File: README

package info (click to toggle)
flowscan 1.006-13.2
  • links: PTS
  • area: main
  • in suites: buster, jessie, jessie-kfreebsd, stretch, wheezy
  • size: 732 kB
  • ctags: 185
  • sloc: sh: 1,670; perl: 1,518; makefile: 148
file content (204 lines) | stat: -rw-r--r-- 7,692 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
NAME
    README - information about `FlowScan'

DESCRIPTION
    `FlowScan' is a network analysis and reporting tool. It
    processes IP flows recorded `cflowd'-format raw flow files and
    reports on what it finds.

    This document is the `FlowScan' `README' $Revision: 1.10 $,
    $Date: 2001/02/28 21:50:17 $.

Announcement
    I'm pleased to announce the release of `FlowScan-1.006'.
    `FlowScan' is a tool to monitor and graph flow information from
    Cisco and Riverstone routers in near real-time.

    Amonst many other things, `FlowScan' can measure and graph
    traffic for applications such as Napster. A sample of what
    FlowScan can do is at:

       http://wwwstats.net.wisc.edu

Changes in FlowScan-1.006 (since FlowScan-1.005)
    *   The CampusIO and SubNetIO reports were enhanced with a new
        optional configuration directive: `TopN'. When defined, this
        directive causes "Top Talker" reports to be produced. These
        HTML reports contain the most active (i.e. "top") source and
        destination addresses.

    *   The CampusIO and SubNetIO reports were enhanced to record the
        number of local IP addresses that where active for each
        network and subnet into the RRD files. This enables users to
        estimate the number of active hosts hosts over time, detect
        "scans" which systematically sweep across network address
        space, and to calculate the average bytes, packets, and
        flows per host.

    *   The template Makefile used to produce the graphs was enhanced to
        allow the inclusion of "events" in the graphs, similarly to
        what can be done with Cricket. This allows you to label
        events such as configuration changes and outages to discover
        correlations with traffic measurement.

    *   Two new utilities suitable for stand-alone use, are included.
        <kbd>ip2hostname</kbd> converts IP addresses to their
        respective hostnames. <kbd>event2vrule</kbd> adds "events"
        to `rrdtool' graphs.

    *   Added support for LFAP (Lightweight Flow Accouting Protocol)
        used by Riverstone and Enterasys (formerly Cabletron)
        routers. This currently requires `slate' (from
        `http://www.nmops.org') and `lfapd' by Steven Premeau
        <premeau@uwp.edu>. `lfapd' produces time-stamped raw flow
        files in the same cflowd-defined format that is processed by
        FlowScan.

    *   Added the ability for the `CampusIO' report to identify outbound
        flows based solely on the flow's destination IP address.
        While this is less trustworthy than using `NextHops' or
        `OutputIfIndexes', it is now the default and will be useful
        for environments where the flow nexthop or output ifIndex
        values are not meaningful.

    *   The `CampusIO' report contains a new experimental feature which
        reads a BGP routing table, and therefore can determine which
        Autonomous systems source, transit, or sink most of your
        institution's traffic. The `CampusIO' report was enhanced
        with new optional configuration directives: `BGPDumpFile',
        `TopN', `ReportPrefixFormat'. When properly defined, these
        directives cause `CampusIO' to create tabular HTML reports
        named `{origin|path}_{in|out}.html' under `OutputDir' after
        analyzing each raw flow file. These reports show the "top"
        Autonomous Systems with which your site exchanges traffic.

    *   A `WebProxyIfIndex' directive was added to the `CampusIO'
        report. This allows one to specify the index of the
        interface to which HTTP traffic is being transparently
        redirected. This enables `FlowScan' to properly count HTTP
        flows even though NetFlow v5 does not accurately report the
        nexthop value for flows which are transparently redirected
        via a Cisco route-map.

    *   `CampusIO' now contains a fix for a bug introduced in `FlowScan-
        1.005' which would sometimes cause perl to abort with this
        message:

           patricia.c:645: patricia_lookup: Assertion `prefix' failed.

        This would happen if the `NextHops' or `LocalNextHops' were
        specified by name rather than IP address. It also would
        happen if the boulder `SUBNET' values were specified
        incorrectly.

Availability
    FlowScan is licensed under the GNU General Public License, and
    is available to you at:

       http://net.doit.wisc.edu/~plonka/FlowScan/

Mailing Lists
        There are two mailing lists having to do with FlowScan:

    * flowscan
        a general mailing list for FlowScan users.

    * flowscan-announce
        a low-volume, restricted post mailing list to keep FlowScan
        users informed of news regarding FlowScan.

    The lists' respective archives are available at:

       http://net.doit.wisc.edu/~plonka/list/flowscan

    and:

       http://net.doit.wisc.edu/~plonka/list/flowscan-announce

    Announcements will be "cross-posted" to both lists, so there's
    no need to join both.

    These lists are hosted by the Division of Information
    Technology's Network Engineering Technology group at the
    University of Wisconsin - Madison. To subscribe to either of
    them, send email to:

       majordomo@net.doit.wisc.edu

    containing either:

       subscribe flowscan

    *or*:

       subscribe flowscan-announce

    You should receive an automatic response that will request that
    you verify your request to become a member of the list, to which
    you must reply with the authentication information there-in.
    Then, in response to your reply, you should receive a welcome
    message. If you have any questions about the administrative
    policies of this list's manager, please contact:

       owner-flowscan@net.doit.wisc.edu

    *or*:

       owner-flowscan-announce@net.doit.wisc.edu

FlowScan Resources
    Overview:

       http://www.caida.org/tools/utilities/flowscan/

    Paper - "FlowScan: A Network Traffic Flow Reporting and
    Visualization Tool":

       HTML:       http://net.doit.wisc.edu/~plonka/lisa/FlowScan/
       PostScript: http://net.doit.wisc.edu/~plonka/lisa/FlowScan/out.ps.gz

       http://www.caida.org/tools/utilities/flowscan/

    LISA XIV (New Orleans, Dec. 2000) Presentation:

       http://net.doit.wisc.edu/~plonka/lisa/FlowScan/presentation/

    NANOG 21 (Atlanta, Feb. 2001) Presentation:

       http://www.nanog.org/mtg-0102/plonka.html
       http://net.doit.wisc.edu/~plonka/nanog/

    Other:

       http://wwwstats.net.wisc.edu
       http://net.doit.wisc.edu/data/Napster/
       http://net.doit.wisc.edu/data/flow/size/

Contributors
       Alexander Kunz <Alexander.Kunz@nextra.de>
       Kevin Gannon <kevin@gannons.net>
       John Payne <john@sackheads.org>
       Michael Hare <Michael.Hare@doit.wisc.edu>
       Steven Premeau <premeau@uwp.edu>

Thanks
    I'd like to thank the participants in the FlowScan mailing list
    for their efforts and feedback.

    Also, thanks to Daniel McRobb, Tobi Oetiker, and CAIDA for
    providing the main tools upon which FlowScan is built, namely
    "cflowd" and "RRDTOOL".

Copyright and Disclaimer
        Note that this document is provided `as is'. The information
        in it is not warranted to be correct. Use it at your own
        risk.

           Copyright (c) 2000-2001 Dave Plonka <plonka@doit.wisc.edu>.
           All rights reserved.

        This document may be reproduced and distributed in its
        entirety (including this authorship, copyright, and
        permission notice), provided that no charge is made for the
        document itself.