[flow-tools] Multiple Routers and Tru64

Mark Fullmer maf@eng.oar.net
Sun, 8 Dec 2002 20:13:27 -0500 

There are a few options for collecting from multiple routers.  Either 
have one instance of flow-capture for each router listening on a different
port or use one instance of flow-capture and then use the exporter IP
address to differentiate later.

flow-capture currently can not filter based on source IP address.  It's
either one address or all of them.  This is more of a socket API
issue, but I'll eventually implement a userland source IP filter.

flow-capture should never crash :(  Do you have a back trace?  Are
you by any chance running multiple copies of flow capture with the
same work (-w) directory?  I have a bug report from someone else 
that implies this could cause flow-capture to crash.

I don't have a Tru64 platform to test on.  Flow-tools uses autoconf
and automake, all the config files should be in the distribution.

If you have patches, I'll integrate them.

mark

On Wed, Dec 04, 2002 at 01:34:58PM -0500, Brandon Saunders wrote:
> At a high level I do not understand how collecting flows from multiple routers works.  When doing analysis how can I differentiate routers?  I tried running multiple collectors on different ports, 
> but all of the instances except one would crash.  That would lead me to conclude, that isn't the right way of doing it.
> 
> If I change the collector to receive from any source, is there a way that I can limit what IP addresses it receives traffic from? TCPwrappers?
> 
> I have also been working to port flow-tools to Tru64.  Has anyone else done any work on this?  I have 0.62 compiled on Tru64 V5.1a, but I had to change all of the inline statements to __inline.  I 
> have not completely determined what effect that has.  Can anyone lend any input?
> 
> There are also a lot of changes that need to happen to the configure script, but I haven't gotten that far yet.  Is the flow-tools configure script generated with autoconf?  If so, are the files that 
> autoconf uses to build the configure file available?
> 
> Thank You
> 
> Brandon Saunders
> Senior Network Engineer
> Ohio University Communication Network Services
> Email: brandon.a.saunders.1@ohiou.edu
> Phone: (740)593-9835
> Cell: (740)707-4945
> Pager: (740)592-7828
> Fax: (740)593-1944