X Mcast Plug-in - Technical Reference

Introduction

The Geneos X Mcast plug-in monitors multicast traffic and displays statistics such as the data rate and packet rate, for a list of user-defined multicast groups.

This plug-in differs from the X-Multicast plug-in in that it can monitor for multicast data without necessarily subscribe for it, and also does not need to read and discard data so is slightly more efficient.

The Netprobe host must be able to "listen" for the required multicast traffic (i.e. it should be on the same network segment as a host already subscribing to the required multicast data).

Views

View

The X Mcast plug-in produces a single view, with one row per configured multicast session.

Headline Legend

Name Description
totalDataRecvRate Data receive rate for all monitored sessions.
totalPktRecvRate Packet receive rate for all monitored sessions.

Table Legend

Name Description
name The session name, as configured by the user.
port The session port, as configured by the user.
dataRecvRate Data received in Kb/s, averaged over the sample interval.
pktRecvRate Packets received per second, averaged over the sample interval.
tmSinceLastPkt Number of seconds since the last packet was received.
srcHost The IP address of the host which sent the last packet.

Plug-in Configuration

The X Mcast plug-in listens to all multicast data received by a host, matching the destination host and ports with those configured by the user.

Plug-in configuration is placed in the x-mcast configuration section.

var-recvInterfaces

Specifies a comma-separated list of network interface names on which to monitor multicast data.

On UNIX machines, interface names can be found using the command "ifconfig -a". Example names are "eth0" or "ce0".

On Windows machines, interface names can be listed by running Netprobe using the "-ifconfig" command-line option. A Windows interface name will look similar to the following:

\Device\NPF_{BDFE3EAC-0275-440A-923C-C9C4CE3B37F2}

Mandatory: Yes

sessions

Specifies the list of (at least one) multicast sessions that this plug-in will monitor.

Mandatory: Yes

sessions > session > var-name

The name of the multicast session - this is the name which will be displayed in the view (as the row name). Session names should be unique within each plug-in instance.

Mandatory: Yes

sessions > session > connection

Specifies the multicast address and port for the session - multicast packets received for this connection will be added to the monitoring statistics for this session.

Mandatory: Yes

Permissions

The plug-in requires the netprobe to be run with root permissions (on Unix operating systems) or as a local Administrator on Windows, as it needs to open network devices.

On Linux kernel versions 2.6.24 and up, an alternative to running the netprobe as root is available: Set the CAP_NET_RAW and CAP_NET_ADMIN Linux capability on the netprobe binary with the command "setcap cap_net_raw,cap_net_admin+eip <netprobe binary>" replacing <netprobe binary> with the appropriate netprobe binary file such as 'netprobe.linux_64'.

When running the netprobe with set capabilities, the lib64 folder in the netprobe directory should be put in the ld.so trusted paths. Otherwise, the runtime libraries will not be loaded properly. Information on how to do this is found in this section of the Netprobe User Guide.

On Solaris an alternative is to run the netprobeGXL program available from ITRS Support. This program is an auditable utility which runs as setuid root. The purpose of this program is to open the network device which is then passed to Netprobe, so that Netprobe does not need to run with root privileges.

Third Party Libraries

Windows: The Winpcap packet capture library (http://www.winpcap.org/install/default.htm) needs to be installed on the host. Version 4.0.2 is required for Windows Vista/Server 2003 support.

Unix: The shared library libpcap.so (version 1.0.0 or later is recommended) needs to be in the netprobe lib64 directory.

Note: As the netprobe needs to be run as root the LD_LIBRARY_PATH is ignored for security reasons.