 +1300 (NZDT)
From: Nevil Brownlee <[email protected]>
To: [email protected]
Subject: Missed packets V4.1 Linux-2.0.20
Message-ID: <[email protected]>
Date: Thu, 4 Dec 1997 10:20:14 +1300 (New Zealand Daylight Time)
Priority: NORMAL
X-Mailer: Simeon for Win32 Version 4.1 Build (3)
X-Authentication: none
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Sender: [email protected]
Precedence: bulk

--- Begin Forwarded Message ---

>From netramet-owner Tue Dec 2 02:17:43 1997
Received: from nc3a.nato.int (issun3.nc3a.nato.int [192.41.140.225]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id CAA00608 for <[email protected]>; Tue, 2 Dec 1997 02:17:41 +1300 (NZDT)
Received: from compc12 (compc12.nc3a.nato.int) by nc3a.nato.int with SMTP id AA23979
(5.67b/IDA-1.5 for <[email protected]>); Mon, 1 Dec 1997 14:15:08 +0100
Message-Id: <[email protected]>
X-Sender: [email protected]
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 01 Dec 1997 15:22:23 +0100
To: [email protected]
From: Marc van Selm <[email protected]>
Subject: Missed packets V4.1 Linux-2.0.20

Does anyone have experience with the V4.1 meter on Linux yet?

I have a kit running with 2 NIC's on Linux-2.0.20 (20Mb ram, ISA 3Com
etherlink III) and am missing about 40% of the packets (network-load
<500kbps). V3.3 nicely keeps up with our internet-traffic but 4.1 not.

I asume my platform is a bit to slow but I like to hear other experiences.

So does anyone already try NeTraMet on Linux?

Marc
---------------------------------------------------------------------
Marc van Selm
NATO C3 Agency
Communication Systems Division, A-Branch
E-Mail: [email protected]
---------------------------------------------------------------------
Private: [email protected], [email protected], http://www.cistron.nl/~selm
--- End Forwarded Message ---

+---------------------------------------------------------------------+
| Nevil Brownlee Director, Technology Development |
| Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland |
| FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand |
+---------------------------------------------------------------------P

From netramet-owner Thu Dec 4 10:17:44 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id KAA26907 for netramet-outgoing; Thu, 4 Dec 1997 10:14:15 +1300 (NZDT)
Received: from n.browlee5.itss.auckland.ac.nz (n.brownlee5.itss.auckland.ac.nz [130.216.4.79]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id KAA26900 for <netramet@auckland>; Thu, 4 Dec 1997 10:14:13 +1300 (NZDT)
From: Nevil Brownlee <[email protected]>
To: [email protected]
Subject: Re: NeTraMet 4.1.0 now available
Message-ID: <[email protected]>
Date: Thu, 4 Dec 1997 10:18:57 +1300 (New Zealand Daylight Time)
Priority: NORMAL
X-Mailer: Simeon for Win32 Version 4.1 Build (3)
X-Authentication: none
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Sender: [email protected]
Precedence: bulk

--- Begin Forwarded Message ---
Received: from nc3a.nato.int (issun3.nc3a.nato.int [192.41.140.225]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id CAA00529 for <[email protected]>; Tue, 2 Dec 1997 02:15:21 +1300 (NZDT)
Received: from compc12 (compc12.nc3a.nato.int) by nc3a.nato.int with SMTP id AA23887
(5.67b/IDA-1.5 for <[email protected]>); Mon, 1 Dec 1997 14:08:42 +0100
Message-Id: <[email protected]>
X-Sender: [email protected]
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 01 Dec 1997 15:16:17 +0100
To: Lu Xiao-Dong <[email protected]>
From: Marc van Selm <[email protected]>
Subject: Re: NeTraMet 4.1.0 now available
Cc: [email protected]

At 06:02 PM 12/1/97 +0800, you wrote:
>Dear Mr. Brownlee,
>I am a student in Network Center of Lanzhou University. I used the
>NeTraMet3.4 before. I download the NeTraMet 4.1b last month. I want
>to install it on my Meter(486DX66, OS is Linux 1.2.3, 8M RAM), but
>have some problems. I followed the step as ../autoconf/INSTALL said.
>When I ran make, it has some error:
>
>cc -o NeMaC nmc.o nmc_pars.o nmc_snmp.o ../snmplib/libsnmp.a -lresolv
>-lnsl -lsocket -L/usr/local/lib
>ld:cannot open -lresolv : No such file or directory
>make:*** [NeMaC] Error/
>
>I donnot know how to solve it. Please help me.

You are missing the libresolv. Try to locate it on your machine and add the
directory with -L/resolvdir

If you don't have libresolv start looking for bind and get it compiled and
installed.

Good luck!

Marc
---------------------------------------------------------------------
Marc van Selm
NATO C3 Agency
Communication Systems Division, A-Branch
E-Mail: [email protected]
---------------------------------------------------------------------
Private: [email protected], [email protected], http://www.cistron.nl/~selm
--- End Forwarded Message ---

+---------------------------------------------------------------------+
| Nevil Brownlee Director, Technology Development |
| Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland |
| FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand |
+---------------------------------------------------------------------P

From netramet-owner Tue Dec 9 16:35:55 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id QAA26721 for netramet-outgoing; Tue, 9 Dec 1997 16:31:24 +1300 (NZDT)
Received: from linux1.americasnet.com (linux1.americasnet.com [207.155.121.128]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id QAA26706; Tue, 9 Dec 1997 16:31:16 +1300 (NZDT)
Received: from localhost (ricardo@localhost) by linux1.americasnet.com (8.8.7/8.7.3) with SMTP id TAA10351; Mon, 8 Dec 1997 19:38:22 -0800
Date: Mon, 8 Dec 1997 19:38:09 -0800 (PST)
From: Ricardo Kleemann <[email protected]>
To: Nevil Brownlee <[email protected]>, [email protected]
Subject: How to use the flows file?
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: [email protected]
Precedence: bulk

Hi!

I've been running NeTraMet for some days now, using the rules.ipport
example, and I have an 80 megabyte flows file ;)

My question now is... What do I do with it? How do I use it or how do I
use the filter programs to obtain relevant information?

Is there a simple way to process the flows file and obtain a meaningful
output file? What kind of reporting and/or output can I obtain? Can I
create an output file which might be suitable for using as input to a
graphing program?

I'm confused as how to analyze the flows file, how to make anything
legible out of it.

Help! ;)
Thanks

Ricardo

From netramet-owner Tue Dec 9 18:18:21 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id SAA04667 for netramet-outgoing; Tue, 9 Dec 1997 18:17:49 +1300 (NZDT)
Received: from nevil.dc.ietf.org (stat3-42.dc.ietf.org [166.49.3.42]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id SAA04635; Tue, 9 Dec 1997 18:17:06 +1300 (NZDT)
From: Nevil Brownlee <[email protected]>
Reply-To: [email protected]
To: [email protected]
cc: [email protected], [email protected]
Subject: re: Linux meter only seeing broadcast packets
Message-ID: <[email protected]>
Date: Tue, 9 Dec 1997 18:10:20 +1300 (New Zealand Daylight Time)
Priority: NORMAL
X-Mailer: Simeon for Win32 Version 4.1.1 Build (16)
X-Authentication: none
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Sender: [email protected]
Precedence: bulk

Hello Erltsung Schang:

> I installed NeTraMet 4.1 on my DECpc axp150 running Digital UNIX 3.2C
> (Alpha CPU, 32M RAM, DEC EISA ethernet adapter, enable packagefilter
> kernel option and rebuild kernel, NeTraMet can't work if no this
> option), and I found that NeMaC can log broadcast messages only. My
> rules as following:

..

> But the rule can work on Linux 2.0.0 with NeTraMet 3.4.
> Does anyone have any comments about my problem? Thanks in advance.
>
> Erltsung Schang
> -------------------------------------------------------------------
>
> Erltsung Schang
> Network Center of Zhongshan (Sun Yat-sen) University
> Guangzhou, GD 510275
> China
> Phone: 86-20-84184905 Fax: 86-20-84193772

Do you have root priviliege when running NeTraMet on your Alpha?
If you don't, libpcap (which NeTraMet uses to see the packet
headers) can only see packets to/from the hst it's running on (which of
course includes broadcasts).

Cheers, Nevil

+---------------------------------------------------------------------+
| Nevil Brownlee Director, Technology Development |
| Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland |
| FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand |
+---------------------------------------------------------------------P

From netramet-owner Fri Dec 12 18:34:37 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id SAA26775 for netramet-outgoing; Fri, 12 Dec 1997 18:30:34 +1300 (NZDT)
Received: from nevil.dc.ietf.org (stat3-42.dc.ietf.org [166.49.3.42]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with SMTP id SAA26770 for <netramet@auckland>; Fri, 12 Dec 1997 18:30:30 +1300 (NZDT)
From: Nevil Brownlee <[email protected]>
Reply-To: [email protected]
To: [email protected]
Subject: re: Help! Make error
Message-ID: <[email protected]>
Date: Tue, 2 Jan 1990 18:28:46 +1300 (New Zealand Daylight Time)
Priority: NORMAL
X-Mailer: Simeon for Win32 Version 4.1.1 Build (16)
X-Authentication: none
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Sender: [email protected]
Precedence: bulk

Hello Richard:

> I get the following error when trying to make the manager under
> Solaris 2.5.

> In file included from ../../src/manager/nmc.c:39:
> ../../src/manager/nmc_c64.h:83: #error sizeof(long) not 4 or 8
> <<<<<<<<
> *** Error code 1
> make: Fatal error: Command failed for target `nmc.o'
>
> I'm using gcc. The SNMP and apps make correctly.
>
> Richard Jacobs ([email protected])

The message means that SIZEOF_LONG hasn't been defined. This
is done in the Makefile, at least in the makefiles generated by
autoconfig.

Are you using the autoconfig-generated Makefiles? If you are
using the Makefiles in the Solaris directories it should all work.
If you are using autoconfig (as recommended in the Release Notes),
have you deleted the old configure cache data?

Cheers, Nevil

+---------------------------------------------------------------------+
| Nevil Brownlee Director, Technology Development |
| Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland |
| FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand |
+---------------------------------------------------------------------P

From netramet-owner Sat Dec 13 02:09:28 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id CAA09358 for netramet-outgoing; Sat, 13 Dec 1997 02:06:32 +1300 (NZDT)
Received: from psasolar.psa.pencom.com (psasolar.psa.pencom.com [204.217.199.14]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id CAA09352 for <[email protected]>; Sat, 13 Dec 1997 02:06:28 +1300 (NZDT)
Received: from localhost (casey@localhost)
by psasolar.psa.pencom.com (VER/What/1.0) with SMTP id HAA06737
for <[email protected]>; Fri, 12 Dec 1997 07:06:24 -0600 (CST)
X-Authentication-Warning: psasolar.private.psa.pencom.com: casey owned process doing -bs
Date: Fri, 12 Dec 1997 08:06:24 -0500 (EST)
From: Casey Ajalat <[email protected]>
To: [email protected]
Subject: re: Help! Make error
In-Reply-To: <[email protected]>
Message-ID: <Pine.GSO.3.96.971212080439.6473C-100000@psasolar>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: [email protected]
Precedence: bulk

I had the same problem even after I followed the directions. I believe
that this is due to a non-standard environment (which is what I had). The
way I fixed the problem was before I went through all the steps that Nevel
outlined I defined an environment variable for the compiler i.e:

setenv CC gcc (or CC=gcc; export CC)

Then at this point I ran the ./configure script and followed the rest of
the instructions. It should work for you then.

Casey

On Tue, 2 Jan 1990, Nevil Brownlee wrote:

|Hello Richard:
|
|> I get the following error when trying to make the manager under
|> Solaris 2.5.
|
|> In file included from ../../src/manager/nmc.c:39:
|> ../../src/manager/nmc_c64.h:83: #error sizeof(long) not 4 or 8
|> <<<<<<<<
|> *** Error code 1
|> make: Fatal error: Command failed for target `nmc.o'
|>
|> I'm using gcc. The SNMP and apps make correctly.
|>
|> Richard Jacobs ([email protected])
|
|The message means that SIZEOF_LONG hasn't been defined. This
|is done in the Makefile, at least in the makefiles generated by
|autoconfig.
|
|Are you using the autoconfig-generated Makefiles? If you are
|using the Makefiles in the Solaris directories it should all work.
|If you are using autoconfig (as recommended in the Release Notes),
|have you deleted the old configure cache data?
|
|Cheers, Nevil
|
|+---------------------------------------------------------------------+
|| Nevil Brownlee Director, Technology Development |
|| Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland |
|| FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand |
|+---------------------------------------------------------------------P
|
|

-- ___
/ _/__ | Casey Ajalat / [email protected]
/ /_/ /_ | Voice: (617) 873-5629
/ /_ __/ | Pager: 1-800-759-8888 # 8799493
\__/o/llective | On Site at GTE Internetworking, Powered by BBN
\_\echnologies | --------[ http://www.colltech.com ]---------

From netramet-owner Sat Dec 13 02:26:50 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id CAA09789 for netramet-outgoing; Sat, 13 Dec 1997 02:25:22 +1300 (NZDT)
Received: from zsulink.zsu.edu.cn (zsulink.zsu.edu.cn [202.116.64.1]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id CAA09783; Sat, 13 Dec 1997 02:25:00 +1300 (NZDT)
Received: from incnt1 (incnt1 [202.116.64.31])
by zsulink.zsu.edu.cn (8.8.5/8.8.5) with ESMTP id VAA24028;
Fri, 12 Dec 1997 21:25:09 +0800 (GMT)
Message-ID: <[email protected]>
Date: Fri, 12 Dec 1997 21:25:25 +0800
From: Erltsung Schang <[email protected]>
X-Mailer: Mozilla 4.01 [en] (WinNT; I)
MIME-Version: 1.0
To: [email protected],
"[email protected]" <[email protected]>
Subject: Re: meter only seeing broadcast packets
X-Priority: 3 (Normal)
References: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

Hi Nevil,

> Do you have root priviliege when running NeTraMet on your Alpha?
> If you don't, libpcap (which NeTraMet uses to see the packet
> headers) can only see packets to/from the hst it's running on (which
> of
> course includes broadcasts).

Sure, I login as root, and run NeTraMet and NeMaC.
I installed a new version libpcap 0.4a5 today (I used libpcap-0.2.1
before), and re-compiled NeTraMet and NeMaC, but unfortunately, it logs
broadcast only.

Do you have any other comments?
Thanks in advance.

Erltsung Schang

-------------------------------------------------------------------
Erltsung Schang
Network Center of Zhongshan (Sun Yat-sen) University
Guangzhou, GD 510275
China
Phone: 86-20-84184905 Fax: 86-20-84193772
-------------------------------------------------------------------

From netramet-owner Thu Dec 18 20:06:12 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id UAA09646 for netramet-outgoing; Thu, 18 Dec 1997 20:02:58 +1300 (NZDT)
Received: from linux1.americasnet.com (linux1.americasnet.com [207.155.121.128]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id UAA09637; Thu, 18 Dec 1997 20:02:48 +1300 (NZDT)
Received: from localhost (ricardo@localhost) by linux1.americasnet.com (8.8.7/8.7.3) with SMTP id XAA23913; Wed, 17 Dec 1997 23:09:09 -0800
Date: Wed, 17 Dec 1997 23:09:08 -0800 (PST)
From: Ricardo Kleemann <[email protected]>
To: Nevil Brownlee <[email protected]>
cc: [email protected]
Subject: using fd_filter and other utilities
In-Reply-To: <[email protected]>
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: [email protected]
Precedence: bulk

Hi guys,

I'm trying to get some help on how to use the utilities. I have a large
flow file which I want to analyze but I'm not sure how to use fd_filter.

Can someone provide me with a "format file" for use with fd_filter? What
format will fd_filter leave the information in?

Thanks
Ricardo

From netramet-owner Sat Dec 20 03:39:09 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id DAA17581 for netramet-outgoing; Sat, 20 Dec 1997 03:36:02 +1300 (NZDT)
Received: from skye.nis.newscorp.com (skye.nis.newscorp.com [206.15.111.99]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id DAA17570 for <[email protected]>; Sat, 20 Dec 1997 03:35:57 +1300 (NZDT)
Received: (from dobrich@localhost) by skye.nis.newscorp.com (8.8.6/8.7.2) id JAA25192; Fri, 19 Dec 1997 09:37:23 -0500 (EST)
Date: Fri, 19 Dec 1997 09:37:23 -0500 (EST)
From: Greg Dobrich <[email protected]>
Message-Id: <[email protected]>
To: [email protected]
Subject: metering busy fddi
Cc: [email protected]
X-Sun-Charset: US-ASCII
Sender: [email protected]
Precedence: bulk

Hi,

I'm running netramet on a solaris sparc 20. Both the meter and manager run
on this machine. The meter has been running on several fddi rings which
vary in utilization. Initially the meter was on a very busy backbone ring
(peaking to maybe 80 mbps and averaging around 40 mpbs). My ruleset was
devised to measure only outbound packets from 2 ftp servers (this is unusual
for netramet I understand but it is how we bill our customers who house
servers here). In this configuration when compared against the servers
calculations of bytes served (via ftp) netramet was 4 - 8% low, although
it was counting 70 - 80 gig per day. After making the collection time more
frequent with no effect, I moved the meter to the subsidiary ring one of
the servers was on. This ring had much less traffic (peaks to 36, average 14)
and I hoped the servers figures and netramets figures would come closer (I
believe netramet counts header bytes so it should have shown larger actually).
It still appears as if I'm around 8% low on netramet (calculated using a much
smaller sample). The sparc 20 is very lightly loaded so I'm not sure where
the problem might be and I'm puzzled as to why moving the meter to a network
loaded to half the original didnt change the differential at all if in fact
it is a performance issue (unless the drop threshold is below the level of
traffic on the subsidiary ring and is flat thereafter). Any one have any ideas
on how to proceed?

Thanks,

--Greg
-----------------------------------------------------------------------------
Greg Dobrich Senior Network Engineer News Internet Services
978 551 1007 Lowell, MA

From netramet-owner Tue Dec 23 16:50:13 1997
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) id QAA13173 for netramet-outgoing; Tue, 23 Dec 1997 16:44:26 +1300 (NZDT)
Received: from linux1.americasnet.com (linux1.americasnet.com [207.155.121.128]) by mailhost.auckland.ac.nz (8.8.5/8.7.3-ua) with ESMTP id QAA13160 for <[email protected]>; Tue, 23 Dec 1997 16:44:20 +1300 (NZDT)
Received: from localhost (ricardo@localhost) by linux1.americasnet.com (8.8.7/8.7.3) with SMTP id TAA09070 for <[email protected]>; Mon, 22 Dec 1997 19:50:32 -0800
Date: Mon, 22 Dec 1997 19:50:29 -0800 (PST)
From: Ricardo Kleemann <[email protected]>
To: [email protected]
Subject: still having probs with fd_filter. Please Help!
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: [email protected]
Precedence: bulk

Hi guys,

I'm sorry if I keep going over this but I still haven't made much progress
in getting an output that makes sense. I really can't tell if the data
output from fd_filter makes sense, and if so, how would I use fd_extract
to make sense of it?

Can someone help me out?? I've included some sample flow data and a format
file for fd_filter. I collected data for all the ports in rules.ipport and
set up (at least attempted) the fd_filter to show packtes for nntp.

Here's a sample portion of my flows file, which was obtained using the
rules.ipport example:

=================================================================

15 180 67592 1 6 23 0 4 315 0 0
15 181 67592 1 17 718 2049 9 1930 9 1034
15 182 67592 1 6 1062 6667 1 60 1 209
15 183 67594 1 6 6667 1217 1 54 1 489
15 184 67594 1 6 119 0 73 29340 0 0
15 185 67595 1 6 1088 6667 1 60 0 0
15 186 67598 1 6 1027 6667 1 60 1 209
15 187 67600 1 6 24705 7002 1 60 1 592
15 188 67602 1 6 12386 7002 2 120 1 592
15 189 67604 1 6 4606 6667 1 60 0 0
15 190 67608 1 6 1271 6667 1 60 1 209
15 191 67612 1 6 1446 6667 1 60 0 0
15 192 67614 1 6 7002 24386 1 60 1 513
15 193 67616 1 6 1369 6667 1 60 0 0
15 194 67621 1 17 137 137 1 110 0 0
15 195 67624 1 6 1073 7070 1 1514 1 54
15 196 67629 1 6 2605 6667 1 60 0 0
15 197 67630 1 6 5000 6667 1 60 0 0
15 198 67632 1 6 6667 1345 1 1351 0 0
15 199 67632 6 0 0 0 2 120 0 0
15 200 67636 1 6 25 0 6 389 0 0
15 201 67636 1 6 1043 6667 1 60 0 0
15 202 67639 1 6 1056 6667 1 60 0 0
15 203 67639 1 6 1080 6667 2 120 0 0
15 204 67640 1 6 1028 6667 3 180 0 0
15 205 67643 1 6 1029 6667 1 60 0 0
15 206 67643 1 6 1052 6667 1 60 0 0
15 207 67644 1 6 1193 6667 1 60 0 0
15 208 67645 1 6 1047 6667 1 60 0 0
15 209 67645 1 6 1310 6667 1 60 0 0
15 210 67648 1 6 1026 6667 2 120 0 0
15 211 67650 1 6 1597 7000 1 60 0 0
15 212 67651 1 17 1031 21461 1 60 0 0
15 213 67651 1 17 1033 52674 1 60 0 0
15 214 67652 1 6 1075 6667 1 60 0 0
15 215 67654 1 6 1235 6667 1 60 1 209
15 216 67655 1 6 1046 6667 1 60 1 110
15 217 67656 1 6 1038 6667 1 60 0 0

==========================================================

and here's my format file for fd_filter:

Format:
TagNbr SourcePeerType "\t" ToOctetRate FromOctetRate;
Tag 1:
SourcePeerType=IP;
Tag 2:
SourceTransType=tcp;
Tag 3:
DestTransAddress=nntp;

===========================================================

And here's what I got as output from fd_filter:
Does this data look correct? How would I use it?

If, for example, I wanted to have a file that looked like:
Unix_Time inOctets outOctets

How could I do that?
Thanks again, here's the fd_filter output...

1 1 3451 0
1 1 8926 8074
1 1 670 1236
1 1 1946 5410
1 1 697580 0
1 1 1304 2348
1 1 960 8734
1 1 1200 12067
1 1 572 887
1 1 360 960
1 1 277 299
1 1 15048 4814
1 1 430 1080
1 1 3100 0
1 1 21628 1512
1 1 935 1878
1 1 416 714
1 1 8748 690
1 1 114 0
1 1 1299 2939
1 1 362 1021
1 1 259 544
1 1 680 3240
1 1 1686 3910
1 1 692 1775
1 1 681 1402
1 1 360 1264
1 1 593 1020
1 1 1954 4601
1 1 274 478
1 1 900 0
1 1 900 0
1 1 180 1000
1 1 240 592
1 1 0 110
1 1 540 1156
1 1 300 921
1 1 2258 300
1 1 385 1262
1 1 1232 540
1 1 398 0
1 1 215 120
1 1 1073 420
1 1 323 294
1 1 269 198