One of the more versatile tools to measure network traffic is NeTraMet.
NeTraMet is an open-source implementation of the RTFM architecture specified by the IETF - RTFM working group. Netramet is written and maintained by Nevil Brownlee.
There are five RFCs related to this architecture:
| RFC# | title | Category |
|---|---|---|
| 2720 | Traffic Flow Measurement: Meter MIB | Standards Track |
| 2721 | RTFM: Applicability Statement | Informational |
| 2722 | Traffic Flow Measurement: Architecture | Informational |
| 2723 |
SRL: A Language for Describing Traffic Flows and Specifying Actions for Flow Groups |
Informational |
| 2724 | RTFM: New Attributes for Traffic Flow Measurement | Experimental |
The short version of the architecture is shown in the figure below.
The meter forms the heart of the architecture. It observes the traffic and classifies it into groups. For each group attributes and statistics (like number of bytes and packets) relating to that group are kept by the meter.
These observed traffic groups and statistics are usually referred to as flows.
The meter can get the traffic information by sniffing or by collecting information from a router. The NeTraMet distribution contains different versions that can take their input from a number of sources.
A meter reader can then read this flow information,for example every 10 minutes, maybe passing it on to other programs for further analysis.
A manager tells the meter how it should determine to what traffic group packets belong, in other words: the meter is programmable.
The manager does this by downloading so-called 'rule sets' to the meter. These Rule sets are actually instructions (a 'set of rules') that are executed by the meter for every packet it observes.
The meter, manager and meter reader in the RTFM architecture use SNMP to communicate with each other. (SNMP = Simple Network Management Protocol; for more information see, for example, The SimpleWeb) .
For a detailed (and possibly more accurate ;-) description of the architecture read the appropriate RFCs (especially RFC2722 and RFC2723).
One of the challenges if using NeTraMet is getting the results from the meter. Although the tools in the NeTraMet distribution do that for you; they either display retrieved data directly ('nifty' does that for example) or output it to a textfile (which is what NeMaC does). This works very well if you only have to do a small set of measurements or if you are adept at writing scripts for processing text files.
mr2mysql reads flow information from NeTraMet and stores it in a (MySql) database. Further processing of the stored information is then only limited by the ways you can access the database. The examples shown on this website use PHP scripts and jpgraph (a PHP OO graph class library). MySql database access is available for just about every programming/scripting language you can think of, so you can use the one you're most familiar with.
At the moment the information mr2mysql retrieves from a meter is static, i.e.: A fixed set of attributes is read for every ruleset available in the meter. This might (or might not ;-) change in future versions of mr2mysql. For a description of the database structure see 'database structure'.
This page was last updated January 1, 1970.
For questions please contact Remco Poortinga