From netramet-owner Tue Dec 3 04:26:53 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.3/8.7.3-ua) id EAA11258 for netramet-outgoing; Tue, 3 Dec 1996 04:05:57 +1300 (NZDT) Received: from roma.axis.se (root@roma.axis.se [193.13.178.2]) by mailhost.auckland.ac.nz (8.8.3/8.7.3-ua) with ESMTP id EAA11250 for ; Tue, 3 Dec 1996 04:05:41 +1300 (NZDT) Received: from nevyn.axis.se (nevyn.axis.se [192.168.2.52]) by roma.axis.se (8.7.5/8.7.1) with ESMTP id QAA15673 for ; Mon, 2 Dec 1996 16:05:21 +0100 (MET) Received: from axis.se (localhost [127.0.0.1]) by nevyn.axis.se (8.7.1/8.7.1) with ESMTP id QAA27963 for ; Mon, 2 Dec 1996 16:05:20 +0100 (MET) Message-Id: <199612021505.QAA27963@nevyn.axis.se> X-Mailer: exmh version 1.6.9 8/22/96 To: NeTraMet@auckland.ac.nz (NeTraMet mailing list) Subject: FreeBSD? MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-ID: <27955.849539114.1@axis.se> Content-Transfer-Encoding: quoted-printable Date: Mon, 02 Dec 1996 16:05:15 +0100 From: Joergen Haegg Sender: netramet-owner@auckland.ac.nz Precedence: bulk Anyone compiled NeTraMet on FreeBSD yet? /J=F6rgen H=E4gg From netramet-owner Fri Dec 6 06:19:22 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.3/8.7.3-ua) id GAA15846 for netramet-outgoing; Fri, 6 Dec 1996 06:00:43 +1300 (NZDT) Received: from ccu1.auckland.ac.nz (ccu1.auckland.ac.nz [130.216.3.1]) by mailhost.auckland.ac.nz (8.8.3/8.7.3-ua) with ESMTP id GAA15841; Fri, 6 Dec 1996 06:00:41 +1300 (NZDT) Received: (from nevil@localhost) by ccu1.auckland.ac.nz (8.8.3/8.7.3) id GAA07241; Fri, 6 Dec 1996 06:00:40 +1300 (NDT) From: J Nevil Brownlee Message-Id: <199612051700.GAA07241@ccu1.auckland.ac.nz> Subject: RTFM session at San Jose IETF meeting To: rtfm@auckland.ac.nz (RTFM mailing list), NeTraMet@auckland.ac.nz (NeTraMet mailing list) Date: Fri, 6 Dec 1996 06:00:40 +1300 (NDT) X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hello all: Apologies to those on both the rtfm and netramet lists, I've posted this note to both lists. The RTFM working group has a session at the San Jose IETF meeting, the morning of Wed 11 Dec. In the agenda we have an item on 'developments / usage reports.' If you'll be at IETF, and have been using NeTraMet and/or nifty, it would be very helpful to hear a little about what you're doing with it, and how effective/difficult/etc. you find it. I don't mean making a presentation (unless you really want to!), just a few words. If you can help with this, please send an e-mail note to me, n.brownlee@auckland.ac.nz. In the meantime, it would be helpful if you could simply post a short note to the rtfm mailing list giving us a little feedback. Thanks, Nevil +-----------------------------------------------------------------------+ | Nevil Brownlee Director, Technology Development | | Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland | | FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand | +-----------------------------------------------------------------------C From netramet-owner Fri Dec 13 00:54:04 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id AAA18651 for netramet-outgoing; Fri, 13 Dec 1996 00:37:47 +1300 (NZDT) Received: from hot.ee.lbl.gov (hot.ee.lbl.gov [131.243.1.42]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with ESMTP id AAA18646 for ; Fri, 13 Dec 1996 00:37:44 +1300 (NZDT) Received: by hot.ee.lbl.gov (8.7.5/1.43r) id DAA17763; Thu, 12 Dec 1996 03:37:41 -0800 (PST) Message-Id: <199612121137.DAA17763@hot.ee.lbl.gov> To: Gary Haney Reply-to: libpcap@ee.lbl.gov Cc: netramet@auckland.ac.nz, libpcap@ee.lbl.gov Subject: Re: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86) In-reply-to: Your message of Tue, 01 Oct 1996 10:51:39 PDT. Date: Thu, 12 Dec 1996 03:37:41 PST From: Craig Leres Sender: netramet-owner@auckland.ac.nz Precedence: bulk > I am having some problem getting NeTraMet to work on SunOS 4.1.4 and Irix 5.2 > > On both systems, when I execute the NeTraMet meter I get the following: > > NeTraMet: Network Traffic Meter V3.2 > Running on x1234, interface et0 > Segmentation fault (core dumped) > > When I do a dbx on NeTraMet, the following is returned: > x1234# dbx NeTraMet > Process died at pc 0x403a34 of signal: Segmentation Fault > [using memory image in core] > (dbx) where > 0 ether_callback(user = (nil), h = (nil), p = (nil)) > ["../../src/meter/meter_ux.c":292, 0x403a30] > 1 pcap_read(0x0, 0x0, 0x0, 0x1000644d, 0x0) [0x411148] > > > I suspect that this has something to do with libpcap. I got libpcap from > ftp.ee.lbl.gov and compiled it, and installed it in /usr/lib. Is NeTraMet > looking for libpcap elsewhere? Thanks for your bug report. Some alignment bugs were fixed in the new release; see the appended announcement. If your bugs aren't addressed by this version, please feel free to submit a new bug report. Craig ------- Forwarded Message Date: 12 Dec 1996 11:19:30 GMT From: tcpdump@spam.hell Subject: LBL tcpdump, libpcap and bpf released (Linux now supported) Newsgroups: comp.protocols.tcp-ip,comp.os.linux.networking -----BEGIN PGP SIGNED MESSAGE----- The latest versions of tcpdump (3.3), libpcap (0.3) and bpf (1.1.1) from the Network Research Group at the Lawrence Berkeley National Laboratory are now available via anonymous ftp: ftp://ftp.ee.lbl.gov/tcpdump.tar.Z ftp://ftp.ee.lbl.gov/libpcap.tar.Z ftp://ftp.ee.lbl.gov/bpf.tar.Z The main feature of these releases is the addition of Linux support. See the libpcap INSTALL document for more detailed information. This release does not support AIX. Although we have integrated patches from several contributors, it is reported that the current versions are not quite there yet. The INSTALL document has more information; if you manage to figure this out, please send mail to the mailing list found in the README document. (Which, by the way, consists of a tiny number of developers who don't appreciate receiving spam.) Another important feature is that bpf now includes support for kernel tcp and udp connection filters. Briefly, this feature is similar to tcp_wrappers but is implemented in the kernel (and is more powerful). It allows the system administrator to specify general bpf filters that reject tcp and udp connections. When a filter rejects a connection, it is as if there was no server listening on the port. For example, it is possible to restrict portmapper and nfs accesses to a particular subnet or list of hosts or disallow telnet connections from off site. See the bpf README and setbpfilter(8) man page for more information. Each package has a CHANGES file that documents the important fixes and enhancements in each release. In summary: Libpcap supports Linux. Solaris x86 problems were fixed. Tcpdump supports Linux. The routine gmt2local() was rewritten to avoid problematic os dependencies. Aligned access and byte order problems were fixed. Bpf kernel tcp and udp connection filters were added. As usual, please direct bug reports, enhancements and comments to the mailing list found in the README files. Craig -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMq/pDb2JLbUEFcrxAQHKfwP/WO2+Ubrd9qR/CPff5oXbvpr0RXdn7CkV NkoBBbNV7YoQ/2MPyaw/9w+CNtnccAI9yviu9Iat80LI3M1iXTwuroVcFle4mwyf 1Mw5UHVAPIz6DTkWexN0DOK8XQNWl2YwcSVhFors5Za5RBaROu1UMRVUIa2KeJxt CFrlMqSKcCw= =kd7G -----END PGP SIGNATURE----- ------- End of Forwarded Message From netramet-owner Fri Dec 13 00:54:09 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id AAA18628 for netramet-outgoing; Fri, 13 Dec 1996 00:36:18 +1300 (NZDT) Received: from hot.ee.lbl.gov (hot.ee.lbl.gov [131.243.1.42]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with ESMTP id AAA18619 for ; Fri, 13 Dec 1996 00:36:10 +1300 (NZDT) Received: by hot.ee.lbl.gov (8.7.5/1.43r) id DAA17744; Thu, 12 Dec 1996 03:35:54 -0800 (PST) Message-Id: <199612121135.DAA17744@hot.ee.lbl.gov> To: Matthew Flanagan Reply-to: libpcap@ee.lbl.gov Cc: libpcap@ee.lbl.gov, netramet@auckland.ac.nz, anne.mikita@uts.edu.au, dna@uts.edu.au Subject: Re: libpcap 0.2.1, netramet 3.3 and solaris 2.4 (x86) In-reply-to: Your message of Tue, 01 Oct 1996 02:17:14 PDT. Date: Thu, 12 Dec 1996 03:35:54 PST From: Craig Leres Sender: netramet-owner@auckland.ac.nz Precedence: bulk I wrote: > > Compaq 486 PC Running Solaris 2.4 (x86) with latest Recommended patches and > > driver updates > [...] > > pcap_open_live(elx0): recv_ack: bind error 0x7 > > > > I can't find the error number anywhere in /usr/include/sys/dlpi.h. > > I think it's DL_UNSUPPORTED (Requested serv. not supplied by provider). > > Please try the appended patch. It will be in the next release. The new release is out; see the appended announcement. Craig ------- Forwarded Message Date: 12 Dec 1996 11:19:30 GMT From: tcpdump@spam.hell Subject: LBL tcpdump, libpcap and bpf released (Linux now supported) Newsgroups: comp.protocols.tcp-ip,comp.os.linux.networking -----BEGIN PGP SIGNED MESSAGE----- The latest versions of tcpdump (3.3), libpcap (0.3) and bpf (1.1.1) from the Network Research Group at the Lawrence Berkeley National Laboratory are now available via anonymous ftp: ftp://ftp.ee.lbl.gov/tcpdump.tar.Z ftp://ftp.ee.lbl.gov/libpcap.tar.Z ftp://ftp.ee.lbl.gov/bpf.tar.Z The main feature of these releases is the addition of Linux support. See the libpcap INSTALL document for more detailed information. This release does not support AIX. Although we have integrated patches from several contributors, it is reported that the current versions are not quite there yet. The INSTALL document has more information; if you manage to figure this out, please send mail to the mailing list found in the README document. (Which, by the way, consists of a tiny number of developers who don't appreciate receiving spam.) Another important feature is that bpf now includes support for kernel tcp and udp connection filters. Briefly, this feature is similar to tcp_wrappers but is implemented in the kernel (and is more powerful). It allows the system administrator to specify general bpf filters that reject tcp and udp connections. When a filter rejects a connection, it is as if there was no server listening on the port. For example, it is possible to restrict portmapper and nfs accesses to a particular subnet or list of hosts or disallow telnet connections from off site. See the bpf README and setbpfilter(8) man page for more information. Each package has a CHANGES file that documents the important fixes and enhancements in each release. In summary: Libpcap supports Linux. Solaris x86 problems were fixed. Tcpdump supports Linux. The routine gmt2local() was rewritten to avoid problematic os dependencies. Aligned access and byte order problems were fixed. Bpf kernel tcp and udp connection filters were added. As usual, please direct bug reports, enhancements and comments to the mailing list found in the README files. Craig -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMq/pDb2JLbUEFcrxAQHKfwP/WO2+Ubrd9qR/CPff5oXbvpr0RXdn7CkV NkoBBbNV7YoQ/2MPyaw/9w+CNtnccAI9yviu9Iat80LI3M1iXTwuroVcFle4mwyf 1Mw5UHVAPIz6DTkWexN0DOK8XQNWl2YwcSVhFors5Za5RBaROu1UMRVUIa2KeJxt CFrlMqSKcCw= =kd7G -----END PGP SIGNATURE----- ------- End of Forwarded Message From netramet-owner Fri Dec 13 03:29:09 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id DAA22794 for netramet-outgoing; Fri, 13 Dec 1996 03:25:42 +1300 (NZDT) Received: from mailhub.axion.bt.co.uk (mailhub.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id DAA22788 for ; Fri, 13 Dec 1996 03:25:30 +1300 (NZDT) Received: from gideon.bt.co.uk (actually gideon.bt-sys.bt.co.uk) by mailhub.axion.bt.co.uk with SMTP (PP); Thu, 12 Dec 1996 14:07:34 +0000 Received: from localhost by gideon.bt.co.uk (5.x/SMI-SVR4) id AA25871; Thu, 12 Dec 1996 14:03:15 GMT Date: Thu, 12 Dec 1996 14:03:14 +0000 (GMT) From: George Tsirtsis To: NeTraMet Subject: nifty for Linux Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi, Is there any version of NeTraMet that includes nifty (preferable in binary format)? Cheers, George Tsirtsis -------------------------------------------------------------------------- Network Research Tel : 0044-1473-640756 BT Labs Fax : 0044-1473-640709 Ipswich e-mail: george@gideon.bt.co.uk -------------------------------------------------------------------------- From netramet-owner Fri Dec 13 20:18:36 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id TAA20674 for netramet-outgoing; Fri, 13 Dec 1996 19:59:26 +1300 (NZDT) Received: from nevil.mtg.ietf.org (ietf-dhcp16.mtg.ietf.org [205.180.222.216]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id TAA20663; Fri, 13 Dec 1996 19:59:17 +1300 (NZDT) From: Nevil Brownlee Reply-To: Nevil Brownlee To: George Tsirtsis cc: NeTraMet Subject: Re: nifty for Linux Message-ID: Date: Fri, 13 Dec 1996 19:59:42 +1200 () Priority: NORMAL X-Mailer: Simeon for Win32 Version 4.0.7 X-Authentication: none MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hello all: On Thu, 12 Dec 1996 14:03:14 +0000 (GMT) George Tsirtsis wrote: > Is there any version of NeTraMet that includes nifty (preferable in binary > format)? The currrent release (3.4) include the nifty sources and makefiles. Binary tar files which include nifty are in the distribution directory (ftp://ftp.auckland.ac.nz/pub/iawg/NeTraMet) for Solaris and Irix (there;s also a Linux binary, but that doesn't include nifty). Cheers, Nevil +---------------------------------------------------------------------+ | Nevil Brownlee Director, Technology Development | | Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland | | FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand | +---------------------------------------------------------------------T From netramet-owner Sun Dec 15 08:31:56 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id IAA08714 for netramet-outgoing; Sun, 15 Dec 1996 08:15:42 +1300 (NZDT) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id IAA08709 for ; Sun, 15 Dec 1996 08:15:39 +1300 (NZDT) Received: by agora.rdrop.com (Smail3.1.29.1 #17) id m0vYzYd-0008uxC; Sat, 14 Dec 96 11:15 PST Message-Id: From: batie@agora.rdrop.com (Alan Batie) Subject: netramet on freebsd To: netramet@auckland.ac.nz Date: Sat, 14 Dec 1996 11:15:35 -0800 (PST) X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk I've done a first pass port of netramet to FreeBSD; it's "working mostly", but the snmp utils in the apps directory will take some more effort, as 4.4 BSD merged the arp table into the routing table, and some other things have changed as well. I'm not sure how much effort to put into this, as they don't appear to be necessary, but I'll work on it as I get a chance. I've got motif on order for FreeBSD and BSD/OS so I can build nifty there as well. When it's done, I'll send patches. In the mean time, I'm trying to make sense of the rule semantics. I keep getting 0's when I first install a new ruleset too. It seems like I have to restart nm_rc, or otherwise wait a while to get valid numbers for ports and addresses. It almost acts like because I've changed the ruleset, it doesn't have the data I'm asking for, but it has some previously collected data? It seems not to be flushing out as quickly as I would expect though. Perhaps I'm just impatient (well, make that "definitely" :-) ). I'm planning on using netramet at home to help manage a basement isp I've been running for several years, and at work as a test tool to verify data flows under rsvp. -- Alan Batie ______ batie@agora.rdrop.com \ / Assimilate this! +1 503 452-0960 \ / --Worf, First Contact DE 3C 29 17 C0 49 7A 27 \/ 40 A5 3C 37 4A DA 52 B9 It is my policy to avoid purchase of any products from companies which use unrequested email advertisements or telephone solicitation. From netramet-owner Tue Dec 17 08:21:18 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id IAA09643 for netramet-outgoing; Tue, 17 Dec 1996 08:03:58 +1300 (NZDT) Received: from scorpions.ifqsc.sc.usp.br (www.ifqsc.sc.usp.br [143.107.228.70]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id IAA09631 for ; Tue, 17 Dec 1996 08:03:48 +1300 (NZDT) Received: (from sergio@localhost) by scorpions.ifqsc.sc.usp.br (8.6.12/8.6.12) id RAA20676; Mon, 16 Dec 1996 17:03:41 GMT Date: Mon, 16 Dec 1996 17:03:37 +0000 () From: Sergio Henrique Oliveira Pereira X-Sender: sergio@scorpions.ifqsc.sc.usp.br To: Lista Netramet Subject: Acessing TCP Header Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Is it possible to use NeTraMet to recognize the TCP SYN and TCP Ack messages? Can anybody help? Thanks in advance. __ +|oo|+ +|oo|+ Instituto de Fisica de Sao Carlos - USP || Departamento de Fisica e Informatica || Grupo de Instrumentacao e Eletronica || || || E-mail : sergio@www.ifqsc.sc.usp.br _ || _ sergiop@ifqsc.sc.usp.br \\_||_// | [] | | || | http://www.ifqsc.sc.usp.br/hpp/sergio/sergio.html / [] \ \______/ From netramet-owner Tue Dec 17 09:45:47 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id JAA16890 for netramet-outgoing; Tue, 17 Dec 1996 09:43:41 +1300 (NZDT) Received: from homer.is.com.fj (homer.is.com.fj [202.62.124.238]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with ESMTP id JAA16871 for ; Tue, 17 Dec 1996 09:43:30 +1300 (NZDT) Received: from it.is.com.fj (it.is.com.fj [202.62.124.233]) by homer.is.com.fj (8.7.1/8.7.1) with SMTP id IAA26552 for ; Tue, 17 Dec 1996 08:43:06 +1200 (GMT-12) Message-Id: <1.5.4.32.19961216204233.00689448@pop3.is.com.fj> X-Sender: ilaitia@pop3.is.com.fj (Unverified) X-Mailer: Windows Eudora Light Version 1.5.4 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 17 Dec 1996 08:42:33 +1200 To: netramet@auckland.ac.nz From: Ilaitia Tuisawau Subject: Commercial Package Sender: netramet-owner@auckland.ac.nz Precedence: bulk Bula All, Does anyone have suggestions about the best commercial packages available for traffic metering (and billing)? There doesn't seem to be much available...any suggestions welcome. TIA, Ilaitia From netramet-owner Wed Dec 18 00:05:47 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id XAA02387 for netramet-outgoing; Tue, 17 Dec 1996 23:59:06 +1300 (NZDT) Received: from papaioea.manawatu.gen.nz (root@papaioea.manawatu.gen.nz [202.36.148.67]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id XAA02381 for ; Tue, 17 Dec 1996 23:59:02 +1300 (NZDT) Received: from papaioea.manawatu.gen.nz (alan@papaioea.manawatu.gen.nz [202.36.148.67]) by papaioea.manawatu.gen.nz (8.6.12/8.6.12) with SMTP id XAA23557; Tue, 17 Dec 1996 23:51:10 +1300 Date: Tue, 17 Dec 1996 23:51:08 +1300 (NZDT) From: Alan Brown To: Ilaitia Tuisawau cc: netramet@auckland.ac.nz Subject: Re: Commercial Package In-Reply-To: <1.5.4.32.19961216204233.00689448@pop3.is.com.fj> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk On Tue, 17 Dec 1996, Ilaitia Tuisawau wrote: > Does anyone have suggestions about the best commercial packages available > for traffic metering (and billing)? There doesn't seem to be much > available...any suggestions welcome. I feel that data charging is pretty much unique to this part of the world. Everyone I know who's using it is running in-house generated solutions. AB From netramet-owner Fri Dec 20 07:16:03 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id GAA20809 for netramet-outgoing; Fri, 20 Dec 1996 06:58:10 +1300 (NZDT) Received: from bill-graham.nfic.com (bill-graham.nfic.com [205.231.86.32]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with ESMTP id GAA20796 for ; Fri, 20 Dec 1996 06:57:50 +1300 (NZDT) Received: (from rramstad@localhost) by bill-graham.nfic.com (8.7.3/8.7.3) id MAA02444; Thu, 19 Dec 1996 12:56:56 -0500 (EST) Date: Thu, 19 Dec 1996 12:56:56 -0500 (EST) Message-Id: <199612191756.MAA02444@bill-graham.nfic.com> From: Bob Ramstad To: netramet@auckland.ac.nz cc: rmerrill@nfic.com In-reply-to: <199611272138.QAA10434@bill-graham.nfic.com> (message from Bob Ramstad on Wed, 27 Nov 1996 16:38:09 -0500 (EST)) Subject: PC Metering and Collecting Sender: netramet-owner@auckland.ac.nz Precedence: bulk howdy. we're considering purchasing a few PCs for use as meters on different network segments. from the documentation, it appears that this process is relatively straightforward. i'm assuming that Linux would be the right way to go. i'm also assuming we should have no problems compiling NeTraMet using gcc. then again, i just stumbled across the pc directory which contains "netramet.exe" -- supiciously looking like a precompiled executable for DOS. from the docs, it appears that if all i want to do is run the meter NeTraMet, this and the WATTCP.CFG file, properly edited, is all i need. right? anything special required for the Ethernet board? what is a CRYNWYR packet driver? where can i get one? does the computer need to have a keyboard and screen, or is this optional? any options for collecting on the PC other than NeMac? nifty sure is cool... i'd really appreciate responses from people who have recently set up this sort of hardware / software and have suggestions and "war stories" about the process. i'm not on the list so please make sure to send responses to me directly as well. i'm sure some of these are relatively dumb questions, so your patience is also appreciated. thanks! -- Bob From netramet-owner Fri Dec 20 13:02:32 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id MAA16422 for netramet-outgoing; Fri, 20 Dec 1996 12:59:27 +1300 (NZDT) Received: from ormail.intel.com (ormail.intel.com [134.134.248.3]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with ESMTP id MAA16409 for ; Fri, 20 Dec 1996 12:59:23 +1300 (NZDT) Received: from ibeam.intel.com (ibeam.jf.intel.com [134.134.208.3]) by ormail.intel.com (8.8.4/8.7.3) with SMTP id PAA27721 for ; Thu, 19 Dec 1996 15:59:17 -0800 (PST) Received: from aahz.jf.intel.com by ibeam.intel.com with smtp (Smail3.1.28.1 #6) id m0vasOo-000S69C; Thu, 19 Dec 96 16:01 PST Received: by aahz.jf.intel.com (Smail3.1.28.1 #13) id m0vasMV-000hxnC; Thu, 19 Dec 96 15:58 PST Message-Id: From: batie@aahz.jf.intel.com (Alan Batie) Subject: Where have I missed the boat? To: netramet@auckland.ac.nz Date: Thu, 19 Dec 1996 15:58:51 -0800 (PST) X-Mailer: ELM [version 2.4 PL24 ME8] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk I've got netramet running; I have a meter running on a bsdi system with the following ruleset, intended to measure multicast traffic: # # Rule specification file to count multicast traffic # SET 2 # RULES SourcePeerType & 255 = IP: Pushto, ip_pkt; SourcePeerType & 255 = dummy: Ignore, 0; # Ignore meter's dummy pkts Null & 0 = 0: GotoAct, Next; SourcePeerType & 255 = 0: CountPkt, 0; # Count packet types # ip_pkt: DestPeerAddress & 240.0.0.0 = 224.0.0.0: CountPkt, 0; # FORMAT FlowIndex FlowRuleSet FirstTime DestPeerAddress ToPDUs ToOctets; # STATISTICS # # end of file I have NeMaC running on the same system logging it, but it doesn't look like anything's coming out of it: #Time: 14:40:00 Thu 19 Dec 96 aahz Flows from 26262721 to 26274740 #Time: 14:42:00 Thu 19 Dec 96 aahz Flows from 26274739 to 26286758 #Time: 14:44:00 Thu 19 Dec 96 aahz Flows from 26286757 to 26298776 #Time: 14:46:00 Thu 19 Dec 96 aahz Flows from 26298775 to 26310795 #Time: 14:48:00 Thu 19 Dec 96 aahz Flows from 26310794 to 26322713 #Time: 14:50:09 Thu 19 Dec 96 aahz Flows from 26322712 to 26335624 #Time: 14:52:00 Thu 19 Dec 96 aahz Flows from 26335623 to 26346743 #Time: 14:54:00 Thu 19 Dec 96 aahz Flows from 26346742 to 26358762 #Time: 14:56:00 Thu 19 Dec 96 aahz Flows from 26358761 to 26370780 #Time: 14:58:00 Thu 19 Dec 96 aahz Flows from 26370779 to 26382798 I have nifty running read-only on a FreeBSD system (that's the only place I have Motif at the moment): nifty -c 60 aahz public Nifty is showing reasonable values in the little status window at the bottom: 15:09:00 Thu 19 Dec 96, aahz exp0, , 60s sample, 3 active flows, 1.363 Mbps+/- but not graphing anything (it would be nice if that status line were cut/pasteable). I've tried all scales... -- Alan Batie ------ What goes up, must come down. batie@aahz.jf.intel.com \ / Ask any system administrator. +1 503-264-8844 (voice) \ / --unknown D0 D2 39 0E 02 34 D6 B4 \/ 5A 41 21 8F 23 5F 08 9D From netramet-owner Fri Dec 20 20:25:49 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id UAA09066 for netramet-outgoing; Fri, 20 Dec 1996 20:18:20 +1300 (NZDT) Received: from nc3a.nato.int (issun3.nc3a.nato.int [192.41.140.225]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id UAA09046 for ; Fri, 20 Dec 1996 20:17:59 +1300 (NZDT) Received: from compc12.nc3a.nato.int by nc3a.nato.int with SMTP id AA19495 (5.67b/IDA-1.5 for ); Fri, 20 Dec 1996 08:11:51 +0100 Message-Id: <2.2.16.19961220092435.246fcf56@nc3a.nato.int> X-Sender: selm@nc3a.nato.int X-Mailer: Windows Eudora Pro Version 2.2 (16) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 20 Dec 1996 09:24:35 +0000 To: Bob Ramstad From: Marc van Selm Subject: Re: PC Metering and Collecting Cc: netramet@auckland.ac.nz Sender: netramet-owner@auckland.ac.nz Precedence: bulk At 12:56 PM 12/19/96 -0500, you wrote: >howdy. we're considering purchasing a few PCs for use as meters on >different network segments. from the documentation, it appears that >this process is relatively straightforward. > >i'm assuming that Linux would be the right way to go. i'm also >assuming we should have no problems compiling NeTraMet using gcc. You are correct. I'm using Linux because this runs on a PC (cheap probe) and unlike the DOS-version I can restart it remotely (and upgrade it from here instead of going to the site...) >then again, i just stumbled across the pc directory which contains >"netramet.exe" -- supiciously looking like a precompiled executable >for DOS. from the docs, it appears that if all i want to do is run >the meter NeTraMet, this and the WATTCP.CFG file, properly edited, is >all i need. right? mmm, I've used the DOS version in the past. Worked fine but I think there were some limitations (Memory etc...) The WATTCP.CFG file is the config for the ethernet-driver (WATTCP) I asume this driver is also there... >anything special required for the Ethernet board? NO, I don't think so. I've been running it with 3C503-cards. The manuals give some info on what kind of performance you'll get when you run various PC-platforms. (i386 with etherlink-II card will be good-enough if you are monitoring a segment with only internet traffic. A huge lan my need a P90+PCI-ethernet.) >does the computer need to have a keyboard and screen, or is this >optional? Depends of the OS. Dos will need keyboard and linux doesn't need it. A screen you can do without if you make sure Netramet is autostarted (or started from remote when using Linux) >any options for collecting on the PC other than NeMac? nifty sure is >cool... NM_RC displays a formatted and sorted table on the screen (very nice!) (it has a build-in fd-filter capability) I'm working on a web interface for NM_RC. Almost finisched.... Happy new year... Marc van Selm ------------------------------------------------- Marc van Selm NATO C3 Agency Communication Systems Division, A-Branch E-Mail: selm@nc3a.nato.int ------------------------------------------------- PGP key: http://www.cistron.nl/~selm/keymarc.asc From netramet-owner Fri Dec 20 21:12:20 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id VAA10565 for netramet-outgoing; Fri, 20 Dec 1996 21:11:22 +1300 (NZDT) Received: from tron.kom.tuwien.ac.at (tron.kom.tuwien.ac.at [128.130.34.30]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id VAA10556 for ; Fri, 20 Dec 1996 21:11:05 +1300 (NZDT) Received: (from bloeser@localhost) by tron.kom.tuwien.ac.at (8.6.12/8.6.11) id JAA07919; Fri, 20 Dec 1996 09:08:04 +0100 Message-Id: <199612200808.JAA07919@tron.kom.tuwien.ac.at> Subject: Re: PC Metering and Collecting In-Reply-To: <2.2.16.19961220092435.246fcf56@nc3a.nato.int> from Marc van Selm at "Dec 20, 96 09:24:35 am" To: selm@nc3a.nato.int (Marc van Selm) Date: Fri, 20 Dec 1996 09:08:04 +0100 (MET) Cc: rramstad@nfic.com, netramet@auckland.ac.nz From: bloeser@edvz.tuwien.ac.at Reply-to: bloeser@edvz.tuwien.ac.at Organization: Vienna University of Technology, Austria X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk > At 12:56 PM 12/19/96 -0500, you wrote: > >howdy. we're considering purchasing a few PCs for use as meters on > >different network segments. from the documentation, it appears that > >this process is relatively straightforward. > > > >i'm assuming that Linux would be the right way to go. i'm also > >assuming we should have no problems compiling NeTraMet using gcc. > > You are correct. I'm using Linux because this runs on a PC (cheap probe) and > unlike the DOS-version I can restart it remotely (and upgrade it from here > instead of going to the site...) > > >then again, i just stumbled across the pc directory which contains > >"netramet.exe" -- supiciously looking like a precompiled executable > >for DOS. from the docs, it appears that if all i want to do is run > >the meter NeTraMet, this and the WATTCP.CFG file, properly edited, is > >all i need. right? > > mmm, I've used the DOS version in the past. Worked fine but I think there > were some limitations (Memory etc...) The WATTCP.CFG file is the config for > the ethernet-driver (WATTCP) I asume this driver is also there... > > >anything special required for the Ethernet board? > > NO, I don't think so. I've been running it with 3C503-cards. The manuals > give some info on what kind of performance you'll get when you run various > PC-platforms. (i386 with etherlink-II card will be good-enough if you are > monitoring a segment with only internet traffic. A huge lan my need a > P90+PCI-ethernet.) > > >does the computer need to have a keyboard and screen, or is this > >optional? > > Depends of the OS. Dos will need keyboard and linux doesn't need it. A > screen you can do without if you make sure Netramet is autostarted (or > started from remote when using Linux) DOS does not need a keyboard! I am using diskless, screenless and keyboard-less PCs as probes. And if everything is set up right, I can just plug the box into the net wherever I need it and press the power button. It boots from floppy and autostarts NeTraMet. All there is to do is to configure the necessary network parameters in the WATTCP.CFG file (before I send someone off with the box to install it). Works great for us. > > >any options for collecting on the PC other than NeMac? nifty sure is > >cool... > > NM_RC displays a formatted and sorted table on the screen (very nice!) (it > has a build-in fd-filter capability) > > I'm working on a web interface for NM_RC. Almost finisched.... > > Happy new year... > > Marc van Selm > ------------------------------------------------- > Marc van Selm > NATO C3 Agency > Communication Systems Division, A-Branch > E-Mail: selm@nc3a.nato.int > ------------------------------------------------- > PGP key: http://www.cistron.nl/~selm/keymarc.asc > > Wishing you all a peaceful Christmas, Fritz -- Friedrich Bloeser bloeser@edvz.tuwien.ac.at Computing Services, Communication Group phone: (+43 1) 588 01-5810 Vienna Univ. of Technology, Austria fax: (+43 1) 587 42 11 From netramet-owner Sat Dec 21 05:28:05 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id FAA21482 for netramet-outgoing; Sat, 21 Dec 1996 05:23:31 +1300 (NZDT) Received: from nc3a.nato.int (issun3.nc3a.nato.int [192.41.140.225]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id FAA21466 for ; Sat, 21 Dec 1996 05:23:08 +1300 (NZDT) Received: from compc12.nc3a.nato.int by nc3a.nato.int with SMTP id AA26845 (5.67b/IDA-1.5 for ); Fri, 20 Dec 1996 17:10:58 +0100 Message-Id: <2.2.16.19961220182359.1a775f6a@nc3a.nato.int> X-Sender: selm@nc3a.nato.int X-Mailer: Windows Eudora Pro Version 2.2 (16) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 20 Dec 1996 18:23:59 +0000 To: bloeser@edvz.tuwien.ac.at From: Marc van Selm Subject: Re: PC Metering and Collecting Cc: rramstad@nfic.com, netramet@auckland.ac.nz Sender: netramet-owner@auckland.ac.nz Precedence: bulk At 09:08 AM 12/20/96 +0100, bloeser@edvz.tuwien.ac.at wrote: >DOS does not need a keyboard! >I am using diskless, screenless and keyboard-less PCs as probes. >And if everything is set up right, I can just plug the box >into the net wherever I need it and press the power button. >It boots from floppy and autostarts NeTraMet. >All there is to do is to configure the necessary network parameters >in the WATTCP.CFG file (before I send someone off with the box to >install it). Works great for us. You might be right. I was just thinking of the famous error message brougth to you by Microsoft: "No keyboard connected, press F1 to continue" But if it works for you, it should work for all.. Happy new year, and Christmas... Marc van Selm ------------------------------------------------- Marc van Selm NATO C3 Agency Communication Systems Division, A-Branch E-Mail: selm@nc3a.nato.int ------------------------------------------------- PGP key: http://www.cistron.nl/~selm/keymarc.asc From netramet-owner Sun Dec 22 04:07:06 1996 Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) id DAA18897 for netramet-outgoing; Sun, 22 Dec 1996 03:50:53 +1300 (NZDT) Received: from papaioea.manawatu.gen.nz (root@papaioea.manawatu.gen.nz [202.36.148.67]) by mailhost.auckland.ac.nz (8.8.4/8.7.3-ua) with SMTP id DAA18888 for ; Sun, 22 Dec 1996 03:50:28 +1300 (NZDT) Received: from papaioea.manawatu.gen.nz (alan@papaioea.manawatu.gen.nz [202.36.148.67]) by papaioea.manawatu.gen.nz (8.6.12/8.6.12) with SMTP id DAA01677; Sun, 22 Dec 1996 03:42:50 +1300 Date: Sun, 22 Dec 1996 03:42:49 +1300 (NZDT) From: Alan Brown To: bloeser@edvz.tuwien.ac.at cc: Marc van Selm , rramstad@nfic.com, netramet@auckland.ac.nz Subject: Re: PC Metering and Collecting In-Reply-To: <199612200808.JAA07919@tron.kom.tuwien.ac.at> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk On Fri, 20 Dec 1996 bloeser@edvz.tuwien.ac.at wrote: > DOS does not need a keyboard! To be more precise: DOS doesn't need a keyboard, but many bios's do. Most modern bios' allow the keyboard to be set to "not installed", after which, a keyboard is no longer necessary. If a machine absolutely has to have a keyboard to start, dump it. AB Stamp out unauthorised relay-hosting. This SMTP "feature" shouldn't default "on" See http://www.vix.com/spam/ and http://www.sendmail.org/antispam.html Junk email returned, in bulk, back to sender; w/copies to all postmasters.