[flow-tools] Multiple Routers and Tru64

Horatio B. Bogbindero wyu@ateneo.edu
Thu, 5 Dec 2002 08:34:12 +0800 

Quoting Brandon Saunders <brandon.a.saunders.1@ohio.edu>:

> At a high level I do not understand how collecting flows from multiple routers works.  When doing
> analysis how can I differentiate routers?  I tried running multiple collectors on different
> ports, 
> but all of the instances except one would crash.  That would lead me to conclude, that isn't the
> right way of doing it.
> 
there are a number of way of doing this:
a.) you can let different instances of flow-capture get flows from different routers using
different port numbers and saving them on different directories. on this level, you can
differentiate traffic by the folder in which it is saved in.
b.) or you can let flow-capture retrieve flow from any exporter. you can differentiate
flows by its exporter id field. using flow-nfilter you can filter by this field.

personally i prefer b.) since it is a lot simpler to setup. however, the flow-tools i
started with did not have that version and thus i started out with options a.). since the
data directory is already configured in this way, it would take some time for me
to migrate my data.

> If I change the collector to receive from any source, is there a way that I can limit what IP
> addresses it receives traffic from? TCPwrappers?
> 
you can limit it using firewalling. ipfw/ipchains or something. i do not think flow-tools
has TCP wrappers support.

> I have also been working to port flow-tools to Tru64.  Has anyone else done any work on this?  I
> have 0.62 compiled on Tru64 V5.1a, but I had to change all of the inline statements to __inline. 
> I 
> have not completely determined what effect that has.  Can anyone lend any input?
> 
> There are also a lot of changes that need to happen to the configure script, but I haven't gotten
> that far yet.  Is the flow-tools configure script generated with autoconf?  If so, are the files
> that 
> autoconf uses to build the configure file available?
>
that far i know that the configure script is generated from the configure.in.
 
-----------------------------------------------
William Emmanuel S. Yu
Ateneo Campus Network Group (AteneoCNG)
email  :  wyu at ateneo dot edu
web    :  http://CNG.ateneo.net/cng/wyu/
phone  :  +63(2)4266001-4186
GPG    :  http://CNG.ateneo.net/cng/wyu/wyy.pgp