README for the cygwin (MS Windows) version of NeTraMet v4.4, Mon 25 Feb 02 (PST) 1) INTRODUCTION, COPYRIGHT MS Windows NeTraMet uses cygwin to provide a Unix-style environment within Windows, WinPcap to provide access to raw packet headers, and libpcap to interface between WinPcap and cygwin. NeTraMet is free software, distributed under the terms of the GNU Public License (GPL). http://www.auckland.ac.nz/net/NeTraMet cygwin is free software, distributed under the terms of the GNU Public License (GPL). http://cygwin.com WinPcap uses a BSD-style license, "NeTraMet includes software developed by the Politecnico di Torino, and its contributors." http://netgroup-serv.polito.it/winpcap libpcap came originally from LBL, the tcpdump/libpcap page provides more recent updates to it. http://tcpdump.org I have produced libpcap-0.7n, a cygwin port of libpcap-0.7, rather than attempt to use WinPcap. That's because WinPcap provides a Win32-specific API; it doesn't work with cygwin. If you want to just download and run the windows binary version of NeTraMet, you should - install cygwin, with a minimal set of its components (following the instructions given below) - download NTM44_CYGWIN.ZIP to your cygwin HOME directory, and unzip it If you want to build NeTraMet, you'll need to - install cygwin as above, but also install gcc, bison and flex - download, configure and build libpcap for cygwin - download, configure and build NeTraMet 2) CONTETS OF NETRAMET BINARY DISTRIBUTION The binary distribution of Windows NeTraMet contains the following files: README This file (includes INSTALL instructions) if_list.exe Lists interfaces visible to WinPcap look_tst.exe Tests that NeTraMet can determine your hosts's IP address NeTraMet.exe NeTraMet traffic meter program NeTraMet.sh Shell script to specify NeTraMet command-line options NeFlowMet.exe NeTraMet, using NetFlow as packet data source LfapMet.exe NeTraMet, using LFAP as packet data source srl.exe SRL compiler. Makes .rules files from .srl programs ip.srl Sample srl program to collect "all IP flows" mib.txt SNMP MIB. Describes the meter. Needed by NeMaC nm_st.exe Status test program, for verifying meter is running nm_rc.exe 'On-screen' manager program, for testing rulesets NeMaC.exe 'Batch' manager/meter reader program. For collecting flow data from NeTraMet meter. See NeTraMet manual for detailed information NeMaC.sh Shell script to specify NeMaC command-line options fd_filter Computes differences between meter readings in NeMaC's flow data files 3) INSTALLING A MINIMAL CONFIGURATION OF CYGWIN a) Make c:\cygwin and c:\cygwin\packages directories Point browser to http://cygwin.com, use "Install now!" button to download setup.exe into c:\cygwin b) Double-click c:\cygwin\setup.exe, follow prompts to 'Select packages to install' screen. Click on 'Category' to see packages in that category, 'New' to pick a version number to download. Caution, don't tick the 'Src' box, you don't want to download source versions as well as binaries! Minimal set of packages: Archive: unzip Base: ash, bash, cygwin, diff, fileutils, grep, gzip, readline, tar, textutils Text: less Click 'next' to download and install your specified packages. This should produce a complete Unix-style directory tree, and a desktop icon for cygwin. c) Start cygwin by double-clicking icon on desktop. cd /; mkdir home; cd home; mkdir nevil Exit cygwin (^D) d) Edit c:\cygwin\cygwin.bat: Add a command to set the (DOS) HOME environment variable, after the @echo off; line set HOME=\cygwin\home\nevil e) Now when you double-click the cygwin icon, it starts in your home directory. You can copy files there, unzip or untar them, etc. Binary files built under cygwin (names ending in .exe) should run when you invoke them. 4) GETTING STARTED WITH NETRAMET a) Make a directory for NeTraMet in your cygwin home directory, download cyg_NeTraMet44.tar.gz into that directory. b) Start cygwin, cd into your NeTraMet directory, untar the distribution file, i.e. tar zxf cyg_NeTraMet44.tar.gz c) Test the system as follows: i) ./srl ip.srl This will create ip.rules, a simple test ruleset. ii) ./if_list This will display a list of your PC's interfaces on which NeTraMet can see packet headers. By default NeTraMet will choose the first non-PPP interface. iii) Start NeTraMet via the shell script NeTraMet.sh ./NeTraMet.sh This starts NeTraMet (the meter) running in cygwin's console window. iv) Double-click the cygwin icon to start a second cygwin console window. Start NeMaC via its shell scrips ./NeMaC/sh v) On the NeTraMet window's display you should see messages showing you that NeMaC is collecting data from NeTraMet once every minute. It writes this data to a file called localhost.flows.001. vi) Shut down NeMaC by making its window active then typing control-C. vii) Shut down NeTraMet by making its window active then typing ESC ESC Enter. viii) Have a look at the flow data file to check that it contains data with IP addresses which are sensible for your network. d) You are now ready to write SRL programs to collect flows for your own network. There are some sample SRL programs in the main NeTraMet distribution file (in the examples/ directory SRL is documented in RFC 2723 and in the SRL Manual. e) Please report any bugs you encounter to Nevil Brownlee /* v4.4b6, Fri 25 Feb 00 */ .