L4 Traffic Monitor question

Similar Messages

• Need help in generating L4 Traffic monitor logs

  Hi,
  As a part of my project I need to study different types of logs produced by Cisco IronPort. I could generate some access and authentication logs however not sure about generating the L4 Traffic Monitor logs. Can anyone point me to right documentation that will help me generate those logs?
  Thanks,
  Harshad Kashikar

  Harshad,
  L4 Traffic Monitoring needs to be configured within the IronPort - first question is do you have a SPAN/TAP port set up on your switch to capture L4 traffic?
  Second, I only use this feature to capture information on malware/spyware - I have seen P2P, IRC, and 'phone-home' traffic amongst other things.  Do you have an infected host you can monitor?
  BF

• Traffic monitoring

  I have a Cisco 4507 and would like to start monitoring traffic analysis and must admit Im a beginer so any information would be gratefully received

  Hello,
  you can use netflow traffic monitoring and analyzis. More information about netflow you can read on the cisco pages http://www.cisco.com/go/netflow or in the documentation of our software on the: http://www.caligare.com/netflow/download.php (section appendix 1). If you have more questions regarding netflow let me know...
  Jan
  Caligare Co.
  http://www.caligare.com

• L4 traffic monitor - blocking traffic ?

  Hello
  How does L4 traffic monitor is blocking traffic if T1/T2 ports are "tap/sniffed ports" ?
  For SPAN we might have "ingress vlan feature" which would allow us to send TCP RST (like IPS does),
  but for hardware TAP we do not have such a feature.
  So - maybe L4 traffic monitor can not block any traffic, just make a decision what to block and execution is on WebProxy and P1/2 ports ?
  Thanks

  Michael,
  Yes, the reset is sent via P1
  Ken
  Sent from Cisco Technical Support iPad App

• Can an Ironport work in both WCCPv2 and L4 Traffic monitoring modes at the same time?

  Hello Ciscoers,
  We have an ironport installed and we use WCCPv2 to redirect the traffic. And as it occurs, I have a need to forward the traffic for another network, that uses another path to the Internet.
  So I was thinking using the L4 Traffic Monitoring.
  To the best of your knowledge, is there a way to have the appliance use both WCCPv2 and L4 Traffic monitoring at the same time? From the configuration, it's one or the other.
  Thanks,
  J.

  Ok. I'll try.
  As a matter of fact, I plan to use policy-based routing to forward all the "interesting" traffic to the appliance.
  For your TCP-Resets not seen, do you allow ingress on the span session?
  J.

• Traffic monitoring for Coherence 3.1

  The objective of our small project is to monitor the traffic on our coherence clusters. We also were trying to put the cache traffic as a object in the same cache name. The problem we encountered was during performance tests something happened to the coherence clusters and there appears to be some kind of lock not being released for others which made all the weblogic cluster go down. Weblogic went down with "too many open files". We have thread dumps which I can send if you guys need it nevertheless I have attached a part which I suspect is the reason.
  Heres the Code that was trying to do the monitoring. The doPut Servlet method does the put , after the put it calls a method RegisterTraffic which has a small logic to increment the count & put back into the cache. It has a Lock for the particular "Traffic" key.
  * The Servlets doPut method - Handles the Cache Put Requests
  * @param HttpServletRequest request, HttpServletResponse response
  * @return void
  * @throws CacheException
  public void doPut(HttpServletRequest request, HttpServletResponse response) throws
  ServletException, IOException {
       ServletOutputStream out = response.getOutputStream();
       String value = "";
       try {
            String id = request.getPathInfo();
            String expires = request.getHeader("Expires");
            String contentType = request.getContentType();
            String app_name = request.getHeader("App-Name");
            int contentLength = request.getContentLength();
            if (contentLength > 0) {
                 byte valueArray[] = new byte[contentLength];
                 ServletInputStream in = request.getInputStream();
                 int bytesRead = 0;
                 int offset = 0;
                 while (bytesRead > -1) {
                      bytesRead =
                           in.read(valueArray, offset, valueArray.length - offset);
                      offset += bytesRead;
                      if (offset == contentLength) {
                      break;
                 DataObject myValue = new DataObject();
                 myValue.setByte(valueArray);
                 myValue.setExpirationTime((Long.parseLong(expires))*1000);
                 Cache_Manager.put(id, myValue);
                 response.setContentType("application/octet-stream");
                 value = "ID "+id+" Stored";
                 out.write(value.getBytes());
                 out.flush();
                 RegisterTraffic(app_name,"PUT");
       } catch (Exception ex) {
            response.setContentType("application/octet-stream");
            value = "CACHE_ERROR:"+ErrorCode.INTERNAL_PROBLEM_CODE+":"+"doPut:"+ErrorCode.INTERNAL_PROBLEM_MSG;
            response.setContentLength(value.length());
            out.write(value.getBytes());
            throw new ServletException(value+"\n"+ex.getMessage());
  * The Servlets Traffic Monitor method - Handles the Traffic monitoring
  * @param appname, get or put or clear
  * @return void
  * @throws CacheException
  public void RegisterTraffic(String appName, String action) {
       String trafficKey = "Traffic";
       try {
            HashMap hmTotal = new HashMap();
            HashMap hmToday = new HashMap();
            Object obj = null;
            HIDataObject dObj = null;
            String today = (new java.util.Date().toString()).substring(0,3);
            //String today = "SAT";
            Long totalTrafficCount = new Long(1);
            Long todayTrafficCount = new Long(1);
            long totalCnt = 0;
            long todayCnt = 0;
            // Lock the Object.
            Cache_Manager.lock(trafficKey,-1);
            try{
                 dObj = (HIDataObject)Cache_Manager.get(trafficKey);
            } catch(java.lang.NullPointerException nex) {
                 // If this Exception then we are doing it for the first time.
                 // Ignore this exception
            } catch(Exception exe) {
                 CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+exe.getMessage());
            if (dObj != null) {
                 hmTotal = dObj.getTotalTrafficHashMap();
                 hmToday = dObj.getTodayTrafficHashMap();
            // HashMap.get will throw error for the first time , so initialize to 1.
            try{
                 totalTrafficCount = (Long)hmTotal.get(appName+"-"+action);
            } catch(java.lang.NullPointerException nex) {
                 CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+nex.getMessage());
            try{
                 todayTrafficCount = (Long)hmToday.get(today+"-"+appName+"-"+action);
            } catch(java.lang.NullPointerException nex) {
                 CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+nex.getMessage());
            try{
                 totalCnt = totalTrafficCount.longValue();
                 todayCnt = todayTrafficCount.longValue();
            } catch (Exception e) {
            // Increase the counn here
            totalCnt++;todayCnt++;
            hmTotal.put(appName+"-"+action,new Long(totalCnt));
            hmToday.put(today+"-"+appName+"-"+action,new Long(todayCnt));
            try{
                 HIDataObject myValue = new HIDataObject();
                 myValue.setTotalTrafficHashMap(hmTotal);
                 myValue.setTodayTrafficHashMap(hmToday);
                 myValue.setExpirationTime(86400000);
                 Cache_Manager.put(trafficKey, myValue);
            } catch (Exception exe){
                 CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+exe.getMessage());
       } catch (Exception ex) {
            CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+ex.getMessage());
       } finally {
            Cache_Manager.unlock(trafficKey);
  Weblogic Thread Dumps
  "TcpRingListener" id=76 idx=0x96 tid=19164 prio=6 alive, in native, daemon
  at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
  at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
  ^-- Holding lock: java/net/PlainSocketImpl@0xc5f4238[thin lock]
  at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
  at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
  at com/tangosol/coherence/component/net/socket/TcpSocketAccepter.accept()Lcom/tangosol/coherence/component/net/socket/TcpSocket;(TcpSocketAccepter.CDB:17)
  at com/tangosol/coherence/component/util/daemon/TcpRingListener.acceptConnection()V(TcpRingListener.CDB:9)
  at com/tangosol/coherence/component/util/daemon/TcpRingListener.onNotify()V(TcpRingListener.CDB:1)
  at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:34)
  at java/lang/Thread.run()V(Unknown Source)
  at jrockit/vm/RNI.c2java(IIII)V(Native Method)
  -- end of trace
  "DistributedCache" id=78 idx=0x98 tid=19165 prio=5 alive, in native, waiting, daemon
  -- Waiting for notification on: com/tangosol/coherence/component/util/daemon/QueueProcessor$Queue@0xc5c6998[fat lock]
  at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
  at java/lang/Object.wait(J)V(Native Method)[optimized]
  at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)[optimized]
  ^-- Lock released while waiting: com/tangosol/coherence/component/util/daemon/QueueProcessor$Queue@0xc5c6998[fat lock]
  at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
  at java/lang/Thread.run()V(Unknown Source)
  at jrockit/vm/RNI.c2java(IIII)V(Native Method)
  -- end of trace
  "ListenThread.Default" id=79 idx=0x9a tid=19166 prio=5 alive, in native
  at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
  at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
  ^-- Holding lock: java/net/PlainSocketImpl@0x1729efc8[thin lock]
  at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
  at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
  at weblogic/socket/WeblogicServerSocket.accept()Ljava/net/Socket;(WeblogicServerSocket.java:26)
  at weblogic/t3/srvr/ListenThread.accept()Ljava/net/Socket;(ListenThread.java:735)
  at weblogic/t3/srvr/ListenThread.run()V(ListenThread.java:301)
  at jrockit/vm/RNI.c2java(IIII)V(Native Method)
  -- end of trace
  Blocked lock chains
  ===================
  Chain 2:
  "ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'" id=53 idx=0x70 tid=18903 waiting for java/lang/String@0x102fb4d8 held by:
  "ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'" id=52 idx=0x6e tid=18902 in chain 1
  Coherence Thread Dumps
  "PacketPublisher" id=21 idx=0x32 tid=20248 prio=6 alive, in native, waiting, daemon
  at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
  at java/lang/Object.wait(J)V(Native Method)
  at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)
  ^-- Lock released while waiting: com/tangosol/coherence/component/net/Cluster$PacketPublisher$Queue@0xcb36648[fat lock]
  at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
  at java/lang/Thread.run()V(Unknown Source)
  at jrockit/vm/RNI.c2java(IIII)V(Native Method)
  -- end of trace
  "Cluster" id=22 idx=0x34 tid=20249 prio=5 alive, in native, waiting, daemon
  -- Waiting for notification on: com/tangosol/coherence/component/net/Cluster$ClusterService$Queue@0xcb30190[fat lock]
  at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
  at java/lang/Object.wait(J)V(Native Method)
  at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)
  ^-- Lock released while waiting: com/tangosol/coherence/component/net/Cluster$ClusterService$Queue@0xcb30190[fat lock]
  at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
  at java/lang/Thread.run()V(Unknown Source)
  at jrockit/vm/RNI.c2java(IIII)V(Native Method)
  -- end of trace
  "PO Async Executor" id=27 idx=0x36 tid=20436 prio=5 alive, in native, waiting, daemon
  -- Waiting for notification on: java/lang/Object@0xa7573d8[fat lock]
  at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
  at jrockit/vm/Locks.wait(Ljava/lang/Object;J)V(Unknown Source)
  at java/lang/Object.wait()V(Native Method)
  at com/wily/EDU/oswego/cs/dl/util/concurrent/BoundedLinkedQueue.take()Ljava/lang/Object;(BoundedLinkedQueue.java:225)
  ^-- Lock released while waiting: java/lang/Object@0xa7573d8[fat lock]
  at com/wily/EDU/oswego/cs/dl/util/concurrent/QueuedExecutor$RunLoop.run()V(QueuedExecutor.java:82)
  at java/lang/Thread.run()V(Unknown Source)
  at jrockit/vm/RNI.c2java(IIII)V(Native Method)
  -- end of trace
  "TcpRingListener" id=24 idx=0x38 tid=20252 prio=6 alive, in native, daemon
  at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
  at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
  ^-- Holding lock: java/net/PlainSocketImpl@0xd441530[thin lock]
  at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
  at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
  at com/tangosol/coherence/component/net/socket/TcpSocketAccepter.accept()Lcom/tangosol/coherence/component/net/socket/TcpSocket;(TcpSocketAccepter.CDB:17)
  at com/tangosol/coherence/component/util/daemon/TcpRingListener.acceptConnection()V(TcpRingListener.CDB:9)
  at com/tangosol/coherence/component/util/daemon/TcpRingListener.onNotify()V(TcpRingListener.CDB:1)
  at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:34)
  at java/lang/Thread.run()V(Unknown Source)
  at jrockit/vm/RNI.c2java(IIII)V(Native Method)

  Hi user638596.
  Frankly, there is not enough information to go by. The code you pointed to is definitely not "bullet proof". First, after the lock has been acquired, it only catches Exceptions, so any Errors (e.g. OutOfMemoryError) would "leak" a lock. In general, the locking-protected code should look like (in pseudo-code):
  lock();
  try
    operations();
  finally
    unlock();
    }However, without seeing the log files and entire thread dump, it's impossible to figure out a real reason. I'd suggest you to submit those to our support at Oracle Metalink.
  Regards,
  Gene

• [Request] NTM - Network Traffic Monitor

  Hi to everyone:
  Could anyone package this?: NTM - Network Traffic Monitor
  NTM is a monitor of the network and internet traffic for GNU/Linux. Some characteristics:
      * Choice of the interface to monitoring.
      * Period to monitoring: Day, Week, Month, Year or Custom Days. With autoupdate.
      * Threshold: Autodisconnection if a limit is reached (by NetworkManager).
      * Traffic Monitoring: Inbound, outbount and total traffic; Show the traffic speed.
      * Time Monitoring: Total time of connections in the period.
      * Time Slot Monitoring: Number of sessions used.
      * Reports: Show of average values and daily traffic of a configurable period.
      * Online checking with NetworkManager or by "Ping Mode".
      * The traffic is attributed to the day when the session began.
      * Not need root privilege.
      * Not invasive, use a system try icon.
  NTM is useful for the people that have a internet plan with a limit, and moreover the exceed traffic is expensive.
  NTM is write in python and is a open source software, the license is the GNU GPL v2.
  A lot of thanks.

  #Maintairner: Brieuc Roblin <brieuc.roblin at gmail dot com>
  pkgname='ntm'
  pkgver='1.2.2'
  pkgrel='1'
  pkgdesc="Monitor of the network and internet traffic"
  arch=('i686' 'x86_64')
  license=('GPL')
  depends=('pywebkitgtk' 'lsb-release' 'networkmanager')
  makedepends=('dpkg')
  url=('http://netramon.sourceforge.net/eng/index.html')
  source=('http://freefr.dl.sourceforge.net/project/netramon/NTM/ntm-1.x/ntm-1.2.2.deb')
  md5sums=('ec438b8c952ac866ffdaa57538d189b7')
  build() {
  cd "$srcdir"
  # Extracting deb
  msg2 "Extracting .deb ..."
  dpkg-deb -x ntm-*.deb deb
  cd "deb"
  # Installing
  msg2 "Installing..."
  cp -r . "$pkgdir"/
  I can't really test the program as I'm not using NetworkManager.
  Last edited by PyrO_70 (2010-08-20 19:18:24)

• Cisco WSA : no data found in L4 traffic monitor summary

  Hello !
  Does L4 traffic monitor only display rogue traffic ? Because, I made a packet capture on the T1 interface and i saw that there was a lot of traffic but in the overview, no data was found in the field "L4 Traffic Monitor Summary". Is it normal ? There is a screenshot in enclosed files.
  Thank you,
  Stephane Walker

  UDP ports will not be blocked.
  The L4TM will use the T1 interface to detect traffic to destinations that are on its blacklist.  Once detected, the the data interface on the WSA will send a packet with the TCP reset flag to the client to prevent a TCP connection.
  I have not tested this so someone correct me if I am wrong.  I am answering this based on my understanding of the L4TM feature, and how it works.  Since UDP is connectionless, there is no connection for it to kill.
  Now this makes me wonder about the Monitor feature though.  But I am almost certain it will not block if the action is set to block.
  I'll check this out when I'm in the office and will get back to you.
  -Vance

• UDP traffic analyzed in L4 traffic monitor?

  Dear all,
  I just wonder if anyone knows whether UDP traffic is analyzed by the WSA's L4 traffic monitor?
  It just tells "all ports" in the settings and reports also only reflect port numbers but no details like
  which protocol (tcp/udp).
  Anyone?
  Best,
  Hascha

  UDP ports will not be blocked.
  The L4TM will use the T1 interface to detect traffic to destinations that are on its blacklist.  Once detected, the the data interface on the WSA will send a packet with the TCP reset flag to the client to prevent a TCP connection.
  I have not tested this so someone correct me if I am wrong.  I am answering this based on my understanding of the L4TM feature, and how it works.  Since UDP is connectionless, there is no connection for it to kill.
  Now this makes me wonder about the Monitor feature though.  But I am almost certain it will not block if the action is set to block.
  I'll check this out when I'm in the office and will get back to you.
  -Vance

• 24 Hr Network Traffic Monitoring

  Hi Markus,
  I got this 24-hour Network traffic monitoring output using the program you gave me ;)
  I run every hour this > ./network-traffic.sh -c 1
  It will give me 1 line output like this,
  Monitoring eth0 every 3 seconds. (RXbyte total = 1 Gb TXbytes total = 2 Gb)
  RXbytes = 58 Kb TXbytes = 51 Kband I call this program every hour via cron, to produce and output like this:
  27-Oct-2010 00:00:07    RXbytes = 10 Kb TXbytes = 9 Kb
  27-Oct-2010 01:00:07    RXbytes = 11 Kb TXbytes = 9 Kb
  27-Oct-2010 02:00:07    RXbytes = 7 Kb TXbytes = 6 Kb
  27-Oct-2010 03:00:07    RXbytes = 48 Kb TXbytes = 42 Kb
  27-Oct-2010 04:00:07    RXbytes = 448 b TXbytes = 0 b
  27-Oct-2010 05:00:08    RXbytes = 128 b TXbytes = 0 b
  27-Oct-2010 06:00:07    RXbytes = 128 b TXbytes = 0 b
  27-Oct-2010 07:00:08    RXbytes = 256 b TXbytes = 0 b
  27-Oct-2010 08:00:08    RXbytes = 14 Kb TXbytes = 24 Kb
  27-Oct-2010 09:00:07    RXbytes = 11 Kb TXbytes = 10 Kb
  27-Oct-2010 10:00:08    RXbytes = 11 Kb TXbytes = 10 Kb
  27-Oct-2010 11:00:07    RXbytes = 48 Kb TXbytes = 85 Kb
  27-Oct-2010 12:00:08    RXbytes = 9 Kb TXbytes = 8 Kb
  27-Oct-2010 13:00:07    RXbytes = 13 Kb TXbytes = 28 Kb
  27-Oct-2010 14:00:08    RXbytes = 53 Kb TXbytes = 46 Kb
  27-Oct-2010 15:00:08    RXbytes = 13 Kb TXbytes = 20 Kb
  27-Oct-2010 16:00:08    RXbytes = 13 Kb TXbytes = 20 Kb
  27-Oct-2010 17:00:08    RXbytes = 40 Kb TXbytes = 94 Kb
  27-Oct-2010 18:00:07    RXbytes = 13 Kb TXbytes = 30 Kb
  27-Oct-2010 19:00:08    RXbytes = 6 Kb TXbytes = 9 Kb
  27-Oct-2010 20:00:08    RXbytes = 12 Kb TXbytes = 12 Kb
  27-Oct-2010 21:00:08    RXbytes = 15 Kb TXbytes = 40 Kb
  27-Oct-2010 22:00:07    RXbytes = 9 Kb TXbytes = 11 Kb
  27-Oct-2010 23:00:07    RXbytes = 11 Kb TXbytes = 9 KbIs this output data gathering style valid?
  I want to give this report to my boss using spreadsheets, but I want to put comments like :
  1. at what hour is the network busiest?
  2. at what hour is the network the not-busiest?
  How do I sort this output from busiest (descending order)?
  Thanks a lot,
  Ms K

  Hi again markie,
  This is my actual source code of eth0stat.sh:
  # File: eth0stat.sh
  # Purpose: Gather network traffic increase between readings
  # Command: . ./eth0stat.sh
  ifcmd='/sbin/ifconfig eth0'
  timestamp=$(date "+%D %T")
  logfile=/u01/Monitor/eth0stat.txt
  old_rxbytes=$RXBYTES
  old_txbytes=$TXBYTES
  get_rxbytes() {
     $ifcmd | grep "RX bytes" | cut -d: -f2 | awk '{ print $1 }'
  get_txbytes() {
     $ifcmd | grep "TX bytes" | cut -d: -f3 | awk '{ print $1 }'
  RXBYTES=$(get_rxbytes); export RXBYTES
  TXBYTES=$(get_txbytes); export TXBYTES
  if [ $old_rxbytes > 0 ]; then
     diff_rxbytes=$(($RXBYTES - $old_rxbytes))
  else
     diff_rxbytes=0
  fi
  if [ $old_txbytes > 0 ]; then
     diff_txbytes=$(($TXBYTES - $old_txbytes))
  else
     diff_txbytes=0
  fi
  echo "$timestamp,RXbytes:$diff_rxbytes,TXbytes:$diff_txbytes" >> $logfileI created the new program you gave me (eth0stat.sh) and called it from cron every our, but I got this result:
  11/01/10 15:00:07,RXbytes:0,TXbytes:0
  11/01/10 16:00:07,RXbytes:0,TXbytes:0
  11/01/10 17:00:07,RXbytes:0,TXbytes:0
  11/01/10 18:00:07,RXbytes:0,TXbytes:0
  11/01/10 19:00:07,RXbytes:0,TXbytes:0
  11/01/10 20:00:07,RXbytes:0,TXbytes:0
  11/01/10 21:00:07,RXbytes:0,TXbytes:0
  11/01/10 22:00:08,RXbytes:0,TXbytes:0
  11/01/10 23:00:07,RXbytes:0,TXbytes:0
  11/02/10 00:00:07,RXbytes:0,TXbytes:0
  11/02/10 01:00:08,RXbytes:0,TXbytes:0
  11/02/10 02:00:08,RXbytes:0,TXbytes:0
  11/02/10 03:00:07,RXbytes:0,TXbytes:0
  11/02/10 04:00:07,RXbytes:0,TXbytes:0
  11/02/10 05:00:07,RXbytes:0,TXbytes:0
  11/02/10 06:00:08,RXbytes:0,TXbytes:0
  11/02/10 07:00:08,RXbytes:0,TXbytes:0
  11/02/10 08:00:07,RXbytes:0,TXbytes:0
  11/02/10 09:00:08,RXbytes:0,TXbytes:0
  11/02/10 10:00:08,RXbytes:0,TXbytes:0The output has all 0 bytes :( . Is there something I missed out?
  I compared it to the other one I got:
  1-Nov-2010 15:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
  1-Nov-2010 16:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
  1-Nov-2010 17:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
  1-Nov-2010 18:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
  1-Nov-2010 19:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
  1-Nov-2010 20:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
  1-Nov-2010 21:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
  1-Nov-2010 22:00:08     RXbytes = 10 Kb TXbytes = 9 Kb
  1-Nov-2010 23:00:07     RXbytes = 11 Kb TXbytes = 9 Kb
  2-Nov-2010 00:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
  2-Nov-2010 01:00:08     RXbytes = 10 Kb TXbytes = 9 Kb
  2-Nov-2010 02:00:08     RXbytes = 10 Kb TXbytes = 9 Kb
  2-Nov-2010 03:00:07     RXbytes = 7 Kb TXbytes = 6 Kb
  2-Nov-2010 04:00:07     RXbytes = 256 b TXbytes = 0 b
  2-Nov-2010 05:00:07     RXbytes = 320 b TXbytes = 0 b
  2-Nov-2010 06:00:08     RXbytes = 0 b TXbytes = 0 b
  2-Nov-2010 07:00:08     RXbytes = 466 b TXbytes = 0 b
  2-Nov-2010 08:00:07     RXbytes = 1 Mb TXbytes = 19 Mb
  2-Nov-2010 09:00:08     RXbytes = 1 Mb TXbytes = 22 Mb
  2-Nov-2010 10:00:08     RXbytes = 12 Kb TXbytes = 91 KbThe is seem to be movement starting at 8am Nov 2, 2010.
  Please help me debug the eth0stat.sh.
  Thanks again so much

• Frame-relay traffic shapping question

  Dear all.
  i have a question related to the frame-relay traffic shapping question.cir is the commited rate. bc is the traffic which is sent during every ime interval. be is the excess burst.
  example. i have line 128kbps to service provider. 64 is my cir so in the map class frame-relay cir 64000 and bc is 8000 which means 8000 bits will go every interval which is by default 125ms.now about be. excess burst will go only in the first interval or every interval ? if i say frame be 32000. will 4000 additional bits go in every interval ?
  please advice .

  Here's my summary of shaping operation:
  * The token bucket used for shaping has a size of Bc+Be (if Be is zero, this equals Bc)
  * The token bucket starts off full i.e. with a capacity of Bc+Be
  * At the start of every Tc interval, Bc worth of tokens are added to the bucket. If the number of added tokens would result in the capacity of the bucket exceeding Bc+Be, these excess tokens are discarded.
  * After the tokens are added to the bucket, the shaper checks if there are any packets that are waiting to be transmitted. If there are, an equivalent number of bytes of packets as the token bucket contents are transmitted. If there are more packets than tokens, these packets will have to wait until the next Tc.
  * The capacity of the token bucket will approach Bc+Be only of the traffic has been quite for a little while.
  * The maximum amount of traffic that can be sent in any interval is Bc+Be, since that is the size of the token bucket. If the bucket has filled up to Bc+Be, this implies that the connection has been quiet for a little while so that we can allow it a little burst.
  * The long-term average of traffic will never exceed CIR, since the token bucket is filled at a CIR rate.
  Now, applying this to your example, the maximum size of the token bucket will be Bc + Be = 40000 bits. The bucket will fill up to this level only if there are no packets in the queue for a little while, allowing the bucket to fill up. Then, say that that a 1500 byte (12000 bits) packet comes along. It will be transmitted and the token bucket size reduced to 28000 bits. If there are more packets, they will be transmitted as long as the token bucket has sufficient packets. If there are no more packets, the token bucket will be filled with another 8000 bits (Bc) at the next measurement interval, giving a total of 36000 bits. Whether or not all the Be + Bc bits will be used up in the first interval depends on how many packets are waiting in the queue. If there are sufficient packets, they can all get used up. If not, they get carried forward to the next interval.
  Pls do remember to rate posts.
  Paresh

• Port monitoring question

  Hello,
  I'm new to the forum and to Network programming in particular.
  My question concerns port monitoring. I have a server transmitting UDP packets to a specific port. I need to have a thread that monitors that port and sees that there is traffic going out. Yet, it does not have any connection to the server (different processes), but it knows the IP and port number (actually the IP is the same).
  How do I make it happen? Do I need to use a DatagramSocket and read inputs? Could someone advise with a simple code sample?
  Thanks

  Hi,
  Why you dont simply create a DatagramSocket object. And using the receive message you can monitor datagrampackets, and if there is message or not available, simply use the getLength() method from this object.
  You can do it in two ways.
  One would be creating two threads, one to do the job, and the other one to monitor if there is or not message available. As you should know, the receives method, will block if there is no message available. As u dont want your program to freeze, put this job, in one thread.
  The other one, would also be using a timertask, which will monitor the waiting process. If then for x time, it doenst receive, you finish your program.
  There are really many many possibilities, u just need the DatagramSocket object, the DataGrampacket and a thread!
  If i misunderstood something, you can give me new directions

• E1000 network traffic monitoring

  Hi
  I recently purchased linksys e1000
  Just wondering whether there is a way to automatically monitor traffic per computer connection on that router.
  The router log does not show much.
  I tried Wall Watcher, but it cannot connect to this router.
  WireShark on a computer connected through a wire also doesn't show much.
  I would appreciate any help as my ISP caps network usage
  Thanks
  Eugene

  It might be true
  However I know that the router logs conversations(or network transactions) per computer.
  The log doesn't show indeed how much traffic was used per conversation.
  I don't know whether it is because the router does not log that info or because the access interface simply doesn't show that.
  I also have a question whether there is a way for external application (such as Wall Watcher) to get access to the router log.
  It would've been much easier for me to collect and analyze data

• SIlly NTSC monitor question

  This may be a silly question but,
  When viewing footage on an NTSC monitor, my footage looks quite different than it does in FCP on the computer screen. If I do color correction just based on the NTSC monitor for DVD output, will that DVD look the same once played on a regular DVD/TV and played on a computer's DVD player?
  I ask because when I'm viewing footage on my NTSC monitor, it looks way different on my computer screen and I want my DVDs to look good whether they are played on a regular TV dor though a computer's DVD player.
  Thanks

  Now you've done it-- opened a whole can o' worms. Lots to consider:
  Is your monitor truly a monitor, properly calibrated and set up? Will you be looking at the dvd on the same monitor? Are all the sets to be used for playback set up the same?
  The idea of a properly calibrated monitor is that your show should look the same on your monitor as on any other properly calibrated monitor. But that's as far as it goes. There's no accounting for anyone else's tv set. Often manufacturers paint them "hot" and then people crank them even more to overcome less than ideal viewing conditions. So you're doubly hosed from the moment is leaves your hands.
  The best you can do is create a show that looks good on a properly set up system and hope for the best.
  But don't just rely on the monitor-- learn and use the scopes too.
  And then there is the current manufacturers situation with monitors themselves. The industry is in a mess right now, transitioning to lcd-- none of which look really good. I hope Zebulon chimes in here-- a professional engineer who will tell you horror stories if he's in the mood.
  And back to your original concern, do not trust your computer monitor in FCP for accurate color or much of anything else except your edits.

• Credit Score & Monitoring Questions

  Hi everyone! I am new to here..  I paid Credit Check Monitoring w/ Free Credit Score every month for $13.95. I also paid Lexington Law for $79 every month to repair my credits. I know it is relatively expensive but they have removed 15 items from my credit since I joined. I began to check several website to check for my credit score such as Credit Karma and AnnualFreeCredit, I noticed that my credit scores are not all same. I am beginning to wonder why they are not the same and which are creditiblity? Can anyone tell me which website is accurability? I have yet purchase MyFico because I alread paid Credit Check Monitoring w/ Free Credit Score. Thank you

  EarthyTx wrote:
  Hi everyone! I am new to here..  I paid Credit Check Monitoring w/ Free Credit Score every month for $13.95. I also paid Lexington Law for $79 every month to repair my credits. I know it is relatively expensive but they have removed 15 items from my credit since I joined. I began to check several website to check for my credit score such as Credit Karma and AnnualFreeCredit, I noticed that my credit scores are not all same. I am beginning to wonder why they are not the same and which are creditiblity? Can anyone tell me which website is accurability? I have yet purchase MyFico because I alread paid Credit Check Monitoring w/ Free Credit Score. Thank youThere are 10's if not 100's a proprietary credit scores out there and they are all "correct" based on their own score model. Asking which is "accurate" is not the right way to look at it. What is importnat is what credit score matters to the company you are applying to. Basically there are FICO scores and Non-FICO scores, or "FAKO's" as they have come to be known. FICO reports that 90% of top lenders use FICO for credit decisions. It is clearly accepted as the industry leader. If you want to use others that's fine but they are not FICO scores and are not used by the majority of lenders. As well, your FICO score, any credit score, is based on the information in your credit report, you have 3 credit reports from the 3 main credit agencies, Equifax, Experian and TransUnion, and you will have a FICO score for each of those 3 credit reports. Your credit reports may have different info in them thus your scores may not be the same. In addition, the info in your 3 credit reports is always changing, even on a daily basis, thus your FICO credit scores are not static and will change with time, sometimes daily based on new info added to your credit reports or simply due to the passing of time (time is one of the major factors taken into account in you credit score). Feel free to view all the other credit scores but in the end they do not matter, they are not used by Lenders thus they are just a guide, a guide that can be way off (or it can be close as well, it's a toss). Not something, well, to bet the house on... Additional info:http://www.myfico.com/crediteducation/questions/different-scores-for-3-credit-bureaus.aspx