# 1705, Thu 9 Feb 95 # # Rule specification file to tally Local Area Network traffic # # Nevil Brownlee, Computer Centre, University of Auckland # SET 7 # RULES SourcePeerType & 255 = IP: PushtoAct, IP_pkt; SourcePeerType & 255 = Novell: PushtoAct, Novell_pkt; SourcePeerType & 255 = EtherTalk: PushtoAct, Apple_pkt; SourcePeerType & 255 = DECnet: PushtoAct, DEC_pkt; Null & 0 = 0: Ignore, 0; # IP_pkt: # Tally IP traffic by (Class C) subnet SourcePeerAddress & 255.255.255.0 = 0: PushPktToAct, Next; DestPeerAddress & 255.255.255.0 = 0: CountPkt, 0; # Novell_pkt: # Tally Novell traffic by network number and port SourcePeerAddress & 255.255.255.255 = 0: PushPktToAct, Next; DestPeerAddress & 255.255.255.255 = 0: PushPktToAct, Next; SourceTransAddress & 255.255 = 0: PushPktToAct, Next; DestTransAddress & 255.255 = 0: PushPktToAct, Next; SourceTransType & 255 = 0: CountPkt, 0; # DEC_pkt: SourceTransType & 255 = 38: PushtoAct, DEC_hosts; SourceTransType & 255 = 6: PushtoAct, DEC_hosts; SourceTransType & 255 = 46: PushtoAct, DEC_hosts; SourceTransType & 255 = 14: PushtoAct, DEC_hosts; # Null & 0 = 0: GotoAct, Next # Tally DECnet non-data packets by type SourceTransType & 255 = 0: CountPkt, 0; # DEC_hosts: # Tally DECnet data by host SourcePeerAddress & 255.255.255 = 0: PushPkttoAct, Next; DestPeerAddress & 255.255.255 = 0: CountPkt, 0; # Apple_pkt: SourceTransType & 255 = 3: PushtoAct, Apple_hosts; Null & 0 = 0: GotoAct, Next # Tally EtherTalk by DDP type SourceTransType & 255 = 0: CountPkt, 0; # Apple_hosts: # Tally EtherTalk data by host SourcePeerAddress & 255.255.255 = 0: PushPkttoAct, Next; DestPeerAddress & 255.255.255 = 0: CountPkt, 0; # STATISTICS # FORMAT FlowRuleSet FlowIndex FirstTime " " SourcePeerType SourcePeerAddress DestPeerAddress " " SourceTransType SourceTransAddress DestTransAddress " " ToPDUs FromPDUs " " ToOctets FromOctets; # # end of file