RE: 100% Multicast

Date view	Thread view	Subject view	Author view

Subject: RE: 100% Multicast
From: fatih ayvaz (fayvaz77@yahoo.com)
Date: Mon Sep 13 2004 - 11:43:36 CDT

Next message: Michael W. Lucas: "RRD files empty on CampusIO report, but topX works"
Previous message: Robert S. Galloway: "RE: 100% Multicast"
In reply to: Robert S. Galloway: "RE: 100% Multicast"
Next in thread: Robert S. Galloway: "RE: 100% Multicast"
Next in thread: Robert S. Galloway: "RE: 100% Multicast"
Reply: fatih ayvaz: "RE: 100% Multicast"
Reply: Robert S. Galloway: "RE: 100% Multicast"

My current settings can be seen below. What am I
actually supposed to set for the Subnet directive? I
tried the 0.0.0.0/0 and got the same... Thanks
[root@necromancer netflow]# more bin/CUFlow.cf
# These are the subnets in our network
# These are used only to determine whether a packet is
inbound our
# outbound
Subnet 10.9.7.0/24
#Subnet 0.0.0.0/0
 
# These are networks we are particularly interested
in, and want to
# get separate rrd's for their aggregate traffic
Network 10.11.10.0/24 routers
 
# Where to put the rrd's
# Make sure this is the same as $rrddir in
CUGrapher.pl
#OutputDir /cflow/reports/rrds
OutputDir /var/netflow/rrds
 
# Track multicast traffic
Multicast
 
# Keep top N lists
# Show the top ten talkers, storing reports in
/cflow/flows/reports
# and keeping the current report in
/etc/httpd/data/reports/topten.html
#Scoreboard 10 /cflow/reports/scoreboard
/var/www/html/topten.html
Scoreboard 10 /var/netflow/scoreboard
/var/www/html/topten.html
                                                      
                            
# Same, but build an over-time average top N list
AggregateScore 10 /var/netflow/rrds/agg.dat
/var/www/html/overall.html
 
# Our two netflow exporters. Produce service and
protocol reports for the
# total, and each of these.
Router 10.11.10.X ANKARA_7507
 
# Services we are interested in
Service 20-21/tcp ftp
Service 22/tcp ssh
Service 23/tcp telnet
Service 25/tcp smtp
Service 53/udp,53/tcp dns
Service 80/tcp http
Service 110/tcp pop3
Service 119/tcp nntp
Service 143/tcp imap
Service 412/tcp,412/udp dc
Service 443/tcp https
Service 1214/tcp kazaa
Service 4661-4662/tcp,4665/udp edonkey
Service 5190/tcp aim
Service 6346-6347/tcp gnutella
Service 6665-6669/tcp irc
Service 54320/tcp bo2k
Service 7070/tcp,554/tcp,6970-7170/udp real
 
# protocols we are interested in
Protocol 1 icmp
Protocol 4 ipinip
Protocol 6 tcp
Protocol 17 udp
Protocol 47 gre
Protocol 50 esp
Protocol 51 ah
Protocol 57 skip
Protocol 88 eigrp
Protocol 169
Protocol 255
 
# ToS bit percentages to graph
TOS 0 normal
TOS 1-255 other
 
# Interested in traffic to/from AS 1
#ASNumber 1 Genuity

--- "Robert S. Galloway" <securityguy@ikano.com>
wrote:

> You are using the CUFlow report module. Most likely
> you are getting a 0 hit
> count because you have not specified your local
> subnets with the "Subnet"
> directive in the CUFlow.cf config file.
> 
> Thanks,
> 
> Robert S. Galloway
> Chief Network Security Engineer
> IKANO Communications
> Network Operations Department
> ...the team behind the machines
> 
> 
> -----Original Message-----
> From: majordomo listserver
> [mailto:majordomo@mil.doit.wisc.edu] On Behalf Of
> fatih ayvaz
> Sent: Monday, September 13, 2004 9:44 AM
> To: flowscan@net.doit.wisc.edu
> Subject: Re: 100% Multicast
> 
> Also note the following: (it says "0" hit, why?)
> 2004/09/13 18:20:12 flowscan-1.020 CUFlow:
> Cflow::find
> took  0 wallclock secs ( 0.04 usr +  0.00 sys = 
> 0.04
> CPU) for 10967 flow file bytes, flow hit ratio:
> 0/710
> 
> --- fatih ayvaz <fayvaz77@yahoo.com> wrote:
> 
> > Hi,
> > Flowscan and flow-capture services seem to be
> > running
> > properly but the graph shows only multicast
> > traffifc.
> > And the utilization is 110 bits/sec. But, for real
> > the
> > util is about 200 Kbps.
> > There should be something which picks the
> multicast
> > and  ignores the others.
> > Where shall I look? Thanks.
> > Fatih
> > 
> > 
> > 		
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Mail is new and improved - Check it out!
> > http://promotions.yahoo.com/new_mail
> > 
> > --
> > Help        mailto:majordomo@net.doit.wisc.edu and
> > say "help" in message body
> > Unsubscribe mailto:majordomo@net.doit.wisc.edu and
> > say
> > "unsubscribe flowscan" in message body
> > Archive    
> >
>
http://net.doit.wisc.edu/~plonka/list/flowscan/archive/
> > 
> 
> 
> 
> 		
> _______________________________
> Do you Yahoo!?
> Shop for Back-to-School deals on Yahoo! Shopping.
> http://shopping.yahoo.com/backtoschool
> 
> --
> Help        mailto:majordomo@net.doit.wisc.edu and
> say "help" in message
> body
> Unsubscribe mailto:majordomo@net.doit.wisc.edu and
> say
> "unsubscribe flowscan" in message body
> Archive    
>
http://net.doit.wisc.edu/~plonka/list/flowscan/archive/
> 
> 
> 
> 



		
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail

--
Help        mailto:majordomo@net.doit.wisc.edu and say "help" in message body
Unsubscribe mailto:majordomo@net.doit.wisc.edu and say
"unsubscribe flowscan" in message body
Archive     http://net.doit.wisc.edu/~plonka/list/flowscan/archive/

Next message: Michael W. Lucas: "RRD files empty on CampusIO report, but topX works"
Previous message: Robert S. Galloway: "RE: 100% Multicast"
In reply to: Robert S. Galloway: "RE: 100% Multicast"
Next in thread: Robert S. Galloway: "RE: 100% Multicast"
Next in thread: Robert S. Galloway: "RE: 100% Multicast"
Reply: fatih ayvaz: "RE: 100% Multicast"
Reply: Robert S. Galloway: "RE: 100% Multicast"

Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2b25 : Mon Sep 13 2004 - 11:44:04 CDT