does anybody still use NNSTAT?
William Armitage
I'm doing some work characterising network traffic of a collaborative
VR system. I started the particle physists way by running a
tcpdump -w during an hour long multisite session collecting the headers
of 680261 packets amounting to 74124463 bytes.
For agragate numbers i first tried Argus which gave some information about
large flows but wasn't so good on simpler information without some
modification.
Nnstat looked a better bet for this but its taken the best part of a
week solid porting and debugging to get it working on Solaris 2.5/Sparc/GCC 2.6.
without compatability librarys. This was starting from the 3.3beta-24JUN95
code base. I've added TraceFile support to etherpcap and also fixed the
etherdlpi driver. Any interest in putting together another Beta?
The data i'm getting now is looking interesting and different from the
usual local traffic patterns so im feeling happier about the effort.
What other tools should i be looking at?
I've collected NeTraMet and btng but i'm not sure i can afford the time to
play with them now:-(
Cheers,
William.
John Hawkinson
> week solid porting and debugging to get it working on Solaris 2.5/Sparc/GCC 2.6.
> without compatability librarys. This was starting from the 3.3beta-24JUN95
> code base.
Yay :-). I'd be interested in seeing this, though I couldn't commit to
doing the work. If people are putting together another release, they
should note that there's a BSDI port or 3.2 out there as well, which
needs integration (I've used it under other 44bsd systems,
specifically NetBSD, w/o a problem).
> What other tools should i be looking at?
The NLANR folks have some tools for flow characterization. See
http://www.nlanr.net/NA/. I've cc-ed them to see if they have anything
to say, as they don't seem to be on the list.
There's also the Internet Traffic Archive
(http://town.hall.org/Archives/pub/ITA/) which has some software for
looking at traces as well as some traces themselves. Most of the stuff
there (there's not too much) seems geared towards analyzing individual
connections rather than overall generalizations about large traces,
but at some point a human needs to cull things, anyhow.
> I've collected NeTraMet and btng but i'm not sure i can afford the
> time to play with them now:-(
I've found Netramet's efficieny to be less-than-desirable in
situations where you want to take a lot of data. The whole SNMP model
is somewhat distasteful to me, though perhaps others have had better
luck.
I guess I'm also curious what the performance of NNstat with
Solaris/DLPI is versus SunOS/bpf. I suppose that you're probably
counting every packet rather than filtering so the distinction may not
be so important...
--jhawk
John Hawkinson
Paul Hyder
actually was working! If it doesn't get to beta can I (grovel,
plead, beg...) get a copy?
About the only strong option I've found lately is the Dutch public
domain RMON implementation (ftp to dnpap.et.tudelft.nl in pub/btng).
Sadly I really need RMON2 and support for other than Enet interfaces.
Recent looks at commercial options were quite a shock. [106 segments
here at >$1000 each plus a central monitor or two at ~$5000 is a bit
out of reach.]
I also would like to know if anyone else seen, or has, any monitoring
contenders? (commercial or public)
Paul Hyder NCAR
William Armitage
> I for one would (just about :) kill for a version for Solaris that
> actually was working! If it doesn't get to beta can I (grovel,
> plead, beg...) get a copy?
I've has a few replies so i'll sort out some diffs next week and send them
to the people who have expresed interest.
In answer to Robs performance impact question i've just hit a local ethernet
with a large FTP. A libpcap/dlpi Statspy parm.sample1 running on my desktop
Solaris 2.5 Sparc 2 was using about 35% cpu at 1000packets/sec.