From netramet-owner Tue Oct 1 18:13:51 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id SAA01738 for netramet-outgoing; Tue, 1 Oct 1996 18:06:39 +1200 (NZST) Received: from hkpu04.polyu.edu.hk (hkpu04.polyu.edu.hk [158.132.18.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id SAA01733 for ; Tue, 1 Oct 1996 18:06:34 +1200 (NZST) Received: from 158.132.14.1.polyu.edu.hk by hkpu04.polyu.edu.hk (SMI-8.6/SMI-4.1) id OAA21458; Tue, 1 Oct 1996 14:08:22 +0800 Message-Id: <199610010608.OAA21458@hkpu04.polyu.edu.hk> X-Sender: iteric@polyu.edu.hk X-Mailer: Windows Eudora Version 1.4.4 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 01 Oct 1996 14:26:37 +0800 To: netramet@auckland.ac.nz From: iteric@polyu.edu.hk (Wong Kit Fu) Subject: How to install libpcap Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hello, I am a HK Polytechnic electronic student. My final year project is a lan meter program in linux. I find that NeTraMet is quit related to my final year project and try to install it. However I encounter a problem of installation libpcap. May you give me a helping hand to install libpcap and other information about NeTraMet other than NeTraMet.man.tar.gz. Thank You very much. Eric, Wong Kit Fu. From netramet-owner Tue Oct 1 20:47:19 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id UAA08258 for netramet-outgoing; Tue, 1 Oct 1996 20:44:38 +1200 (NZST) Received: from solarnum.itd.uts.edu.au (solarnum.itd.uts.edu.au [138.25.16.3]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id UAA08248 for ; Tue, 1 Oct 1996 20:44:25 +1200 (NZST) Received: from [138.25.16.25] (bacchus.itd.uts.edu.au [138.25.16.25]) by solarnum.itd.uts.edu.au (8.7.3/8.7.1/uts) with ESMTP id SAA00542; Tue, 1 Oct 1996 18:43:03 +1000 (EAST) X-Sender: mpf@mailbox.uts.edu.au Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 1 Oct 1996 18:47:25 +1000 To: netramet@auckland.ac.nz, libpcap@ee.lbl.gov From: Matthew Flanagan Subject: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86) Cc: anne.mikita@uts.edu.au, dna@uts.edu.au Sender: netramet-owner@auckland.ac.nz Precedence: bulk This is the scenario: Compaq 486 PC Running Solaris 2.4 (x86) with latest Recommended patches and driver updates 3c509B ethernet card libpcap 0.2.1 NeTraMet 3.3 libpcap and NeTraMet compile fine, but when I run NeTraMet like so: ./NeTraMet -r read -w write I get this error: pcap_open_live(elx0): recv_ack: bind error 0x7 I can't find the error number anywhere in /usr/include/sys/dlpi.h. Has anyone experienced this before and got it working? Is anyone else running NeTraMet on a Solaris (2.x) x86 platform? -- Matthew Flanagan mpf@uts.edu.au Network Administrator - Information Technology Division University of Technology, Sydney. Voice: +61 2 9514 2141 Fax: +61 2 9514 1994 From netramet-owner Tue Oct 1 21:19:13 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id VAA09458 for netramet-outgoing; Tue, 1 Oct 1996 21:17:34 +1200 (NZST) Received: from hot.ee.lbl.gov (hot.ee.lbl.gov [131.243.1.42]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id VAA09452 for ; Tue, 1 Oct 1996 21:17:29 +1200 (NZST) Received: by hot.ee.lbl.gov (8.7.5/1.43r) id CAA08388; Tue, 1 Oct 1996 02:17:14 -0700 (PDT) Message-Id: <199610010917.CAA08388@hot.ee.lbl.gov> To: Matthew Flanagan Reply-to: libpcap@ee.lbl.gov Cc: netramet@auckland.ac.nz, libpcap@ee.lbl.gov, anne.mikita@uts.edu.au, dna@uts.edu.au Subject: Re: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86) In-reply-to: Your message of Tue, 01 Oct 1996 18:47:25 PDT. Date: Tue, 01 Oct 1996 02:17:14 PDT From: Craig Leres Sender: netramet-owner@auckland.ac.nz Precedence: bulk > Compaq 486 PC Running Solaris 2.4 (x86) with latest Recommended patches and > driver updates [...] > pcap_open_live(elx0): recv_ack: bind error 0x7 > > I can't find the error number anywhere in /usr/include/sys/dlpi.h. I think it's DL_UNSUPPORTED (Requested serv. not supplied by provider). Please try the appended patch. It will be in the next release. Craig ------- Forwarded Message Date: Mon, 16 Sep 1996 16:26:46 +0200 (MET DST) From: Tim Rylance Subject: fix for tcpdump-3.2.1 on Solaris x86 To: libpcap@ee.lbl.gov Cc: okamoto@earth.cias.osakafu-u.ac.jp, elwood@rumba.m.isar.de I just posted the following trivial fix to comp.unix.solaris... From: tim@elsevier.nl (Tim Rylance) Newsgroups: comp.unix.solaris Subject: Re: [Q] tcpdump-3.2.1 on Solris2.4 for X86? Date: 16 Sep 1996 14:19:57 GMT Organization: Elsevier Science BV, Amsterdam, The Netherlands Message-ID: <51jnmd$qhk@pigeon.elsevier.nl> References: <960828131226.M0106611@earth.cias.osakafu-u.ac.jp> <1996Aug31.2051 53.719@rumba.m.isar.de> <960911101521.M0127388@earth.cias.osakafu-u.ac.jp> Reply-To: t.rylance@elsevier.nl okamoto@earth.cias.osakafu-u.ac.jp and elwood@rumba.m.isar.de wonder why tcpdump doesn't work on Solaris x86 (it says "recv_ack: bind error 0x7"). Here is a fix (works on 2.5 x86 and SPARC, I don't have 2.4 to try it on): --- libpcap-0.2.1/pcap-dlpi.c- Tue Jul 23 23:21:16 1996 +++ libpcap-0.2.1/pcap-dlpi.c Sun Sep 15 19:04:14 1996 @@ -593,6 +593,7 @@ req.dl_service_mode = DL_HP_RAWDLS; #else req.dl_sap = sap; + req.dl_service_mode = DL_CLDLS; #endif return (send_request(fd, (char *)&req, sizeof(req), "bind", ebuf)); This was quite easily found by running truss on both snoop and tcpdump. -- Tim Rylance ------- End of Forwarded Message From netramet-owner Tue Oct 1 22:10:30 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id WAA10991 for netramet-outgoing; Tue, 1 Oct 1996 22:08:10 +1200 (NZST) Received: from solarnum.itd.uts.edu.au (solarnum.itd.uts.edu.au [138.25.16.3]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id WAA10979 for ; Tue, 1 Oct 1996 22:07:59 +1200 (NZST) Received: from [138.25.16.25] (bacchus.itd.uts.edu.au [138.25.16.25]) by solarnum.itd.uts.edu.au (8.7.3/8.7.1/uts) with ESMTP id UAA02251; Tue, 1 Oct 1996 20:06:33 +1000 (EAST) X-Sender: mpf@mailbox.uts.edu.au Message-Id: In-Reply-To: <199610010917.CAA08388@hot.ee.lbl.gov> References: Your message of Tue, 01 Oct 1996 18:47:25 PDT. Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 1 Oct 1996 20:10:56 +1000 To: libpcap@ee.lbl.gov From: Matthew Flanagan Subject: Re: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86) Cc: netramet@auckland.ac.nz, anne.mikita@uts.edu.au, dna@uts.edu.au Sender: netramet-owner@auckland.ac.nz Precedence: bulk Great! Fantastic! This works! Thanks very much. > > Compaq 486 PC Running Solaris 2.4 (x86) with latest Recommended patches and > > driver updates > [...] > > pcap_open_live(elx0): recv_ack: bind error 0x7 > > > > I can't find the error number anywhere in /usr/include/sys/dlpi.h. > > I think it's DL_UNSUPPORTED (Requested serv. not supplied by provider). > > Please try the appended patch. It will be in the next release. > > Craig > > ------- Forwarded Message > > Date: Mon, 16 Sep 1996 16:26:46 +0200 (MET DST) > From: Tim Rylance > Subject: fix for tcpdump-3.2.1 on Solaris x86 > To: libpcap@ee.lbl.gov > Cc: okamoto@earth.cias.osakafu-u.ac.jp, elwood@rumba.m.isar.de > > I just posted the following trivial fix to comp.unix.solaris... > > From: tim@elsevier.nl (Tim Rylance) > Newsgroups: comp.unix.solaris > Subject: Re: [Q] tcpdump-3.2.1 on Solris2.4 for X86? > Date: 16 Sep 1996 14:19:57 GMT > Organization: Elsevier Science BV, Amsterdam, The Netherlands > Message-ID: <51jnmd$qhk@pigeon.elsevier.nl> > References: <960828131226.M0106611@earth.cias.osakafu-u.ac.jp> > <1996Aug31.2051 > 53.719@rumba.m.isar.de> <960911101521.M0127388@earth.cias.osakafu-u.ac.jp> > Reply-To: t.rylance@elsevier.nl > > okamoto@earth.cias.osakafu-u.ac.jp and elwood@rumba.m.isar.de wonder why > tcpdump doesn't work on Solaris x86 (it says "recv_ack: bind error 0x7"). > > Here is a fix (works on 2.5 x86 and SPARC, I don't have 2.4 to try it on): > > --- libpcap-0.2.1/pcap-dlpi.c- Tue Jul 23 23:21:16 1996 > +++ libpcap-0.2.1/pcap-dlpi.c Sun Sep 15 19:04:14 1996 > @@ -593,6 +593,7 @@ > req.dl_service_mode = DL_HP_RAWDLS; > #else > req.dl_sap = sap; > + req.dl_service_mode = DL_CLDLS; > #endif > > return (send_request(fd, (char *)&req, sizeof(req), "bind", ebuf)); > > This was quite easily found by running truss on both snoop and tcpdump. > -- > Tim Rylance > > ------- End of Forwarded Message -- Matthew Flanagan mpf@uts.edu.au Network Administrator - Information Technology Division University of Technology, Sydney. Voice: +61 2 9514 2141 Fax: +61 2 9514 1994 From netramet-owner Wed Oct 2 02:54:41 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id CAA18744 for netramet-outgoing; Wed, 2 Oct 1996 02:51:48 +1200 (NZST) Received: from cosmail1.ctd.ornl.gov (cosmail1.ctd.ornl.gov [128.219.128.54]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id CAA18737 for ; Wed, 2 Oct 1996 02:51:45 +1200 (NZST) Received: from [128.219.154.21] (pucpmac.ctd.ornl.gov [128.219.154.21]) by cosmail1.ctd.ornl.gov (8.7.4/8.7.3) with ESMTP id KAA14004; Tue, 1 Oct 1996 10:51:41 -0400 (EDT) X-Sender: hny@cosmail1.ctd.ornl.gov Message-Id: In-Reply-To: <199610010917.CAA08388@hot.ee.lbl.gov> References: Your message of Tue, 01 Oct 1996 18:47:25 PDT. Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 1 Oct 1996 10:51:39 -0400 To: netramet@auckland.ac.nz From: Gary Haney Subject: Re: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86) Cc: libpcap@ee.lbl.gov Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi, I am having some problem getting NeTraMet to work on SunOS 4.1.4 and Irix 5.2 On both systems, when I execute the NeTraMet meter I get the following: NeTraMet: Network Traffic Meter V3.2 Running on x1234, interface et0 Segmentation fault (core dumped) When I do a dbx on NeTraMet, the following is returned: x1234# dbx NeTraMet Process died at pc 0x403a34 of signal: Segmentation Fault [using memory image in core] (dbx) where 0 ether_callback(user = (nil), h = (nil), p = (nil)) ["../../src/meter/meter_ux.c":292, 0x403a30] 1 pcap_read(0x0, 0x0, 0x0, 0x1000644d, 0x0) [0x411148] I suspect that this has something to do with libpcap. I got libpcap from ftp.ee.lbl.gov and compiled it, and installed it in /usr/lib. Is NeTraMet looking for libpcap elsewhere? Thanks, Gwh #include -------------------------------------------------------------------------------- -------- "Do as much as you can, for as many as you can, for as long as you can." - James Elcany Harr (1881-1972) -------------------------------------------------------------------------------- -------- U.S. Mail: Gary Haney Lockheed Martin Oak Ridge National Laboratory 701 Scarboro Rd. MS8227, Rm 328 Oak Ridge, Tn 37831 Phone: 423.574.4629 (Voice) 423.576.0099(Fax) Email: hny@ornl.gov (Internet) URL: -------------------------------------------------------------------------------- -------- From netramet-owner Wed Oct 2 06:06:40 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id GAA24291 for netramet-outgoing; Wed, 2 Oct 1996 06:04:13 +1200 (NZST) Received: from corp-rtr.mauswerks.com (corp-rtr.mauswerks.com [204.152.96.8]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id GAA24286 for ; Wed, 2 Oct 1996 06:04:10 +1200 (NZST) Received: from ratfink (topping@ratfink.mauswerks.com [204.152.96.34]) by corp-rtr.mauswerks.com (8.6.12/8.6.9) with SMTP id LAA28091; Tue, 1 Oct 1996 11:07:55 -0700 Message-ID: <325230ED.6CF40A4F@mauswerks.com> Date: Wed, 02 Oct 1996 02:07:57 -0700 From: Brian Topping Organization: Mauswerks, Inc. X-Mailer: Mozilla 3.0b6Gold (X11; I; Linux 2.0.0 i586) MIME-Version: 1.0 To: netramet@auckland.ac.nz, libpcap@ee.lbl.gov Subject: Re: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86) References: Your message of Tue, 01 Oct 1996 18:47:25 PDT. Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi all! Has the later libpcaps been ported to Linux yet? The most recent one that I have been able to find that works with Linux was a binary distribution and _really_ old. Just wondering, because I really want to upgrade some other tools too! -B Matthew Flanagan wrote: > > Great! Fantastic! This works! > > Thanks very much. > > > > Compaq 486 PC Running Solaris 2.4 (x86) with latest Recommended patches and > > > driver updates > > [...] > > > pcap_open_live(elx0): recv_ack: bind error 0x7 > > > > > > I can't find the error number anywhere in /usr/include/sys/dlpi.h. > > > > I think it's DL_UNSUPPORTED (Requested serv. not supplied by provider). > > > > Please try the appended patch. It will be in the next release. > > > > Craig > > > > ------- Forwarded Message > > > > Date: Mon, 16 Sep 1996 16:26:46 +0200 (MET DST) > > From: Tim Rylance > > Subject: fix for tcpdump-3.2.1 on Solaris x86 > > To: libpcap@ee.lbl.gov > > Cc: okamoto@earth.cias.osakafu-u.ac.jp, elwood@rumba.m.isar.de > > > > I just posted the following trivial fix to comp.unix.solaris... > > > > From: tim@elsevier.nl (Tim Rylance) > > Newsgroups: comp.unix.solaris > > Subject: Re: [Q] tcpdump-3.2.1 on Solris2.4 for X86? > > Date: 16 Sep 1996 14:19:57 GMT > > Organization: Elsevier Science BV, Amsterdam, The Netherlands > > Message-ID: <51jnmd$qhk@pigeon.elsevier.nl> > > References: <960828131226.M0106611@earth.cias.osakafu-u.ac.jp> > > <1996Aug31.2051 > > 53.719@rumba.m.isar.de> <960911101521.M0127388@earth.cias.osakafu-u.ac.jp> > > Reply-To: t.rylance@elsevier.nl > > > > okamoto@earth.cias.osakafu-u.ac.jp and elwood@rumba.m.isar.de wonder why > > tcpdump doesn't work on Solaris x86 (it says "recv_ack: bind error 0x7"). > > > > Here is a fix (works on 2.5 x86 and SPARC, I don't have 2.4 to try it on): > > > > --- libpcap-0.2.1/pcap-dlpi.c- Tue Jul 23 23:21:16 1996 > > +++ libpcap-0.2.1/pcap-dlpi.c Sun Sep 15 19:04:14 1996 > > @@ -593,6 +593,7 @@ > > req.dl_service_mode = DL_HP_RAWDLS; > > #else > > req.dl_sap = sap; > > + req.dl_service_mode = DL_CLDLS; > > #endif > > > > return (send_request(fd, (char *)&req, sizeof(req), "bind", ebuf)); > > > > This was quite easily found by running truss on both snoop and tcpdump. > > -- > > Tim Rylance > > > > ------- End of Forwarded Message > > -- > Matthew Flanagan mpf@uts.edu.au > > Network Administrator - Information Technology Division > University of Technology, Sydney. > Voice: +61 2 9514 2141 Fax: +61 2 9514 1994 From netramet-owner Wed Oct 2 09:02:29 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id IAA02138 for netramet-outgoing; Wed, 2 Oct 1996 08:59:48 +1200 (NZST) Received: from hot.ee.lbl.gov (hot.ee.lbl.gov [131.243.1.42]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id IAA02127 for ; Wed, 2 Oct 1996 08:59:42 +1200 (NZST) Received: by hot.ee.lbl.gov (8.7.5/1.43r) id NAA09099; Tue, 1 Oct 1996 13:59:34 -0700 (PDT) Message-Id: <199610012059.NAA09099@hot.ee.lbl.gov> To: Brian Topping Cc: libpcap@ee.lbl.gov Cc: netramet@auckland.ac.nz, libpcap@ee.lbl.gov Subject: Re: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86) In-reply-to: Your message of Wed, 02 Oct 1996 02:07:57 PDT. Date: Tue, 01 Oct 1996 13:59:34 PDT From: Craig Leres Sender: netramet-owner@auckland.ac.nz Precedence: bulk > Has the later libpcaps been ported to Linux yet? The most recent one > that I have been able to find that works with Linux was a binary > distribution and _really_ old. Not yet. Our linux system is too far out of date (and broken too). We have a ton of submitted patches and it is high on the list though. Craig From netramet-owner Wed Oct 2 14:23:21 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id OAA28159 for netramet-outgoing; Wed, 2 Oct 1996 14:20:37 +1200 (NZST) Received: from hkpu04.polyu.edu.hk (hkpu04.polyu.edu.hk [158.132.18.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id OAA28154 for ; Wed, 2 Oct 1996 14:20:33 +1200 (NZST) Received: from 158.132.14.1.polyu.edu.hk by hkpu04.polyu.edu.hk (SMI-8.6/SMI-4.1) id KAA23256; Wed, 2 Oct 1996 10:22:30 +0800 Message-Id: <199610020222.KAA23256@hkpu04.polyu.edu.hk> X-Sender: iteric@polyu.edu.hk X-Mailer: Windows Eudora Version 1.4.4 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 02 Oct 1996 10:40:44 +0800 To: netramet@auckland.ac.nz From: iteric@polyu.edu.hk (Eric, Wong Kit Fu) Subject: How to install libpcap Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hello, I am a HK Polytechnic electronic student. My final year project is a lan meter program in linux. I find that NeTraMet is quit related to my final year project and try to install it. However I encounter a problem of installation libpcap. May you give me a helping hand to install libpcap and other information about NeTraMet other than NeTraMet.man.tar.gz. Thank You very much. Eric, Wong Kit Fu. From netramet-owner Thu Oct 3 04:36:09 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id EAA07587 for netramet-outgoing; Thu, 3 Oct 1996 04:30:17 +1200 (NZST) Received: from xpert.com (limor@xpert.com [199.203.132.1]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id EAA07572 for ; Thu, 3 Oct 1996 04:30:11 +1200 (NZST) Received: (from limor@localhost) by xpert.com (8.7.5/8.7.3) id SAA13524 for netramet@auckland.ac.nz; Wed, 2 Oct 1996 18:30:19 +0200 Date: Wed, 2 Oct 1996 18:30:19 +0200 From: Limor Schweitzer Message-Id: <199610021630.SAA13524@xpert.com> To: netramet@auckland.ac.nz Subject: New XACCT-2 Documentation Sender: netramet-owner@auckland.ac.nz Precedence: bulk XACCT-2 Documentation ===================== A fully featured 154 page document is now available for XACCT-2. XACCT is the add-on to Checkpoint FireWall-1, that provides accounting and reporting capabilities. The document is available in either MS/Word-7 or PostScript formats. You may download it from our site: http://www.xpert.com/xacct.html Regards, Limor Schweitzer _____________________________________________________________ | \\ Limor Schweitzer (972)-3-6181118 | | \\ // | Net Security | | \\// __ ___ ___|__ Internet | | //\ | \\// __/ | | S/W Development | | // \\ | __//\\____ | \__ Network Integration | |__//___\\| _______UNIX Systems LTD____System Administration__| | From netramet-owner Tue Oct 8 21:24:11 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id VAA22846 for netramet-outgoing; Tue, 8 Oct 1996 21:19:11 +1300 (NZDT) Received: from solarnum.itd.uts.edu.au (solarnum.itd.uts.edu.au [138.25.16.3]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id VAA22827 for ; Tue, 8 Oct 1996 21:18:48 +1300 (NZDT) Received: from [138.25.16.25] (bacchus.itd.uts.edu.au [138.25.16.25]) by solarnum.itd.uts.edu.au (8.8.0/8.8.0/1.3) with SMTP id SAA01258 for ; Tue, 8 Oct 1996 18:17:10 +1000 (EAST) X-Sender: mpf@mailbox.uts.edu.au Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 8 Oct 1996 18:17:47 +1000 To: netramet@auckland.ac.nz From: mpf@uts.edu.au (Matthew Flanagan) Subject: rules for subnet and ip port Sender: netramet-owner@auckland.ac.nz Precedence: bulk Here at UTS we have a class B network (138.25.0.0). I would like to have a set of rules that allows me to monitor traffic by subnet (255.255.255.0 mask) and ip port. What is the simplest way I can do this? Note that the ethernet segment I have the meter on has other traffic besides UTS traffic going over it and I only want to meter the UTS traffic. -- Matthew Flanagan mpf@uts.edu.au Network Administrator - Information Technology Division University of Technology, Sydney. Voice: +61 2 9514 2141 Fax: +61 2 9514 1994 From netramet-owner Fri Oct 11 13:52:39 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id NAA14203 for netramet-outgoing; Fri, 11 Oct 1996 13:47:35 +1300 (NZDT) Received: from scorpions.ifqsc.sc.usp.br (scorpions.ifqsc.sc.usp.br [143.107.228.70]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id NAA14178 for ; Fri, 11 Oct 1996 13:47:25 +1300 (NZDT) Received: (from sergio@localhost) by scorpions.ifqsc.sc.usp.br (8.6.12/8.6.12) id VAA18641; Thu, 10 Oct 1996 21:48:33 GMT Date: Thu, 10 Oct 1996 21:48:33 +0000 () From: Sergio Henrique Oliveira Pereira X-Sender: sergio@scorpions.ifqsc.sc.usp.br To: Lista Netramet Subject: test Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Ignore , test. __ +|oo|+ +|oo|+ Instituto de Fisica de Sao Carlos - USP || Departamento de Fisica e Informatica || Grupo de Instrumentacao e Eletronica || || || E-mail : sergio@www.ifqsc.sc.usp.br _ || _ sergiop@ifqsc.sc.usp.br \\_||_// | [] | | || | http://www.ifqsc.sc.usp.br/hpp/sergio/sergio.html / [] \ \______/ From netramet-owner Fri Oct 18 03:07:06 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id DAA03345 for netramet-outgoing; Fri, 18 Oct 1996 03:02:14 +1300 (NZDT) Received: from gateway.bfg.com (gateway.bfg.com [131.187.253.2]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id DAA03338 for ; Fri, 18 Oct 1996 03:02:09 +1300 (NZDT) Received: (from uucp@localhost) by gateway.bfg.com (8.7.6/8.7.3) id KAA17212 for ; Thu, 17 Oct 1996 10:03:40 -0400 (EDT) Received: from ns1.bfg.com(192.73.67.20) by gw1.bfg.com via smap (V1.3) id sma017201; Thu Oct 17 10:03:31 1996 Received: from trysg4 ([170.126.4.122]) by ns1.bfg.com (8.7.6/8.7.3) with SMTP id JAA21301 for ; Thu, 17 Oct 1996 09:54:38 -0400 (EDT) Message-ID: <32663B0E.41C6@troy.awb.bfg.com> Date: Thu, 17 Oct 1996 09:56:30 -0400 From: Raja T Organization: BFGoodrich X-Mailer: Mozilla 3.0 (X11; I; IRIX 5.3 IP22) MIME-Version: 1.0 To: netramet@auckland.ac.nz Subject: Newbie: NeTraMet startup trouble on SGI Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi, I'm trying to run the NeTraMet meter on an SGI (Indigo2 Irix 5.3) and the program exits with the following message: NeTraMet: Network Traffic Meter V3.4 bind: Address already in use Any ideas why? Thanks in advance.. -- Raja Thiyagaraja raja@troy.awb.bfg.com From netramet-owner Fri Oct 18 04:39:23 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id EAA06177 for netramet-outgoing; Fri, 18 Oct 1996 04:38:22 +1300 (NZDT) Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id EAA06165 for ; Fri, 18 Oct 1996 04:38:19 +1300 (NZDT) Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP); Thu, 17 Oct 1996 16:28:41 +0100 Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA02825; Thu, 17 Oct 1996 15:24:27 GMT Date: Thu, 17 Oct 1996 15:24:27 +0000 (GMT) From: George Tsirtsis To: Raja T Cc: netramet@auckland.ac.nz Subject: Re: Newbie: NeTraMet startup trouble on SGI In-Reply-To: <32663B0E.41C6@troy.awb.bfg.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk On Thu, 17 Oct 1996, Raja T wrote: > Hi, > > I'm trying to run the NeTraMet meter on an SGI (Indigo2 Irix 5.3) and > the program exits with the following message: > > NeTraMet: Network Traffic Meter V3.4 > bind: Address already in use > > Any ideas why? Thanks in advance.. > > > -- > Raja Thiyagaraja > raja@troy.awb.bfg.com > I have exactly the same problem on a SPARCstation 20 running Solaris2.5. If anyone what is going on It would be helpfull for me too George Tsirtsis -------------------------------------------------------------------------- Network Research Tel : 0044-1473-640756 BT Labs Fax : 0044-1473-640709 Ipswich e-mail: george@gideon.bt.co.uk -------------------------------------------------------------------------- From netramet-owner Fri Oct 18 19:59:38 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id TAA12792 for netramet-outgoing; Fri, 18 Oct 1996 19:57:11 +1300 (NZDT) Received: from solarnum.itd.uts.edu.au (solarnum.itd.uts.edu.au [138.25.16.3]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id TAA12787 for ; Fri, 18 Oct 1996 19:57:06 +1300 (NZDT) Received: from [138.25.16.25] (bacchus.itd.uts.edu.au [138.25.16.25]) by solarnum.itd.uts.edu.au (8.8.0/8.8.0/1.3) with SMTP id QAA07303; Fri, 18 Oct 1996 16:55:39 +1000 (EAST) X-Sender: mpf@mailbox.uts.edu.au Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 18 Oct 1996 16:56:44 +1000 To: George Tsirtsis From: mpf@uts.edu.au (Matthew Flanagan) Subject: Re: Newbie: NeTraMet startup trouble on SGI Cc: netramet@auckland.ac.nz Sender: netramet-owner@auckland.ac.nz Precedence: bulk Are you running an snmp daemon? > On Thu, 17 Oct 1996, Raja T wrote: > > > Hi, > > > > I'm trying to run the NeTraMet meter on an SGI (Indigo2 Irix 5.3) and > > the program exits with the following message: > > > > NeTraMet: Network Traffic Meter V3.4 > > bind: Address already in use > > > > Any ideas why? Thanks in advance.. > > > > > > -- > > Raja Thiyagaraja > > raja@troy.awb.bfg.com > > > > I have exactly the same problem on a SPARCstation 20 running Solaris2.5. > > If anyone what is going on It would be helpfull for me too > > George Tsirtsis > -------------------------------------------------------------------------- > Network Research Tel : 0044-1473-640756 > BT Labs Fax : 0044-1473-640709 > Ipswich e-mail: george@gideon.bt.co.uk > -------------------------------------------------------------------------- -- Matthew Flanagan mpf@uts.edu.au Network Administrator - Information Technology Division University of Technology, Sydney. Voice: +61 2 9514 2141 Fax: +61 2 9514 1994 From netramet-owner Fri Oct 18 21:36:33 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id VAA15252 for netramet-outgoing; Fri, 18 Oct 1996 21:34:22 +1300 (NZDT) Received: from korin.warman.org.pl (korin.warman.org.pl [148.81.160.10]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id VAA15246 for ; Fri, 18 Oct 1996 21:34:16 +1300 (NZDT) Received: (from abial@localhost) by korin.warman.org.pl (8.7.5/8.7.3) id KAA26383; Fri, 18 Oct 1996 10:33:28 +0200 (MET DST) Date: Fri, 18 Oct 1996 10:33:27 +0200 (MET DST) From: Andrzej Bialecki To: Matthew Flanagan cc: George Tsirtsis , netramet@auckland.ac.nz Subject: Re: Newbie: NeTraMet startup trouble on SGI In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk On Fri, 18 Oct 1996, Matthew Flanagan wrote: > Are you running an snmp daemon? > > > On Thu, 17 Oct 1996, Raja T wrote: > > > > > NeTraMet: Network Traffic Meter V3.4 > > > bind: Address already in use > > > > > > Any ideas why? Thanks in advance.. > > > -- > > > Raja Thiyagaraja > > > raja@troy.awb.bfg.com > > > > > > > I have exactly the same problem on a SPARCstation 20 running Solaris2.5. > > George Tsirtsis This message means that some process uses this port being a server. So it can be above-mentioned snmp daemon. I encountered this problem when I was trying to run two NeTraMets on one machine with two eth. cards. And I have a simple workaround: If you have to run the snmp daemon, simply change the #define SNMP_PORT in (I think) snmplib/snmp.h to other value. As long as NeTraMet _and_ NeMaC use the same port, it really doesn't matter which specific port number you use (of course, you should choose one that is unused and one you least likely need in the future). Then recompile everything and enjoy :-) I hope this helps. Andy. +-------------------------------------------------------------------------+ Andrzej Bialecki _) _) _)_) _)_)_) _) _) --------------------------------------- _)_) _) _) _) _)_) _)_) Research and Academic Network in Poland _) _)_) _)_)_)_) _) _) _) Bartycka 18, 00-716 Warsaw, Poland _) _) _) _) _)_)_) _) _) +-------------------------------------------------------------------------+ From netramet-owner Fri Oct 18 21:48:17 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id VAA15511 for netramet-outgoing; Fri, 18 Oct 1996 21:46:21 +1300 (NZDT) Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id VAA15505 for ; Fri, 18 Oct 1996 21:46:16 +1300 (NZDT) Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP); Fri, 18 Oct 1996 09:44:20 +0100 Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA03926; Fri, 18 Oct 1996 08:39:42 GMT Date: Fri, 18 Oct 1996 08:39:41 +0000 (GMT) From: George Tsirtsis To: Andrzej Bialecki Cc: Matthew Flanagan , George Tsirtsis , netramet@auckland.ac.nz Subject: Re: Newbie: NeTraMet startup trouble on SGI In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk On Fri, 18 Oct 1996, Andrzej Bialecki wrote: > > This message means that some process uses this port being a server. So it > can be above-mentioned snmp daemon. I encountered this problem when I was > trying to run two NeTraMets on one machine with two eth. cards. And I > have a simple workaround: > If you have to run the snmp daemon, simply change the #define SNMP_PORT > in (I think) snmplib/snmp.h to other value. As long as NeTraMet _and_ > NeMaC use the same port, it really doesn't matter which specific port > number you use (of course, you should choose one that is unused and one you > least likely need in the future). Then recompile everything and enjoy :-) > > I hope this helps. > > Andy. In fact you can use the options of snmpd to make it use a different post number instead of recompiling the whole thing. try 'snmpd -p port' George Tsirtsis -------------------------------------------------------------------------- Network Research Tel : 0044-1473-640756 BT Labs Fax : 0044-1473-640709 Ipswich e-mail: george@gideon.bt.co.uk -------------------------------------------------------------------------- From netramet-owner Fri Oct 18 22:36:26 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id WAA16686 for netramet-outgoing; Fri, 18 Oct 1996 22:34:33 +1300 (NZDT) Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id WAA16681 for ; Fri, 18 Oct 1996 22:34:30 +1300 (NZDT) Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP); Fri, 18 Oct 1996 10:31:47 +0100 Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA04293; Fri, 18 Oct 1996 09:27:32 GMT Date: Fri, 18 Oct 1996 09:27:31 +0000 (GMT) From: George Tsirtsis To: Matthew Flanagan Cc: George Tsirtsis , netramet@auckland.ac.nz Subject: Re: Newbie: NeTraMet startup trouble on SGI In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk On Fri, 18 Oct 1996, Matthew Flanagan wrote: > Are you running an snmp daemon? > So, that was the problem.... Thanks for the tip, but I am afraid thats was the easy part. If I understand correctly NeTraMet is just a meter. So, when I run it it goes and set it self up on my network card and looks at the packets going back and forth. Then you have NeMac which is responsible of many things. First through a rule.file it has to configure the 'meter' to measure specific things rather what the default rules instract. Then NeMaC collects the staff every some time interval that we can change. Finally formats the data in a presentable way (short of anyway) and creates the output file. Now I dont understand how the meter takes its name. In some examples in the manual NeMaC uses the following structure : NeMaC -c120 -r rules.sample 130.216.234.237 test Is the doted number the name of the meter? If yes, where do we specify that and how can we change it? "test" obviusly is the SNMP community name, but where do we specify its name? I run NeTraMet as follows: NeTraMet -k& (since I run meter and manager on Unix) and then NeMaC as above. I get the following error message: NeMaC: NeTraMet Manager & Controller V3.3 Using MIB file: /usr/local/NeTraMet/mib/mib.txt Couldn't get meter info from 130.216.234.237! Does community test have read or write access to the meter? Can anybudy help? Thanks in advance George Tsirtsis e-mail: george@gideon.bt.co.uk From netramet-owner Sat Oct 19 04:35:38 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id EAA25033 for netramet-outgoing; Sat, 19 Oct 1996 04:30:19 +1300 (NZDT) Received: from erinet.com (eri-shell.erinet.com [207.0.229.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id EAA25026 for ; Sat, 19 Oct 1996 04:30:15 +1300 (NZDT) Received: from 207.90.116.186 (dlp154.dayton.eri.net [207.90.116.186]) by erinet.com (8.8.0/8.8.0) with SMTP id LAA03975; Fri, 18 Oct 1996 11:27:00 -0400 (EDT) Message-ID: <32676F3F.3010@erinet.com> Date: Fri, 18 Oct 1996 11:51:26 +0000 From: Raja Reply-To: raja@erinet.com Organization: Home X-Mailer: Mozilla 3.0 (Macintosh; I; 68K) MIME-Version: 1.0 To: George Tsirtsis CC: netramet@auckland.ac.nz Subject: Re: Newbie: NeTraMet startup trouble on SGI References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk George Tsirtsis wrote: > > So, that was the problem.... Thanks for the tip, but I am afraid thats was > the easy part. > > etc.. > I run NeTraMet as follows: > NeTraMet -k& (since I run meter and manager on Unix) > > and then NeMaC as above. I get the following error message: > > NeMaC: NeTraMet Manager & Controller V3.3 > Using MIB file: /usr/local/NeTraMet/mib/mib.txt > Couldn't get meter info from 130.216.234.237! > Does community test have read or write access to the meter? > > George Tsirtsis > e-mail: george@gideon.bt.co.uk Thanks to all for help regarding snmpd port number... I recompiled and am trying to run the meter and manager.. I'm exactly where George is !! Same messages as above... Raja Thiyagaraja raja@troy.awb.bfg.com From netramet-owner Sat Oct 19 04:47:00 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id EAA25406 for netramet-outgoing; Sat, 19 Oct 1996 04:43:59 +1300 (NZDT) Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id EAA25401 for ; Sat, 19 Oct 1996 04:43:56 +1300 (NZDT) Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP); Fri, 18 Oct 1996 16:43:13 +0100 Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA06060; Fri, 18 Oct 1996 15:38:54 GMT Date: Fri, 18 Oct 1996 15:38:54 +0000 (GMT) From: George Tsirtsis To: Raja Cc: netramet@auckland.ac.nz Subject: Re: Newbie: NeTraMet startup trouble on SGI In-Reply-To: <32676F3F.3010@erinet.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk > > > > and then NeMaC as above. I get the following error message: > > > > NeMaC: NeTraMet Manager & Controller V3.3 > > Using MIB file: /usr/local/NeTraMet/mib/mib.txt > > Couldn't get meter info from 130.216.234.237! > > Does community test have read or write access to the meter? > > > > George Tsirtsis > > e-mail: george@gideon.bt.co.uk > > Thanks to all for help regarding snmpd port number... I recompiled and > am trying to run the meter and manager.. > > I'm exactly where George is !! Same messages as above... > > Raja Thiyagaraja > raja@troy.awb.bfg.com > Raja I managed to find a way out... Do the following: 1)Run NeTraMet with no arguments and not in the bg, this way you can use some online compands type ? to see... 2)Then in another xterm run NeMaC as follows: NeMaC -r rules. private rules. is one of the files in the NeTraMet/examples directory, I put the NeTraMet and NeMaC exec files in there to make things easier. 3)Do not use 'rules.sample' because it has syntax error. You can try NeMaC -s -l -r rules. > errors to search for syntax errors. In (2) I put at the end of the command the community 'private' and not 'test' as the example intracts. That is because by default NeTraMet has write privilige on private and you have to use the same SNMP community for NeMaC. (It is something like a password betwwen meter and manager that allows them to "talk" to eachother. So, that should work... I now try to find out what the output files mean and what you can do with them... Keep in touch!! George Tsirtsis -------------------------------------------------------------------------- Network Research Tel : 0044-1473-640756 BT Labs Fax : 0044-1473-640709 Ipswich e-mail: george@gideon.bt.co.uk -------------------------------------------------------------------------- From netramet-owner Sat Oct 19 17:08:10 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id RAA15782 for netramet-outgoing; Sat, 19 Oct 1996 17:05:32 +1300 (NZDT) Received: from maggie.clear.co.nz (proxy@netgw.clear.co.nz [203.97.4.1]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id RAA15777 for ; Sat, 19 Oct 1996 17:05:30 +1300 (NZDT) Received: from exchange1.clear.co.nz by maggie.clear.co.nz (8.7.3/8.7) with SMTP id RAA19094 for ; Sat, 19 Oct 1996 17:05:27 +1300 (NZDT) Received: by exchange1.clear.co.nz with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5) id <01BBBDDF.D490B2B0@exchange1.clear.co.nz>; Sat, 19 Oct 1996 17:06:12 +1300 Message-ID: From: Giles Heron To: "'George Tsirtsis'" Cc: "'Giles Heron'" , "'netramet@auckland.ac.nz'" Subject: RE: Newbie: NeTraMet startup trouble on SGI Date: Sat, 19 Oct 1996 17:06:49 +1300 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk George, > >> Now I dont understand how the meter takes its name. In some examples in >> the manual NeMaC uses the following structure : >> >> NeMaC -c120 -r rules.sample 130.216.234.237 test >> >> Is the doted number the name of the meter? If yes, where do we specify >> that and how can we change it? "test" obviusly is the SNMP community name, >> but where do we specify its name? The dotted number is the IP address of the meter. On Unix the IP address is configured in the /etc/hosts file. In general you should get IP addresses from your network admin. Running the meter on DOS I start it with a parameter of the form -wCommunityName, to configure the SNMP write community name on the meter. I expect the Unix parameters are the same. >> Can anybudy help? Hope I did... Giles ================================================================= Giles Heron CLEAR Communications, Auckland, New Zealand gheron@clear.co.nz ph +64 9 912 4462 fax +64 9 912 4442 ================================================================= From netramet-owner Mon Oct 21 15:50:50 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id PAA28340 for netramet-outgoing; Mon, 21 Oct 1996 15:44:37 +1300 (NZDT) Received: from kuji.off.connect.com.au (kuji.off.connect.com.au [203.63.69.33]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id PAA28332 for ; Mon, 21 Oct 1996 15:44:31 +1300 (NZDT) Received: from connect.com.au (mrp@localhost) by kuji.off.connect.com.au with ESMTP id MAA24334 (8.7.5/IDA-1.6 for ); Mon, 21 Oct 1996 12:13:50 +0930 (CST) Message-ID: <199610210243.MAA24334@kuji.off.connect.com.au> X-Authentication-Warning: kuji.off.connect.com.au: mrp owned process doing -bs To: netramet@auckland.ac.nz Subject: How useful in the PC version? MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <24332.845865829.1@connect.com.au> Date: Mon, 21 Oct 1996 12:13:50 +0930 From: Mark Prior Sender: netramet-owner@auckland.ac.nz Precedence: bulk We are looking at deploying NeTraMet on our border Ethernets and I am trying to determine whether a PC will be adequate (RSN it will be a Fast Ethernet border) to measure the flows. My initial plan is to just monitor the protocols in use but after coming to grips with NeTraMet I will want to construct a matrix of networkk traffic out to the networks we peer with, this will involve a large number of "internal" networks indiviually accounted for (since we are a national ISP). Any thoughts? Should I just stuff a SPARCstation out there instead? Thanks, Mark. From netramet-owner Tue Oct 22 06:00:31 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id FAA28795 for netramet-outgoing; Tue, 22 Oct 1996 05:57:42 +1300 (NZDT) Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id FAA28790 for ; Tue, 22 Oct 1996 05:57:39 +1300 (NZDT) Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP); Mon, 21 Oct 1996 17:57:02 +0100 Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA10731; Mon, 21 Oct 1996 16:52:49 GMT Date: Mon, 21 Oct 1996 16:52:48 +0000 (GMT) From: George Tsirtsis To: Giles Heron Cc: "'netramet@auckland.ac.nz'" Subject: RE: Newbie: NeTraMet startup trouble on SGI In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk On Sat, 19 Oct 1996, Giles Heron wrote: > > Hope I did... > > Giles > > ================================================================= > Giles Heron CLEAR Communications, Auckland, New Zealand > gheron@clear.co.nz ph +64 9 912 4462 fax +64 9 912 4442 > ================================================================= You did indeed!!!! Now I have the thing working and I am also vary happy to use 'nm_rc'. The configuration of rule files however is not straightforward. First of all I am not confortable with some of the 'actions'. For example I dont understand the difference between the PushRuleto and PushPktto. Also in some of the example rules there is an action which is not described in the manual. (Pushto : eg:see rules.rc.ip.new) Finally, in IP attributes "when TransType is TCP or UDP, TransAddress contain the flow's source and destination port numbers" says the manual. My problem is apart of the standard 'telnet' , 'ftp' etc. staff I get 'port numbers' that are very big (more than 30000). Any ideas what those are or a way to recognise them? Thanks everybudy George Tsirtsis -------------------------------------------------------------------------- Network Research Tel : 0044-1473-640756 BT Labs Fax : 0044-1473-640709 Ipswich e-mail: george@gideon.bt.co.uk -------------------------------------------------------------------------- From netramet-owner Tue Oct 22 09:51:36 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id JAA10779 for netramet-outgoing; Tue, 22 Oct 1996 09:49:21 +1300 (NZDT) Received: from igw3.watson.ibm.com (igw3.watson.ibm.com.139.34.129.in-addr.arpa [129.34.139.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id JAA10770 for ; Tue, 22 Oct 1996 09:49:16 +1300 (NZDT) From: STIBLER@watson.ibm.com Received: from mailhub1.watson.ibm.com (mailhub1.watson.ibm.com [9.2.249.31]) by igw3.watson.ibm.com (8.7.6/8.7.1) with ESMTP id QAA11590 for ; Mon, 21 Oct 1996 16:49:09 -0400 Received: from yktvmv.watson.ibm.com (yktvmv.watson.ibm.com [9.117.33.29]) by mailhub1.watson.ibm.com (8.7.1/10-19-96) with SMTP id QAA689960 for ; Mon, 21 Oct 1996 16:49:00 -0400 Message-Id: <199610212049.QAA689960@mailhub1.watson.ibm.com> Received: from YKTVMV by yktvmv.watson.ibm.com (IBM VM SMTP V2R3) with BSMTP id 2994; Mon, 21 Oct 96 16:48:58 EDT Date: Mon, 21 Oct 96 16:48:36 EDT To: netramet@auckland.ac.nz Subject: RE: Newbie: NeTraMet startup trouble on SGI Sender: netramet-owner@auckland.ac.nz Precedence: bulk Reference: Note from george@gideon.bt.co.uk > > First of all I am not confortable with some of the 'actions'. > For example I dont understand the difference between the PushRuleto and > PushPktto. > Briefly, "PushRuleTo" looks at the contents of the Rule for the items to push, while PushPktto pushes the data extracted from the packet header. In many cases the same data can be obtained from both places, but for any "derived" attributes, it can only be obtained from the rule. > > Also in some of the example rules there is an action which is not > described in the manual. (Pushto : eg:see rules.rc.ip.new) > Good catch! I believe that this is short for "PushRuleto". Notice how this rule set explicitly spells out "PushPktto", but has no "PushRuleto" actions. It would be better to spell out both PushRuleto and PushPktto. *** This rule file should probably be updated before the next *** *** release... *** > > Finally, in IP attributes "when TransType is TCP or UDP, TransAddress > contain the flow's source and destination port numbers" says the manual. > My problem is apart of the standard 'telnet' , 'ftp' etc. staff I get > 'port numbers' that are very big (more than 30000). Any ideas what those > are or a way to recognise them? > The best source for information decoding these things is the "Assigned Numbers" RFC - currently RFC 1700. You should track down a copy of this. (I would give you a URL, but I can't reach the page right now to verify the info - you might try: http://info.internet.isi.edu/1/in-notes/rfc) Numbers from 0 -> 1023 are considered "well-known" port numbers. Numbers >= 1024 may be "Registered". The problem is that many of the numbers you are seeing in this range are "ephemeral". The client just grabs a handy (available) number and uses it as part of the return address when talking to the server. The trick is trying to differentiate between the registered and the ephemeral port numbers. (Will involve looking at both the sorce and destination port numbers, to see if you recognize either one, and then ignoring the other - some of the other examples (and/or documentation) address this. > Stephen Stibler From netramet-owner Wed Oct 23 02:53:32 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id CAA04067 for netramet-outgoing; Wed, 23 Oct 1996 02:49:18 +1300 (NZDT) Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id CAA04055 for ; Wed, 23 Oct 1996 02:49:14 +1300 (NZDT) Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP); Tue, 22 Oct 1996 14:43:13 +0100 Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA01838; Tue, 22 Oct 1996 13:38:54 GMT Date: Tue, 22 Oct 1996 13:38:54 +0000 (GMT) From: George Tsirtsis To: netramet@auckland.ac.nz Subject: rules.rc.ip.new Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk What I dont understand about this rule file (rules.rc.ip.new) is the effect that the 'tcp_udp' set of rules has. I put # in front of every SourceTranseAddress and DestTransAddress and nothing changes at the output. Furthermore I do not understand what any of the 'DestTransAddress & 255.255 = domain: Retry, 0;' is used for. Why retry? Finally, on 'SourceTransAddress & 255.255 = www: PushtoAct, c_trans_source;' the packet goes to c_trans_source which does not contane any rules. So, the data are lost, is that correct? Any ideas folks? George Tsirtsis -------------------------------------------------------------------------- Network Research Tel : 0044-1473-640756 BT Labs Fax : 0044-1473-640709 Ipswich e-mail: george@gideon.bt.co.uk -------------------------------------------------------------------------- From netramet-owner Wed Oct 23 03:29:38 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id DAA05395 for netramet-outgoing; Wed, 23 Oct 1996 03:27:47 +1300 (NZDT) Received: from igw3.watson.ibm.com (igw3.watson.ibm.com [129.34.139.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id DAA05388 for ; Wed, 23 Oct 1996 03:27:44 +1300 (NZDT) From: STIBLER@watson.ibm.com Received: from mailhub1.watson.ibm.com (mailhub1.watson.ibm.com [9.2.249.31]) by igw3.watson.ibm.com (8.7.6/8.7.1) with ESMTP id KAA17624; Tue, 22 Oct 1996 10:27:49 -0400 Received: from yktvmv.watson.ibm.com (yktvmv.watson.ibm.com [9.117.33.29]) by mailhub1.watson.ibm.com (8.7.1/10-19-96) with SMTP id KAA120878; Tue, 22 Oct 1996 10:26:45 -0400 Message-Id: <199610221426.KAA120878@mailhub1.watson.ibm.com> Received: from YKTVMV by yktvmv.watson.ibm.com (IBM VM SMTP V2R3) with BSMTP id 2512; Tue, 22 Oct 96 10:26:42 EDT Date: Tue, 22 Oct 96 10:19:58 EDT To: netramet@auckland.ac.nz cc: george@gideon.bt.co.uk Subject: X/Motif Flow Analyser Sender: netramet-owner@auckland.ac.nz Precedence: bulk > > From: George Tsirtsis > To: STIBLER@watson.ibm.com > > I have heard that there is a graphic representation program for NeTraMet. > Is that true? > > Hi, I have seen some info about it, but have not actually used it. Have you read the rtfm "Experiences" Document? There is some discussion of the X-Windows display program there. It can be found at: http://www.auckland.ac.nz/net/Internet/rtfm/rtfm-exp.txt Actually, not much info there - just the mention of the program and its name - "Nifty". (By the way, I think the name may have changed - Nevil is there a new name?.) But, you may still find the experiences document useful with your other questions - it is well worth a read! Okay, look here: http://www.auckland.ac.nz/net/Accounting/ntm.Release.note.html This URL states that "nifty" is available with version 3.4 of Netramet. If you don't have 3.4 you might want to grab a copy. (Links available from the same page.) Stephen From netramet-owner Wed Oct 23 06:22:35 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id GAA00510 for netramet-outgoing; Wed, 23 Oct 1996 06:21:32 +1300 (NZDT) Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id GAA00501 for ; Wed, 23 Oct 1996 06:21:28 +1300 (NZDT) Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP); Tue, 22 Oct 1996 18:05:18 +0100 Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA00822; Tue, 22 Oct 1996 17:00:19 GMT Date: Tue, 22 Oct 1996 17:00:18 +0000 (GMT) From: George Tsirtsis To: STIBLER@watson.ibm.com Cc: netramet@auckland.ac.nz Subject: Re: X/Motif Flow Analyser In-Reply-To: <199610221426.KAA120878@mailhub1.watson.ibm.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk > > Hi, > > I have seen some info about it, but have not actually used it. Have you > read the rtfm "Experiences" Document? There is some discussion of the > X-Windows display program there. > > It can be found at: > > http://www.auckland.ac.nz/net/Internet/rtfm/rtfm-exp.txt > > Actually, not much info there - just the mention of the program and its > name - "Nifty". (By the way, I think the name may have changed - Nevil is > there a new name?.) But, you may still find the experiences document useful > with your other questions - it is well worth a read! > > Okay, look here: > > http://www.auckland.ac.nz/net/Accounting/ntm.Release.note.html > > This URL states that "nifty" is available with version 3.4 of Netramet. If > you don't have 3.4 you might want to grab a copy. (Links available from the > same page.) > > > Stephen I suspect that you talk about NetFlow. That is the new program that I found in the 3.4 version and thank you very much. I had some problems however... First of all I did not have the motif libraries and as such when I was doing make in the manager dir I was getting the message that the Xm/Xm.h file is missing. I installed CDE in my Solaris 2.5 which usualy runs openwin and I hoped for the best. The library was now in but the path was wrong. I did not find where in the programs says about where the Xm staff should be. Thus I copied the Xm dir from where it was, to /usr/include. The make now succeded. I copy my files to the examples/ dir for convinience and I run Netramet. Now, I can not find any documend about NetFlow!! When I run: NetFlow I get ld.so.1: NetFlow: fatal: libucb.so.1: can'open file: errno=2 killed This file (libucb.so.1) however is in the dir: /usr/ucblib/libucb.so.1 What is wrong then????? Thanks again in advance George Tsirtsis -------------------------------------------------------------------------- Network Research Tel : 0044-1473-640756 BT Labs Fax : 0044-1473-640709 Ipswich e-mail: george@gideon.bt.co.uk -------------------------------------------------------------------------- From netramet-owner Wed Oct 23 06:22:36 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id GAA00512 for netramet-outgoing; Wed, 23 Oct 1996 06:21:33 +1300 (NZDT) Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id GAA00503 for ; Wed, 23 Oct 1996 06:21:30 +1300 (NZDT) Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP); Tue, 22 Oct 1996 18:13:08 +0100 Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA00968; Tue, 22 Oct 1996 17:08:56 GMT Date: Tue, 22 Oct 1996 17:08:55 +0000 (GMT) From: George Tsirtsis To: STIBLER@watson.ibm.com Cc: netramet@auckland.ac.nz Subject: Re: X/Motif Flow Analyser In-Reply-To: <199610221426.KAA120878@mailhub1.watson.ibm.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Correction!!! Not only the NetFlow gives me the error message about the libucb.so.1 but also the NeMaC and the nm_rc. So, something is wrong with the Manager compilation all together!!! George Tsirtsis -------------------------------------------------------------------------- Network Research Tel : 0044-1473-640756 BT Labs Fax : 0044-1473-640709 Ipswich e-mail: george@gideon.bt.co.uk -------------------------------------------------------------------------- From netramet-owner Wed Oct 23 16:40:27 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id QAA13986 for netramet-outgoing; Wed, 23 Oct 1996 16:38:31 +1300 (NZDT) Received: from ccu1.auckland.ac.nz (ccu1.auckland.ac.nz [130.216.3.1]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id QAA13978; Wed, 23 Oct 1996 16:38:29 +1300 (NZDT) Received: (from nevil@localhost) by ccu1.auckland.ac.nz (8.7.3/8.7.3) id QAA23714; Wed, 23 Oct 1996 16:38:28 +1300 (NDT) From: J Nevil Brownlee Message-Id: <199610230338.QAA23714@ccu1.auckland.ac.nz> Subject: Re: X/Motif Flow Analyser To: george@gideon.bt.co.uk (George Tsirtsis) Date: Wed, 23 Oct 1996 16:38:27 +1300 (NDT) Cc: netramet@auckland.ac.nz In-Reply-To: from "George Tsirtsis" at Oct 22, 96 05:08:55 pm X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hello George: > Not only the NetFlow gives me the error message about the libucb.so.1 but > also the NeMaC and the nm_rc. So, something is wrong with the Manager > compilation all together!!! > > George Tsirtsis 1) The X/Motif flow analyser was originally called 'NetFlow.' I changed the name to 'nifty' to avoid confusion with 'net flow switching' as used by Cisco. 2) The sources and make files are included with the neTraMet 3.4 distribution. I have built and run it on Irix, Solaris and AIX. You'll need to look carefully at the Makefile in xxx/manager (where xxx is the operating system you're building for) so as to make sure the libraries (run-time and/or compile-time) are correct for your system. 3) There is a complete manual for nifty in the doc/NeTraMet directory, it's called nifty34.ps. If you'd rather use the original document, file ntm-word.zip (in the distribution directory) contains all the NeTraMet documents in Microsoft Word 2.0 format. Cheers, Nevil +-----------------------------------------------------------------------+ | Nevil Brownlee Director, Technology Development | | Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland | | FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand | +-----------------------------------------------------------------------C From netramet-owner Thu Oct 24 02:50:13 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id CAA04295 for netramet-outgoing; Thu, 24 Oct 1996 02:47:39 +1300 (NZDT) Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id CAA04285; Thu, 24 Oct 1996 02:47:33 +1300 (NZDT) Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP); Wed, 23 Oct 1996 12:55:40 +0100 Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA04425; Wed, 23 Oct 1996 11:51:26 GMT Date: Wed, 23 Oct 1996 11:51:26 +0000 (GMT) From: George Tsirtsis To: J Nevil Brownlee Cc: netramet@auckland.ac.nz Subject: Re: X/Motif Flow Analyser In-Reply-To: <199610230338.QAA23714@ccu1.auckland.ac.nz> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Thanks to Nevil and Stephen I managed to overcome the problems with nifty. Just for everybudy else to know the 3.4 version of Netramet does not include nifty in all tyhe sites that is available. So if it is not on the packet that you just unziped-untared look in another site. Nifty however is a very nice application and I suggest to every one how has not downloaded yet to do it. It makes your life so much easier... One question about nifty. I get squares, W, M etc. outside the axis that is on the LEFT of Y-axis and UNDER the X-axis. What is the meaning of this? Also after some time that the nifty runs and when I click on one of the points waiting to see info about the flow one the bottom of the screen I only see the coordinates of the point (eg 4.14 s, 1.69 pps) and on the xterm that nifty runs something like: This name does not exist: .iso.org.dod.internet.mgmt.mib.acctMIB.acctFlowdata.acctFlowTable.acctFlowEntry.acctFlowSourceInterface.2579 Failed to get info for flow 2579 !!! Does that mean that the flow does not exist anymore? George Tsirtsis -------------------------------------------------------------------------- Network Research Tel : 0044-1473-640756 BT Labs Fax : 0044-1473-640709 Ipswich e-mail: george@gideon.bt.co.uk -------------------------------------------------------------------------- From netramet-owner Fri Oct 25 05:49:55 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id FAA22037 for netramet-outgoing; Fri, 25 Oct 1996 05:45:41 +1300 (NZDT) Received: from pdx1.world.net (pdx1.world.net [192.243.32.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id FAA22031 for ; Fri, 25 Oct 1996 05:45:38 +1300 (NZDT) Received: from simonpc.world.net (simonpc.world.net [192.243.32.155]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id JAA21601 for ; Thu, 24 Oct 1996 09:46:23 -0700 (PDT) Message-Id: <3.0b36.32.19961024094806.006b0f44@world.net> X-Sender: simonf@world.net X-Mailer: Windows Eudora Pro Version 3.0b36 (32) Date: Thu, 24 Oct 1996 09:48:07 -0700 To: netramet@auckland.ac.nz From: Simon Ferrett Subject: Rules and flows Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi, I've recently set up netramet to monitor customer based traffic on a common ethernet segment and I have a couple of questions regarding how the counters are updated if a packet is gathered that might apply to more than one rule: I have a ruleset that looks something like this: # RULES SourcePeerType & 255 = IP: pushto, whoisit; Null & 0 = 0: Ignore, 0; # whoisit: # SourcePeerAddress & 255.255.255.0 = x.y.69.0: countpkt, 0; SourcePeerAddress & 255.255.255.0 = x.y.64.0: countpkt, 0; ..similar formed rules omitted.. SourcePeerAddress & 255.255.255.0 = a.b.c.0: countpkt, 0; SourcePeerAddress & 255.255.0.0 = x.y.0.0: gotoact, def; # Null & 0 = 0: retry, 0; # def: SourcePeerAddress & 255.255.255.0 = 0: pushpkttoact, Next; Null & 0 = 0: count, 0; # FORMAT FlowRuleSet FlowIndex FirstTime " " SourcePeerType " " SourcePeerAddress DestPeerAddress " " ToOctets FromOctets; # STATISTICS I realise that this probably isn't the best way to have the ruleset to gather stats about usages for each class-c address but at the time of creation I was having a slight problem getting my head around the ruleset nuances. With the above rules I was hoping to achieve: *) statistics gathering for traffic to and from the x.y.69.0 net *) " " x.y.64.0 net *) " " a.b.c.0 net *) statistics gathering for individual x.y.n.0 addresses that didnt fall into any of the more explicitly specified x.y.z.0 rules. The rules appear to be doing what I intended, however there are still some questions I have that I would be most grateful if someone out there knows the answer to: -) If the meter gathers a packet with src: a.b.c.d and dest: x.y.69.e will it be counted in the a.b.c.0 rule only? Meaning that the stats gathered for x.y.69.0 are a measure of the traffic FROM that source or TO that source EXCEPT from any source mentioned in any other rules (since that packet would already have counted as a from-that-source already) Is this a correct "deciphering" of the way the rules will behave? Any advice/comments are appreciated. Cheers, --- Simon Ferrett - simonf@world.net From netramet-owner Fri Oct 25 17:05:00 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id RAA21340 for netramet-outgoing; Fri, 25 Oct 1996 17:02:22 +1300 (NZDT) Received: from igw3.watson.ibm.com (igw3.watson.ibm.com [129.34.139.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id RAA21332 for ; Fri, 25 Oct 1996 17:02:18 +1300 (NZDT) From: STIBLER@watson.ibm.com Received: from mailhub1.watson.ibm.com (mailhub1.watson.ibm.com [9.2.249.31]) by igw3.watson.ibm.com (8.7.6/8.7.1) with ESMTP id AAA09896 for ; Fri, 25 Oct 1996 00:02:24 -0400 Received: from yktvmv.watson.ibm.com (yktvmv.watson.ibm.com [9.117.33.29]) by mailhub1.watson.ibm.com (8.8.0/10-23-96) with SMTP id PAA742176 for ; Thu, 24 Oct 1996 15:50:07 -0400 Message-Id: <199610241950.PAA742176@mailhub1.watson.ibm.com> Received: from YKTVMV by yktvmv.watson.ibm.com (IBM VM SMTP V2R3) with BSMTP id 2725; Thu, 24 Oct 96 15:50:05 EDT Date: Thu, 24 Oct 96 13:21:09 EDT To: netramet@auckland.ac.nz Subject: Rules and flows Sender: netramet-owner@auckland.ac.nz Precedence: bulk Reference: Post from simonf@world.net > > -) If the meter gathers a packet with src: a.b.c.d and dest: x.y.69.e > will it be counted in the a.b.c.0 rule only? > Meaning that the stats gathered for x.y.69.0 are a measure of the > traffic FROM that source or TO that source EXCEPT from any > source mentioned in any other rules (since that packet would > already have counted as a from-that-source already) > > Is this a correct "deciphering" of the way the rules will behave? > That sounds correct to me - at least in principle. The exact wording of the second sentence would need a bit of work to be 100% correct. The MOST IMPORTANT thing to remember about Rule Matching is: Each packet will be counted at most one time. So the same packet will not be counted in multiple flows. To accurately count what you want here, you would need to add rules to tell the meter to count all packets with SRC a.b.c.0 and DST x.y.69.0 before your existing rules. In post-processing you would then need to add this traffic between these to endpoints to the totals obtained for each endpoint. You might want to take a look at the RTFM experiences document: http://www.auckland.ac.nz/net/Internet/rtfm/rtfm-exp.txt There is a section on "Subroutines" in rule sets, starting around page 20 that might be helfpul to you. Stephen Stibler From netramet-owner Sat Oct 26 04:02:41 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id DAA10042 for netramet-outgoing; Sat, 26 Oct 1996 03:59:34 +1300 (NZDT) Received: from scorpions.ifqsc.sc.usp.br (scorpions.ifqsc.sc.usp.br [143.107.228.70]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id DAA10037 for ; Sat, 26 Oct 1996 03:59:30 +1300 (NZDT) Received: (from sergio@localhost) by scorpions.ifqsc.sc.usp.br (8.6.12/8.6.12) id MAA23326; Fri, 25 Oct 1996 12:59:19 GMT Date: Fri, 25 Oct 1996 12:59:18 +0000 () From: Sergio Henrique Oliveira Pereira X-Sender: sergio@scorpions.ifqsc.sc.usp.br To: Lista Netramet Subject: libpcap.a Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hello, I'm trying compile libpcab0-2.1.tar.Z but I have problem: gencode.c:795: `ETHERTYPE_IP' undeclared (first use this function) can body help me ?? ps-> sorry my bad english. __ +|oo|+ +|oo|+ Instituto de Fisica de Sao Carlos - USP || Departamento de Fisica e Informatica || Grupo de Instrumentacao e Eletronica || || || E-mail : sergio@www.ifqsc.sc.usp.br _ || _ sergiop@ifqsc.sc.usp.br \\_||_// | [] | | || | http://www.ifqsc.sc.usp.br/hpp/sergio/sergio.html / [] \ \______/ From netramet-owner Tue Oct 29 03:43:04 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id DAA08156 for netramet-outgoing; Tue, 29 Oct 1996 03:37:25 +1300 (NZDT) Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id DAA08145 for ; Tue, 29 Oct 1996 03:37:18 +1300 (NZDT) Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP); Mon, 28 Oct 1996 14:35:46 +0000 Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA11486; Mon, 28 Oct 1996 14:31:06 GMT Date: Mon, 28 Oct 1996 14:31:06 +0000 (GMT) From: George Tsirtsis To: netramet@auckland.ac.nz Subject: IP-IP In-Reply-To: <199610241950.PAA742176@mailhub1.watson.ibm.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Some question / thoughts ---- 1 ---- In the case that you have a TCP packet running over IP, the meter can see the packet type on the IP header and find out that the next header is an IP header and act accordingly. Then if you are running Telnet over TCP the the meter will find that out by looking at the port number of TCP. I wonder if the meter will be able to see that if the whole IP packet is encaptulated in another IP packet. In general I am not sure about how NeTraMet reacts to tunneled trafic. Does it still analises the packet to the port number level? In the same area, how Netramet reacts to Tag switching, where the 'tag' goes between the IP and the TCP header? Is it able to analyse the TCP which is now shifted 32 bits? ---- 2 ---- Furthermore, I am trying to monitor some multicast traffic on my network. The multicast packets use RTP which does not have an 'assinged NO.' so I only see UDP packets. Up to now the only way I can thing of in order to isolate multicast traffic is to measure the traffic that uses multicast addresses. That needs a rule file to compare each packet to all the multicast addresses, maybe something like: SourcePeerAddress & 255.255.255.255 = 224.x.y.z: goto multi; " " " " 225.x.y.z: " " " " " 226 " " " " " " " 139.x.y.z: " The above way is not to bad but in my opinion, is not elegant. Is there any other way? ---- 3 ---- Another question is about NeTraMet and IPv6. Is there any work done to adapt Netramet to IPv6 packet format and features? In the case of IPv6 a lot of things whould probably be easier since the IP header for most of the packets will be of known length. I do not know, however, how Netramet will cope with the header extensions (options) which are not part of the header anymore but of the payload. ---- 4 ---- Finally, it would be very interesting to be able to put a meter on a router rather than a PC or Unix computer. I some cases is indeed the only sensible thing to do. e.g. I am trying to monitor and descover the multicast tree of a multicast application. In order to monitor everyone that subscribes on a multicast session I need to put meters to all the possible recipiance. Instead I could put the meter on the few routers that all the possible recipients are hooked on. Is there any way of doing that? I am sorry that I put a lot of different questions on the same message. I hope you find the above thoughts interesting. Thanks in advance George Tsirtsis -------------------------------------------------------------------------- Network Research Tel : 0044-1473-640756 BT Labs Fax : 0044-1473-640709 Ipswich e-mail: george@gideon.bt.co.uk -------------------------------------------------------------------------- From netramet-owner Tue Oct 29 05:05:36 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id FAA10469 for netramet-outgoing; Tue, 29 Oct 1996 05:02:35 +1300 (NZDT) Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id FAA10461 for ; Tue, 29 Oct 1996 05:02:27 +1300 (NZDT) Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP); Mon, 28 Oct 1996 15:50:30 +0000 Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA11576; Mon, 28 Oct 1996 15:46:01 GMT Date: Mon, 28 Oct 1996 15:46:01 +0000 (GMT) From: George Tsirtsis To: NeTraMet Subject: IP-IP Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Some question / thoughts ---- 1 ---- In the case that you have a TCP packet running over IP, the meter can see the packet type on the IP header and find out that the next header is an IP header and act accordingly. Then if you are running Telnet over TCP the the meter will find that out by looking at the port number of TCP. I wonder if the meter will be able to see that if the whole IP packet is encaptulated in another IP packet. In general I am not sure about how NeTraMet reacts to tunneled trafic. Does it still analises the packet to the port number level? In the same area, how Netramet reacts to Tag switching, where the 'tag' goes between the IP and the TCP header? Is it able to analyse the TCP which is now shifted 32 bits? ---- 2 ---- Furthermore, I am trying to monitor some multicast traffic on my network. The multicast packets use RTP which does not have an 'assinged NO.' so I only see UDP packets. Up to now the only way I can thing of in order to isolate multicast traffic is to measure the traffic that uses multicast addresses. That needs a rule file to compare each packet to all the multicast addresses, maybe something like: SourcePeerAddress & 255.255.255.255 = 224.x.y.z: goto multi; " " " " 225.x.y.z: " " " " " 226 " " " " " " " 139.x.y.z: " The above way is not to bad but in my opinion, is not elegant. Is there any other way? ---- 3 ---- Another question is about NeTraMet and IPv6. Is there any work done to adapt Netramet to IPv6 packet format and features? In the case of IPv6 a lot of things whould probably be easier since the IP header for most of the packets will be of known length. I do not know, however, how Netramet will cope with the header extensions (options) which are not part of the header anymore but of the payload. ---- 4 ---- Finally, it would be very interesting to be able to put a meter on a router rather than a PC or Unix computer. I some cases is indeed the only sensible thing to do. e.g. I am trying to monitor and descover the multicast tree of a multicast application. In order to monitor everyone that subscribes on a multicast session I need to put meters to all the possible recipiance. Instead I could put the meter on the few routers that all the possible recipients are hooked on. Is there any way of doing that? I am sorry that I put a lot of different questions on the same message. I hope you find the above thoughts interesting. Thanks in advance George Tsirtsis -------------------------------------------------------------------------- Network Research Tel : 0044-1473-640756 BT Labs Fax : 0044-1473-640709 Ipswich e-mail: george@gideon.bt.co.uk -------------------------------------------------------------------------- From netramet-owner Wed Oct 30 12:18:49 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id MAA15599 for netramet-outgoing; Wed, 30 Oct 1996 12:14:54 +1300 (NZDT) Received: from igw3.watson.ibm.com (igw3.watson.ibm.com [129.34.139.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id MAA15588 for ; Wed, 30 Oct 1996 12:14:50 +1300 (NZDT) From: STIBLER@watson.ibm.com Received: from mailhub1.watson.ibm.com (mailhub1.watson.ibm.com [9.2.249.31]) by igw3.watson.ibm.com (8.7.6/8.7.1) with ESMTP id SAA08356 for ; Tue, 29 Oct 1996 18:14:59 -0500 Received: from yktvmv.watson.ibm.com (yktvmv.watson.ibm.com [9.117.33.29]) by mailhub1.watson.ibm.com (8.7.1/10-26-96) with SMTP id SAA694436 for ; Tue, 29 Oct 1996 18:14:47 -0500 Message-Id: <199610292314.SAA694436@mailhub1.watson.ibm.com> Received: from YKTVMV by yktvmv.watson.ibm.com (IBM VM SMTP V2R3) with BSMTP id 4039; Tue, 29 Oct 96 18:14:44 EST Date: Tue, 29 Oct 96 17:59:56 EST To: netramet@auckland.ac.nz Subject: IP-IP Sender: netramet-owner@auckland.ac.nz Precedence: bulk Reference: Attached note from george@gideon.bt.co.uk > > ---- 1 ---- > In the case that you have a TCP packet running over IP, the meter can see > the packet type on the IP header and find out that the next header is an > IP header and act accordingly. Then if you are running Telnet over TCP the > the meter will find that out by looking at the port number of TCP. > > I wonder if the meter will be able to see that if the whole IP packet is > encaptulated in another IP packet. In general I am not sure about how > NeTraMet reacts to tunneled trafic. Does it still analises the packet to > the port number level? In the same area, how Netramet reacts to Tag > switching, where the 'tag' goes between the IP and the TCP header? Is it > able to analyse the TCP which is now shifted 32 bits? > NeTraMet will not see the tunneled traffic. It looks only at the outer packet headers. Going any further down would require accessing the transmitted data. This would be bad for two reasons: 1) Security - NeTraMet has no business looking at user data. 2) Going further down would require copying more data from the packet and then parsing this data - a performance hit. If you really care about the encapsulated traffic, you would need to try to monitor before the encapsulation. I do not know what NeTraMet does about tag switching. > ---- 2 ---- > Anyone else want to address the issue of multi-casting? The only thing that I will say here is that although RTP does not have use a "Well Known Port Number", I suspect that it is using the same one (or some subset) each time. You might want to try to figure out what port number that is, and monitoring for that port number. > > ---- 3 ---- > IPV6: Addressed (lightly) in rtfm mailing list. > > ---- 4 ---- > Finally, it would be very interesting to be able to put a meter on a > router rather than a PC or Unix computer. I some cases is indeed the only > sensible thing to do. e.g. I am trying to monitor and descover the > multicast tree of a multicast application. In order to monitor everyone > that subscribes on a multicast session I need to put meters to all the > possible recipiance. Instead I could put the meter on the few routers that > all the possible recipients are hooked on. Is there any way of doing that? > Yes, it would be VERY nice to be able to run the meter on a router. The problem here is that router vendors don't like doing ANYTHING to reduce the performance of their router. Once our work becomes a standard, the users could start asking the router vendors to provide the desired data. In the meantime, have you considered placing a meter "close to" the router. You should be able to set things up so that the meter can monitor all traffic to/from the router. Stephen Stibler IBM - Watson Research From netramet-owner Wed Oct 30 13:33:24 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id NAA21301 for netramet-outgoing; Wed, 30 Oct 1996 13:31:04 +1300 (NZDT) Received: from igw3.watson.ibm.com (igw3.watson.ibm.com [129.34.139.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id NAA21287 for ; Wed, 30 Oct 1996 13:30:58 +1300 (NZDT) From: STIBLER@watson.ibm.com Received: from mailhub1.watson.ibm.com (mailhub1.watson.ibm.com [9.2.249.31]) by igw3.watson.ibm.com (8.7.6/8.7.1) with ESMTP id TAA03988 for ; Tue, 29 Oct 1996 19:31:08 -0500 Received: from yktvmv.watson.ibm.com (yktvmv.watson.ibm.com [9.117.33.29]) by mailhub1.watson.ibm.com (8.7.1/10-26-96) with SMTP id TAA151402 for ; Tue, 29 Oct 1996 19:30:55 -0500 Message-Id: <199610300030.TAA151402@mailhub1.watson.ibm.com> Received: from YKTVMV by yktvmv.watson.ibm.com (IBM VM SMTP V2R3) with BSMTP id 4932; Tue, 29 Oct 96 19:30:52 EST Date: Tue, 29 Oct 96 19:11:16 EST To: netramet@auckland.ac.nz Subject: Best FTP Site For NeTraMet? Sender: netramet-owner@auckland.ac.nz Precedence: bulk http://www.auckland.ac.nz/net/Accounting/ntm.Release.note.html lists 4 sites from which NeTraMet can be downloaded, but it looks like the versions may be different on the different sites. Which one has the most up-to-date version? I might guess that it is the auckland site, but I would rather use one closer to home. ftp://ftp.aarnet.edu.au/pub/tools/NeTraMet/ has some files dated August 7, 1996 ftp://ftp.delmarva.com/pub/nms/NeTraMet/ The most recent date on any files here is June 25, 1995 (VERY OLD)! ftp://wuarchive.wustl.edu/doc/mailing-lists/accounting-wg/NeTraMet/ The most recent date here is July 23, 1996, but this is identified as "34beta" - oops no, there are some files which are dated August 8, 1996. It looks like this is the "real" 3.4 release. There are also lots of "old" releases here - e.g. 3.1, 3.2, and 3.3. Would it be possible for us to remove the "old" releases from this system? (Would we want to do this?) ftp://ftp.auckland.ac.nz/pub/iawg/NeTraMet Couldn't check this one right now - it is prime time in NZ - no ftp access from overseas. Summary: 1) We should try to make sure that the same files are available on all ftp sites. If we can't bring delmarva up to date, we should look into removing the existing files from this system and deleting all references to it. 2) Unless we really want to archive old versions of NeTraMet, we should delete old distribution files from the ftp sites. (Perhaps we want to keep just the previous version available?) Nevil, do you want me to try hunting down contact info for the ftp sites, or do you already have it? Stephen Stibler IBM - Watson Research From netramet-owner Wed Oct 30 13:35:05 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id NAA21552 for netramet-outgoing; Wed, 30 Oct 1996 13:33:18 +1300 (NZDT) Received: from bbnplanet.com (poblano.near.net [198.114.157.116]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id NAA21535 for ; Wed, 30 Oct 1996 13:33:10 +1300 (NZDT) Subject: Re: IP-IP To: STIBLER@watson.ibm.com Date: Tue, 29 Oct 1996 19:32:37 -0500 (EST) From: John Hawkinson Cc: netramet@auckland.ac.nz In-Reply-To: <199610292314.SAA694436@mailhub1.watson.ibm.com> from "STIBLER@watson.ibm.com" at Oct 29, 96 05:59:56 pm X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID: <9610291932.aa20639@poblano.bbnplanet.com> Sender: netramet-owner@auckland.ac.nz Precedence: bulk > NeTraMet will not see the tunneled traffic. It looks only at the > outer packet headers. Going any further down would require accessing > the transmitted data. This would be bad for two reasons: > > 1) Security - NeTraMet has no business looking at user data. Security is a rather silly argument for those folks in the business of writing tools. Relying upon this is a "security through obscurity" argument we don't need to have. There is nothing wrong with pulling apart encapsulated traffic to look at the contents, it merely requires more work. Whether you're willing to do this depends. Certainly tools like "tcpdump" have support for multiple kinds of encapsulation (like IPIP tunnels). There's no reason tools like nnstat or netramet can't have them as well. > 2) Going further down would require copying more data from the > packet and then parsing this data - a performance hit. Right. So you start capturing 80 bytes instead of 40, or suchlike. > If you really care about the encapsulated traffic, you would need to > try to monitor before the encapsulation. This is hardly a requirement. If you try and use netramet or nnstat to do this today, yes, that's what you have to do, but the necessary modifications are pretty straightforward. More computes and more developer time. > I do not know what NeTraMet does about tag switching. Given that the encapsulations for tag switching are not yet defined, it owuld be a little hard to support it :-). > Yes, it would be VERY nice to be able to run the meter on a router. > The problem here is that router vendors don't like doing ANYTHING to > reduce the performance of their router. Once our work becomes a > standard, the users could start asking the router vendors to provide > the desired data. It does in fact depend -- cisco has implemented flow switching plus data export which allows you to come quite similar. Some vendors have implemented RMON II, which is very heavyweight but might help you. Certainly more router vendors can implement sampling of various sorts -- if you think this is important you should communicate it to your vendor. You might be surprised what could happen. --jhawk From netramet-owner Wed Oct 30 16:00:34 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id PAA02972 for netramet-outgoing; Wed, 30 Oct 1996 15:58:25 +1300 (NZDT) Received: from igw3.watson.ibm.com (igw3.watson.ibm.com [129.34.139.18]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with ESMTP id PAA02963 for ; Wed, 30 Oct 1996 15:58:20 +1300 (NZDT) From: STIBLER@watson.ibm.com Received: from mailhub1.watson.ibm.com (mailhub1.watson.ibm.com [9.2.249.31]) by igw3.watson.ibm.com (8.7.6/8.7.1) with ESMTP id VAA10636 for ; Tue, 29 Oct 1996 21:58:29 -0500 Received: from yktvmv.watson.ibm.com (yktvmv.watson.ibm.com [9.117.33.29]) by mailhub1.watson.ibm.com (8.7.1/10-26-96) with SMTP id VAA671645 for ; Tue, 29 Oct 1996 21:58:16 -0500 Message-Id: <199610300258.VAA671645@mailhub1.watson.ibm.com> Received: from YKTVMV by yktvmv.watson.ibm.com (IBM VM SMTP V2R3) with BSMTP id 5736; Tue, 29 Oct 96 21:58:14 EST Date: Tue, 29 Oct 96 20:15:25 EST To: netramet@auckland.ac.nz Subject: IP-IP Tunneling Sender: netramet-owner@auckland.ac.nz Precedence: bulk Okay, yes - it should be possible to extract the addresses from the inner IP packet. Tne next question becomes: Which pair of IP addresses would we want to count? Do we want the "outer" layer addresses or the "inner" layer addresses? Would we want both??? It is possible that the architecture might support any of these options, but I don't think that the MIB would. Is this something that would really be useful? Stephen Stibler IBM - Watson Research From netramet-owner Wed Oct 30 17:35:57 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id RAA09854 for netramet-outgoing; Wed, 30 Oct 1996 17:33:42 +1300 (NZDT) Received: from bbnplanet.com (poblano.near.net [198.114.157.116]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id RAA09849 for ; Wed, 30 Oct 1996 17:33:39 +1300 (NZDT) Subject: Re: IP-IP Tunneling To: STIBLER@watson.ibm.com Date: Tue, 29 Oct 1996 23:33:06 -0500 (EST) From: John Hawkinson Cc: netramet@auckland.ac.nz In-Reply-To: <199610300258.VAA671645@mailhub1.watson.ibm.com> from "STIBLER@watson.ibm.com" at Oct 29, 96 08:15:25 pm X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID: <9610292333.aa08405@poblano.bbnplanet.com> Sender: netramet-owner@auckland.ac.nz Precedence: bulk > Okay, yes - it should be possible to extract the addresses from the > inner IP packet. Tne next question becomes: Which pair of IP addresses > would we want to count? Do we want the "outer" layer addresses or the > "inner" layer addresses? Would we want both??? It is possible that the > architecture might support any of these options, but I don't think that the > MIB would. Is this something that would really be useful? In general I think that you would want to either: Count the outer addresses of all packets Count the inner addresses of all packets of a specific type of encapsulation and NOT count the outer addresses of other packets. This all depends so much on why you're wanting to do this that it's really hard to say too much more. --jhawk From netramet-owner Wed Oct 30 23:07:15 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) id XAA21608 for netramet-outgoing; Wed, 30 Oct 1996 23:04:42 +1300 (NZDT) Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.7.6/8.7.3-ua) with SMTP id XAA21602 for ; Wed, 30 Oct 1996 23:04:38 +1300 (NZDT) Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP); Wed, 30 Oct 1996 10:01:42 +0000 Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA14212; Wed, 30 Oct 1996 09:57:03 GMT Date: Wed, 30 Oct 1996 09:57:03 +0000 (GMT) From: George Tsirtsis To: NeTraMet Subject: Re: IP-IP Tunneling Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk On Tue, 29 Oct 1996 STIBLER@watson.ibm.com wrote: > Okay, yes - it should be possible to extract the addresses from the > inner IP packet. Tne next question becomes: Which pair of IP addresses > would we want to count? Do we want the "outer" layer addresses or the > "inner" layer addresses? Would we want both??? I think we need to count the packet once with the indication that this packet is IP in IP. Idealy the user should deside. >It is possible that the > architecture might support any of these options, but I don't think that the > MIB would. Is this something that would really be useful? It is importand in the sence that one of the main advantages of netramet is that it can be very detailed in whatr it measures and also portable not only on different systems but also in different measuring requirements. If netramet starts excluding header types then it start loosing that advantage. In respect of security most of people would like people like as :) to know when and with whome do they communicate let alone the idea of being able to read their data which realy goes to far anyway. George Tsirtsis -------------------------------------------------------------------------- Network Research Tel : 0044-1473-640756 BT Labs Fax : 0044-1473-640709 Ipswich e-mail: george@gideon.bt.co.uk --------------------------------------------------------------------------