From netramet-owner Thu Sep 3 00:54:26 1998
Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id AAA08703
for netramet-outgoing; Thu, 3 Sep 1998 00:48:03 +1200 (NZST)
Received: from mail.fh-aachen.de (hpux1.noc.FH-Aachen.de [149.201.10.5])
by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id AAA08688
for <
[email protected]>; Thu, 3 Sep 1998 00:47:58 +1200 (NZST)
Received: from dialup.fh-aachen.de (ulrike-baumann.dialup.FH-Aachen.de [149.201.115.98])
by mail.fh-aachen.de (8.8.7/8.8.7) with ESMTP id OAA03766
for <
[email protected]>; Wed, 2 Sep 1998 14:43:18 +0200
Message-ID: <
[email protected]>
Date: Wed, 02 Sep 1998 14:30:42 +0200
From: "ulrike.baumann" <
[email protected]>
X-Mailer: Mozilla 4.03 [en] (Win95; I)
MIME-Version: 1.0
To: netramet <
[email protected]>
Subject: problems with fd_extract
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender:
[email protected]
Precedence: bulk
Hi all,
I am studying computer sciences at the FH Aachen in Germany and I use
NeTraMet (version 4.1 and 4.2 on a linux sytem) for statistical
analysis of performance measures.
Right now I am experiencing some problems with the fd_extract flow data
file utility.
Although I am using this tool according to the manual, it
seems that the complete output column file contains only values equal to
zero. I did some review and tests with the source code, but the problem
still remains. The source is quite complex, but I have the idea that
maybe there is something wrong with the final loop in which the values
are incremented.
So, if anyone encountered similar problems with this tool or I am just
making any mistake, I appreciate any helpful information
Thank you and bye,
Ulrike.
From netramet-owner Wed Sep 9 23:35:45 1998
Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id XAA23501
for netramet-outgoing; Wed, 9 Sep 1998 23:31:23 +1200 (NZST)
Received: from arthur.axion.bt.co.uk (arthur.axion.bt.co.uk [132.146.5.4])
by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id XAA23492
for <
[email protected]>; Wed, 9 Sep 1998 23:31:17 +1200 (NZST)
Received: from rambo (actually rambo.futures.bt.co.uk)
by arthur.axion.bt.co.uk (PP) with SMTP;
Wed, 9 Sep 1998 12:29:21 +0100
Received: from mussel.futures.bt.co.uk (actually mussel) by rambo
with SMTP (PP); Wed, 9 Sep 1998 12:32:07 +0100
Received: by mussel.futures.bt.co.uk with Microsoft Exchange (IMC 4.0.837.3)
id <
[email protected]>;
Wed, 9 Sep 1998 12:25:35 +0100
Message-ID: <c=GB%a=_%p=BT%
[email protected]>
X-MS-TNEF-Correlator: <c=GB%a=_%p=BT%
[email protected]>
From: Mansur Khan <
[email protected]>
To: "'NETRAMET'" <
[email protected]>
Subject: Nemac and Nifty Source code
Date: Wed, 9 Sep 1998 12:31:11 +0100
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.837.3
Encoding: 11 TEXT, 33 UUENCODE
X-MS-Attachment: WINMAIL.DAT 0 00-00-1980 00:00
Sender:
[email protected]
Precedence: bulk
Hi everyone,
I've been looking for the Nemac and Nifty source code in the Unix and Pc
downloads and can't seem to find it.
Could anyone point me in the right direction as to where it is.
Cheers for your help,
Mansur
begin 600 WINMAIL.DAT
M>)\^(B0+`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`06 `P`.````S@<)``D`
M# `?``L``P`@`0$@@ ,`#@```,X'"0`)``P`&0`C``,`,@$!"8 !`"$```!%
M-D-%,T4W03$S-#=$,C$Q0C4S,3 X,# R0D(P.4)&1@`J!P$-@ 0``@````(`
M`@`!!( !`!P```!.96UA8R!A;F0@3FEF='D@4V]U<F-E(&-O9&4`K0D!`Y &
M`#P$```9`````P`&$$= !AH#``<0J@```!X`"! !````90```$A)159%4EE/
M3D4L259%0D5%3DQ/3TM)3D=&3U)42$5.14U!0T%.1$Y)1E194T]54D-%0T]$
M14E.5$A%54Y)6$%.1%!#1$]73DQ/041304Y$0T%.5%-%14U43T9)3D1)5$-/
M54P``````P`0$ `````#`!$0``````(!"1 !````6 $``%0!``#V`0``3%I&
M=46M?&(#``H`<F-P9S$R-?XR`/\"!@*D`^0%ZP*#`% 3`U0"`&-H"L!S973^
M,@8`!L,"@PY0`]4'$P* _GT*@ C/"=D"@ J!#G$+8(1N9P'0-3=<: 6P4'ID
M;V,``"H252![`I$80&P8=0K[$[(!T""@2&D@978$D'D"($QE+ J%"H5))QL@
M($IB">$@%2!O:PN 9^8@`A %P'1H'+ 'P #!&B `<&0'L :0='D@NG,(86,<
ML 6@#G @"X#5'=-5`P!X'G-0'F 7\&1W;A4@860$(!Z"8[T`<"<%0!*P'C =
MT&\=D.,+@!Z@:70N' 8*A0A1CFP>H !P&U(@<&\+@$\%0 > ']8%$&=H!4!D
MXFD5D&-T:0(@'G $(#TBH7<=\!60(Q$?T',N?R-M'? $D 0@':(;4 AP(.D=
M\&QP&YU-`'$(< J%!12Q`"Q0'@!P``$````<````3F5M86,@86YD($YI9G1Y
M(%-O=7)C92!C;V1E``(!<0`!````%@````&]V^20E8!70A)'S1'2I"0`@%_7
M)]P``$ `.0`E@IU8Y=N]`0,`\3\)! ```P`F```````#`#8```````(!1P`!
M````+P```&,]1T([
[email protected] ]0E0[;#U-3$(T3E1!4S Q+3DX,#DP.3$Q,S$Q
M,5HM,SDP.#4```(!^3\!````2@````````#<IT#(P$(0&K2Y" `K+^&"`0``
M```````O3SU"5"]/53U!051-04E,+T-./5)%0TE0245.5%,O0TX]34%.4U52
M+DM(04X````>`/@_`0````P```!-86YS=7(@2VAA;@`"`?L_`0```$H`````
M````W*= R,!"$!JTN0@`*R_A@@$`````````+T\]0E0O3U4]04%434%)3"]#
M3CU214-)4$E%3E13+T-./4U!3E-54BY+2$%.````'@#Z/P$````,````36%N
M<W5R($MH86X`0 `',/A0G%CEV[T!0 `(,' A[H_DV[T!`P`--/T_```"`10T
M`0```! ```!4E*' *7\0&Z6'" `K*B47'@`]``$````!``````````L`*0``
M````"P`C```````"`7\``0```$D````\8SU'0B5A/5\E<#U"5"5L/4U,0C1.
M5$%3,#
[email protected] Y,3$S,3$Q6BTS.3 X-4!M=7-S96PN9G5T=7)E<RYB="YC
+;RYU:SX`````, TY
`
end
From netramet-owner Sat Sep 12 09:06:54 1998
Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id JAA25074
for netramet-outgoing; Sat, 12 Sep 1998 09:01:55 +1200 (NZST)
Received: from uqam.ca (anis.telecom.uqam.ca [132.208.250.6])
by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id JAA25066
for <
[email protected]>; Sat, 12 Sep 1998 09:01:52 +1200 (NZST)
Received: from er.uqam.ca (nobel.si.uqam.ca [132.208.219.1])
by uqam.ca (8.8.8/8.8.8) with ESMTP id RAA12320
for <
[email protected]>; Fri, 11 Sep 1998 17:01:49 -0400 (EDT)
Received: from mpeg (
[email protected] [132.208.135.193])
by er.uqam.ca (8.8.8/8.8.8) with SMTP id RAA07825
for <
[email protected]>; Fri, 11 Sep 1998 17:01:18 -0400 (EDT)
Message-ID: <
[email protected]>
Date: Fri, 11 Sep 1998 17:01:49 -0400
From: Eddy Coussement <
[email protected]>
X-Mailer: Mozilla 3.01Gold (X11; I; SunOS 5.5.1 sun4m)
MIME-Version: 1.0
To: Netramet <
[email protected]>
Subject: fd_extract
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender:
[email protected]
Precedence: bulk
Hi everyone,
I have some problems using the fd_extract utility. I always get zeros in
the columns. Did anyone have this same problem?
1.6 0 0 0 0 0 0 0 0 0 0
3.6 0 0 0 0 0 0 0 0 0 0
5.6 0 0 0 0 0 0 0 0 0 0
Eddy Coussement
UQAM - Montreal
From netramet-owner Wed Sep 16 10:34:22 1998
Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id KAA05324
for netramet-outgoing; Wed, 16 Sep 1998 10:29:59 +1200 (NZST)
Received: from alpha.telecom-co.net ([200.21.27.100])
by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with SMTP id KAA05247
for <
[email protected]>; Wed, 16 Sep 1998 10:29:41 +1200 (NZST)
Received: by alpha.telecom-co.net; id AA07298; Tue, 15 Sep 1998 17:28:34 -0500
Message-Id: <
[email protected]>
From: "Joni Noguera Salazar" <
[email protected]>
To: "netramet" <
[email protected]>
Subject: NeMaC no read Meter
Date: Tue, 15 Sep 1998 17:28:08 -0500
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0093_01BDE0CE.34A734E0"
X-Priority: 3
X-Msmail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.5
X-Mimeole: Produced By Microsoft MimeOLE V4.72.3110.3
Sender:
[email protected]
Precedence: bulk
This is a multi-part message in MIME format.
------=_NextPart_000_0093_01BDE0CE.34A734E0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0094_01BDE0CE.34A734E0"
------=_NextPart_001_0094_01BDE0CE.34A734E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi
I have a meter whit the following configuration... (in files =
autoexec.bat, config.sys pd.bat, Wattcp.cfg and Acct.bat)
=20
the meter run good, and NeMaC genere the followings files =
200.21.27.133.flows.001 and NeMaC.log.001.
=20
NeMaC is run on Linux 2.0.0 but the manager no read information of =
meter, what=B4s wrong??
=20
please Help-me
=20
Joni Noguera
ITEC-Telecom
research divition
Bogota Colombia
------=_NextPart_001_0094_01BDE0CE.34A734E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>
<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>
<DIV><FONT color=3D#000000 size=3D2>Hi</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2>I have a meter whit the following=20
configuration... (in files autoexec.bat, config.sys pd.bat, Wattcp.cfg =
and=20
Acct.bat)</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>the meter run good, and NeMaC genere the =
followings=20
files 200.21.27.133.flows.001 and NeMaC.log.001.</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>NeMaC is run on Linux 2.0.0 but the manager no read=20
information of meter, what´s wrong??</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>please Help-me</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 size=3D2>Joni Noguera</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT><FONT =
size=3D2>ITEC-Telecom</FONT></DIV>
<DIV><FONT size=3D2>research divition</FONT></DIV>
<DIV><FONT size=3D2>Bogota Colombia</FONT></DIV></DIV></BODY></HTML>
------=_NextPart_001_0094_01BDE0CE.34A734E0--
------=_NextPart_000_0093_01BDE0CE.34A734E0
Content-Type: application/octet-stream;
name="NeMaC.log.001"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="NeMaC.log.001"
MDI6NTI6MDAgV2VkIDE2IFNlcCAxOTk4IC0tIFN0YXJ0aW5nIE5lTWFDOiBOZVRyYU1ldCBNYW5h
Z2VyICYgQ29udHJvbGxlciBWNC4yCjAyOjUyOjAxIFdlZCAxNiBTZXAgMTk5OCAtLSByZWFkZXJf
dXRpbChJbml0LEN1cnJlbnQpOiBFcnJvciBpbiBwYWNrZXQsIHJlYXNvbiA9IGluY29uc2lzdGVu
dFZhbHVlCjAyOjUyOjAxIFdlZCAxNiBTZXAgMTk5OCAtLSAuLi4gZmxvd01JQi5mbG93Q29udHJv
bC5mbG93UmVhZGVySW5mb1RhYmxlLmZsb3dSZWFkZXJJbmZvRW50cnkuZmxvd1JlYWRlclJ1bGVT
ZXQuMTAKMDI6NTI6MDEgV2VkIDE2IFNlcCAxOTk4IC0tIENvbW11bml0eSB3cml0ZV9jb20gZG9l
c24ndCBoYXZlIHdyaXRlIGFjY2VzcyB0byBtZXRlciEKICAgQ29sbGVjdGlvbnMgd29uJ3QgdHJp
Z2dlciByZWNvdmVyeSBvZiBpZGxlIGZsb3dzIDw8PAowMjo1NDo0OCBXZWQgMTYgU2VwIDE5OTgg
LS0gTmVNYUMgU2h1dHRpbmcgZG93bgo=
------=_NextPart_000_0093_01BDE0CE.34A734E0
Content-Type: application/octet-stream;
name="200.21.27.133.flows.001"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="200.21.27.133.flows.001"
IyNOZVRyYU1ldCB2NC4yOiAgLWMzMDAgLXIgICAyMDAuMjEuMjcuMTMzIGV0MTIwICAxMDAwMCBm
bG93cyAgc3RhcnRpbmcgYXQgMDI6NTI6MDEgV2VkIDE2IFNlcCAxOTk4CiNGb3JtYXQ6IAo=
------=_NextPart_000_0093_01BDE0CE.34A734E0
Content-Type: application/octet-stream;
name="Autoexec.bat"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="Autoexec.bat"
@echo on
prompt $p$g
set path=A:\
set wattcp.cfg=a:\
set HOST_CLOCK_RATE=90E6
rem a:\dosedit
if exist pd.bat call pd.bat
cd netramet
acct
------=_NextPart_000_0093_01BDE0CE.34A734E0
Content-Type: application/octet-stream;
name="Config.sys"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="Config.sys"
BREAK ON
FILES=40
BUFFERS=40
DEVICE=A:\WINDOWS\HIMEM.SYS
DEVICEHIGH SIZE=2DD0 A:\WINDOWS\EMM386.EXE noems
DOS=high,UMB
STACKS=8,256
------=_NextPart_000_0093_01BDE0CE.34A734E0
Content-Type: application/octet-stream;
name="Pd.bat"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="Pd.bat"
rem Configuration for UofA 'Meter' PC
rem \drivers\ne2000 120 5 0x300
\drivers\ne2000 120 10 0xFCC0
------=_NextPart_000_0093_01BDE0CE.34A734E0
Content-Type: application/octet-stream;
name="Wattcp.cfg"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="Wattcp.cfg"
# set ip number
#my_ip=123.123.123.1
my_ip=200.21.27.133
# or for bootp set my_ip=bootp
# set a non-zero network mask
netmask=255.255.255.0
# enter one or more nameservers
#nameserver=123.123.123.2
#nameserver=200.21.27.17
nameserver=192.157.67.2
nameserver=157.253.1.13
# enter one or more gateways
#gateway=123.123.123.254
#gateway=200.21.27.17
gateway=200.21.27.130
# should have a domain list
#domainslist="your.domain"
domainslist="telecom-co.net"
# optional inactive flag tells WATTCP to kill connection if nothing
# happens for a period of time in seconds
# eg. inactive=300 # 300 seconds or 5 minutes
inactive=300
# define timeout for most things, like opening sessions
# defaults to 30 seconds
# eg. sockdelay=60 # extend it to one minute
sockdelay=60
------=_NextPart_000_0093_01BDE0CE.34A734E0
Content-Type: application/octet-stream;
name="Acct.bat"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="Acct.bat"
ntm32 -h120 -f10000 -p2000 -w write_com -r read_com
------=_NextPart_000_0093_01BDE0CE.34A734E0--
From netramet-owner Tue Sep 22 01:14:37 1998
Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id BAA08745
for netramet-outgoing; Tue, 22 Sep 1998 01:09:06 +1200 (NZST)
Received: from mail.ansp.br (IDENT:
[email protected] [143.108.1.150])
by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id BAA08737
for <
[email protected]>; Tue, 22 Sep 1998 01:09:02 +1200 (NZST)
Received: (from uucp@localhost)
by mail.ansp.br (8.8.5/8.8.5) id KAA16975
for <
[email protected]>; Mon, 21 Sep 1998 10:08:58 -0300
Received: from THEBRAIN.REGISTRO.FAPESP.BR(143.108.23.10), claiming to be "ansp.br"
via SMTP by mail.ansp.br, id smtpda16973; Mon Sep 21 13:08:50 1998
Message-ID: <
[email protected]>
Date: Mon, 21 Sep 1998 10:08:42 -0300
From: Ricardo Patara <
[email protected]>
Organization: ANSP
X-Mailer: Mozilla 4.5b1 [en] (X11; I; AIX 4.1)
X-Accept-Language: en
MIME-Version: 1.0
To:
[email protected]
Subject: Newer
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender:
[email protected]
Precedence: bulk
Hi folks.
I've just installed NeTramet 4.2 in my Linux machine. But I'm with some
problems.
I started NetFlowMet to collect flow from Cisco. I think it's ok. But,
when I started NeMac I got the following message:
/NeMaC -c20 -r rules.default localhost private
Using MIB file: mib.txt
>>> No SET statement in rule file rules.default
Warning!! Failed to start meter localhost check log for details
No meters to monitor !!!
There are two erros, I guess. One in the rule file, I can't understand,
because this is the rule file wich comes with Netramet distribuition.
The other complains about the meter, but I'm sure it's running:
/NetFlowMet -i 10000 -r private
NetFlowMet: Network Meter v4.2
Running on netmeter.ansp.br, port udp-10000
1008:22 nf_read(udp-10000): NF version 256 ???
1008:23 nf_read(udp-10000): NF version 256 ???
1008:24 nf_read(udp-10000): NF version 256 ???
1008:24 nf_read(udp-10000): NF version 256 ???
Any help will be fine.
TIA.
--
Ricardo Patara ANSP - an Academic Network at Sa~o Paulo
Analista de Redes Fundaca~o de Amparo `a Pesquisa S.P.
[email protected] Rua Pio XI, 1500 Alto da Lapa S.P. 05468-901
From netramet-owner Tue Sep 22 03:51:57 1998
Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id DAA14941
for netramet-outgoing; Tue, 22 Sep 1998 03:51:31 +1200 (NZST)
Received: from mail.ansp.br (IDENT:
[email protected] [143.108.1.150])
by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id DAA14934
for <
[email protected]>; Tue, 22 Sep 1998 03:51:27 +1200 (NZST)
Received: (from uucp@localhost)
by mail.ansp.br (8.8.5/8.8.5) id MAA18159
for <
[email protected]>; Mon, 21 Sep 1998 12:51:02 -0300
Received: from THEBRAIN.REGISTRO.FAPESP.BR(143.108.23.10), claiming to be "ansp.br"
via SMTP by mail.ansp.br, id smtpda18154; Mon Sep 21 15:50:58 1998
Message-ID: <
[email protected]>
Date: Mon, 21 Sep 1998 12:50:49 -0300
From: Ricardo Patara <
[email protected]>
Organization: ANSP
X-Mailer: Mozilla 4.5b1 [en] (X11; I; AIX 4.1)
X-Accept-Language: en
MIME-Version: 1.0
To: "
[email protected]" <
[email protected]>
Subject: Rule file
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender:
[email protected]
Precedence: bulk
Does anyone know what could make this happen?:
# ./NeMaC -s -l -r rules.default > syntax.default
NeMaC: NeTraMet Manager & Controller V4.2
1 errors in rule file(s) rules.default
# more syntax.default
rules.default 1: SET 5
rules.default 2: #
rules.default 3: RULES
rules.default 4: SourcePeerType & 255 = dummy: Ignore, 0; #
Ignore meter's dummy pkts
rules.default 5: Null & 0 = 0: GotoAct, Next;
rules.default 6: SourcePeerType & 255 = 0: CountPkt, 0;
rules.default 7: #
rules.default 8: # end of file
>>> No SET statement in rule file rules.default
The statement is declared, but NeMac says the opposite!
--
Ricardo Patara ANSP - an Academic Network at Sa~o Paulo
Analista de Redes Fundaca~o de Amparo `a Pesquisa S.P.
[email protected] Rua Pio XI, 1500 Alto da Lapa S.P. 05468-901
From netramet-owner Fri Sep 25 00:22:56 1998
Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id AAA05652
for netramet-outgoing; Fri, 25 Sep 1998 00:18:37 +1200 (NZST)
Received: from Thuban.AC.HMC.Edu (Thuban.AC.HMC.Edu [134.173.53.8])
by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id AAA05643
for <
[email protected]>; Fri, 25 Sep 1998 00:18:34 +1200 (NZST)
Received: from THUBAN.AC.HMC.EDU by THUBAN.AC.HMC.EDU (PMDF V5.1-7 #28820)
id <
[email protected]> for
[email protected]; Thu,
24 Sep 1998 05:18:30 PST
Date: Thu, 24 Sep 1998 05:18:29 -0800 (PST)
From: Andy Davenport <
[email protected]>
Subject: fd_extract
To:
[email protected]
Cc:
[email protected]
Message-id: <
[email protected]>
X-VMS-To: in%"
[email protected]"
X-VMS-Cc: andy
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=US-ASCII
Sender:
[email protected]
Precedence: bulk
> From: Eddy Coussement <
[email protected]>
> Hi everyone,
>
> I have some problems using the fd_extract utility. I always get zeros in
> the columns. Did anyone have this same problem?
>
> 1.6 0 0 0 0 0 0 0 0 0 0
> 3.6 0 0 0 0 0 0 0 0 0 0
> 5.6 0 0 0 0 0 0 0 0 0 0
>
> Eddy Coussement
> UQAM - Montreal
I am having the same problem. Is fd_extract working correctly for
anyone? Does anyone for whom it is working have a small sample
dataset and the accompanying rulefile for fd_extract that they
could make available? Thanks very much.
Andy Davenport
[email protected]
From netramet-owner Sat Sep 26 01:34:35 1998
Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id BAA01741
for netramet-outgoing; Sat, 26 Sep 1998 01:28:37 +1200 (NZST)
Received: from Thuban.AC.HMC.Edu (Thuban.AC.HMC.Edu [134.173.53.8])
by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id BAA01734
for <
[email protected]>; Sat, 26 Sep 1998 01:28:34 +1200 (NZST)
Received: from THUBAN.AC.HMC.EDU by THUBAN.AC.HMC.EDU (PMDF V5.1-7 #28820)
id <
[email protected]> for
[email protected]; Fri,
25 Sep 1998 06:28:30 PST
Date: Fri, 25 Sep 1998 06:28:30 -0800 (PST)
From: Andy Davenport <
[email protected]>
Subject: Possible ENDIAN problem in fd_extract
To:
[email protected]
Message-id: <
[email protected]>
X-VMS-To: in%"
[email protected]"
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=US-ASCII
Sender:
[email protected]
Precedence: bulk
Dear Nevil,
Sorry to add this to your workload. Several people have
recently reported a problem with fd_extract wherein it
returns all zeroes. In my case I am running v4.1 on a
Sun UltraSparc/Solaris. I think I might have a lead on
the problem (although my C is rather weak, so I may be
misunderstanding it).
In fd_data.h there appears this fragment:
typedef union {
unsigned int *intval;
unsigned char *charval;
counter64 *c64val;
} val;
It appears to be making integer and counter64 variables
overlay one another.
The last line of code in fd_extract.c is:
cip->value += *attribs[a].value.intval;
This appears to be where the accumulation of totals takes
place. cip->value is a float value. *attribs[a].value is
of type var but has been stored as a c64val in get_value.
I think the augment of cip->value is done with only half
of the counter64 value. Perhaps on the Sparc machine it
is getting the wrong ENDIAN? As a quickie workaround and
test (again, forgive my C inexperience) I did this:
In the variable declarations after main in fd_extract.c
I added:
counter64 doof;
Then I changed the last line in that file to this:
doof = *attribs[a].value.c64val;
cip->value += doof.low;
which I assume grabs the correct half of the counter64.
Now I get apparently correct (or at least non-zero) values
from fd_extract.
I realize that this is not as good a solution as doing
a proper counter64 to float conversion. Perhaps someone
else can contribute that?
Andy Davenport
Harvey Mudd College
From netramet-owner Tue Sep 29 03:08:27 1998
Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id DAA03406
for netramet-outgoing; Tue, 29 Sep 1998 03:04:43 +1200 (NZST)
Received: from mail.ansp.br (IDENT:
[email protected] [143.108.1.150])
by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id DAA03399
for <
[email protected]>; Tue, 29 Sep 1998 03:04:39 +1200 (NZST)
Received: (from uucp@localhost)
by mail.ansp.br (8.8.5/8.8.5) id MAA24755
for <
[email protected]>; Mon, 28 Sep 1998 12:04:18 -0300
Received: from THEBRAIN.REGISTRO.FAPESP.BR(143.108.23.10), claiming to be "ansp.br"
via SMTP by mail.ansp.br, id smtpda24752; Mon Sep 28 15:04:15 1998
Message-ID: <
[email protected]>
Date: Mon, 28 Sep 1998 12:04:05 -0300
From: Ricardo Patara <
[email protected]>
Organization: ANSP
X-Mailer: Mozilla 4.5b2 [en] (X11; I; AIX 4.1)
X-Accept-Language: en
MIME-Version: 1.0
To: "
[email protected]" <
[email protected]>
Subject: NetFlowMet
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender:
[email protected]
Precedence: bulk
I'd like to use NetFlowMet to capture flow from my cisco routers.
I donwloaded the NeTraMet 4.2, instaled and compiled it in a Linux box
(kernel 2.0.27). Everthing is work well. NeMac,NeTraMeter,nifity, srl.
But when I started NetFlowMet I received the message:
/NetFlowMet -i10000 -w test
NetFlowMet: Network Meter v4.2
Running on netmeter.ansp.br, port udp-10000
1149:52 nf_read(udp-10000): NF version 256 ???
1149:52 nf_read(udp-10000): NF version 256 ???
1149:52 nf_read(udp-10000): NF version 256 ???
I suposed netflowmet doens't know the version of packet, which should
be version 1. The netflow version cisco sends.
I verified the source of meter (meter_ux.c). There is a code to
discover the version. It's something like this:
nf_version = getVersionNumber(pi->nf_buf);
and in flowdata.h:
ushort getVersionNumber(flow)
char* flow;
{
return *((ushort*)flow);
}
If we convert 256 to binary, we'll get 1 00000000, which is a short int
(16 bits). I thought, if the notation couldn't be wrong. Because, if we
invert this binary number, we would get : 00000000 00000001 and I'd get
nf_version = 1.
And don't know if I wrote is correct. Just a guess.
TIA.
--
Ricardo Patara ANSP - an Academic Network at Sa~o Paulo
Analista de Redes Fundaca~o de Amparo `a Pesquisa S.P.
[email protected] Rua Pio XI, 1500 Alto da Lapa S.P. 05468-901
