From netramet-owner Thu Sep 3 00:54:26 1998 Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id AAA08703 for netramet-outgoing; Thu, 3 Sep 1998 00:48:03 +1200 (NZST) Received: from mail.fh-aachen.de (hpux1.noc.FH-Aachen.de [149.201.10.5]) by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id AAA08688 for ; Thu, 3 Sep 1998 00:47:58 +1200 (NZST) Received: from dialup.fh-aachen.de (ulrike-baumann.dialup.FH-Aachen.de [149.201.115.98]) by mail.fh-aachen.de (8.8.7/8.8.7) with ESMTP id OAA03766 for ; Wed, 2 Sep 1998 14:43:18 +0200 Message-ID: <35ED3A72.2D1B7EBD@dialup.fh-aachen.de> Date: Wed, 02 Sep 1998 14:30:42 +0200 From: "ulrike.baumann" X-Mailer: Mozilla 4.03 [en] (Win95; I) MIME-Version: 1.0 To: netramet Subject: problems with fd_extract Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi all, I am studying computer sciences at the FH Aachen in Germany and I use NeTraMet (version 4.1 and 4.2 on a linux sytem) for statistical analysis of performance measures. Right now I am experiencing some problems with the fd_extract flow data file utility. Although I am using this tool according to the manual, it seems that the complete output column file contains only values equal to zero. I did some review and tests with the source code, but the problem still remains. The source is quite complex, but I have the idea that maybe there is something wrong with the final loop in which the values are incremented. So, if anyone encountered similar problems with this tool or I am just making any mistake, I appreciate any helpful information Thank you and bye, Ulrike. From netramet-owner Wed Sep 9 23:35:45 1998 Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id XAA23501 for netramet-outgoing; Wed, 9 Sep 1998 23:31:23 +1200 (NZST) Received: from arthur.axion.bt.co.uk (arthur.axion.bt.co.uk [132.146.5.4]) by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id XAA23492 for ; Wed, 9 Sep 1998 23:31:17 +1200 (NZST) Received: from rambo (actually rambo.futures.bt.co.uk) by arthur.axion.bt.co.uk (PP) with SMTP; Wed, 9 Sep 1998 12:29:21 +0100 Received: from mussel.futures.bt.co.uk (actually mussel) by rambo with SMTP (PP); Wed, 9 Sep 1998 12:32:07 +0100 Received: by mussel.futures.bt.co.uk with Microsoft Exchange (IMC 4.0.837.3) id <01BDDBEC.F22074A0@mussel.futures.bt.co.uk>; Wed, 9 Sep 1998 12:25:35 +0100 Message-ID: X-MS-TNEF-Correlator: From: Mansur Khan To: "'NETRAMET'" Subject: Nemac and Nifty Source code Date: Wed, 9 Sep 1998 12:31:11 +0100 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.837.3 Encoding: 11 TEXT, 33 UUENCODE X-MS-Attachment: WINMAIL.DAT 0 00-00-1980 00:00 Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi everyone, I've been looking for the Nemac and Nifty source code in the Unix and Pc downloads and can't seem to find it. Could anyone point me in the right direction as to where it is. Cheers for your help, Mansur begin 600 WINMAIL.DAT M>)\^(B0+`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <` M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`06 `P`.````S@<)``D` M# `?``L``P`@`0$@@ ,`#@```,X'"0`)``P`&0`C``,`,@$!"8 !`"$```!% M-D-%,T4W03$S-#=$,C$Q0C4S,3 X,# R0D(P.4)&1@`J!P$-@ 0``@````(` M`@`!!( !`!P```!.96UA8R!A;F0@3FEF='D@4V]U$@%2!O:PN 9^8@`A %P'1H'+ 'P #!&B `<&0'L :0='D@NG,(86,< ML 6@#G @"X#5'=-5`P!X'G-0'F 7\&1W;A4@860$(!Z"8[T`<"<%0!*P'C = MT&\=D.,+@!Z@:70N' 8*A0A1CFP>H !P&U(@<&\+@$\%0 > ']8%$&=H!4!D MXFD5D&-T:0(@'G $(#TBH7<=\!60(Q$?T',N?R-M'? $D 0@':(;4 AP(.D= M\&QP&YU-`'$(< J%!12Q`"Q0'@!P``$````<````3F5M86,@86YD($YI9G1Y M(%-O=7)C92!C;V1E``(!<0`!````%@````&]V^20E8!70A)'S1'2I"0`@%_7 M)]P``$ `.0`E@IU8Y=N]`0,`\3\)! ```P`F```````#`#8```````(!1P`! M````+P```&,]1T([83T@.W ]0E0[;#U-3$(T3E1!4S Q+3DX,#DP.3$Q,S$Q M,5HM,SDP.#4```(!^3\!````2@````````#`/@_`0````P```!-86YS=7(@2VAA;@`"`?L_`0```$H````` M````W*= R,!"$!JTN0@`*R_A@@$`````````+T\]0E0O3U4]04%434%)3"]# M3CU214-)4$E%3E13+T-./4U!3E-54BY+2$%.````'@#Z/P$````,````36%N M; Sat, 12 Sep 1998 09:01:52 +1200 (NZST) Received: from er.uqam.ca (nobel.si.uqam.ca [132.208.219.1]) by uqam.ca (8.8.8/8.8.8) with ESMTP id RAA12320 for ; Fri, 11 Sep 1998 17:01:49 -0400 (EDT) Received: from mpeg (cousseme@mpeg.teleinfo.uqam.ca [132.208.135.193]) by er.uqam.ca (8.8.8/8.8.8) with SMTP id RAA07825 for ; Fri, 11 Sep 1998 17:01:18 -0400 (EDT) Message-ID: <35F98FBD.28C6@info.uqam.ca> Date: Fri, 11 Sep 1998 17:01:49 -0400 From: Eddy Coussement X-Mailer: Mozilla 3.01Gold (X11; I; SunOS 5.5.1 sun4m) MIME-Version: 1.0 To: Netramet Subject: fd_extract Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi everyone, I have some problems using the fd_extract utility. I always get zeros in the columns. Did anyone have this same problem? 1.6 0 0 0 0 0 0 0 0 0 0 3.6 0 0 0 0 0 0 0 0 0 0 5.6 0 0 0 0 0 0 0 0 0 0 Eddy Coussement UQAM - Montreal From netramet-owner Wed Sep 16 10:34:22 1998 Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id KAA05324 for netramet-outgoing; Wed, 16 Sep 1998 10:29:59 +1200 (NZST) Received: from alpha.telecom-co.net ([200.21.27.100]) by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with SMTP id KAA05247 for ; Wed, 16 Sep 1998 10:29:41 +1200 (NZST) Received: by alpha.telecom-co.net; id AA07298; Tue, 15 Sep 1998 17:28:34 -0500 Message-Id: <009701bde0f8$21cf8000$9b1b15c8@asecreto.telecom-co.net> From: "Joni Noguera Salazar" To: "netramet" Subject: NeMaC no read Meter Date: Tue, 15 Sep 1998 17:28:08 -0500 Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0093_01BDE0CE.34A734E0" X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-Mimeole: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: netramet-owner@auckland.ac.nz Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_0093_01BDE0CE.34A734E0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0094_01BDE0CE.34A734E0" ------=_NextPart_001_0094_01BDE0CE.34A734E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi I have a meter whit the following configuration... (in files = autoexec.bat, config.sys pd.bat, Wattcp.cfg and Acct.bat) =20 the meter run good, and NeMaC genere the followings files = 200.21.27.133.flows.001 and NeMaC.log.001. =20 NeMaC is run on Linux 2.0.0 but the manager no read information of = meter, what=B4s wrong?? =20 please Help-me =20 Joni Noguera ITEC-Telecom research divition Bogota Colombia ------=_NextPart_001_0094_01BDE0CE.34A734E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi
I have a meter whit the following=20 configuration... (in files autoexec.bat, config.sys pd.bat, Wattcp.cfg = and=20 Acct.bat)
 
the meter run good, and  NeMaC genere the = followings=20 files 200.21.27.133.flows.001 and NeMaC.log.001.
 
NeMaC is run on Linux 2.0.0 but the manager no read=20 information of meter, what´s wrong??
 
please Help-me
 
Joni Noguera
ITEC-Telecom
research divition
Bogota Colombia
------=_NextPart_001_0094_01BDE0CE.34A734E0-- ------=_NextPart_000_0093_01BDE0CE.34A734E0 Content-Type: application/octet-stream; name="NeMaC.log.001" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="NeMaC.log.001" MDI6NTI6MDAgV2VkIDE2IFNlcCAxOTk4IC0tIFN0YXJ0aW5nIE5lTWFDOiBOZVRyYU1ldCBNYW5h Z2VyICYgQ29udHJvbGxlciBWNC4yCjAyOjUyOjAxIFdlZCAxNiBTZXAgMTk5OCAtLSByZWFkZXJf dXRpbChJbml0LEN1cnJlbnQpOiBFcnJvciBpbiBwYWNrZXQsIHJlYXNvbiA9IGluY29uc2lzdGVu dFZhbHVlCjAyOjUyOjAxIFdlZCAxNiBTZXAgMTk5OCAtLSAuLi4gZmxvd01JQi5mbG93Q29udHJv bC5mbG93UmVhZGVySW5mb1RhYmxlLmZsb3dSZWFkZXJJbmZvRW50cnkuZmxvd1JlYWRlclJ1bGVT ZXQuMTAKMDI6NTI6MDEgV2VkIDE2IFNlcCAxOTk4IC0tIENvbW11bml0eSB3cml0ZV9jb20gZG9l c24ndCBoYXZlIHdyaXRlIGFjY2VzcyB0byBtZXRlciEKICAgQ29sbGVjdGlvbnMgd29uJ3QgdHJp Z2dlciByZWNvdmVyeSBvZiBpZGxlIGZsb3dzIDw8PAowMjo1NDo0OCBXZWQgMTYgU2VwIDE5OTgg LS0gTmVNYUMgU2h1dHRpbmcgZG93bgo= ------=_NextPart_000_0093_01BDE0CE.34A734E0 Content-Type: application/octet-stream; name="200.21.27.133.flows.001" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="200.21.27.133.flows.001" IyNOZVRyYU1ldCB2NC4yOiAgLWMzMDAgLXIgICAyMDAuMjEuMjcuMTMzIGV0MTIwICAxMDAwMCBm bG93cyAgc3RhcnRpbmcgYXQgMDI6NTI6MDEgV2VkIDE2IFNlcCAxOTk4CiNGb3JtYXQ6IAo= ------=_NextPart_000_0093_01BDE0CE.34A734E0 Content-Type: application/octet-stream; name="Autoexec.bat" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Autoexec.bat" @echo on prompt $p$g set path=A:\ set wattcp.cfg=a:\ set HOST_CLOCK_RATE=90E6 rem a:\dosedit if exist pd.bat call pd.bat cd netramet acct ------=_NextPart_000_0093_01BDE0CE.34A734E0 Content-Type: application/octet-stream; name="Config.sys" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Config.sys" BREAK ON FILES=40 BUFFERS=40 DEVICE=A:\WINDOWS\HIMEM.SYS DEVICEHIGH SIZE=2DD0 A:\WINDOWS\EMM386.EXE noems DOS=high,UMB STACKS=8,256 ------=_NextPart_000_0093_01BDE0CE.34A734E0 Content-Type: application/octet-stream; name="Pd.bat" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Pd.bat" rem Configuration for UofA 'Meter' PC rem \drivers\ne2000 120 5 0x300 \drivers\ne2000 120 10 0xFCC0 ------=_NextPart_000_0093_01BDE0CE.34A734E0 Content-Type: application/octet-stream; name="Wattcp.cfg" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Wattcp.cfg" # set ip number #my_ip=123.123.123.1 my_ip=200.21.27.133 # or for bootp set my_ip=bootp # set a non-zero network mask netmask=255.255.255.0 # enter one or more nameservers #nameserver=123.123.123.2 #nameserver=200.21.27.17 nameserver=192.157.67.2 nameserver=157.253.1.13 # enter one or more gateways #gateway=123.123.123.254 #gateway=200.21.27.17 gateway=200.21.27.130 # should have a domain list #domainslist="your.domain" domainslist="telecom-co.net" # optional inactive flag tells WATTCP to kill connection if nothing # happens for a period of time in seconds # eg. inactive=300 # 300 seconds or 5 minutes inactive=300 # define timeout for most things, like opening sessions # defaults to 30 seconds # eg. sockdelay=60 # extend it to one minute sockdelay=60 ------=_NextPart_000_0093_01BDE0CE.34A734E0 Content-Type: application/octet-stream; name="Acct.bat" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Acct.bat" ntm32 -h120 -f10000 -p2000 -w write_com -r read_com ------=_NextPart_000_0093_01BDE0CE.34A734E0-- From netramet-owner Tue Sep 22 01:14:37 1998 Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id BAA08745 for netramet-outgoing; Tue, 22 Sep 1998 01:09:06 +1200 (NZST) Received: from mail.ansp.br (IDENT:uucp@mail.ansp.br [143.108.1.150]) by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id BAA08737 for ; Tue, 22 Sep 1998 01:09:02 +1200 (NZST) Received: (from uucp@localhost) by mail.ansp.br (8.8.5/8.8.5) id KAA16975 for ; Mon, 21 Sep 1998 10:08:58 -0300 Received: from THEBRAIN.REGISTRO.FAPESP.BR(143.108.23.10), claiming to be "ansp.br" via SMTP by mail.ansp.br, id smtpda16973; Mon Sep 21 13:08:50 1998 Message-ID: <36064FDA.874C731B@ansp.br> Date: Mon, 21 Sep 1998 10:08:42 -0300 From: Ricardo Patara Organization: ANSP X-Mailer: Mozilla 4.5b1 [en] (X11; I; AIX 4.1) X-Accept-Language: en MIME-Version: 1.0 To: netramet@auckland.ac.nz Subject: Newer Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk Hi folks. I've just installed NeTramet 4.2 in my Linux machine. But I'm with some problems. I started NetFlowMet to collect flow from Cisco. I think it's ok. But, when I started NeMac I got the following message: ./NeMaC -c20 -r rules.default localhost private Using MIB file: mib.txt >>> No SET statement in rule file rules.default Warning!! Failed to start meter localhost check log for details No meters to monitor !!! There are two erros, I guess. One in the rule file, I can't understand, because this is the rule file wich comes with Netramet distribuition. The other complains about the meter, but I'm sure it's running: /NetFlowMet -i 10000 -r private NetFlowMet: Network Meter v4.2 Running on netmeter.ansp.br, port udp-10000 1008:22 nf_read(udp-10000): NF version 256 ??? 1008:23 nf_read(udp-10000): NF version 256 ??? 1008:24 nf_read(udp-10000): NF version 256 ??? 1008:24 nf_read(udp-10000): NF version 256 ??? Any help will be fine. TIA. -- Ricardo Patara ANSP - an Academic Network at Sa~o Paulo Analista de Redes Fundaca~o de Amparo `a Pesquisa S.P. patara@ansp.br Rua Pio XI, 1500 Alto da Lapa S.P. 05468-901 From netramet-owner Tue Sep 22 03:51:57 1998 Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id DAA14941 for netramet-outgoing; Tue, 22 Sep 1998 03:51:31 +1200 (NZST) Received: from mail.ansp.br (IDENT:uucp@mail.ansp.br [143.108.1.150]) by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id DAA14934 for ; Tue, 22 Sep 1998 03:51:27 +1200 (NZST) Received: (from uucp@localhost) by mail.ansp.br (8.8.5/8.8.5) id MAA18159 for ; Mon, 21 Sep 1998 12:51:02 -0300 Received: from THEBRAIN.REGISTRO.FAPESP.BR(143.108.23.10), claiming to be "ansp.br" via SMTP by mail.ansp.br, id smtpda18154; Mon Sep 21 15:50:58 1998 Message-ID: <360675D9.4EA638CC@ansp.br> Date: Mon, 21 Sep 1998 12:50:49 -0300 From: Ricardo Patara Organization: ANSP X-Mailer: Mozilla 4.5b1 [en] (X11; I; AIX 4.1) X-Accept-Language: en MIME-Version: 1.0 To: "netramet@auckland.ac.nz" Subject: Rule file Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk Does anyone know what could make this happen?: # ./NeMaC -s -l -r rules.default > syntax.default NeMaC: NeTraMet Manager & Controller V4.2 1 errors in rule file(s) rules.default # more syntax.default rules.default 1: SET 5 rules.default 2: # rules.default 3: RULES rules.default 4: SourcePeerType & 255 = dummy: Ignore, 0; # Ignore meter's dummy pkts rules.default 5: Null & 0 = 0: GotoAct, Next; rules.default 6: SourcePeerType & 255 = 0: CountPkt, 0; rules.default 7: # rules.default 8: # end of file >>> No SET statement in rule file rules.default The statement is declared, but NeMac says the opposite! -- Ricardo Patara ANSP - an Academic Network at Sa~o Paulo Analista de Redes Fundaca~o de Amparo `a Pesquisa S.P. patara@ansp.br Rua Pio XI, 1500 Alto da Lapa S.P. 05468-901 From netramet-owner Fri Sep 25 00:22:56 1998 Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id AAA05652 for netramet-outgoing; Fri, 25 Sep 1998 00:18:37 +1200 (NZST) Received: from Thuban.AC.HMC.Edu (Thuban.AC.HMC.Edu [134.173.53.8]) by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id AAA05643 for ; Fri, 25 Sep 1998 00:18:34 +1200 (NZST) Received: from THUBAN.AC.HMC.EDU by THUBAN.AC.HMC.EDU (PMDF V5.1-7 #28820) id <01J268SOBRRI8WXEB8@THUBAN.AC.HMC.EDU> for netramet@auckland.ac.nz; Thu, 24 Sep 1998 05:18:30 PST Date: Thu, 24 Sep 1998 05:18:29 -0800 (PST) From: Andy Davenport Subject: fd_extract To: netramet@auckland.ac.nz Cc: ~andy@THUBAN.AC.HMC.EDU Message-id: <01J268SOBSOW8WXEB8@THUBAN.AC.HMC.EDU> X-VMS-To: in%"netramet@auckland.ac.nz" X-VMS-Cc: andy MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk > From: Eddy Coussement > Hi everyone, > > I have some problems using the fd_extract utility. I always get zeros in > the columns. Did anyone have this same problem? > > 1.6 0 0 0 0 0 0 0 0 0 0 > 3.6 0 0 0 0 0 0 0 0 0 0 > 5.6 0 0 0 0 0 0 0 0 0 0 > > Eddy Coussement > UQAM - Montreal I am having the same problem. Is fd_extract working correctly for anyone? Does anyone for whom it is working have a small sample dataset and the accompanying rulefile for fd_extract that they could make available? Thanks very much. Andy Davenport andy@thuban.ac.hmc.edu From netramet-owner Sat Sep 26 01:34:35 1998 Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id BAA01741 for netramet-outgoing; Sat, 26 Sep 1998 01:28:37 +1200 (NZST) Received: from Thuban.AC.HMC.Edu (Thuban.AC.HMC.Edu [134.173.53.8]) by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id BAA01734 for ; Sat, 26 Sep 1998 01:28:34 +1200 (NZST) Received: from THUBAN.AC.HMC.EDU by THUBAN.AC.HMC.EDU (PMDF V5.1-7 #28820) id <01J27PIU1RL88WXEB8@THUBAN.AC.HMC.EDU> for netramet@auckland.ac.nz; Fri, 25 Sep 1998 06:28:30 PST Date: Fri, 25 Sep 1998 06:28:30 -0800 (PST) From: Andy Davenport Subject: Possible ENDIAN problem in fd_extract To: netramet@auckland.ac.nz Message-id: <01J27PIU1RLA8WXEB8@THUBAN.AC.HMC.EDU> X-VMS-To: in%"netramet@auckland.ac.nz" MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=US-ASCII Sender: netramet-owner@auckland.ac.nz Precedence: bulk Dear Nevil, Sorry to add this to your workload. Several people have recently reported a problem with fd_extract wherein it returns all zeroes. In my case I am running v4.1 on a Sun UltraSparc/Solaris. I think I might have a lead on the problem (although my C is rather weak, so I may be misunderstanding it). In fd_data.h there appears this fragment: typedef union { unsigned int *intval; unsigned char *charval; counter64 *c64val; } val; It appears to be making integer and counter64 variables overlay one another. The last line of code in fd_extract.c is: cip->value += *attribs[a].value.intval; This appears to be where the accumulation of totals takes place. cip->value is a float value. *attribs[a].value is of type var but has been stored as a c64val in get_value. I think the augment of cip->value is done with only half of the counter64 value. Perhaps on the Sparc machine it is getting the wrong ENDIAN? As a quickie workaround and test (again, forgive my C inexperience) I did this: In the variable declarations after main in fd_extract.c I added: counter64 doof; Then I changed the last line in that file to this: doof = *attribs[a].value.c64val; cip->value += doof.low; which I assume grabs the correct half of the counter64. Now I get apparently correct (or at least non-zero) values from fd_extract. I realize that this is not as good a solution as doing a proper counter64 to float conversion. Perhaps someone else can contribute that? Andy Davenport Harvey Mudd College From netramet-owner Tue Sep 29 03:08:27 1998 Received: by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) id DAA03406 for netramet-outgoing; Tue, 29 Sep 1998 03:04:43 +1200 (NZST) Received: from mail.ansp.br (IDENT:uucp@mail.ansp.br [143.108.1.150]) by mailhost.auckland.ac.nz (8.9.1/8.9.1/8.9.1-ua) with ESMTP id DAA03399 for ; Tue, 29 Sep 1998 03:04:39 +1200 (NZST) Received: (from uucp@localhost) by mail.ansp.br (8.8.5/8.8.5) id MAA24755 for ; Mon, 28 Sep 1998 12:04:18 -0300 Received: from THEBRAIN.REGISTRO.FAPESP.BR(143.108.23.10), claiming to be "ansp.br" via SMTP by mail.ansp.br, id smtpda24752; Mon Sep 28 15:04:15 1998 Message-ID: <360FA565.6362200F@ansp.br> Date: Mon, 28 Sep 1998 12:04:05 -0300 From: Ricardo Patara Organization: ANSP X-Mailer: Mozilla 4.5b2 [en] (X11; I; AIX 4.1) X-Accept-Language: en MIME-Version: 1.0 To: "netramet@auckland.ac.nz" Subject: NetFlowMet Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: netramet-owner@auckland.ac.nz Precedence: bulk I'd like to use NetFlowMet to capture flow from my cisco routers. I donwloaded the NeTraMet 4.2, instaled and compiled it in a Linux box (kernel 2.0.27). Everthing is work well. NeMac,NeTraMeter,nifity, srl. But when I started NetFlowMet I received the message: ./NetFlowMet -i10000 -w test NetFlowMet: Network Meter v4.2 Running on netmeter.ansp.br, port udp-10000 1149:52 nf_read(udp-10000): NF version 256 ??? 1149:52 nf_read(udp-10000): NF version 256 ??? 1149:52 nf_read(udp-10000): NF version 256 ??? I suposed netflowmet doens't know the version of packet, which should be version 1. The netflow version cisco sends. I verified the source of meter (meter_ux.c). There is a code to discover the version. It's something like this: nf_version = getVersionNumber(pi->nf_buf); and in flowdata.h: ushort getVersionNumber(flow) char* flow; { return *((ushort*)flow); } If we convert 256 to binary, we'll get 1 00000000, which is a short int (16 bits). I thought, if the notation couldn't be wrong. Because, if we invert this binary number, we would get : 00000000 00000001 and I'd get nf_version = 1. And don't know if I wrote is correct. Just a guess. TIA. -- Ricardo Patara ANSP - an Academic Network at Sa~o Paulo Analista de Redes Fundaca~o de Amparo `a Pesquisa S.P. patara@ansp.br Rua Pio XI, 1500 Alto da Lapa S.P. 05468-901